Comparison chart Documentation 2024-06-15 Edit chart Review edits Not saved automatically! Resume editing View chart
Show all messengers Font: Use case [?]: Items: Compare messengers:
Permalink #aTalk Permalink #briar Permalink #cheogram Permalink #conversations Permalink #cwtch Permalink #delta_chat Permalink #dino Permalink #fluffychat Permalink #gajim Permalink #gnunet Permalink #imessage Permalink #jami Permalink #keet Permalink #keybase Permalink #manyverse Permalink #matrix Permalink #meshenger Permalink #molly Permalink #monal Permalink #monocles Permalink #mumble Permalink #nekogramx Permalink #nheko Permalink #olvid Permalink #onion_share Permalink #pidgin Permalink #pybitmessage Permalink #qaul Permalink #quassel Permalink #quiet Permalink #retroshare Permalink #SafeUM Permalink #schildichat Permalink #session Permalink #sideband Permalink #signal Permalink #signal_foss Permalink #signal_jw Permalink #simplex Permalink #skype Permalink #smoke Permalink #snapchat Permalink #telegram Permalink #telegram_foss Permalink #threema Permalink #tox Permalink #viber Permalink #whatsapp Permalink #wickr_me Permalink #xmpp Permalink #xx Permalink #wire Permalink #zoom
Feature aTalk Briar Cheogram Conversations cwtch Delta.Chat Dino FluffyChat Gajim GNUnet Messenger-GTK Apple iMessage Jami keet Keybase Manyverse Matrix Element Meshenger Molly Monal monocles chat Mumble NekoX Nheko Olvid OnionShare Pidgin PyBitmessage qaul Quassel quiet RetroShare SafeUM SchildiChat Session Sideband Signal Signal-FOSS Signal-JW SimpleX Chat Skype smoke Snapchat Telegram Telegram FOSS Threema Tox Viber WhatsApp Wickr XMPP Elixxir xx wire Zoom
Availability
AnalysisTextual review that can not be compared objectively through properties
#briar_review #cwtch_review #delta_chat_review #imessage_review #jami_review #matrix_review #olvid_review #session_review #signal_review #simplex_review #skype_review #snapchat_review #telegram_review #threema_review #tox_review #whatsapp_review #xmpp_review #wire_review #zoom_review
SummaryHighlight in a few words why it is interesting
XMPP video calls and GPS for Android P2P chat over LAN, BT and Tor
Conversations fork with SIPTo implement features of use to the Sopranica project
XMPP video calls for Android
Persistent messenger over Tordecentralized, privacy-preserving, multi-party messaging protocol that can be used to build metadata resistant applications
Group chat over email, user apps XMPP video calls for desktop Playful design for Matrix
XMPP chat for desktopWith LAN-mode
GNUnet Messenger service, GTKEarly alpha. Provide private and secure communication between any group of devices.
Default on Apple platforms
P2P chat, video calls and SIPDecentralized chat, voice calls, videoconferencing and SIP client
P2P chat, video calls and file sharingw
Chat, files and identity proofE2EE chat, storage, file sharing and git repositories, can connect with communities from Twitter, Reddit, and elsewhere for account verification
P2P social network on LAN/WANP2P social network over LAN or WAN with everything stored on your device, for desktop and mobile
Extensible protocol to bridge allAssume using Matrix Synapse as server, Element matrix client
P2P video calls for LANP2P Voice/Video phone App over local networks
Fork of Signal with hardening XMPP for iOS
blabber.im (Conversations) forkTo improve privacy an usability
Quality group calls with low latency
Polished Telegram FOSS forkSoft fork with proxies, options, actions, ergonomy, formerly Nekogram X
Native desktop Matrix appC++20 and Qt, to compete with mainstream proprietary messengers w
Chat over untrusted serverno centralized user directory w
Ephemeral chat on Torw w w
Multi-account, multi-protocol pluginsUniversal chat client which lets you log into accounts on multiple chat networks simultaneously. Common choice for XMMP, with LAN-mode. w
P2P chat over a blockchainDecentralized trustless P2P communication protocol w w
Internet Independent Wireless Mesh Communication App w w
IRC client and bouncerModern, cross-platform, distributed IRC client with local server backend w
P2P team chat on TorAlternative to team chats, all data syncs directly between a team's devices over Tor with no server required w
F2F social network, P2P on Torcross-platform, Friend-2-Friend and secure decentralised communication platform w
Chat and calls on AndroidSecure Multimedia Messenger
Matrix Element bubble chat forksoft fork of Element with classic look w with message bubbles, unified chat list, bigger room list items w
Onion routed Signal fork, no phoneno phone numbers, onion-like routing through "oxen network" w oxen network w Lokinet onion router w overview in FAQ w
Anonymous P2P over meshCommunicate with LXMF-compatible systems over Reticulum networks using LoRa, Packet Radio, Wi-Fi, I2P, Encrypted QR Paper Messages w w
Chat, video calls by phone number w
Libre Signal fork, no blobsSoft fork of Signal for Android with proprietary Google binary blobs removed, uses OpenStreetMap for maps and a websocket server connection w
Signal fork with more optionsSignal for Android with additional options and small customization features w
Uses relays, protects metadata, no user profile IDs (not even random)Decentralized end-to-end encrypted messenger focusing on meta-data protection and avoiding any user profile identifiers w
Chat and video calls, landlineChat, voice and video calling app with opt-in E2EE owned by Microsoft w Paid calls to landline and cellular numbers are a possible option
P2P on WAN relay or LANEcho communications through Android w Features rundown in digestible format w
Expiring chat and photosAmerican photo messaging application w
Chat, calls and blogChat, calls and in-app blogging platform with opt-in E2EE w Client is open source, server is not. E2E encryption isn't enabled by default
Libre Telegram fork, no blobsFOSS-friendly soft fork of Telegram Android w
Paid, anonymous, for home or workPaid and proprietary end-to-end encrypted instant messaging service. w
P2P random ID over DHTNameless DHT messenger w
Chat and video calls, landlineProprietary, option for paid landline and cellular calls via Viber Out w
