Comparison chart Documentation 2022-10-02 Edit chart Review edits Not saved automatically! Resume editing View chart
Show all messengers Font: Use case [?]: Items: Compare messengers:
Permalink #aTalk Permalink #briar Permalink #cheogram Permalink #conversations Permalink #cwtch Permalink #delta_chat Permalink #dino Permalink #fluffychat Permalink #gajim Permalink #gnunet Permalink #imessage Permalink #jami Permalink #keybase Permalink #manyverse Permalink #matrix Permalink #molly Permalink #monocles Permalink #mumble Permalink #nekogramx Permalink #nheko Permalink #onion_share Permalink #pidgin Permalink #pybitmessage Permalink #quassel Permalink #quiet Permalink #SafeUM Permalink #schildichat Permalink #session Permalink #signal Permalink #simplex Permalink #skype Permalink #snapchat Permalink #telegram Permalink #telegram_foss Permalink #threema Permalink #tox Permalink #viber Permalink #whatsapp Permalink #wickr_me Permalink #xmpp Permalink #xx Permalink #wire Permalink #zoom
Feature aTalk Briar Cheogram Conversations cwtch Delta.Chat Dino FluffyChat Gajim GNUnet Messenger-GTK Apple iMessage Jami Keybase Manyverse Matrix Element Molly monocles chat Mumble Nekogram X Nheko OnionShare Pidgin PyBitmessage Quassel quiet SafeUM SchildiChat Session Signal SimpleX Chat Skype Snapchat Telegram Telegram FOSS Threema Tox Viber WhatsApp Wickr XMPP Elixxir xx wire Zoom
AnalysisTextual review that can not be compared objectively through properties
#briar_review #cwtch_review #delta_chat_review #imessage_review #jami_review #matrix_review #session_review #signal_review #snapchat_review #telegram_review #threema_review #tox_review #whatsapp_review #xmpp_review #wire_review
SummaryHighlight in a few words why it is interesting
Anonymous chat Fork of Conversations to implement features of use to the Sopranica project w Jabber/XMPP client
Persistent messenger over Tordecentralized, privacy-preserving, multi-party messaging protocol that can be used to build metadata resistant applications w w w w
Group chat over email Jabber/XMPP client Jabber/XMPP client
Convergent GTK messaging application using the GNUnet Messenger service.Early alpha stage. In development. Not ready for usage beyond developers. "The goal is to provide private and secure communication between any group of devices." w 2022-05 w
Default on Apple platforms Decentralized chat
E2EE chat, storage, file sharing and git repositoriesidentity proofs, account verification
Protocol that bridges allAssume using Matrix Synapse as server
Fork of Signal with hardening w Fork of and Conversations w Low latency, high quality group calls w w Soft fork of Telegram FOSS with added features ephemeral messenger over Tor w w w Universal chat client
IRC client with bouncerModern, cross-platform, distributed IRC client with local server backend w
Alternative to team chats, all data syncs directly between a team's devices over Tor with no server required
Element with classic looksoft fork with message bubbles, unified chat list, bigger room list items w
Signal fork, no phone numbers Secure chat with phone numbers w American photo messaging application FOSS-friendly soft fork of Telegram Android Nameless DHT messenger w one of the most popular worldwide messaging applications
Cleaning oriented messengerCentralized messenger with focus on getting rid of it's tracks, and every message is temporary, and it can't be disabled. w
Features as spec extensions
ScreenshotsList URLs in the details (TODO: gallery widget)
screenshot of conversation on ios 15.5 w
Android Google Play yes w paid w currently in testing w w yes w no yes w no no no yes w yes w yes w no 3rd party w no no
only client via Tor BrowserJavaScript required
no no w yes w yes w yes w yes w yes w yes w yes w yes w no yes yes w
yes w
Android F-droid/, partial=apk or separate repository
yes w w yes w yes w apk w w yes w no yes w no no no yes w no yes w partial w yes w w 3rd party w yes w no
only client via Tor BrowserJavaScript required
2018w w beta, requires server
yes w yes w w yes w w
apk wavoids f-droid w
yes w no no no yes w
own F-Droid repository w apk w Threema Libre version in own F-Droid repository without Google services w
yes w w
noNeither can an apk be dowloaded from their site, as they link directly to Google Play
apk yes, F-droid no.the apk is a bit hard to find on the website. look for "android source code" section, there it is.
yes w
Other mobileAlternative phones like KaiStore, Blackberry, OpenStore, PureOS, Microsoft Store
no KaiOS unsupported w no no w
Other AndroidAlternative app stores like Amazon Appstore, Huawei App Gallery, Samsung Galaxy Store, Opera Mobile Store, Aptoide, GetJar, Uptodown, Applivery
no not yet w
Apple iOS no w w no no not yet available w w yes w no yes w no no yes yes w yes w yes w no no unmaintained since 2017 w no no
only client via Tor BrowserJavaScript required
no no w yes w not yet w no yes w
yes wiPad as a secondary device w
yes w yes w yes w yes w no yes no w
yes w
LinuxNot full featured w w w
no no Linux, Windows, MacOS w w yes w
Linux, FreeBSD wunsupported macOS Homebrew w
yes w w Windows, MacOS, Linux, FreeBSD Ports w Flatpak w or source w
Included in MacOSNot downloadable or available on other platforms
yes w w macOS w Windows w Linux w yes w no no Linux, Windows, MacOS w w w no yes w
server and clientLinux, Windows, MacOS w w
FreeBSD/Linux/macOS/Win w
2018 OS X, Windows w Linux wAppImage in the future w
yes w Linux, Mac, Windows w yes w Linux and Windows w as secondary device w w w termninal only w w yes w no yes w no only if mobile online
Linux, FreeBSD, Windows, MacOSw w w w w
Linux, MacOS, Windowsw
no w
noOnly app, no web client
no no no no w no yes w no no no no w
some account functionality and encrypting/decrypting messagesAccount changes can be locked to be only possible through client apps w
yes w no yes w no no
only client via Tor BrowserJavaScript required
no wdefunct w
no yes w no no no yes w coming soon to web w yes w no only if mobile online no w
no no w
LanguagesThe higher the amount of people reachable the better. No=1 language, partial=2-3, yes=many global ones
many w 54 (21 full) w 14 w 14-48 w w w
39 w29 full, 4 medium, 6 some
12+ w
37 w4 full, 4 medium, 29 some
English many w w English only many w w 70+ w 46 w 24 w many w 105 w many w many w 100+ w w w many w many w many w many w 16 w 1 w
Protocol Bramble Jabber/XMPP Jabber/XMPP w SMTP and IMAP with AutoCrypt w Jabber/XMPP Matrix Jabber/XMPP GNUnet w iMessage SIP, OpenDHT w SaltPack, NaCl + MessagePack w Matrix Signal Protocol w Jabber/XMPP Mumble w MTProto w Matrix
unnamedBuilt on top of Tor
Jabber/XMPP, multipleBonjour, Gadu-Gadu, IRC, Novell GroupWise Messenger, Lotus Sametime, SILC, SIMPLE, Zephyr + extendable via plugins w
BitMessage w IRC
libp2p/IPFSw w w
Matrix Session protocol, fork of Signal protocol w Signal Protocol w SMP proprietary w MTProto w MTProto w Tox protocol w signal protocol w Wickr Secure Messaging Protocol (Home browed) XMPP
blockchain and mixnetxx blockchain coin based on Praxxis with xx cMix mixnet privacy layer
Protocol openyes=can be implemented based on published detailed specification, no=no source published, partial=needs reverse engineering based on rough specs or source code
yes w yes yes yes w w yes w yes yes w yes yes w w no yes w yes w yes w yes w yes yes w w yes w yes w
not documentedNeed to reverse engineer from source code
some yes yes w yes w yes w
prose, sourceout of date in prose w w need to reverse engineer from source
yes w yes w w w no yes w yes w yes w ARP open w others in prose w yes w no open protocol, no way to verify because closed service platform no yes w
Server license MIT w various (any SMTP and IMAP server) Proprietary GPLv3 w w proprietary Apache 2.0 w
AGPLv3 wmissing sources for CDN0 S3/CDN2 GCS and abuse control w
BSD w w proprietary GPLv3 w GPLv3 w MIT w
AGPLv3 wmissing sources for CDN0 S3/CDN2 GCS and abuse control w
AGPL v3 w proprietary proprietary w proprietary proprietary proprietary: Chat, Directory, Media GPLv3 w proprietary proprietary various proprietary
Client license various w w GPLv3 w GPLv3 w MIT w GPLv3+ GPLv3+ w w AGPLv3 w GPLv3 w AGPLv3 w Proprietary GPLv3+ New BSD 3-Clause w Apache 2.0 w GNU GPLv3 w GPLv3 w BSD w w GPLv3 w GPLv3 w GPLv3 w GPLv2 w MIT w GPLv3 w w GPLv3 w Apache 2.0 w w GPLv3 w Android GPLv3 w iOS GPLv3 w Desktop AGPLv3 w AGPL v3 w proprietary proprietary w GPLv2 / GPLv3 w w w GPLv2 w AGPLv3 but paid proprietary proprietary various BSD w w
Register without app no yes yes no supports existing mailbox provider accounts w yes yes no
Attached to Apple IDIf you have an Apple ID you already have an iMessage and just have to enable iMessage with that account on whatever apple device you are on. You can also have a phone sim with a phone number, in which case iOS will automatically register you for iMessage with that number upon boot.
no Web yes no yes no yes
clients connect via Tor BrowserJavaScript required, accounts are per group, not per user, but the server does need an app to create each group account w
yes yes no no
noas a workaround, through the unofficial mautrix-signal matrix bridge with a custom HS
no no no no no no w no no
User features
Spell checkGrammar correction, languages
noNo spell check
not yet w Included in all the platforms that iMessage supports yes yes yes yes
Group chatWhether they are persistent between restarts, chat log, file transfer, inline images, offline messaging
yes w yes yes experimental w group chats w
yesw membership change is unicast
yes w yes yes yes w yes no w yes w w yes yes w yes ephemeral, no logs w small images w yes yes yes w yes yes w w yes One community/team only w yes closed groups (private) e2ee, open groups (public) not e2ee w yes w yes w yes yes w yes yes implemented with unicast w invite-only w yes w
up to 256 members (higher with exploits)w
Voice calls no w yes yes w not yet w w via embedding jitsi,, w WebRTC w no w
Provided through facetime integrationencrypted w
partial wHave tested Jami for about a year, and calls are not working reliably, if at all.
nonot natively w w w
WebRTC w yes w yes yes w yes no w no w no WebRTC w beta test, p2p, ip exposed w yes w
experimental wterminal app via WebRTC in browser
yes yes w yes yes yes w yes w yes
Video calls no w yes yes w not yet w w via embedding jitsi,, w yes w WebRTC w no w
Provided through facetime integrationencrypted w
partial wJust like with calls, Jami isn't intercepting video-calls reliably
Jitsi Bot w Zoom Bot w Google Meet Botnot natively w w w
WebRTC w yes w yes no w yes no w no w no WebRTC w beta test, p2p, ip exposed w yes w
experimental wterminal app via WebRTC in browser
yes yes w yes yes yes w yes w yes
Group callsAudio, video
no w no no not yet w w via embedding jitsi,, w yes w via Jitsi w no yes by forwarding by the initiator w w Jitsi Bot w Zoom Bot w Google Meet Bot via Jitsi w yes w yes w yes no w no w no via Jitsi w no yes w no yes yes w yes yes yes
Voice messagesIdeally push to talk, may be useful where voice call is not supported. Also voice notes
no w yes w yes
only in mobile clientOr even only Android? seems like no? w
yes w
no voice notes, limited to certain length
