Secure Messaging: Choosing a chat app
In today's modern world, there are many “secure” messengers to choose from. Some are good, while others are borderline fraudulent. Some hold potential, but aren't quite ready for the big time. So, how do you choose? Well, I explain that in this article.
Note: this list does not include every messaging platform that exists. However, anything not on this list is probably omitted because it hasn't received the necessary review to be secure. Or, possibly it's already known to be not secure. For example, I don't take iMessage seriously enough to remember it exists.
Establishing context: Metadata leaks
To understand secure messaging, you must understand metadata leaks and why they're a threat.
Metadata leaks are when your messaging app includes metadata in a way that's not encrypted end-to-end. This includes the dates and times you send messages, who you send them to, how frequently you send messages, and more. Many messengers allow you to set status messages and profile pictures. These are not encrypted, and are thus leaked. The issue with metadata leaks is they can fairly easily reveal sensitive information, even when you don't expect them to.
Establishing context: Formal verification
To quote Wikipedia (since I'm lazy):
In the context of hardware and software systems, formal verification is the act of proving or disproving the correctness of intended algorithms underlying a system with respect to a certain formal specification or property, using formal methods of mathematics.
Formal verification can be helpful in proving the correctness of systems such as: cryptographic protocols, combinational circuits, digital circuits with internal memory, and software expressed as source code.
Formal verification is the highest possible assurance of security. Formally-verified systems are often referred to as having a formal security proof.
Zoom is probably the worst messaging app out there. It has had numerous security and privacy concerns, and many governments and companies have banned Zoom for internal use. Zoom has also had critical security issues, some of which prompted Apple to release an update removing parts of Zoom from users' computers.
Zoom misleads its users, claiming to be E2EE, even though it's not. It has even had vulnerabilities that could allow remote attackers to take over systems that have Zoom installed. This is not a complete list, since there are too many issues to enumerate here. You can read about more of Zoom's issues in another article:
Zoom is a security and a privacy risk. Please don't use it!
Discord, Instagram, Snapchat
These are some of the worst messaging apps you could use. They don't provide E2EE, and they're run by companies who make it their business to profit off your data.
Discord requires you to pay for some features, which makes it even worse than the others. Not only do you get spied on, but you pay for it with dollars (and data). Beside this, people quite often tell me that they will even delete accounts based on messages sent in private conversations. I'm proud to say I don't use Discord.
Telegram is WhatsApp's most direct competitor, but is not significantly better than WhatsApp. It's commonly touted as a FOSS alternative to WhatsApp, but it has many severe security issues, including a cryptographic protocol that can't be trusted. Telegram committed one of the cardinal sins of security: homebrew crypto in a production app. Telegram leaks metadata, and its design is not solid. Moreover, Telegram is adding ads, which not only creates an annoyance, but introduces trackers into the app. Although to be fair, they already have trackers in the standard build. Additionally, Telegram doesn't use E2EE by default, and never supports E2EE in group chats. I think it's pretty clear that using Telegram is not a good choice.
Viber, Wickr, Wire
I've decided to condense these into a single section, since they all have the same major issue: These apps leak metadata. This means they should not be trusted for private communication.
PGP/GPG isn't so much a messaging platform as it is a way of encrypting messages on top of existing messaging platforms. One common way of using PGP/GPG is via encrypted emails. PGP/GPG has had many security issues in the past, including cryptographic attacks, as well as attacks that can infect your system with malware. Some of these issues have gone decades without being discovered, and others have been discovered but simply never fixed. Also, PGP/GPG leaks metadata. PGP/GPG simply doesn't meet the standards of a modern secure system.
As a fun side-note, you can read about this heap overflow in libgcrypt 1.9.0.
Threema is an open-source chat app that allows anonymous users. You can create an account without revealing any information about yourself. However, it leaks metadata to Threema's servers. Threema should usually not be used for private communication.
Matrix is a federated platform for communication, but leaks metadata. This makes it not a good choice for secure communication. However, its decentralization makes it better than other apps that leak metadata. It's worth noting that, on some Matrix clients, E2EE must be enabled manually; while some don't even support E2EE. Really, Matrix is more suitable as a replacement for Discord and IRC than as a private chat platform.
XMPP has mostly the same security properties as Matrix. One important thing to note is that while XMPP supports encryption via OTR/OMEMO, many clients don't support this by default. Other clients do support these by default. XMPP and Matrix leak the same amounts of metadata. Also, Matrix's encryption (OLM/megOLM) has received formal verification. While OMEMO has received analysis, as far as I'm aware, it has not received formal verification. OMEMO is generally considered a solid cryptographic protocol. However, due to XMPP's inherent metadata leaks, XMPP should usually not be trusted for private communication.
OTR vs OMEMO
OTR and OMEMO are encryption protocols for XMPP. OTR is an older protocol, and is mostly deprecated in favor of OMEMO.
Session is an interesting messenger that combines the decentralization and resistance against metadata leaks of a peer-to-peer (P2P) messenger, with the usability of a centralized or federated service, allowing messages to be sent to a user who is not online at the time. This is something normally not possible in P2P messengers. The issue with Session is that its protocol is largely un-reviewed by the greater security community, and therefore it is not known to be secure.
Session is also planning to change their protocol soon, which will invalidate any review Session has already received. While Session is promising, they are simply not ready to be trusted as a secure messenger.
Hush is another interesting messenger, using the infrastructure provided by Zcash to obtain some interesting security properties. It integrates with a cryptocurrency wallet, which is always a bad sign for secure messengers. However, its innovative design could be a very solid reason for it to make such a decision. Hush is currently lacking the necessary review to be considered secure, but could be a promising platform at some point in the future.
Tox is a highly-experimental messaging protocol known to have major issues. Tox is an interesting toy, but does not meet the standards of a modern secure system.
Signal is a solid choice for a secure chat app. I have a blog post explaining why Signal can be trusted for sensitive communications. One thing to note is that sealed sender, a feature they use to prevent metadata leaks, is enabled by default only for contacts. You can manually enable it for non-contacts, at the risk of increased spam.
Signal does require a phone number to register, but this isn't really a major issue. You can use Signal with a fake phone number. Signal is also centralized, which might not sit right with people who prefer decentralized systems. Signal's protocol is well-reviewed, and has even received formal verification. Overall, Signal is a solid choice for secure messaging.
Jami is a cross-platform, P2P messenger built on top of TLS 1.3. TLS 1.3 uses solid cryptography, and therefore Jami inherits these beneficial security properties. Jami is a good choice for a secure chat app. You should read my notes about Jami.
Briar is a P2P messenger designed for people with very high threat models, such as journalists. Briar does all communication though Tor, by default, and requires no identifiable information to use. Briar's protocol is solid, and has even received formal verification. Briar is suitable for people with well-funded, sophisticated attackers after them... Assuming they take other precautions, such as using burner phones or running a Pixel phone with Graphene. Briar is the most solid messaging app that doesn't require specialized hardware to use.
Briar has an added benefit: It can communicate without relying on the internet. It does this using a Bluetooth mesh net. This creates some very interesting properties, and makes it more resilient than any other messenger app.
Tinfoil Chat (TFC)
TFC is the most secure messaging app currently available. It's designed to resist attacks by even the most well-funded attackers. However, it requires specialized hardware to use. TFC is for people with the most extreme security requirements of all. TFC's security is as solid as it gets.