Chat, video calls by phone numberPopular messaging app by Meta/Facebook w
Ephemeral chatCleaning oriented messenger w Centralized messenger with focus on getting rid of it's tracks, and every message is temporary, and it can't be disabled. w
Features as spec extensionsCommunication protocol that multiple clients use in this chart. w
Paid chat on blockchainMessaging app powered by the quantum-resistant and decentralized xx network w
Chat, video calls for workE2EE cross-platform chat, voice and video calls messenger with an option to register w/o phone number. Also optional paid tiers w
Freemium video calls w
ScreenshotsList URLs in the details (TODO: gallery widget)
w w w w w w w w w w w
conversation on ios 15.5 w w w w
w w
w w w
w w
Android Google Play yes w yes w no w paid w currently in testing w w yes w no yes w no no no yes w
yesw
yes w w yes w yes w w yes w no no w
nonone uploaded, but source code contains mentions
3rd party w no no yes w
only client via Tor BrowserJavaScript required
no no w yes w yes w yes w no yes w yes w yes w no yes w w no no yes w yes w no yes w yes w no yes w yes w yes w
yesw
yesw
yes w yes w yes w
Google Play version(automatically generated release and Android API version)
2024-05-16: 4.1.0 33.0MB (Android 7.0+) 2024-05-10: 1.5.11 56.4MB (Android 5.0+) 2024-06-04: 2.15.3+playstore ? (Android 6.0+) 2024-06-10: 1.46.2 56.0MB (Android 4.1+) 2024-06-03: 1.21.0 82.7MB (Android 5.0+) 2024-06-01: 20240529-01 91.9MB (Android 7.0+) 2024-05-30: 6.3.1 151.3MB (Android 5.0+) 2023-10-10: 0.2310.9-beta-googlePlay 49.4MB (Android 5.0+) 2024-04-08: 1.6.14 72.1MB (Android 5.0+) 2024-02-10: 4.2.7 8.4MB (Android 4.4+) 2024-04-04: 3.6.10 6.3MB (Android 4.0+) 2024-06-10: 2.2.1 85.2MB (Android 5.0+) 2024-05-10: 2.0.0-beta.18 33.3MB (Android 8.0+) 2024-05-08: 1.6.2-33-ge4e3abb5 4.3MB (Android 5.0+) 2024-04-10: 2.1.2 38.0MB (Android 8.0+) 2024-03-22: 1.1.0.1640 33.3MB (Android 5.0+) 2024-06-05: 1.6.16.sc78 151.9MB (Android 5.0+) 2024-05-31: 1.18.4 97.4MB (Android 6.0+) 2024-06-03: 7.8.1 61.5MB (Android 5.0+) 2024-06-05: 5.8 99.3MB (Android 8.0+) 2024-05-30: 8.120.0.207 71.0MB (Android 8.0+) 2024-06-10: 12.90.0.46 146.9MB (Android 5.0+) 2024-06-07: 10.13.4 132.4MB (Android 6.0+) 2024-05-06: 5.3.1 ? (Android 5.0+) 2022-02-23: 0.7.3 14.4MB (Android 4.4+) 2024-05-31: 22.8.0.0 173.2MB (Android 5.0+) 2024-06-12: 2.24.13.5 54.8MB (Android 5.0+) 2023-02-03: 6.2.7 43.2MB (Android 8.0+) 2022-08-26: 2.92 48.5MB (Android 8.0+) 2024-05-31: 4.7.1(9803154)-prod 118.5MB (Android 8.0+) 2024-06-04: 6.0.12.22225 184.6MB (Android 6.0+)
Android F-droid/apkyes=f-droid.org, partial=apk or separate repository
yes w yes w w w yes w yes w apk w w F-droid w apk w no yes w no no no yes w no no yes w w yes w yes w partial w no w yes w w 3rd party w yes w no
no wdiscussing it
only client via Tor BrowserJavaScript required
no
2018w w beta, requires server
apk w yes w
no w wsupport is on the way
not anymoreold package removed, libretroshare for android is still maintained w
yes w w yes w w w apk w
apk wavoids f-droid w
repo w apk w apk w yes w w w no yes w no no yes w
Regular F-Droid and own F-Droid repository w apk wThreema Libre version in regular F-Droid w and own F-Droid repository without Google services w
yes w w no w
partial wsee "Package installer"
noNeither can an apk be dowloaded from their site, as they link directly to Google Play
apk yes, F-droid no.the apk is a bit hard to find on the website. look for "android source code" section, there it is.
yes w
F-droid version(automatically generated release and Android API version)
2024-05-17: 4.1.0 64MiB (Android 7.0+) 2024-05-17: 1.5.11 56MiB (Android 5.0+) 2024-05-30: 2.15.3-1+free 27MiB (Android 6.0+) 2024-06-09: 2.16.4+free 26MiB (Android 6.0+) 2024-03-16: 1.44.0 28MiB (Android 4.1+) 2024-06-05: 1.21.0 84MiB (Android 5.0+) 2024-06-02: 20240529-01 91MiB (Android 7.0+) 2023-02-06: 0.2302.2-beta-fdroid 45MiB (Android 5.0+) 2024-05-03: 1.6.14 74MiB (Android 5.0+) 2024-05-09: 4.2.8 19MiB (Android 4.4+) 2024-05-09: 1.7.9.6 45MiB (Android 6.0+) 2024-04-09: 3.6.10 8.6MiB (Android 4.0+) 2023-10-04: 9.3.3 74MiB (Android 4.4+) 2022-03-14: 1.6.2 4.6MiB (Android 5.0+) 2024-06-09: 1.6.16.sc78 76MiB (Android 5.0+) 2024-06-05: 1.18.4 107MiB (Android 6.0+) 2024-06-09: 5.8 61MiB (Android 8.0+) 2024-01-07: 2024.01.05 3.9MiB (Android 7.1+) 2024-05-22: 10.12.0 78MiB (Android 4.4+) 2024-05-17: 5.3.1l 109MiB (Android 5.0+) 2024-05-17: 1.0.231 59MiB (Android 5.0+) 2022-09-02: 3.82.38 35MiB (Android 7.0+)
Other mobileAlternative phones like KaiStore, Blackberry, OpenStore, PureOS, Microsoft Store
no no w no KaiOS unsupported w no no no w no w no no
Other AndroidAlternative app stores like Amazon Appstore, Huawei App Gallery, Samsung Galaxy Store, Opera Mobile Store, Aptoide, GetJar, Uptodown, Applivery
yes w w w no yes w not yet w partial w w IzzySoft w yes Huawei w
Apple iOS no no w w no no not yet available w w yes w no yes w no no yes yes w
yesw
yes w yes w w no w no
yesw w
no unmaintained since 2017 w no no
only client via Tor BrowserJavaScript required
no no w TestFlight w yes w not yet w partial w w no yes w no
yes wiPad as a secondary device w
no no yes w yes w yes w yes w no yes no w yes w
yesw
yesw
yes w yes w w w
Desktop no
Linux, Windows, macOSShould be now full featured w w w w w w
no no Linux, Windows, MacOS w w
macOS, Windows, LinuxMac App Store, dmg, Homebrew, Microsoft store, exe, flathub, deb, rpm, AppImage, tar.gz, AUR, Nix w
Linux, FreeBSD wunsupported macOS Homebrew w "official unofficial" Windows client: w w help and bugreports: w
yes w w Windows, MacOS, Linux, FreeBSD Ports w Flatpak w or source w w
Included in MacOSNot downloadable or available on other platforms
yes w w macOS Linux Windows w macOS w Windows w Linux w yes w w w no no
macOS, breww w
no Linux, Windows, MacOS w w w no yes w
server and clientLinux, Windows, MacOS w w
FreeBSD/Linux/macOS/Win w
2018 OS X, Windows w Linux wAppImage in the future w
yes w yes w Linux, Mac, Windows w Windows, MacOS, Linux, FreeBSD Ports w yes w Linux and Windows w Linux, Windows and macOS w as secondary device w w w no no
Terminal CLI w w Desktop wDesktop 5.3 alpha, chat and attachments only, group-joins, no voice or video calls.