Screen sharing no w
requires iOS or iPados 15.1 or laterw
yes w
yesw there is also a way to do it using obs, but citation needed.
yesw there is also a way to do it using obs, but citation needed.
yesw there is also a way to do it using obs, but citation needed.
Audio filteringNoise cancellation, gain control, voice activity detection
no w
no controlsAppears to filter audio by default, no apparent controls over this
aggressively detect and cancel the background noise
File transferRetry, pause, resume
no w yes yes experimental w yes w yes yes w
yesadditionally E2EE storage and shares w
yes yes only inline images w w w
yesnote it does compress images and video by default w
up to 220kB w
partial wRight now basic attachement
yes w no
yesnote it does compress images and video by default w
yesnote it does compress images and video by default w
yes w yes
Message formattingFont size, bold, italic, underline, list, blockquote, code, pre, colors, clickable link, table, subscript, superscript, line break
experimental w wVia toolbar or direct markdown - bold, italic, code, superscript, subscript, strike through
no CommonMark-flavored markdown w w
partial w wbasic
yes w w no basic w
partial w wbasic
partial w wbasic
Emoticons in messageDeprecated, please refine with below properties! Compose, show
yes yes yes yes yes yes yes yes yes yes yes yes yes yes no yes yes yes yes yes yes yes
Unicode supportyes=can both send & receive text containing any valid Unicode code point, usually via utf8mb4, partial=does not support 4-byte+ UTF-8, certain characters or combiners
Emoji composeryes=rich dialog with search, partial=replaces a few emotes or aliases with Unicode before sending
Built into keyboardAll platforms that iMessage support after around iOS 6 support some way to open an emote keyboard from a keyboard button/shortcut. After iOS 14 you can search through the emote keyboard. Somewhere around this same time Apple implemented emote suggestions in the keyboard suggested text buttons.
yes yes no
yesemote button and use : and start typing to put emotes quickly
yesemote button and use : and start typing to put emotes quickly
yesemote button and use : and start typing to put emotes quickly
Emoji receptionyes=color Unicode display of all, mention in details if animated, partial=monochromatic, only a subset or replaces received emoticons with pictures
yesYes, assuming device is up to date as emotes are rendered through the operating system
yes yes
Sticker packsWhether they are animated
Built inIncludes some by default, install more and iMessage extensions through the app store
mostly through vendor w w w
animated sticker packs available
yes w
Link previewUnfurling: who downloads the page, the sender, recipient or the server of one or the other
no Downloads sender side before message is sent to Apple yes
yesthe server of the recipient generates it optionally, disabled by default in E2EE rooms w w
yesclient side by sender, can be disabled in settings w
yes w yes w no
yesclient side by sender, can be disabled in settings w
mobile onlyUser setting to generate link preview upon sending.
small embed for link, tapping opens in app browser previewprimarily used for ads
yes w yes w yes
Inline imagesSupported image formats: png, jpeg, gif, webp, avif
yes w w yes yes yes yes yes w small ones w yes yes
yes wmobile
yes yes yes yes w yes
Inline videosSupported video formats: mp4, webm, av1
yes w yes yes yes yes yes no yes yes yes w yes
PollsMultiple choice voting
no no no Potentially available through iMessage extension no yes no
no yes
yes w
Reactionsyes=Various emoji, partial=only upvoting
no no no Few reaction options yes
all common Unicode emojino custom images, custom text in certain clients
no yes w no w no
yes w yes w yes
Read public content without registeringProvides free tasting to look around before committing to install anything or having to remember another pair of credentials
partialonline public mailing list archives
no Must have an apple device to use no no guest participant, room peek preview, static HTML view w w no no w guest participant, room peek preview, static HTML view w w 5 official rooms are bridged w no no no no no w
Multiple devicesIf the same account can be used at the same time from multiple devices, syncing contacts, messages and notifications.
no w yes yes
not yet w wThere's a way to run the same profile on different devices (desktop and mobile) but it requires transfer of the profile through ADB (which by some, may be considered insecure) and only the device which initiated communication receives messages from other party.
yes w yes yes yes "It is still difficult to get reliable chats between different devices." w
Sync through icloudYou can sync messages through iCloud e2ee, however contacts etc. are not e2ee when synced, and the encryption key is included in iCloud backups (not e2ee) of the device if enabled w
yes w yes yes can only have one active device at a time, one number only yes yes yes just paste the private key on each w yes yes no w yes still not functioning properly Only Desktop as secondary device no yes
requires log out and log in, but chat stays in cloud accessable on both devicesw
yes yes as group chat w
Online account replicayes=everything available in the cloud from any device, partial=not all of credentials, profile, settings, contacts or conversations
no w partial
iCloud backup requiredRequires iCloud backup of device which is not e2ee w
yes yes is web based
Multiple accountsIf you can stay logged in with multiple accounts on the same device and application without external isolation techniques
no w yes yes yes yes w yes w yes yes yes w no yes Web tabs, Desktop profiles no yes Unlimited no
partialcould connect via multiple Tor browser instances
yes yes no no no
partialone can run multiple terminal sessions as multiple OS users to have multiple accounts
no no 3 3 no
Application lockingUnlock the account or certain chats with a PIN code, passphrase, fingerprints or facial likeness
Android's screen lock w
passphrase on app startno other type of locking at the moment
Android - custom 4 digit PIN no no Android w iOS w Android's screen lock w Android - custom 4 digit PIN + system fingerprint w Android w Android's screen lock w
yes wNative mobile platform lock.
Android - custom 4 digit PIN + system fingerprint w Android - custom 4 digit PIN + system fingerprint w Android's System Screen Lock, PIN or Biometric w also on desktop, individual chats too w
Remote message removalAlso called redaction or deletion
no no no no no w no no yes by redaction events w within 3 hours w yes partial w no no w no within 3 hours w
yesmobile, in console there's whole history visible e.g. 21:37 a11> ff 21:37 a11> [deleted] ff
no partial w partial w no w yes
Remote message correctionAlso called editing
no no no no no w last message w no no yes yes last message no no yes no only with secret chats (e2ee) disabled no w no
Message expirationAlso called retention time, disappearing/ephemeral/self-destructing messages
Only setting of 7 days possible w no no yes w no no no
Only on voice messages*Message expiration only occurs on voice messages and it is set to either 2 minutes or never by the receiving party, and there is a keep message button (that notifies the sending party "_ kept a voice message")
no yes w
per room, no GUI, not defaultonly through slash-commands in Element, need to enable on each Synapse home server and depending on configuration in each room as well w
yes w no
1:1 secret chats and some media, only on mobileOnly for 1:1 secret chats (not default) on mobile and media in private cloud chats w
no no
up to 28 daysw messages are only moved to the trash by default w
no no
up to 7 days client side, server mirrors for 14 daysdisappearing messages (local) 5 sec - 1 week options, server keeps all messages for 14 days
yes w no retained indefinitely on their servers
1:1 secret chats and some media, only on mobileOnly for 1:1 secret chats (not default) on mobile and media in private cloud chats w
1:1 secret chats and some media, only on mobileOnly for 1:1 secret chats (not default) on mobile and media in private cloud chats w
no w yes w yes
Presence statusWhether it is supported. This can actually be a privacy breach for tinfoil
for groups only contacts w yes yes
1/1 chats show when contact offlineFor 1/1 chats it's not possible to send message when contact offline, when online text input is available. No indication in group chat about members status.
yes no no with performance issues w no w yes yes
yes w- Shows online status of the people you are talking to. - You can define a custom status message to tell others what you are currently up to. - The status message appears next to the usernames in the timeline. - Your server needs to have presence enabled for this to work.
yesStandard IRC protocol status
HS capability no w yes yes yes yes
Presence not mandatoryIf has presence broadcasting, can it be hidden when online
no yes
partialsome optional in Syphon w w Element Android can disable it - w
yes yes w
yesStandard IRC protocol status
partialAndroid can disable it - w
yes w yes w yes w
Typing indicationWhether sending and showing is supported. Mention in the explanation whether it can be disabled and its default state
no can be disabled w no cannot be disabled w Can't be disabled can be disabled yes
yesshowing and sending can be switched off together w
can be disabled w cannot be disabled w can be disabled no can be disabled
does not work on desktopshown and sent by default but can be switched off w
yesshowing and sending can be switched off together w
yes cannot be disabled w cannot be disabled w yes
Read receiptsWhether sending and showing is supported
only delivery receipt w yes w only delivery receipt yes yes no yes yes w yes w yes w yes yes w no yes yes w only delivery receipt (mobile) yes w yes yes w yes w yes
Receipts not mandatoryyes=they can be disabled, note default value
yes w no yes no w yes w yes w no can be hidden on client only can be hidden on client only yes w yes w no w no no
all or nothingYou have to disable read receipts completely and then you wont be able to see other's receipts. Also they are always sent in group chats. w
Themesno=1, partial=2, yes=more - Appearance, dark scheme, night mode, OLED, prefers contrast, reduced motion, color blind, custom base color, large fonts, visual style presets, automatic switching
partial wlight/dark
partial w Light and dark mode with system
yes wlight/dark theme with customizable bubble colors
yes w w wlight, dark, AMOLED, theme colors
yes w wfull customization + Built-in Material Design themes / Telegram X style icons
partial wlight/dark
yes w w wlight, dark, AMOLED, accent color, message bubbles
yes wlight/dark theme with customizable bubble colors
partial wlight/dark
yes wfull customization
yes wfull customization
Vendor can't curate contentno=vendor can influence who can access which content, remove spam and vandalism
yes self-hosting fully self-hosted
Spam protectionIf it gained worldwide adoption
partial wCould result in an increase in network bandwidth which may be intolerable or undesired for many people - especially those on metered connections
