Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Chat and Communication

Introduction

Secure and private communication is essential in today’s digital landscape. This guide examines various messaging solutions, their strengths and weaknesses, and provides recommendations based on security, privacy, and usability considerations.

Key Considerations

When selecting a messaging solution, several factors should be evaluated:

Security: End-to-end encryption, code auditability, and vulnerability management are crucial for protecting your communications.

Privacy: Consider how the application handles metadata, whether it requires personal identifiers, and its data collection practices.

Decentralization: Federated or distributed systems offer greater resilience against censorship and single points of failure.

Usability: The best security features are meaningless if the application is too difficult for regular use.

Adoption: A secure messenger has limited utility if your contacts aren’t using it.

Signal

Signal provides a strong balance of security and usability, making it suitable for most users. It features robust end-to-end encryption, minimal metadata collection, and a user-friendly interface.

Strengths:

  • Strong security with the well-audited Signal Protocol
  • Widely adopted with cross-platform support
  • Feature-rich with voice/video calls, group chats, and disappearing messages
  • Open-source client applications

Limitations:

  • Centralized infrastructure
  • Requires phone number for registration
  • Closed development process

Alternative: Molly, a FOSS fork of Signal, removes Google dependencies and uses UnifiedPush for notifications while maintaining compatibility with the Signal network.

SimpleX Chat

For users with heightened privacy concerns, SimpleX Chat offers a more private and resilient communication platform.

Strengths:

  • Distributed architecture where servers function primarily as message relays
  • No user profiles or identifiers required
  • Each conversation can be established via unique links or QR codes
  • Open-source client and server implementations

Limitations:

  • Smaller user base
  • Less mainstream recognition
  • May require more technical understanding

XMPP (with Conversations)

XMPP is a long-established messaging standard with a focus on extensibility and federation.

Strengths:

  • Decentralized, federated network
  • Long history with proven stability
  • Extensive feature set through extensions
  • Multiple client and server implementations

Limitations:

  • Fragmented ecosystem due to optional extensions
  • Requires both parties to use compatible clients and servers
  • More complex setup compared to standalone applications

Conversations is recommended as an XMPP client for Android users, offering a modern interface with support for essential security extensions.

Telegram

Despite its popularity, Telegram has significant security limitations:

  • End-to-end encryption only in “Secret Chats”
  • Proprietary server-side code
  • Unproven encryption protocol

WhatsApp and Facebook Messenger

These platforms cannot be recommended for secure communications due to:

  • Closed-source implementations
  • Connection to Meta’s data collection ecosystem
  • Lack of transparency regarding security implementations

Element/Matrix

While promising as an open standard, Matrix (typically accessed via Element):

  • Functions better as an IRC replacement than a secure messenger
  • Has reliability challenges
  • Offers a more complex user experience

IRC

Traditional IRC lacks modern security features:

  • No built-in encryption
  • No message persistence without additional tools
  • No identity verification mechanisms

Recommendations

For most users: Signal provides the best balance of security, privacy, and usability. Consider the open-source Molly client for enhanced privacy.

For privacy-focused users: SimpleX Chat offers superior privacy protections and resistance to metadata collection.

For users preferring federated systems: XMPP with the Conversations client and the Free Your Tech! server provides a good alternative.

All three options are solid and can coexist at the same time. The difficult part is getting our contacts to switch over as well. We recommend avoiding the other platforms for private conversations.