yes w no yes w no only if mobile online
Linux, FreeBSD, Windows, MacOSw w w w qTox w archived since 2023-02-12 and unmaintained
only a remote/syncNo full or partial desktop client, app is phone centric
yesw
Linux, MacOS, Windowsw
no w yes w w
Web no
noOnly app, no web client
no no no no w no yes w no no no no w no
some account functionality and encrypting/decrypting messagesAccount changes can be locked to be only possible through client apps w
yes w no no no w yes w no no
only client via Tor BrowserJavaScript required
no
no wdefunct w
no w w no partial w w yes w no no no no no no yes w coming soon to web w yes w no only if mobile online no w no
yesweb.whatsapp.com
no no w
LanguagesThe higher the amount of people reachable the better. No=1 language, partial=2-3, yes=many global ones
7 w many w 34 w 54 (21 full) w 14 w 14-48 w w w
39 w29 full, 4 medium, 6 some
12+ w
37 w4 full, 4 medium, 29 some
English many w w English only many w w 7 w 70+ w
10English Basque Chinese French German Italian Polish Spanish Turkish Ukranian w
31 w 46 w 24 w many w 105 w 13 w many w many w 100+ w w w 100+ w 100+ w
12-14English Chinese Czech Dutch French German Italian Japanese Polish Portuguese Russian Spanish w
many w many w many w many w 16 w yes 1 w
Protocol Jabber/XMPP Bramble (aka BTP) Jabber/XMPP Jabber/XMPP w SMTP and IMAP with AutoCrypt w Jabber/XMPP Matrix Jabber/XMPP GNUnet w iMessage SIP, OpenDHT w Keet, Pear w w SaltPack, NaCl + MessagePack w Matrix WebRTC w Signal Protocol w
Jabber/XMPPw w
Jabber/XMPP Mumble w MTProto w Matrix
unnamedBuilt on top of Tor
Jabber/XMPP, multipleBonjour, Gadu-Gadu, IRC, Novell GroupWise Messenger, Lotus Sametime, SILC, SIMPLE, Zephyr + extendable via plugins w
BitMessage w Noise Protocol w w IRC
libp2p/IPFSw w w
Matrix Session protocol, fork of Signal protocol w
Reticuluminfrastructure-less w w
Signal Protocol w Signal Protocol w Signal Protocol w SMP, Signal Protocol w proprietary w Echo w MTProto w MTProto w Tox protocol w
homebrewViber's security protocol was based on the "double ratchet" protocol found in Open Whisper Systems Signal application, with our own proprietary implementation and additions. Our entire security overview is available here. w
signal protocol w Wickr Secure Messaging Protocol (Home browed) XMPP
blockchain and mixnetxx blockchain coin based on Praxxis with xx cMix mixnet privacy layer
Protocol openyes=can be implemented based on published detailed specification, no=no source published, partial=needs reverse engineering based on rough specs or source code
yes BTP - a transport layer security protocol for delay-tolerant networks w yes yes yes w w yes w yes yes w yes yes w w no yes w partial yes w yes w undocumented yes w yes yes yes w w yes w yes w
not documentedNeed to reverse engineer from source code
some yes yes w yes w yes w yes w
prose, sourceout of date in prose w w need to reverse engineer from source
yes w w yes w yes w yes w yes w w w no no yes w yes w ARP open w others in prose w yes w w no open protocol, no way to verify because closed service platform no yes w
Server license MIT w various (any SMTP and IMAP server) Proprietary Nameservice GPL-3.0-only w OpenDHT GPL-3.0-or-later w proprietary Apache-2.0 w N/A
AGPL-3.0-only wmissing sources for CDN0 S3/CDN2 GCS and abuse control w
BSD-3-Clause w w proprietary proprietary GPL-3.0-only w AGPL-3.0-only w proprietary GPL-3.0-only w MIT w
AGPL-3.0-only wmissing sources for CDN0 S3/CDN2 GCS and abuse control w
AGPL-3.0-only wmissing sources for CDN0 S3/CDN2 GCS and abuse control w
AGPL-3.0-only wmissing sources for CDN0 S3/CDN2 GCS and abuse control w
AGPL-3.0-only w proprietary proprietary w proprietary proprietary proprietary: Chat, Directory, Media
AGPL-3.0 w wCC-BY-SA-4.0 for website w
proprietary proprietary proprietary various proprietary proprietary
Client license Apache-2.0 w GPL-3.0-or-later w Desktop AGPL-3.0 w GPL-3.0-only w GPL-3.0-only w MIT w GPL-3.0-or-later w GPL-3.0-or-later w w AGPL-3.0-only w GPL-3.0-only w AGPL-3.0-only w Proprietary GPL-3.0-or-later
Apache 2.0most of the code used by keet can be found at w
BSD-3-Clause w Apache-2.0 w GPL-3.0-only w GPL-3.0-only w 2BSD w GPL-3.0-only w BSD-3-Clause w w GPL-3.0-only w GPL-3.0-only w AGPL-3.0 w w GPL-3.0-only w GPL-2.0-only w MIT w AGPL-3.0-only w GPL-3.0-only w w GPL-3.0-only w w proprietary Apache-2.0 w w GPL-3.0-only w CC-BY-NC-SA w Android GPL-3.0-only w iOS GPL-3.0-only w Desktop AGPL-3.0-only w GPL-3.0-only w GPL-3.0-only w AGPL-3.0-only w proprietary proprietary w GPL-2.0-only w TelegramSwift GPL-2.0-only w Desktop GPL-3.0-only w GPL-2.0-only w AGPL-3.0-only but paid GPL-3.0-only w proprietary proprietary proprietary various BSD-2-Clause w w proprietary
Register without app yes No registration necessary. yes yes No registration necessary. supports existing mailbox provider accounts w yes yes yes no
Attached to Apple IDIf you have an Apple ID you already have an iMessage and just have to enable iMessage with that account on whatever apple device you are on. You can also have a phone sim with a phone number, in which case iOS will automatically register you for iMessage with that number upon boot.
no Web yes no no yes yes no yes
clients connect via Tor BrowserJavaScript required, accounts are per group, not per user, but the server does need an app to create each group account w
yes no yes no yes no
noas a workaround, through the unofficial mautrix-signal matrix bridge with a custom HS
noas a workaround, through the unofficial mautrix-signal matrix bridge with a custom HS
noas a workaround, through the unofficial mautrix-signal matrix bridge with a custom HS
No registration necessary. no no no no no w no no no
User features
Spell checkGrammar correction, languages
noNo spell check
not yet w no w w Included in all the platforms that iMessage supports yes yes yes yes
Repliesno=cite-only, partial=jump to message by ID, yes=thread sidebar by conversation ID
nomissing XEP-0461 w
yes w
nomissing XEP-0461 w
nomissing XEP-0461 w
cite w replies w w w
repliesXEP-0461 w
replies w
repliesXEP-0461 w
no replies w w cite w w w
noPlanned
no w w yes w w
citemissing XEP-0461 w w
nomissing XEP-0461 w
yes w w
nomissing XEP-0461 w
nomissing IRCv3 +draft/reply w
yes w replies w yes w
Group chatWhether they are persistent between restarts, chat log, file transfer, inline images, offline messaging
yesw OMEMO encryption in group chat session enhancing privacy and security
yes w yes yes experimental w group chats w
yesw membership change is unicast
yes w yes yes yes w yes no w yes yes w w yes no w yes w yes w yes ephemeral, no logs w small images w yes yes yes w yes yes w w yes w yes One community/team only w yes closed groups (private) e2ee, open groups (public) not e2ee w yes w yes w yes w yes w yes yes w yes yes implemented with unicast w invite-only w yes w
up to 256 members (higher with exploits)w
yes
Voice calls
yesw
no w yes yes w not yet w w via embedding jitsi, talky.io, appear.in w WebRTC w no w
Provided through facetime integrationencrypted w
partial wHave tested Jami for about a year, and calls are not working reliably, if at all.