standard email filters, hides non-contact w no blocking and reporting w
partialprovided through third-party tools, such as Mjolnir: w
Groups are invite-onlyThe server could implement filtering in the future
proof of work w proof of work,unlimited account ids can be generated almost instantly invite code w
spam checker, limit invitesselect who can add you to group chats w
Account deactivation after device compromiseSolvable with centralized or federated servers or with revocation certificates in P2P.
no yes yes no
partialprobably manually by a revocation certificate and with the help of the mailbox provider
yes yes yes
varioussupport aided w recovery contacts w email, phone number and 2FA recovery keys w
yes w device revocation w with second device or Web or Desktop Only for secondary devices yes Only for secondary devices yes Private key distributed yes yes no yes account ids are random generated 2^128 keys Only for secondary devices no Only for secondary devices Only for secondary devices yes w
Account recovery after device compromiseSolvable with centralized or federated servers or with subkeys, revocation and secret sharing in P2P.
no w no
partialprobably manually by revocation, mailbox provider help, generating new keys and verifying all contacts again
varioussupport aided w recovery contacts w email, phone number and 2FA recovery keys w
no w second device or paper key w with second device or Web or Desktop yes Private key distributed partial w yes accound ids can be recovered with seed phrase, 12 words + 1 check word no no
CPU idleno=Proof of work, partial=sluggish due to Idling too little in foreground or measurable amount of processing in background, yes=otherwise
yes uses Tor browser proof of work w Uses proof of work to combat spam yes
Power savingEnsure that device wakes up as few times as possible, filters and batches events on remote side, no open sockets, delegated peer tracking
IMAP IDLE keeps a socket open
partial offload by OpenDHT proxy wbackground transfers deplete the battery faster noticeably
yesPolling without FCM w w TODO: research
uses Tor browser
Constantly transfers in the backgroundopen groups use polling w
yesPolling without FCM w w TODO: research
Push relay & native pushFetches encrypted content from its own server in response to a push, group chat via unicast w Formerly polling without FCM w Recently own push servers w w
Bandwidth frugalConservation by lazy loading, previews, adaptive detail, incremental sync, fewer round trips, tokenization, batching transfers to improve compression, tweaked key schedule, multicasting hubs
group messages are unicastshould use selective IMAP fetches and compression
transfers constantly in the backgroundaccording to testing by editors
uses Tor browser
nomulticast as unicast w constant peer exchange and buffering for everyone
Constantly transfers a lot in the background36MB/hour in our Desktop test in 2022, open groups use polling w
Push relay & native push, group chat via unicastFetches encrypted content from its own server in response to a push, optimized binary chat protocol w
End-to-end encryptionThis is more important for closed or non-self hosted servers
yes w
XEP-0384 OMEMO walso OpenPGP
XEP-0384 OMEMO walso OpenPGP
Profiles are stored locally on disk and encrypted w yes w
XEP-0384 OMEMO walso OpenPGP
yes w
XEP-0384 OMEMO plugin walso XEP-0373 OpenPGP plugin w
yesw w w
yes w w yes w yes w yes w
XEP-0384 OMEMO walso OpenPGP
no w Only for 1:1 secret chats (not default) w yes w
Tor hidden service hubMITM possible, separate encrypted Tor channels between the server and clients w
some protocols no yes w yes w yes in private conversations and closed groups, no in open groups w yes w yes w w w Only for "Private converstations" (not default) w w
no, but delivery is encryptedSnaps are encrypted in transit and until viewed by recipient, not E2EE
Only for 1:1 secret chats (not default) on mobile w Only for 1:1 secret chats (not default) w yes w yes w default w
E2EE keys shielded from operatorRegardless of this, certain OS vendors might also have access to your keys
yes w
Key included in iCloud backup of deviceThe backups are not client-side encrypted. When you disable backup a new key is generated so Apple doesn't have access to your past messages any more w
yes w w yes w 2^128 generated locally w yes w w yes w yes w
DeniabilityDeny sending a message, repudiability
yes w
now DKIM and received mail headers reduce feasibility
partialTODO: couldn't the server correlate messages of a client?
no yes w no public-key authenticators w
Replay preventionOf third party buffering nodes
noDKIM could already provide all needed information
noTrivial to repeat a message as it's anonymous with chosen display name
yes w nonce accumulation w
Downgrade resistanceMitigation against downgrade attacks
noshould warn when encryption disabled w force E2EE w
Contact list confidentialIf the client never sends over its contact list to the server
yes w not published, but leaks through mail headers w Decentralized, no server.
not published, but leaksleaks through OpenDHT proxy, Jami name server and ICE w w
partialthe whole contact list in your phone is sent over to a server protected by SGX enclaves w w w
yesTODO: Are we sure a server running multiple rooms or clients connecting to multiple rooms aren't able to correlate their peers?
yes w partial
partialthe whole contact list in your phone is sent over to a server protected by SGX enclaves w w w
yes w
noserver likely has a copy at all times and keeps older versions
stored on device, optional address book import w yes w
Metadata protection
yesvia onion routing
yes w
encrypts certain email headers wrecipients and time in the clear
partial wServers know team names, users and roles but not contents of chats. Servers know which KBFS folders are shared with whom, but not private contents w
no no partial w partial yes w no yes w no
Perfect forward secrecy
yes wFrmo Briar room by akwizgran - The part of the briar protocol stack that provides forward secrecy is the transport security protocol, btp, in short, btp provides forward secrecy by rotating the symmetric encryption and authentication keys periodically how often this is done depends on the latency of the transport - keys are rotated more often for low-latency transports like tor, and less often for high-latency transports like removable drives, so that the data has time to arrive before the recipient deletes the key.
1-1 yes w groups no w no w yes w
on ephemeral exploding messages wnot for other messages w
1-on-1 yes, groups partialyes for 1-on-1 conversations. partial for group conversations w
manually w was explicitly removed from Session protocol w yes w only for calls w yes w yes
Security teamyes=regularly scanning for vulnerabilities proactively, found bugs inspected for security implications, partial=reported vulnerabilities promptly fixed and released
yes included as part of the system bugs not categorized based on security impact w partial
partialw bad opsec in 2019 w
lacking security tagging wblog contained advisories between 2004-2017 w
Large bug bounty
third-party w
Reproducible builds yes w Not FOSS no w no w yes w no w Android w iOS, Android w Android w bootstrap daemon w
Audits 2017 w 2019 w no 2018 w crypto library in 2016 w no no w no w
one completed, covered only session protocolnetwork and servers have not been audited w
multiple w not yet w 2020, 2019 w no
Usage without phone number yes yes yes yes depending on mailbox provider yes yes yes yes Requires email attached to Apple ID to be public instead yes yes yes no yes no yes yes w yes yes yes yes Random 2^128 key generated as account id w no yes no no yes yes w Phone number based yes
Transparent financingyes=it is clear how the project can operate indefinitely, no=we know nothing, partial=public statements were made but not convincing
yes w w w grants, funds and Librepay donations w
donations, GNU/EFF in the pastofficial GNU project with EFF funding in the past, PayPal donations w w w
VC, merchandise, freemium, donationw w w w w w w w w w and Bitcoin, Ethereum
partial w
noCouldn't find any donation links, previous sponsorship or how supportive their community is w
complex financial structure with no clear answersnetwork is financed by oxen crypto, financial disclosures haven't been published since 2019 w
individuals: one-time paymentsubscriptions for organizations w and educational institutions w
out of pocketnot currently accepting donations w
cryptocoin backed by VC w w
No-cost tier yes yes yes Only paid content would be third party extensions yes yes yes w yes w yes w yes yes yes yes w yes entirely free platform yes yes no yes w yes yes no w
Payment choicesyes=cryptocurrency or some other anonymous, partial=lots of inexpensive choices
N/A N/A Apple Pay or any payment app with an iMessage extension N/A Open Collective w Monero w N/A N/A none Google Pay, Apple Pay, cryptocurrency w Wire transfer, MasterCard, Visa, PayPal, Bitcoin w N/A
Active developmentyes=developer availability is not a bottleneck for progress, partial=occasional hobby development or basic maintenance work, no=no development or only ensuring it builds
yes yes w yes yes w yes w yes maintenance mode w yes w
partial w wseems to be mostly cherry picking with little own code
yes w yes yes yes w
no release since 2018 wlots of new commits w
yes yes yes yes yes yes yes yes w yes yes
Multi-party developmentno=one-man show, yes=highest level contributors are exchangeable, equal drivers, partial=regular contributions from multiple people
no partial w partial w partial partial partial w yes w w w
nosingle, anonymous person behind it w
yes w yes w
Isolated self-hostingIt can be deployed on-premise in a LAN without internet
SMTP and IMAP w yes no complicated w no no Requires Tor no no no
partial wDirectory and push relay are not self-hostable w
probably needs bootstrappeers can cache and exchange these w w
User can extend network with nodeImproving the scaling of the system and communicate with anyone (i.e., if P2P or federated)
Applicable to group chats only w SMTP and IMAP w yes Proprietary system
many parts self-hostableOpenDHT proxy, bootstrap, TURN, Jami blockchain, Jami name server w
no no no
All networks isolatedA user can either start a separate one or join an existing one
no no yes w no no no no each client is full node w
Identity not controlled by vendorWill the system still work if the developer goes bankrupt
yes yes yes SMTP and IMAP w yes yes no names are optional and stored on a blockchain w w no
Unless using accountvendor also offers various self-hostable or optional services like stickers, bots and bridges
no yes no yes Generated when starting server yes yes partial no
yes wself-hosted servers defined in the apps
no no no no no locally generated w no no
Offlineno=Not useful if disconnected. partial=Only read a few buffered messages or compose new ones. yes=Reboot, add new contacts, past logs, search, cache list of groups or users, settings.
yesw adding contacts must happen within 48 hours, but introductions do not carry a time limit w w
yes w
compose or read recent messages on Mobile/Desktop, no Web startupBuffered messages on Mobile/Desktop, Fluffychat Web lacks offline startup via Web Workers
yes yes w no
compose or read recent Desktop messages, no Web startupBuffered messages on Element Desktop, Element Web lacks offline startup via Web Workers
no Compose or read stored messages compose or read stored messages up to 28 days w
compose or read recent messages on Android/Desktop, no Web startupBuffered messages on SchildiChat Android/Desktop, SchildiChat Web lacks offline startup via Web Workers
yes w Compose or read stored messages not possible add contact Compose or read stored messages Compose or read stored messages Compose or read stored messages
yesTODO: verify and add reference, because it requires many servers to run
buffering, personal proxy w w w Compose or read stored messages yes
Servers requiredList all server software or instance by name that are mandatory to keep this network running or to host it in isolation
Tor w Tor, Cwtch DNS, SMTP, IMAP Matrix homeserver e.g. Synapse, Dendride, Conduit, notifications push via FCM or Unified push DNS, OpenDHT proxy, GCN/Apple push, bootstrap, TURN w Synapse homeserver, notifications push
Signal, Storage, Contact Discovery, Key backup, ICE, ReCAPTCHAw w w w w w w w storage must be hosted within GCP, also used by key backup
Matrix homeserver Tor, OnionShare live nodes on the preloaded list w w IRC server
Torw w
Matrix homeserver e.g. Synapse, Dendride, Conduit, notifications push, Unified push, backround synchronization service session/lokinet onion routing network required w
Signal, Storage, Contact Discovery, Key backup, ICE, ReCAPTCHAw w w w w w w w storage must be hosted within GCP, also used by key backup
Chat, Directory (identity), Media, WebRTC, Web push relay wAPN required on iOS, w
DHT bootstrap nodes and listcould implement automation to gather these and burn into the app w w w
FCMWon't work on LineageOS
Servers optionalList all server software or instance by name that can provide extra features when using this network
jitsi,, w Jami name server w DNS, Element Web app, identity, integrations, ICE, Jitsi w
Google STUN w FCM w w w giphy proxy w w website updates wcan't disable Google STUN or giphy proxy, but should still work if blocked over the network
Google STUN w FCM w w w giphy proxy w wcan't disable Google STUN or giphy proxy, but should still work if blocked over the network
FCM w or Threema Push w w , Threema Safe w DNS
Serverless WAN modeIf communicating over the internet might scale without (a vast amount of) dedicated servers, i.e. by supernode promotion and DHT
no no Requires Tor SMTP is usually blocked no
only data traffic is P2P(TODO: with IP and SIP?) w
no no no no Requires Tor
can preload a node list wthere is no automated mechanism for updating or spreading this preload list with the client
no no w no no
needs implementationLAN mode? w peers can cache and exchange peers, but would need a distributed crawler and burn the list into the app w w
Serverless LAN modeIf you can communicate without an internet connection and a server
yes w
noXEP-0174 unimplemented in Conversations w
noXEP-0174 unimplemented w
Requires Tor
nomight be feasible in the future
noXEP-0174 unimplemented w
yesXEP-0174 w w w
no w no no no
noXEP-0174 unimplemented w w
Requires Tor
via Bonjour prplXEP-0174 w w w w
no no w no no maybe w DHT generally needs WAN IP w no yes w w
Network store and forwardYou can compose messages to your peer even if the two of you aren't online at the same time
if server and contact client support XEP-0313 MAM if server and contact client support XEP-0313 MAM yes w no w w no yes yes if server and contact client support XEP-0313 MAM No chat log w up to 2 days w messages are stored on session servers for 14 days w yes yes yes no w
Wireless modeBuilt-in support for peering with nearby nodes over ISM wireless either to sync or as part of a mesh
Bluetooth w no no no no w no no no no w no w no no no w
IP shielded from peers not for STUN calls not for STUN calls via Tor usually not, depends on provider w Not during calls if you enable WebRTC
unsure, FaceTime may use STUNw w
not over ICEcalls and file transfers reveal the IP w w
not when using Jitsi, Zoom, Google meetings Not during calls if you enable WebRTC
not by defaultcan set to always relay calls, otherwise shares IP with outgoing calls and contacts w w w
not for STUN calls via Tor Not during calls if you enable WebRTC
onion requests in private, group server operators, voice calls and video calls are p2pprivate conversations and closed groups are sent using onion requests, open groups are possibly visible by open group server operators, voice calls and video calls are p2p and ips are visible by all users, attachments, pictures, videos, files, etc. are not onion routed and are sent directly to and stored on session owned servers, avatars and user display names are possibly still uploaded directly to and stored on session owned servers, github contacted directly during account setup and when app checks for updates w
not by defaultcan set to always relay calls, otherwise shares IP with outgoing calls and contacts w w w
yes w w not if STUN calls are enabled w
p2p, not by defaultTox ID resolved through onion routing, Tor optional w
Not during STUN calls
Proxy supportHTTP, Tor, SOCKS5
HTTP, SOCKS5command line client supports Tor w
yes, through CLI argumentshould have a GUI setting w TODO auth w
Third party clientsyes=Multiple full featured clients available, no=Terms of service prohibits access to vendor operated network
no alternative client
SMTP and IMAPinteroperates with any email client, E2EE uses AutoCrypt w
no no alternative client proof of concept TUI client based on Keybase CLI exists w Open API available w yes w yes no alternative client no alternative client no w w w yes yes
openMittsu wIt is "tolerated" as of now
yes w banned w yes w no alternative client
Bots availableno=banned, yes=several available possibly from a built-in gallery
yes w yes w yes w yes w yes w yes w yes w yes w yes w yes w yes w yes w w yes w
yes wand many more for other protocols
yes w
partial w wfew examples so far
yes w w yes w w yes w
User addonsApps, widgets, integrations by third party developers or users themselves
Install through app storew
as bots w yes w
Hosted bots and addonsOptionally provided so that a user need not maintain a separate server
Tor access of vendor operated networkyes=Without involving Tor exit nodes, no=Tor exit nodes blocked, partial=otherwise
N/Auses Tor connection to peers
routing and connections
N/Adepends on provider
CLI wthe website also has an onion address
via Orbot w fully self-hosted
N/Auses Tor connection to peers
yes w session/lokinet were designed to be non-compatible with tor yes w yes w
IPv6 access of vendor operated networkStill green if only registration is limited to IPv4
N/Adepends on provider
no w fully self-hosted yes session is not currently compatible with ipv6, may be in future
Vendor operated network inaccessible from countriesIf it is illegal or blocked here or if the vendor prohibits usage or its infrastructure blocks users from here. Encryption itself is outlawed in many countries, do not list these.
N/Adepends on provider
China w
some countries attempt to censor Torbridges are available
possibly China is blocking access to Session and Lokinet many and changing w
Vendor legal entity kindIndividual, entrepreneur, non-profit company, single-person for-profit, multi-party for-profit
companyZoom Inc. w
For-profit PLC w anonymous individual team of voluntary developers w non-profit company person
Transparency reports yes w w no
Vendor jurisdiction canada w w Germany w USA Canada with two offices in France
USCalifornia w
UK with subsidiaries in France & US anonymous
various countriesincluding Italy, Germany, USA and more w
Australiacomplicated 5 eyes jurisdiction with many anti-privacy and anti-encryption laws w
USA w USA w Switzerland
USA and Cayman Islands offshorexx cMix privacy layer in Los Angeles w
Infrastructure jurisdiction global Tor onion routed network
N/Adepends on provider
Canada US Netherlands & Sweden, various for EMS w USA fully self-hosted
globalTor onion routed network
Australia w USA Switzerland
Infrastructure provider Tor onion routed network
N/Adepends on provider
Amazon AWSw
Savoir-faire Linux (default) Amazon AWS AWS, Cloudflare
Signal at presentAmazon w w GCP (BigTable w ) Fastly w
fully self-hosted
Toronion routed network
Hetzner and OVH, distributed Lokinetsession owned servers are primarily hetzner and ovh, lokinet servers are distributed worldwide in multiple countries and with various isps
Amazon w w GCP (BigTable w ) Fastly w a colocation data center w
Good ToSDR gradeyes=A,B, partial=C,D, no=E,F
A w
B w A w B w B w E w E w B w E w
First releaseyes=mature, large masses have tested it for years, no=only released recently
2018-05-09 w 2022-03-15 w 2014-03-24 w 2021-06-25 w 2017 w w
2020-01-29w initial commit 2017-03-02 w
2004-05-21 w v0.7.0 2022-04-23 w 2004-12-22 (as SFLphone) w 2015-11-06 w 2014-08-12 w w Feb 24, 2020 w 2005-09-02 w 2020-04-03? w 2015-05-19 w 1998-12-31 (as Gaim) w 2012 w w 2008-08-27 w 2022-01-25 w 2019-07-11 w 2020-02-06 w 2014-07-29 w 2021-05-02 w 2003-08-29 w 2011-10-29 originally named “Picaboo” 2013-08-14 w 2017-04-18? w 2012-12 w 2013 w 2019-11-05 w
Public issue trackerWhether outstanding bugs can be viewed by the public. partial=approximated via forum
yes w w yes w yes w yes w yes w w w yes w yes w yes w yes w yes w yes w yes w yes w w w yes w yes w yes w yes w yes w yes w yes w yes w yes w w yes w yes w w yes w w w yes w w w yes w only in-app reporting via "shake to report" w yes w web only w yes w w w yes w w w w w
Support teamyes=Dedicated, friendly, sufficient compared to user base
friendly but few
community wits own forum is offline
No past DDoSno=denial of service happened against vendor operated network
partialThe Cwtch application utilizes Tor which has been subject to much stress in the past.
DoS using the API for Android and iOS w
No past client vulnerabilitiesno=security exploits in client or server side
issue query w
yes wexploitation requires full device compromise, bad actor requires password
2019 w 2021 w 2012 w 2021 w not exploited in the wild w w w w
yesnone published since forking from Signal
2004-2017 w remote execution w not exploited in the wild w w
noremote listening w surreptitious sharing w
surreptitious sharing w
many privacy-related hacksw
nosurreptitious sharing w w RCE w
surreptitious sharing w no w no w
No past server vulnerabilitiesno=exploits in self-hostable server or data leaks by vendor
no w w no w no w
No past financing hiccupsno=development can intermittently stop due to lack of funds
Ethical financing in the pastno=tax evasion
yes w Stripe cryptocurrency, A16Z VC w
Ethical business in the pastno=anti-trust investigations, bribes, hurting customers in other way
No past conflicts of interestno=shady ownership changes, investor may benefit from breaching privacy or project failure
No past privacy glitchesno=uncovered cases when vendor secretly exploited user data
yes no w
now group chat preview leak w
noZoom iOS w attorney w privacy w