yes
nonot natively w w w
WebRTC w yes w yes w yes w w yes yes w yes no w no w no w no WebRTC w beta test, p2p, ip exposed w yes w yes w yes w
yes wterminal app via WebRTC in browser
yes yes w yes yes yes w yes w yes yes
Video calls
yesw
no w yes yes w not yet w w via embedding jitsi, talky.io, appear.in w yes w WebRTC w no w
Provided through facetime integrationencrypted w
partial wJust like with calls, Jami isn't intercepting video-calls reliably
yes
Jitsi Bot w Zoom Bot w Google Meet Botnot natively w w w
WebRTC w yes w yes w no w yes no w yes no w no w no w no WebRTC w beta test, p2p, ip exposed w yes w yes w yes w
yes wterminal app via WebRTC in browser
yes yes w yes yes yes w yes w yes yes
Group callsAudio, video
no no w no no not yet w w via embedding jitsi, talky.io, appear.in w yes w via Jitsi w no yes by forwarding by the initiator w w yes Jitsi Bot w Zoom Bot w Google Meet Bot via Jitsi w no yes w w yes w yes no w no w no via Jitsi w no yes w w yes w yes w no yes yes w yes yes on Android w and iOS w yes yes
Voice messagesIdeally push to talk, may be useful where voice call is not supported. Also voice notes
no no w yes yes w yes yes w yes
only in mobile clientOr even only Android? seems like no? w
yes w no yes yes w yes yes w yes yes yes
yesw w
voice notes, limited to certain length
yesw
yesw
yes yes
Screen sharing no no w
requires iOS or iPados 15.1 or laterw
yes yes w no yes w
yesw there is also a way to do it using obs, but citation needed.
yes w no
yesw there is also a way to do it using obs, but citation needed.
yesw there is also a way to do it using obs, but citation needed.
Audio filteringNoise cancellation, gain control, voice activity detection
no w
no controlsAppears to filter audio by default, no apparent controls over this
no aggressively detect and cancel the background noise
File transferRetry, pause, resume
yesw w
no w yes
yesXEP-0363 w
experimental w small files w yes w
yesXEP-0234 XEP-0261 XEP-0363 w
yes w yes
yesadditionally E2EE storage and shares w
yes no
yesw also screenshots w compression w
yes only inline images w w w
yesnote it does compress images and video by default w
yesXEP-0363 w w
up to 220kB w
partial wRight now basic attachement
yes w no
yesnote it does compress images and video by default w
yesnote it does compress images and video by default w
yes w yes yes
Message formattingFont size, bold, italic, underline, strike-through, list, blockquote, code, pre, colors, clickable link, table, subscript, superscript, line break, horizontal rule
no yes
experimental w wVia toolbar or direct markdown - bold, italic, code, superscript, subscript, strike through
sends text w renders HTML w w w w yes XEP-0393 w no yes CommonMark-flavored markdown w w no
partial wmarkdown probably later w
basic w w yes yes w w no w no w
partial wmarkdown probably later w
partial wmarkdown probably later w
partial wmarkdown probably later w
markdown w
partial w wbasic
partial w wbasic
no
Emoticons in messageDeprecated, please refine with below properties! Compose, show
yes yes yes yes yes yes yes yes yes yes yes no yes yes yes no w yes yes yes yes yes yes yes yes yes yes yes yes yes
Unicode supportyes=can both send & receive text containing any valid Unicode code point, usually via utf8mb4, partial=does not support 4-byte+ UTF-8, certain characters or combiners
yes yes no yes
Emoji composeryes=rich dialog with search, partial=replaces a few emotes or aliases with Unicode before sending
no partial w yes
Built into keyboardAll platforms that iMessage support after around iOS 6 support some way to open an emote keyboard from a keyboard button/shortcut. After iOS 14 you can search through the emote keyboard. Somewhere around this same time Apple implemented emote suggestions in the keyboard suggested text buttons.
yes yes yes no no
yesemote button and use : and start typing to put emotes quickly
yes yes
yesemote button and use : and start typing to put emotes quickly
yesemote button and use : and start typing to put emotes quickly
yes w yes
Emoji receptionyes=color Unicode display of all, mention in details if animated, partial=monochromatic, only a subset or replaces received emoticons with pictures
yes bundled or platform w yes
yesYes, assuming device is up to date as emotes are rendered through the operating system
yes yes yes no yes
Sticker packsWhether they are animated
no
with EweStickers from F-Droidw
yes
Built inIncludes some by default, install more and iMessage extensions through the app store
mostly through vendor w w w no yes w yes w yes yes w yes w yes w via 3rd party keyboards animated sticker packs available
yesw
yesw
yes yes w
Link previewUnfurling: who downloads the page, the sender, recipient or the server of one or the other
yesw Share of social media links are tagged with thumbnail and title
no no
nocan be simulated by a bot in group chat w
no Downloads sender side before message is sent to Apple yes
yesthe server of the recipient generates it optionally, disabled by default in E2EE rooms w w
no
yesclient side by sender, can be disabled in settings w
recipient client w yes w yes w no no no
yesclient side by sender, can be disabled in settings w
yesclient side by sender, can be disabled in settings w
yesclient side by sender, can be disabled in settings w
yesUser setting to generate link preview upon sending.
small embed for link, tapping opens in app browser previewprimarily used for ads
yes w yes w yes
Inline imagesSupported image formats: png, jpeg, gif, webp, avif
yes w w yes
attachments separatelycould be implemented within HTML messages w
yes yes yes yes yes no yes w small ones w yes yes yes yes
yes wmobile
yes yes yes yes w yes
Inline videosSupported video formats: mp4, webm, av1
yes w
attachments separatelycould be implemented within HTML messages w
yes yes yes yes no yes yes no w yes w yes yes yes w yes
PollsMultiple choice voting
no no no
via webxdcw w
no Potentially available through iMessage extension no yes no no yes w no no yes
yesw
yesw
yes w
Reactionsyes=Various emoji, partial=only upvoting
nomissing XEP-0444 w
no
nomissing XEP-0444 w
no w no yes w yes w yes
yesw XEP-0444 w w
Few reaction options yes yes
all common Unicode emojino custom images, custom text in certain clients
no yes w no w
nomissing XEP-0444 w
yes w yes
nomissing XEP-0444 w
no w no w
yescustom text natively supported
yes w yes w yes w yes w
yesw
yes w yes w yes
Read public content without registeringProvides free tasting to look around before committing to install anything or having to remember another pair of credentials
partialonline public mailing list archives
guest participant, room peek preview, static HTML view w w no Must have an apple device to use no no guest participant, room peek preview, static HTML view w w no no no w guest participant, room peek preview, static HTML view w w 5 official rooms are bridged w
Install required to accept an open inviteEven if a room has an persistent and public group link (the closest thing to being public), a user needs to install a client and join the room before being able to read messages.
no no no no no w
Multiple devicesIf the same account can be used at the same time from multiple devices, syncing contacts, messages and notifications.
yes no w yes yes
not yet w wThere's a way to run the same profile on different devices (desktop and mobile) but it requires transfer of the profile through ADB (which by some, may be considered insecure) and only the device which initiated communication receives messages from other party.