Please review your changes below

Note that it will get lost if you reload this page! You need to copy & paste this manually to share your changes.

You may either open a pull/merge request on GitLab, GitHub or Codeberg or send this snippet over in the Matrix chat room so one of our committers can do that for you.

About the project

We need your support

Please help us fill in the gaps, or contribute new columns or rows to the table. We have a wishlist in order of priority, but you are welcome to contribute whatever interests you.

Chat with us on Matrix:


Copyright © 2022 bkil & contributors









SecuChart: Comprehensive and interactive software comparison


SecuChart interactive messenger comparison


Competition: types

Competition takeaway: mobile friendliness

Competition: takeaways

Competition: IM, DSNS, VoIP, messaging on Wikipedia

Competition: Wikipedia takeaway


Competition: Messenger-Matrix



Competition: SecureChatGuide

Competition: dessalines docs

Competition: Berty advertising FAQ

Competition: freie-messenger

Competition: Threema advertising FAQ

Competition: eylenburg

Competition: SignalUsers fans wiki

Competition: JayXT

Q: Can you add messenger "A", etc.?
Each new messenger will add one more column, which will make mobile table browsing experience worse. Presence of more than five messengers will noticably deteriorate desktop browsing experience.

Competition: Wiki of Tox clients

Competition: Matrix clients

Competition: PrivacyGuides

Competition: DivestOS

The only tabular one that is usable on mobile!

Competition: SecuShare

Competition: bitmessage wiki

Competition: PrivacyTests browsers

Competition: digdeeper browsers

Competition: acz shadow browsers

References: Motivation

References: Sources

Features: Property and value details

Features: Dark mode

Features: High contrast

Features: Restricted item comparison

Features: Permalink

Features: Item category filter

Features: Sticky headers

Features: Mobile friendly

Features: Abbreviated mode overview

Features: Abbreviated mode hover

Features: Transposed table

Features: Property-judgment mapping

Features: Persona

Features: FOSS persona

Features: Tinfoil persona

Features: Layperson persona

Features: Crowd persona

Features: Other suggested persona

Features: Documentation

Documentation: Rendering of gemini, markdown

Also looks good enough on GitLab as markdown:

Documentation: Messenger analysis pages

Features: Edit via JavaScript

JavaScript editor: motivation

JavaScript editor: edit widget

JavaScript editor: review mode

JavaScript editor: view mode

Implementation: Property syntax

CSV columns:

Implementation: Item syntax

CSV columns:

Implementation: Command line helpers

Implementation: Fixed HTML template

Implementation: Fixed styles

Implementation: Generated HTML input fields

Implementation: Generated table

Implementation: Generated styles

Implementation: Abbreviated mode

Implementation: GitLab CI

Future: Item scoring

Future: Item ranking, tiers

Future: Rewrite in faster language

Future: git API JavaScript editor

Future: Data caching via JavaScript

Future: Pro & con view

Future: Property subset comparison

Future: SCSS rewrite

Future: Start evaluating remaining messengers

Future: Generalize for other comparisons



Where to link

Upload upstream

The picture should ideally be lossless PNG or WEBP. Keep it small by not showing much true color content if possible.

You should ideally submit a pull request in the repository of the respective software if you need to add a screenshot. It could reach their website and their app stores as well.

Wikimedia Commons (Wikipedia):




(on demand: Codeberg)

Placeholder assets

If you would like to show mock user generated content on the screen within discussions, it is best to choose public domain material:

Ideas for the interface design

Items missing

Some of these may be investigated in the future by volunteers. Others may be added to a list that list legacy or scam alternatives or may be discounted.

Properties missing

Here are some ideas regarding new aspects to research, feel free to factor these to atomic property definitions or suggest more:

Properties disqualified

Here are some properties we have investigated and deemed redundant or to not be worth our time (at least while the rest of the table is empty):

The Fediverse vs. Matrix network

Aims of The Fediverse

Aims of Matrix

Social networking services

Fediverse is SNS

Matrix is not SNS


Bootstrapping is a critical problem with any similar project. IPFS ships with a hardcoded list of servers:

They are probably financed and operated by the project owners. Such a VPS usually costs quite a lot of money, but I haven't checked the exact specs.

The documentation does list the IPv4 address of one node, but refers to most through a domain name. The (single) domain name is probably hardcoded in many places and they also have to pay for that and operate a name resolver as well, increasing the number of bottlenecks from 1 to 3:

Most of the world might have trouble reaching IPFS because it is not very good with traversing NAT:

The workarounds might be good enough for those fortunate enough to be able to forward ports, but those could already just as well run a normal FTP/SFTP/Synching/rsync server for the same effort.

It probably solves various problems pretty well, like synchronization between your data centers or creating virtual clouds this way, but it is hardly what will solve the problem of decentralizing computation to the hardware of users if it gained worldwide traction.

Comparing BitTorrent, IPFS, Secure Scuttlebutt and Hypercore (Dat)

PC vs. smartphone threat level

PC advantages

A PC is a platform where:

Google Play

Drawbacks (compared to F-droid):

Google advantages:

Former mobile exploits

If you are using an out of date version of a mobile OS, because perhaps the vendor did not produce as update for you, you may still be affected by some of these.

2016 Surreptitious Sharing

This could also be interpreted as a flaw within each vulnerable application itself as well.

‘Surreptitious Sharing’ Android API Flaw Leaks Data, Private Keys: vulnerability in messaging apps [using the API] like Skype and perhaps Signal, and Telegram, that could lead to privilege escalation and data loss, including private keys. The attackers were able to get Threema, and another encrypted messaging app, Signal, to share its database as an audio recording. The researchers claim they were able to retrieve the file, save it, and open it as a database file. The two claim Signal was vulnerable – chiefly because of the way it processed the file – and crashed for them on each start.

2017 Broadcom wifi over the air

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)
Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
In this blog post we’ll complete our goal of achieving remote kernel code execution on the iPhone 7, by means of Wi-Fi communication alone.
Posted by Gal Beniamini, Project Zero


Kryptowire Identifies Security and Privacy Vulnerability in Mobile Device Chipset from China [...] allows malicious actors to take control over user data and device functionality.
found a vulnerability which can be used to disrupt the device’s radio communication through a malformed packet.

Security guides

Protecting yourself:

Helping how to define your own "threat model":


Legality of third party clients

TL;DR Their servers = their rules


If you (=the user) use the telecommunication service (=the service) provided by a given legal entity or natural person (=the provider), a legal contract is made between the user and the provider.

Courts accept various forms of consent when agreeing to a contract:

The provider has legal basis for restricting in what ways the user may access the service.

Benefits of restricting access method

No further elaboration would be needed, but let me share a few technical insights into why it is desirable for the provider to restrict alternative access methods (e.g., a third party client):


Let's first clear up some common questions. How decentralized is Tor? Is it serverless? Can it continue to operate when its principal vendor loses interest? Can it stay operational without any financing at all?

If you use Tor or the app you sue under the hood, it first connects to 10 servers called "Directory authority nodes" to get a node list. Their IP address are hard coded in the application.

It then discovers the address of manually operated relay servers from the public Tor directory and attempts to connect to some of those.

If you are using proxies or bridges, you are using even more intermediate servers:

If your destination lies outside the Tor network, you will also have to discover and utilize exit relays.

The general latency, low offered bandwidth and the constant changing of the network topology also makes supporting voice/video calls unfeasible.


Was threat actor KAX17 de-anonymizing the Tor network?
Thirteen Years of Tor Attacks


Using VPN services



It is possible to detect and block Tor/VPN users either by the target website or the ISP.

If you intersperse your clearnet vs. Tor/VPN access patterns, one with a bird's eye view can actually correlate it pretty easily (i.e., state actors and funded malicious organizations). If you are using certain sites for longer stretches or even register on some, this can even be achieved purely with local inference.

You place ultimate trust in what a VPN provider says because there is no way to verify it, except after the fact if they were exploited. You can't influence whether they use encryption or turn off logging for example.

In case of going through a VPN, your local ISP can still log the timing & size metadata of packets (along with DNS, NTP and other leaking things if not set up correctly on any of your nodes). The ISP of the VPN provider can also log (and MITM) everything that could have been logged in the first place.

At least with your local ISP, you have a signed contract and you kind of know who they are (usually a local company), whereas in case of a VPN provider, they are almost always the NSA. You also support the local economy by using local services instead of foreign ones.



No, seriously, don’t. You’re probably reading this because you’ve asked what VPN service to use, and this is the answer.


VPN servers seized by Ukrainian authorities weren’t encrypted
On the disk of those two servers was an OpenVPN server certificate and its private key [...] the company also uses data compression to improve network performance. [...] an attack known as Voracle, [...] uses clues left behind in compression to decrypt data protected by OpenVPN-based VPNs


How Data Brokers Sell Access to the Backbone of the Internet.
ISPs are quietly distributing "netflow" data that can, among other things, trace traffic through VPNs.


The at least until recently CIO of big VPN ExpressVPN is one of the three former U.S. intelligence operatives who agreed today not to fight charges they illegally helped UAE hack people. Kind of makes you think.


New research reveals Surfshark, TurboVPN, VyprVPN are installing risky root certificates - TechRadar
Security design flaw paves the way for surveillance or man-in-the-middle attacks

E2EE security guarantees of web apps vs. desktop apps


Beware that this whole article is work in progress with parts missing, parts needing rewording and parts needing integration from uncommitted local changes!

Encrypted mailbox providers

A disclaimer is justified for so called "encrypted mailbox providers" in general. Emails are routed basically as clear text around the world and can also be assumed to be stored as such on most nodes. It does not enhance your privacy guarantees sufficiently if the online mailbox provider promises to encrypt individual emails before storing them. Such providers have confessed to opting to deactivate their protections multiple times in the past.

Failure to generalize

Various articles attempt to generalize this claim and phrase it as if web browser based applications lacked certain security guarantees or as if theoretical basis precluded us from developing secure web apps. Let's try to investigate these claims in detail.

Do not use webapps in zero-trust designs

Stealthily switching the frontend

Let's assume that all else is equal: both the desktop app and the web app are FOSS.

A common claim is that the vendor could alter the code for the interface any day without the user having control or even noticing.

App distribution platforms

It is commonly mentioned that installing software from reputable third party distribution channels independent from the software vendor should guarantee accountability. Examples include the package manager of the Linux distribution or the Windows Store.

Web app distribution platforms also exist of equivalent functionality, such as the Chrome browser market, typically promoted for web extensions or userscripts.

Vendor hosted software

In certain cases, people install apps from software repositories controlled by the software vendor or a party not affiliated with the OS vendor, such as:

The security guarantees are all similar in the above cases. In an arrangement so called "TOFU" (trust on first use), the user verifies the fingerprint of the repository, website or the initial download and does a cross check on it to make sure it is authentic. Afterwards, assuming it is a FOSS reproducible build and has been reviewed, certain blatant intentional backdoors could be dismissed, assuming the check of signatures is implemented properly during updating.

Bait and switch

An automated mechanism set up on our device usually checks for and installs software updates found in the vendor repository, especially if it is marked as a security fix. Such checks may happen daily.

The vendor has in most of these cases a means to provide packages with different content to certain targeted subsets of users in a "bait and switch" scheme and possibly switch it back afterwards before detection.

This would apply to any platform, including web, desktop and native mobile apps that support daily updating through its own servers or stores.

Desktop app trust

When inspecting onboarding workflows at a big tech company in the knows, I have seen how many third party (mostly FOSS) stuff one needs to install on a Windows or Apple computer by hand by visiting dozens of websites, clicking download, install, next, next... This includes Homebrew, but most things were not available from there. Assume a dozen other things were needed as well as a daily driver. This was part of an initial setup process of individuals entrusted with management of their gear. On Linux set up just for secretaries without admin privileges, the sysadmin would surely just clone an image on all hardware and be done with it.

As you visit these dozens of websites to download your installers, you are initiating TOFU (trust on first use). It assumes the same level of trust as installing ("visiting") a modern web app built on a Service Worker from the same domain. The alternative to TOFU would be to meet the developer in person or exchanged a business card containing a QR code with their certificate.

Incidentally, I have seen another company where these exact same installers were already downloaded by an sysadmin and supplied over a local network share. However, it provides little help

With most Linux distributions, if you aren't looking for some very specialized tool or a trunk version of something, you could get away with just installing everything from the official package manager. This places all trust on your distribution, so it is a different scenario, but not all people have this luxury depending on their occupation.

HTML email

HTML markup in email is severely restricted since the last decades. They can't run JavaScript. It can't even apply most parts of HTML or CSS freely either, but only a strict subset that varies by client.


They mention some simple workarounds except Service Workers.

It is possible to implement a FOSS webapp which

A webapp can be implemented in a way so as that the offline part (for example, within a Service Worker) is only ran once, and only pulls in additional resources using SRI or after checking their cryptographic signature (in case of updates). This places trust equivalent to installing a desktop software package from the website of a vendor. The same could have been implemented in various other (more twisted) ways even decades ago, but I better not go into that here.

Web (-Browser based) Apps, especially if FOSS and engineered from the grounds up for offline use via Service Workers, are for most intents and purposes isomorphic to non-browser based apps. It's just another containerization technology and runtime.

It is equivalent to saying that the software vendor of the mobile app or desktop app is untrusted in the exactly same way, along with its update mechanism.

At the same time, nothing keeps you from self-hosting the web apps you use either on a trusted server or even on localhost and review all code changes before running them.

It is unfortunate that very few good and complicated webapps are FOSS or support separation of frontend & backend properly. Being able to self-host Element Web while using an outside Synapse is a rare pattern.


Programming errors occur frequently in native apps as well (be it email or other messengers) - it is not tied to E2EE web apps. I.e., RetroShare also had a critical remote code execution just recently and it is written in C++ (a language with manual memory management), not JavaScript.

Protonmail XSS

Compose a email to any protonmaail user with Subject:
#"><img src=x onerror=prompt(1);>

Send email to victim
How to accidentally find a XSS in ProtonMail iOS app
$body = "<html><head>"

$body += "<title>test</title></head>"

$body += "test`">`'><i>I</script><script>alert(1)</script>testscript</i>"

$body += "</body></html>"`

And neither one was HTML email - they were just plain text!

Vid shows how to easily hack 'anti-spy' webmail (sorry, ProtonMail)
Filtering evil JavaScript is tricky if you're encrypting in the browser

Serverless P2P messengers


"P2P" is ill defined, thus we discuss its conflicting meanings separately:


E2EE in public rooms

Why should you not enable E2EE in public rooms? Some of these reasons are specific to the current implementation of Matrix servers and clients, while others are more general in nature.