yes w yes yes yes "It is still difficult to get reliable chats between different devices." w
Sync through icloudYou can sync messages through iCloud e2ee, however contacts etc. are not e2ee when synced, and the encryption key is included in iCloud backups (not e2ee) of the device if enabled w
yes w yes yes yes no Any Android device as linked device w yes yes yes just paste the private key on each w yes no yes no w yes still not functioning properly Only Desktop as secondary device no no Using mobile profiles from desktop yes
requires log out and log in, but chat stays in cloud accessable on both devicesw
yes yes as group chat w
Online account replicayes=everything available in the cloud from any device, partial=not all of credentials, profile, settings, contacts or conversations
no w partial
IMAP + manual backupthe account needs to be exported/imported periodically w
yes
iCloud backup requiredRequires iCloud backup of device which is not e2ee w
yes yes yes local backup w yes contacts w no messages w is web based
Multiple accountsIf you can stay logged in with multiple accounts on the same device and application without external isolation techniques
yesw
no w yes yes yes yes w w yes w only the first logged in account will receive push notifications yes yes w no planned yes Web tabs, Desktop profiles
noIP/MAC is your identifier
no yes Unlimited
yes wcommand line flag --profile
partialcould connect via multiple Tor browser instances
yes no yes no no no no no yes w no no 3 3 no
Application lockingUnlock the account or certain chats with a PIN code, passphrase, fingerprints or facial likeness
no Android's screen lock w no
passphrase on app startno other type of locking at the moment
Android - custom 4 digit PIN no no Android w iOS w password on start-up w Passphrase & Biometric w no Android - custom 4 digit PIN + system fingerprint w Android w Android's screen lock w Android's screen lock w Android's screen lock or passphare w
yes w wNative mobile platform lock + app passcode
Android - custom 4 digit PIN + system fingerprint w Android - custom 4 digit PIN + system fingerprint w Android's System Screen Lock, PIN or Biometric w also on desktop, individual chats too w
Remote message removalAlso called redaction, retraction or deletion
last messageby editing last message XEP-0308 w as XEP-424 and XEP-425 missing
no
by moderatoronly by moderator XEP-0425 w or by editing last message XEP-0308 w w
only show last message editsview-only XEP-0308 w XEP-0424 XEP-0425 missing w w
no no w
last messageonly by editing last message, XEP-0424 and XEP-0425 missing w
by moderatorXEP-0425 w w or by editing last message via XEP-0308 w
no yes yes by redaction events w no within 3 hours w
both by self and moderatorXEP-0424 XEP-0425 w w
last messageonly by editing last message via XEP-0308 as XEP-0424 and XEP-0425 missing w
partial w
nomissing XEP-0308, XEP-0424, XEP-0425 w
no no w no within 3 hours w within 3 hours w can be disabled w
yesmobile, in console there's whole history visible e.g. 21:37 a11> ff 21:37 a11> [deleted] ff
no partial w partial w no w yes
Remote message correctionAlso called editing
last messageXEP-0308 w
no
last messageXEP-0308 w w
only show last message editsview-only XEP-0308 w XEP-0424 missing w
no no w
last messageXEP-0308 w
last messageXEP-0308 w
no yes yes yes no within 24 hours w w w
edit last, retract earlierXEP-0308 XEP-0424 w w w
last messageXEP-0308 w
nomissing XEP-0308, XEP-0424, XEP-0425 w
no no within 24 hours w w w within 24 hours w w w within 24 hours w w w yes w no only with secret chats (e2ee) disabled no w no
Message expirationAlso called retention time, disappearing/ephemeral/self-destructing messages
XEP-0466 missing w Only setting of 7 days possible in private messages w no XEP-0466 missing w yes w XEP-0466 missing w no XEP-0466 missing w
Only on voice messages*Message expiration only occurs on voice messages and it is set to either 2 minutes or never by the receiving party, and there is a keep message button (that notifies the sending party "_ kept a voice message")
no no yes w
per room, no GUI, not defaultonly through slash-commands in Element, need to enable on each Synapse home server and depending on configuration in each room as well w
no yes w no
1:1 secret chats and some media, only on mobileOnly for 1:1 secret chats (not default) on mobile and media in private cloud chats w
no no
up to 28 daysw messages are only moved to the trash by default w
no no
up to 7 days client side, server mirrors for 14 daysdisappearing messages (local) 5 sec - 1 week options, server keeps all messages for 14 days w
yes w yes w yes w yes w w no retained indefinitely on their servers
1:1 secret chats and some media, only on mobileOnly for 1:1 secret chats (not default) on mobile and media in private cloud chats w
1:1 secret chats and some media, only on mobileOnly for 1:1 secret chats (not default) on mobile and media in private cloud chats w
no w yes w yes
Presence statusWhether it is supported. This can actually be a privacy breach for tinfoil
yesXEP-0319 w
for groups only contacts w yes yes
1/1 chats show when contact offlineFor 1/1 chats it's not possible to send message when contact offline, when online text input is available. No indication in group chat about members status. w
simulated last message + 10mw w w w
XEP-0319 w no no no with performance issues w yes w no w
yesXEP-0319 w
yes
yes w- Shows online status of the people you are talking to. - You can define a custom status message to tell others what you are currently up to. - The status message appears next to the usernames in the timeline. - Your server needs to have presence enabled for this to work.
yesXEP-256 w w w
yesStandard IRC protocol status
HS capability no w no w no w yes yes yes yes
Presence not mandatoryIf has presence broadcasting, can it be hidden when online
no
yes w wAppear Offline Mode since 1.13 needs update in main doc
receipt part optional w yes no
partialsome optional in Syphon w w Element Android can disable it - w
no w yes yes w yes
yesStandard IRC protocol status
partialAndroid can disable it - w
yes w yes w yes w
Typing indicationWhether sending and showing is supported. Mention in the explanation whether it can be disabled and its default state
no can be disabled w no no
yes wtoggle on/off both globally and per conversation
cannot be disabled w Can't be disabled no can be disabled yes no
yesshowing and sending can be switched off together w
can be disabled w cannot be disabled w can be disabled no can be disabled
does not work on desktopshown and sent by default but can be switched off w
yesshowing and sending can be switched off together w
yesshowing and sending can be switched off together w
yesshowing and sending can be switched off together w
"live" messages w yes cannot be disabled w cannot be disabled w yes
Read receiptsWhether sending and showing is supported
yes only delivery receipt w yes w
yesXEP-0333 w
only delivery receipt yes w w yes w yes
yesXEP-0184 XEP-0333 w
yes no no yes no yes w
partialw w not for MUC w
yes w w yes w yes
yesXEP-0184 w w
yes w no yes yes w yes w yes w delivery receipts only w w yes w yes yes w yes w yes
Receipts not mandatoryyes=they can be disabled, note default value
yesNot mandatory
yes w yes w
yes wtoggle on/off both globally and per conversation
no yes no no w yes yes w yes w no can be hidden on client only can be hidden on client only yes w yes w yes w yes w w yes w no w no no
all or nothingYou have to disable read receipts completely and then you wont be able to see other's receipts. Also they are always sent in group chats. w
Themesno=1, partial=2, yes=more - Appearance, dark scheme, night mode, OLED, prefers contrast, reduced motion, color blind, custom base color, large fonts, visual style presets, automatic switching
partial wlight/dark
partial w
built-in + customw + w
manydark/light on Android/iOS w w dark, AMOLED, dark purple, rocket, light and minimal on desktop w
partialdark/light with accent color
Light and dark mode with system no
yesseveral themes, message bubbles, irc style etc
partiallight/dark
yes wlight/dark theme with customizable bubble colors
yes w w wlight, dark, AMOLED, theme colors
yesfull customization + Built-in Material Design themes / Telegram X style icons w w
partial wlight/dark
yes w w wlight, dark, AMOLED, accent color, message bubbles
yes wlight/dark theme with customizable bubble colors
yes wlight/dark theme with customizable bubble colors
yes wlight/dark theme with customizable bubble colors
yes w
partial wlight/dark
yes wfull customization
yes wfull customization
Qualities
Landing pageIntroductory website maintained by vendor, may use SaaS subdomain
dynamic DNS w SaaS w yes w yes w yes w clearnet w Tor w yes w yes w yes w yes w yes w yes w yes w yes w yes w w yes w yes w partial w yes w yes w yes w yes w partial w yes w yes w
ManualKnowledge base maintained by the vendor, user manual, tutorial, extensive FAQ, URL
yes w yes w w no partial w yes w w yes w partial w partial w yes w yes w w yes w yes w yes w yes w yes w w w w partial w w no yes w yes w w w yes w no no yes w w
Vendor can't curate contentno=vendor can influence who can access which content, remove spam and vandalism
yes yes only mailbox provider w w Vendor doesn't provide a homeserver only in rooms the vendor admins yes self-hosting yes fully self-hosted yes
Spam protectionIf it gained worldwide adoption
noXEP-425 missing w
partialXEP-0425 w
partialwith XEP-0191 w but XEP-0425 missing w
partial wCould result in an increase in network bandwidth which may be intolerable or undesired for many people - especially those on metered connections
standard email filters, hides non-contact w w no
partialXEP-0158 XEP-0377 XEP-0425 w w
no some moderation tools but more coming blocking and reporting w
partialprovided through third-party tools, such as Mjolnir: w
ignore unsaved w w
partialXEP-0425 w
partialXEP-0377 w
Groups are invite-onlyThe server could implement filtering in the future
no proof of work w proof of work,unlimited account ids can be generated almost instantly
limiting messaging non-contactsw
invite code w
spam checker, limit invitesselect who can add you to group chats w
Account deactivation after device compromiseSolvable with centralized or federated servers or with revocation certificates in P2P.
no yes yes no
partialprobably manually by a revocation certificate and with the help of the mailbox provider
yes yes yes
varioussupport aided w recovery contacts w email, phone number and 2FA recovery keys w
yes w device revocation w with second device or Web or Desktop no Only for secondary devices yes Only for secondary devices yes Private key distributed yes yes no yes account ids are random generated 2^128 keys Only for secondary devices Only for secondary devices Only for secondary devices No user accounts Only for secondary devices Only for secondary devices yes w
Account recovery after device compromiseSolvable with centralized or federated servers or with subkeys, revocation and secret sharing in P2P.
no w yes no
partialprobably manually by revocation, mailbox provider help, generating new keys and verifying all contacts again
yes
varioussupport aided w recovery contacts w email, phone number and 2FA recovery keys w
no w second device or paper key w with second device or Web or Desktop no yes Private key distributed partial w yes accound ids can be recovered with seed phrase, 12 words + 1 check word only after phone number is reclaimed w no
CPU idleno=Proof of work, partial=sluggish due to idling too little in foreground or measurable amount of processing in background, yes=otherwise
yes yes uses Tor browser proof of work w Uses proof of work to combat spam yes
Power savingEnsure that device wakes up as few times as possible, filters and batches events on remote side, no open sockets, delegated peer tracking
IMAP IDLE keeps a socket open
partial offload by OpenDHT proxy wbackground transfers deplete the battery faster noticeably
yes
yesPolling without FCM w w TODO: research
yes w uses Tor browser
Constantly transfers in the backgroundopen groups use polling w
yesPolling without FCM w w TODO: research
yesPolling without FCM w w TODO: research
yesPolling without FCM w w TODO: research
Push relay & native pushFetches encrypted content from its own server in response to a push, group chat via unicast w Formerly polling without FCM w Recently own push servers w w
Bandwidth frugalConservation by lazy loading, previews, adaptive detail, incremental sync, fewer round trips, tokenization, batching transfers to improve compression, tweaked key schedule, multicasting hubs
no
group messages are unicastshould use selective IMAP fetches and compression
transfers constantly in the backgroundaccording to testing by editors
uses more as p2p partial w uses Tor browser
nomulticast as unicast w constant peer exchange and buffering for everyone
Constantly transfers a lot in the background36MB/hour in our Desktop test in 2022, open groups use polling w
unicast groups, auto-download, call bitrategroups are unicast w options for auto-download and call bitrate reduction w
Very aggressive message padding, group chats are unicastSee w
Push relay & native push, group chat via unicastFetches encrypted content from its own server in response to a push, optimized binary chat protocol w
Disallow screenshotspartial=Only for yourself, yes=Ask peers to not take screenshots of message or conversation. Also called screen security
Android wThis does not provide any real world usage, especially for the tinfoil persona. Any conversation partner can use screen-share capabilities to capture and record messages without alerting their chat partner.
no only for yourself w w no no only for yourself on Android w w no no no only for yourself on Android w w only for yourself w only for yourself w only for yourself w only for yourself, Android w
LogoAvatar, prefer FOSS, externally hosted, Wikimedia URL
yes w yes w w yes w yes w w yes w yes w w yes w w yes w yes w w yes w w yes w yes w w w yes w w w yes w yes w w w yes w yes w yes w w yes w w yes w w w partial w yes w yes w w
Security
Threat modelyes=maintainers have made the #threat_model accessible and/or obvious
no yes w yes w w yes w yes w yes w w yes w no yes w yes w
End-to-end encryptionThis is more important for closed or non-self hosted servers
yes wEnd-to-End encryption with OMEMO or OTR
yes w
XEP-0384 OMEMO walso OpenPGP
XEP-0384 OMEMO walso OpenPGP
Profiles are stored locally on disk and encrypted w yes w
XEP-0384 OMEMO walso OpenPGP
yes w
XEP-0384 OMEMO plugin wXEP-0454 also XEP-0373 OpenPGP plugin w
yesw w w
yes w w yes w yes w yes w yes w
yesXEP-0384 XEP-0454 w w
XEP-0384 OMEMO ww also OpenPGP
no w Only for 1:1 secret chats (not default) w yes w
Tor hidden service hubMITM possible, separate encrypted Tor channels between the server and clients w
some protocolsXEP-0384 w w
yes w no yes w yes w yes in private conversations and closed groups, no in open groups w yes w yes w yes w 2 layers w w w Only for "Private converstations" (not default) w w
no, but delivery is encryptedSnaps are encrypted in transit and until viewed by recipient, not E2EE
Only for 1:1 secret chats (not default) on mobile w Only for 1:1 secret chats (not default) w yes w yes w default w
yesw
E2EE keys shielded from operatorRegardless of this, certain OS vendors might also have access to your keys
yes w
Key included in iCloud backup of deviceThe backups are not client-side encrypted. When you disable backup a new key is generated so Apple doesn't have access to your past messages any more w
yes w w yes w yes 2^128 generated locally w yes w w yes w yes w
DeniabilityDeny sending a message, repudiability
yes wvia BTP and Tor, conversation participants who have deleted the given time-based key for their conversation, can achieve deniability, but not unobservability or unlinkability unless the participants both use Tor w
now DKIM and received mail headers reduce feasibility
partialTODO: couldn't the server correlate messages of a client?
no
optional wis present in OTR but not in Signal if need to authenticate to the server w w
yes w no public-key authenticators w
Replay preventionOf third party buffering nodes
yesBTP achieves forward secrecy by periodically rotating and deleting the temporary keys. This prevents replay attacks, in theory, but only in rotation mode, which provides Forward Secrecy. w
noDKIM could already provide all needed information
noTrivial to repeat a message as it's anonymous with chosen display name
yes w nonce accumulation w
Downgrade resistanceMitigation against downgrade attacks
noshould warn when encryption disabled w force E2EE w
yes yes w
Contact list confidentialIf the client never sends over its contact list to the server
yes w
Contacts are stored on the server.Self hosting of ones own server is easy and recommended.