Dedicated hardware communication solutions

Main article:

Use cases

Such projects advertise many use cases that would otherwise be better served with another technology.

Coordination between emergency responders

Informing the public during disasters

A disaster struck area requests assistance

Between civilians during disasters

For high density and short range use (a few hundred meters), see:

Disaster victims requesting assistance


Existing alternatives:

See also:




As a better alternative, licensed hardware amateurs with the required radio operator skills within each local community could bridge longer distances:

They could keep in touch with the local community using messengers supporting unlicensed wireless ad-hoc mesh, delay tolerant networking or 1-on-1 syncing using standard hardware.

Their position and contacts could be shared on an offline map.

LAN messengers

Main article:


User story

Hosting servers within a LAN or building small meshes could still make sense, for example in the context of a large housing complex or even a dense village district. If everyone within a 500m range has the same power source, you could mind as well assume that they could either all have LAN or neither of you would. And at least you could play LAN games with your neighbors, along with syncing your mobile DTN mirrors especially if you study at work at different places.

PAN messengers via mesh and delay tolerant networking

Main article:

Direct connection

You only have a direct connection between two clients if they are:


Physical layer


LoRa is not very spectral efficient given high density


A mesh necessitates having a certain amount of nodes online to maintain a spanning tree. This will be problematic when power & communications links go down in certain towns.

On the other hand, if you focused more on gossip & opportunistic replication and building F2F based on real world web of trust, information could spread much better. This is something that every network gets wrong that is developed in the first world as a "hobby" (or via grant, VC, crowdfunding, etc).

Avian carriers

This started as a joke, but pigeons can actually be thought to complete two round trips per day autonomously by placing their food up to 160 km away from their nest.

If coupled with either low tech monitoring of their arrival or wireless sync and charging and a constant and planned stream of backup birds and hardware, it could provide a commercially viable decentralized alternative to erecting and maintaining expensive relay sites over long distances.

Crowdsourced citizen science WAN messengers

It would be feasible to implement a hybrid P2P/F2F system where as much roles would be delegated to supernodes and friends as possible and the only remaining duty of the central server would be to sign new releases & the peer database pyramid before they get injected to the P2P storage network. I postulate that you could serve the whole world from even a VPS costing a few dollars (or a free PaaS even) if implemented right.

Parent article:



Why not fix an existing solution

As an empirical data point about such a development project, consider how Torrent was adapted to WebRTC as WebTorrent. It is a use case that was much more desirable for users. PeerTube is also built on top of it. However:

Now consider doing something like this to another well known protocol, like Tor, I2P, Freenet, GNUnet, Secure Scuttlebutt or Dat.

Some of the privacy-focused overlay routing networks also provide too low bandwidth, too high latency, setup latency or regular circuit switching to be comfortable for live voice & video calling and many use cases for screen sharing. See also:

Peer exchange

Basically what would be a big win if the application was continuously updated within its distribution media (either daily within the app market or possibly minute by minute if you download the package from its own web site or repository). It's just a CSV that needs to be updated (and resigned) within the bundle.

For example, as the package for pybitmessages hasn't seen an update since 2018 (and most similar apps are rarely updated more than once every few months and usually manually), such a dynamic list would not work except for listing the mostly-on nodes possibly added manually (that incidentally Tox is also doing, but they admit that it's not enough). CI/CD has been a thing for decades now, so it's kind of appalling to see that few FOSS projects are doing it to this day.

See the Peer Exchange BitTorrent extension:

Peer discovery

It might be feasible to infrequently scan neighboring IPs for possible peers on well known ports. Many ISPs already assign IP ranges in a kind of cartographic locality, so it would provide low latency paths automatically if you scanned in increasing distance from your own WAN IP (and/or its "aliases" over the virtual allocation range). This would only be feasible if a sizable proportion of the population would have it installed, let's say 1%, otherwise it's considered spamming.

See the Local Service Discovery BitTorrent extension:

Rendezvous server

A rendezvous server helps peers find each other by exchanging introductions, facilitating peer event signalling or hosting pointer invitations. It should be publicly reachable. It need not be a full blown complicated peer node itself.

A mostly static web server with a few lines of PHP or CGI could suffice. You could substitute various preexisting technologies, for example public DNS records (or even free dynamic DNS), git repository, static web hosting of each member that can be updated through an API.

A custom rendezvous server could also be replaced by a bot connecting to some other popular available server, whatever is common within a given community: a mailing list, forum, matrix chat, bulletin board, whatever you and at least some of your friends already have access to. Lacking that, you could sometimes even run a tiny dedicated server piggybacked onto some other system, as in:

See also the Holepunch BitTorrent extension:

Friend-to-Friend topology

Existing messengers advertised as P2P always use a supporting underlying network of dedicated servers that are pretty expensive to maintain, hence why 90% of the new alternatives that pop up always involve a cryptocurrency for monetization.

F2F would be an alternative as a way for users to maintain reputation among each other and to refrain from committing abuse without consequences.

Consider that if you only ever link to your friends directly and you trust them, metadata collection (it terms of keeping logs or deleting expired or retracted messages according to gentleman's agreement) wouldn't be an issue at all.

It could be useful for:

NAT traversal

In the framework of WebRTC/ICE, STUN & TURN are used together, because STUN itself can only connect a subset of nodes (up to 90%, but it's much worse among mobiles). And bandwidth (CPU?) costs at TURN relays can be quite significant, hence why it is a central point of failure.

But nothing would keep a hypothetical real P2P network from building up a spanning tree via F2F to forward packets and distribute routes among static volunteers and/or dynamically established pairs. And STUN/TURN is kind of an anonymous, stateless service. With global deployment, it needs either funding, or credentials to access it and/or F2F authorization. It also requires an independent signalling path via which you forward peer invites, and that is also usually some kind of central server on presently implemented systems.

Skype did it decades ago with automatic super node promotion, but I have yet to find another messenger (or data sync or social networking service solution) that is capable of anything like that.

The basic design flaw of many messengers is that the only way to reach users who are not publicly routable is through relays, and only a few nodes are TCP relays (optional setting) a lot like if it went over TURN. Rather, this should be the default (and detected during runtime even), and it should be modelled after ICE - select between STUN alternatives and only resort back to something like TURN if there is no solution otherwise. This would reduce the load on relays tenfold at least.

Store and forward buffering

I think solving store & forward in a decentralized system is best done through a friend-to-friend topology. I.e., not only your own devices store your messages, but also some owned by your circles. And having to run a separate 24/7 mailbox/relay hardware peripheral isn't going to cut it either (what about e-waste and wasting power - see why shared hosting is the best for the world)

External overviews

External comparison charts

See the following for sources of inspiration (copying is not allowed except the license-compatible Wikipedia and we need references to each cell value anyway)




The project closed down in 2019.


A look at how private messengers handle key changes



Remarks about code quality and comment thread.

Berty Messenger for iOS and Android - Zero Trust Open Source Peer-to-Peer Messenger based on IPFS protocol



2021-12-13 editors!$u2PJQHTfmHPkmfJgcGyDXni2CntFJazLa0SsP1tE3P0?

I am not online all the time, I only connect some times, receive all the messages maybe reply some and go offline again, to save battery and mobile data (btw, briar is heavy for battery and mobile data so I was not even able to have it running all the time, it was draining my data plan) other contacts that are in my same situation will not be online all the time so the chance we are both online at the same time is low, but anyway none of my contacts use Briar, they delete it immediately pretty scared and annoyed "hey!!! that crap drained my data plan!!!)

2022-02-13 editors!$JOnO6qLcSoTTckauS1uikNaNBRlM6erZu8A6vuGhEZo?

Do Briar and Jami use a lot of background/idle data?
like hell, I had to uninstall them


User tests

2022-03-03 editors!$MdrDM3MKJWsarcoIbuB5CYup9ob1g5jaIiT3Y6uzgHo?

I have restarted the app, now I see you
Cwrch is not stable and hard to work with. For p2p, briar and anonymous messenger are more stable for me.
Your last messages on Cwtch didn't arrive for me, it is really unstable

2022-03-14 editors!$YIXmx5pG45YG4TR_5Bm0PYDtYvCs8Xjo5jg79awSwKA?

I can only confirm what was said on 2022-03-03. Tested two phones + desktop. Pairing them together was quite a nightmare. After pairing, some messages never arrived. Or got notifications, but no messages delivered. Group was possible to create from desktop only (not sure why), but I could invite mobile clients, which was another pita experience. Only one of the mobiles eventually joined group and a day later was able to finally exchange some group messages.





Apple iMessage


FBI Document Says the Feds Can Get Your WhatsApp Data - in Real Time
A previously unreported FBI document obtained by Rolling Stone reveals that "private" messaging apps WhatsApp and iMessage are deeply vulnerable to law-enforcement searches
FaceTime Privacy & security guide



2021-11-06 editors!$82MDgkimqTXA7o66AHW3uTu1t-DxM9n80ZpRsrbtYBk?

Well, despite I like Jami, it has flaws. Not syncing messages, draining your battery, etc etc.

2022-02-13 editors!$JOnO6qLcSoTTckauS1uikNaNBRlM6erZu8A6vuGhEZo?

Do Briar and Jami use a lot of background/idle data?
like hell, I had to uninstall them

Jericho Comms secure group chat program using one-time pads

Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin - John von Neumann

I see that it uses file image data or freshly taken pictures as its source of random numbers:

This uses the underlying thermal noise of a CMOS sensor, however its weakness lies in that it does not account for biases due to defects in the sensor or dust, and an even bigger issue is image enhancement artifacts introduced by post processing of the camera driver or firmware and that the demosaicing algorithms themselves introduce elaborate correlation within the bits (i.e, to interpolate the missing information).

It falls back to Salsa20 on failure:

After scrolling through the source, I say that it is mostly well engineered. However, it contains tens of thousands of lines of code and additional external algorithms. Reviewing that is not implausible for a dedicated researcher given a weekend, but this would not be sufficient for a careful review. Doing that would be awkward because its test coverage and modularization is not that great in that aspect. And based on the sheer number of lines, I would bet that it has quite a number of technical flaws.

And then it also misses the opportunity to use more modern technologies (like Haxe, TypeScript and SCSS).

Overall, this project also just reiterates what we know of OTP vs. stretching based encryption: OTP is theoretically superior, but managing and communicating the huge key material itself is awkward _(all the extra chores to authenticate the key material in the database is just unproductive for example)_. Compare this to just a few lines of code to use the Web Crypto API or some other well known built-in encryption primitive:




Feature support of various clients

E2EE in public rooms

This section was migrated to #public_room_e2ee


Megolm group ratchet: Partial Forward Secrecy
XMPP with OMEMO is similar to Matrix MEGOLM for E2EE
Why are large public rooms not encrypted?


We should not copy & paste each and every blog post they broadcast, but may want to link to things that are frequently asked.

Are We P2P Yet?


Matrix metadata leaks
Matrix? No, thanks.
Privacy research on
Notes on privacy and data collection of

Reasoning Why Disroot went back to XMPP in 2018:

Matrix Closure
Matrix notes - anarcat


German states of Schleswig-Holstein and Hamburg deploy a Matrix-based solution for 500,000 users across public offices and education
Bundeswehr developed Bwmessenger, a chat service that’s built on Matrix’s software, and 50,000 from the force are now using the service.
What are XMPP and Matrix and what makes them special?
XMPP vs. Matrix
Ein Fehler in der Matrix (German lawyer regarding GDPR compliance)

Protocol utilization

Populus-Viewer is a tool for decentralized social annotation, built on pdfjs, wavesurfer.js and the Matrix protocol. You can use it to read PDFs, listen to audio, or watch videos, and have rich discussions in the margins, with your friends, classmates, or scholarly collaborators.
A privacy focused social media based on Matrix
Matrix-CRDT enables you to use Matrix as a backend for distributed, real-time collaborative web applications that sync automatically. The MatrixProvider is a sync provider for Yjs, a proven, high performance CRDT implementation.


2014-08-12 Synapse server v0.1 with integrated webclient (+48k SLOC imported from unknown source):

It debuted with a `Twisted>=14.0.0` dependency that was released on 2014-05-12

2014-09-03 Public announcement:

2014-09-30 Riot Android SDK:

2015-06-02 Riot Android, probably forked from the Android SDK (+14k SLOC imported)

2015-06-09 Riot Web (React JS SDK):

2016-06-09 Vector (Android)


2018-01-29 $5M investment by Jarrad Hope's Status:

to expand its team significantly over the course of 2018 and continue development of both the Matrix protocol and improving the client
create a bridge between Matrix and Whisper — Ethereum’s own real-time communication protocol — and allow Status dApps to be integrated as widgets within It also allows the Status Network token to be used, enabling cryptocurrency payment mechanisms in
Status migrated its community from Slack to last year,

2019-10-10 $8.5M investment by Notion Capital, Dawn Capital and European seed fund Firstminute Capital:

improving the user experience in Riot for the app to be, as Hodgson puts it, “properly mainstream” — aka: “a genuine alternative to WhatsApp and Slack for groups who need secure communication which is entirely within their control, rather than run by Facebook or Slack”.
they’ll be turning on end-to-end encryption by default for all private conversations.
building out their flagship Matrix hosting platform ( and building it into Riot — “so that groups of users can easily hop onto their own self-sovereign servers”.
they intend to work on combating abuse [...] the question of how you moderate hateful communications could easily get overlooked.

2020-05-21 $5M investment by Automattic (

Automattic just opened up a role for a Integrations Engineer
we should expect to see Automattic’s communities migrating over to Matrix in the coming months
Imagine if every WP site automatically came with its own Matrix room or community?
Imagine if all content in WP automatically was published into Matrix as well as the Web?
Imagine there was an excellent Matrix client available as a WordPress plugin for embedding realtime chat into your site?
Imagine if Tumblr became decentralised!?

2021-07-27 $30M investment by Protocol Labs and Metaplanet (Jaan Tallinn of Skype and Kazaa):

transforming the Element app
finish building out P2P Matrix and get it live (including finishing Dendrite)
implement native decentralised E2EE voip/video conferencing for Matrix
fully build out our relative decentralised reputation system in order to combat abuse in Matrix.
getting Spaces out of beta
adding Threading to Element
speeding up room joins over federation
creating 'sync v3' to lazy-load all content and make the API super-snappy
lots of little long-overdue fun bits and pieces (yes, custom emoji, we're looking at you).

Amount of cryptocurrency donations:

Financial statements of company:



2022-03-28 trackers!$-RvqSCyOvxk3PAYFKpJptizTLlHUoPETydYgaunwL40?

Olvid does not have a built-in tracker but in the Android version of Olvid and only in it, what is detected as OpenTelemetry by the app analysis tools is in fact an OpenCensus library which is a dependency of the Google Drive connection library. Olvid doesn't bring up any telemetry data, but some components of the library are used for communications with Google Drive, including automatic cloud backup with Google Drive, as described here. So: Olvid cannot remove the dependency as long as Olvid provides the ability to do automatic cloud backups with Google Drive, as described here. If you do not enable automatic cloud backups with Google Drive, no lines of code from this library will be executed within Olvid. If you enable automatic backups to the cloud with Google Drive, some lines of code from this library will be used, but not for telemetry data retrieval.


A Review of Lokinet (Oxen): A Road to Nowhere?


Access to contact list

Technology preview: Private contact discovery for Signal

It details two alternatives:

The Difficulty Of Private Contact Discovery

From that overview of possible implementation alternatives, but somehow discounted encrypted bloom filters citing concerns about bandwidth costs.

However, that would have actually worked perfectly if they updated the set on demand when checking for a new contact number and/or if the database was synced P2P via WebRTC to reduce their bandwidth costs.

And also, as I think 99% of the users only have domestic contacts, sharding by region might actually work.

As such contact discovery can be pretty hard on the server side, federated servers would be great to have here as well.

Note that secure, zero-knowledge contact discovery can be an issue for any alternative system even if it used some other identifier, like an email address (or matrix ID, Friendica profile URL, etc.

Stepping back from a theoretically sound solution to one where you must trust a vendor that also happens to have a sketchy safety record is dubious at best.

EU hardening guide


Why not use Signal for mobile chat?
A look at how private messengers handle key changes
Signal vs. Telegram: Which encrypted messaging app wins?

TLS proxy censorship issue

Skred Messenger

It is a branded licensee of TwinMe messenger:

Editor TODO notes!$rjHOU7LsJ2OWHxivmgRNOUhcyJB4ZV5oZn_vwKYKEXw?

It is Tox-like in that they have video and voice calling as well as text messaging, but claim to be peer-to-peer.
Both were also completely closed-source last time I checked.



Essentially spyware
Like all social media apps, nothing on it is "real", and it's damaging your mental health
It was created to provide safer sexting for young adults and promotes predatory behavior
Like most social media, it tricks you into wanting more and it is addictive

Late to the E2E encryption party

Only snaps are E2E encrypted, not messages or group chats
And it doesn't care about your privacy (see also ToSDR:




Security Analysis of Telegram (Symmetric Part)
Telegram Messenger Review - January 19, 2021 By Heinrich Long
A look at how private messengers handle key changes
Signal vs. Telegram: Which encrypted messaging app wins?

Vulnerability analysis

THE MOST BACKDOOR-LOOKING BUG I’VE EVER SEEN: discovered and fixed in Telegram's self-rolled cryptographic protocol about seven years ago

Law enforcement

Telegram reportedly surrendered user data to authorities despite insisting '0 bytes' had ever been shared
Government pressure may have finally won out


MTProto server reimplementation



Threema: Three Strikes, You’re Out - Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?




2022-03-13 testing

A Brief Review of the qTox Peer-to-Peer Chat Program

Security properties

Tox Handshake Vulnerable to KCI (key-compromise impersonation)





FBI Document Says the Feds Can Get Your WhatsApp Data - in Real Time
A previously unreported FBI document obtained by Rolling Stone reveals that "private" messaging apps WhatsApp and iMessage are deeply vulnerable to law-enforcement searches


Yes, You Can Stop Using WhatsApp—But Don’t Make This Mistake
A look at how private messengers handle key changes



AWS welcomes Wickr to the team | Amazon Web Services



A look at how private messengers handle key changes



XMPP: Admin-in-the-middle: Server-side parties can transparently modify, log, and monitor nearly everything when communicating via XMPP
XMPP with OMEMO is similar to Matrix MEGOLM for E2EE
What are XMPP and Matrix and what makes them special?
XMPP vs. Matrix

Reasoning Why Disroot went back to XMPP in 2018:

Matrix Closure