not published, but leaks through mail headers w Decentralized, no server.
not published, but leaksleaks through OpenDHT proxy, Jami name server and ICE w w
no yes w
partialthe whole contact list in your phone is sent over to a server protected by SGX enclaves w w w
yesTODO: Are we sure a server running multiple rooms or clients connecting to multiple rooms aren't able to correlate their peers?
yes w partial
partialthe whole contact list in your phone is sent over to a server protected by SGX enclaves w w w w
partialthe whole contact list in your phone is sent over to a server protected by SGX enclaves w w w
partialthe whole contact list in your phone is sent over to a server protected by SGX enclaves w w w
yes w
noserver likely has a copy at all times and keeps older versions
stored on device, optional address book import w yes w
Metadata protection
yesvia onion routing
yes w
encrypts certain email headersrecipients and time in the clear w
no
partial wServers know team names, users and roles but not contents of chats. Servers know which KBFS folders are shared with whom, but not private contents w
no no sealed sender traffic analysis w w groups v2 downgrade w w no partial w partial sealed sender traffic analysis w w groups v2 downgrade w w yes w no yes w no
Perfect forward secrecy no
yes w wFrom Briar room by akwizgran - BTP, a part of the framework of Briar that provides Forward Secrecy, does so by rotating the symmetric encryption and authentication keys periodically.
1-1 yes w groups no w no w yes w
on ephemeral exploding messages wnot for other messages w
1-on-1 yes, groups partialyes for 1-on-1 conversations. partial for group conversations w
yes w manually w yes w was explicitly removed from Session protocol w yes w yes w yes w yes w for single chats on Android w and calls w yes w yes
Security teamyes=regularly scanning for vulnerabilities proactively, found bugs inspected for security implications, partial=reported vulnerabilities promptly fixed and released
no
partialWhile there is no dedicated security team, code reviews are in place as well as any reported vulnarabilities will be fixed ASAP.
yes w yes included as part of the system bugs not categorized based on security impact w partial
partialw bad opsec in 2019 w
partialno security response strategy, no fixes tagged with security w
partial w
lacking security tagging wblog contained advisories between 2004-2017 w
Large bug bounty no
yesw
third-party w no yes w no w
Reproducible builds yes w partial w w w Not FOSS no w no no w w no w yes w no w Android w
yes wFOSS does not merge into master, linking latest build as of entry added to the chart
yes w yes w iOS, Android w Android w bootstrap daemon w
Audits 2017 w 2019 w 2020 w 2023 w 2023 w no 2018 w crypto library in 2016 w no no 2020 w no w no w
one completed, covered only session protocolnetwork and servers have not been audited w
multiple w 2022-11-03 by Trail of Bits w w 2023, 2020, 2019 w no
Usage without phone number yes yes yes yes yes depending on mailbox provider yes yes yes yes Requires email attached to Apple ID to be public instead yes yes yes yes yes no yes yes no yes yes w yes yes yes yes yes Random 2^128 key generated as account id w no no no yes no no yes yes w Phone number based yes
Sustainability
Transparent financingyes=it is clear how the project can operate indefinitely, no=we know nothing, partial=public statements were made but not convincing
no
yesw
Funded by MBOA and JMP.chatw MBOA is the development team behind JMP and Sopranica.
yes w w w grants, funds, Liberapay, PayPal, bitcoin w
donations, GNU/EFF in the pastofficial GNU project with EFF funding in the past, PayPal donations w w w
partial no
VC, merchandise, freemium, donationw w w w w w w w w w and Bitcoin, Ethereum
2018 GSoC w w Donations w
GitHub, Libera Pay, SEPAGitHub Sponsors w , Libera Pay w , SEPA w , NLNet w
noCouldn't find any donation links, previous sponsorship or how supportive their community is w
complex financial structure with no clear answersnetwork is financed by oxen crypto, financial disclosures haven't been published since 2019 w
yes w
individuals: one-time paymentsubscriptions for organizations w and educational institutions w
out of pocketnot currently accepting donations w
cryptocoin backed by VC w w
No-cost tier yes yes yes Only paid content would be third party extensions yes yes yes yes w yes yes w yes w yes yes yes yes yes w yes entirely free platform yes yes no yes w yes yes no w
Payment choicesyes=cryptocurrency or some other anonymous, partial=lots of inexpensive choices
N/A N/A Apple Pay or any payment app with an iMessage extension N/A GitHub sponsorship w Open Collective w Monero w N/A N/A none Google Pay, Apple Pay, cryptocurrency w Wire transfer, MasterCard, Visa, PayPal, Bitcoin, Cash w w N/A
Active developmentyes=developer availability is not a bottleneck for progress, partial=occasional hobby development or basic maintenance work, no=no development or only ensuring it builds
yes yes yes yes w yes yes w yes w yes w yes w yes yes maintenance mode w no w w yes w yes w
partial w wseems to be mostly cherry picking with little own code
yes w w yes w yes yes yes w
no release since 2018 wlots of new commits w
yes yes yes w yes yes yes yes yes yes yes yes w yes yes
Multi-party developmentno=one-man show, yes=highest level contributors are exchangeable, equal drivers, partial=regular contributions from multiple people
no
partialOne main developer, but contributions from others are readily accepted.
no partial w 10 git members w 31 authors w partial w partial partial yes partial w no w yes w w w Hacktoberfest w GSoC-22 w
nosingle, anonymous person behind it w
partial w yes w yes w
Isolated self-hostingIt can be deployed on-premise in a LAN without internet
SMTP and IMAP w yes no complicated w yes no yes no Requires Tor no no no no yes no
partial wDirectory and push relay are not self-hostable w
probably needs bootstrappeers can cache and exchange these w w
no
User can extend network with nodeImproving the scaling of the system and communicate with anyone (i.e., if P2P or federated)
Applicable to group chats only w SMTP and IMAP w w yes Proprietary system
many parts self-hostableOpenDHT proxy, bootstrap, TURN, Jami blockchain, Jami name server w
yes no yes no no
All networks isolatedA user can either start a separate one or join an existing one
yes w no no no no yes w no no no no each client is full node w
Identity not controlled by vendorWill the system still work if the developer goes bankrupt
yes yes yes yes SMTP and IMAP w yes yes yes no names are optional and stored on a blockchain w w yes no
Unless using matrix.org accountvendor also offers various self-hostable or optional services like stickers, bots and bridges
yes no yes yes no yes Generated when starting server yes yes partial no no no
yes wself-hosted servers defined in the apps
no no no no no locally generated w no no
Open documentationCopyleft, editable by users through a wiki or source code repository, URL
yes w yes w no partial w yes w yes w yes w yes w yes w yes w no yes w w partial yes w yes w w yes w w partial w partial w w yes w w yes w w w yes w w no no yes w w w
Web forumPublicly readable, URL
no yes w no no no yes w no no no yes w w w w yes w yes w w yes yes w yes w w yes w w no no no no yes w w no no yes w w
ContactURI including the scheme prefix, preferably of group chat, such as matrix: acct: xmpp: msrp: news: mailto: irc: sip: mumble: ssh:
no yes w w yes w w yes w w yes w
yesw unofficial w w w
yes w w yes w w w yes w w yes w w w w w w no yes w w w w yes no yes w w yes w w w w w w no yes w w w yes w w w yes w w w w yes w w w w partial w no
yesw w w unofficial w
SyndicationURL of RSS, Atom, twtxt or gemini text feed
no yes w no no yes w yes w yes w no yes w yes w no yes w no no yes w w no no yes w no yes w w no yes w yes w
Topology
Offlineno=Not useful if disconnected. partial=Only read a few buffered messages or compose new ones. yes=Reboot, add new contacts, past logs, search, cache list of groups or users, settings.
noCan't be used without internet
yesw adding contacts must happen within 48 hours, but introductions do not carry a time limit w w
no yes w
compose or read recent messages on Mobile/Desktop, no Web startupBuffered messages on Mobile/Desktop, Fluffychat Web lacks offline startup via Web Workers
yes yes w no
compose or read recent Desktop messages, no Web startupBuffered messages on Element Desktop, Element Web lacks offline startup via Web Workers
list&add contacts w no Compose or read stored messages compose or read stored messages up to 28 days w
compose or read recent messages on Android/Desktop, no Web startupBuffered messages on SchildiChat Android/Desktop, SchildiChat Web lacks offline startup via Web Workers
yes w Compose or read stored messages Compose or read stored messages Compose or read stored messages not possible to add contact Compose or read stored messages Compose or read stored messages Compose or read stored messages
yesTODO: verify and add reference, because it requires many servers to run
buffering, personal proxy w w w Compose or read stored messages yes
Servers requiredList all server software or instance by name that are mandatory to keep this network running or to host it in isolation
XMPP server Tor w Tor, Cwtch DNS, SMTP, IMAP Matrix homeserver e.g. Synapse, Dendride, Conduit, notifications push via FCM or Unified push DNS, OpenDHT proxy, GCN/Apple push, bootstrap, TURN w Synapse homeserver, notifications push
Signal, Storage, Contact Discovery, Key backup, ICE, ReCAPTCHAw w w w w w w w storage must be hosted within GCP, also used by key backup
Ejabberd or Prosody w Matrix homeserver Tor, OnionShare live nodes on the preloaded list w w IRC server
Torw w
Matrix homeserver e.g. Synapse, Dendride, Conduit, notifications push, Unified push, backround synchronization service session/lokinet onion routing network required w
Signal, Storage, Contact Discovery, Key backup, ICE, ReCAPTCHAw w w w w w w w storage must be hosted within GCP, also used by key backup
Signal, Storage, Contact Discovery, Key backup, ICE, ReCAPTCHAw w w w w w w w storage must be hosted within GCP, also used by key backup
Signal, Storage, Contact Discovery, Key backup, ICE, ReCAPTCHAw w w w w w w w storage must be hosted within GCP, also used by key backup
SMP w FCM
Chat, Directory (identity), Media, WebRTC, Web push relay wAPN required on iOS, w
DHT bootstrap nodes and listcould implement automation to gather these and burn into the app w w w
FCMWon't work on LineageOS
Servers optionalList all server software or instance by name that can provide extra features when using this network
jitsi, talky.io, appear.in w Jami name server w DNS, Element Web app, identity, integrations, ICE, Jitsi w ICE (disabled) w w
Google STUN w FCM w w w giphy proxy w w website updates wcan't disable Google STUN or giphy proxy, but should still work if blocked over the network
w
Google STUN w FCM w w w giphy proxy w wcan't disable Google STUN or giphy proxy, but should still work if blocked over the network
Google STUN w w w giphy proxy w wcan't disable Google STUN or giphy proxy, but should still work if blocked over the network
Google STUN w FCM (optional) w w w giphy proxy w wcan't disable Google STUN or giphy proxy, but should still work if blocked over the network
Google voice-to-text, Translate, Loginw w
FCM w or Threema Push w w , Threema Safe w DNS
Serverless WAN modeIf communicating over the internet might scale without (a vast amount of) dedicated servers, i.e. by supernode promotion and DHT
no no no Requires Tor SMTP is usually blocked no
only data traffic is P2P(TODO: with IP and SIP?) w
yes no no
nocan't cross NAT w
no no Requires Tor
can preload a node list wthere is no automated mechanism for updating or spreading this preload list with the client
no no w no no no no no
needs implementationLAN mode? w peers can cache and exchange peers, but would need a distributed crawler and burn the list into the app w w
no
Serverless LAN modeIf you can communicate without an internet connection and a server
no yes w
noXEP-0174 unimplemented in Conversations w
noXEP-0174 unimplemented w
Requires Tor
nomight be feasible in the future
noXEP-0174 unimplemented w
no
noXEP-0174 removed w w w w
no w yes no no yes w no no w
noXEP-0174 unimplemented w w
Requires Tor
via Bonjour prplXEP-0174 w w w w w
yes no no w no no no no no maybe w DHT generally needs WAN IP w no yes w w
Network store and forwardYou can compose messages to your peer even if the two of you aren't online at the same time
if server and contact client support XEP-0313 MAM if server and contact client support XEP-0313 MAM yes w yes no w w yes no yes no w yes yes w if server and contact client support XEP-0313 MAM No chat log w up to 2 days w yes messages are stored on session servers for 14 days w yes yes yes yes yes no w
Wireless modeBuilt-in support for peering with nearby nodes over ISM wireless either to sync or as part of a mesh
Bluetooth w no no no no w no no w w no no no no w no w no no no no no no w
IP shielded from peers not for STUN calls not for STUN calls via Tor
depends on providermost servers add SMTP client IP to Received header w
Not during calls if you enable WebRTC
unsure, FaceTime may use STUNw w
not over ICEcalls and file transfers reveal the IP w w
messages can relay via other peers not when using Jitsi, Zoom, Google meetings Not during calls if you enable WebRTC
noMAC is also disclosed w
not by defaultcan set to always relay calls, otherwise shares IP with outgoing calls and contacts w w w
not for STUN calls via Tor Not during calls if you enable WebRTC
onion requests in private, group server operators, voice calls and video calls are p2pprivate conversations and closed groups are sent using onion requests, open groups are possibly visible by open group server operators, voice calls and video calls are p2p and ips are visible by all users, attachments, pictures, videos, files, etc. are not onion routed and are sent directly to and stored on session owned servers, avatars and user display names are possibly still uploaded directly to and stored on session owned servers, github contacted directly during account setup and when app checks for updates w
not by defaultcan set to always relay calls, otherwise shares IP with outgoing calls and contacts w w w
not by defaultcan set to always relay calls, otherwise shares IP with outgoing calls and contacts w w w
not by defaultcan set to always relay calls, otherwise shares IP with outgoing calls and contacts w w w
Requires using proxy w w not if STUN calls are enabled w
p2p, not by defaultTox ID resolved through onion routing, Tor optional w
Not during STUN calls
Proxy supportHTTP, Tor, SOCKS5
yes only on desktop w
HTTP, SOCKS5command line client supports Tor w
yes, through CLI argumentshould have a GUI setting w TODO auth w
no w SOCKS5 w SOCKS w w
Vendor
Third party clientsyes=Multiple full featured clients available, no=Terms of service prohibits access to vendor operated network
no alternative client
SMTP and IMAPinteroperates with any email client, E2EE uses AutoCrypt w
no no alternative client no proof of concept TUI client based on Keybase CLI exists w Open API available w yes w no yes no alternative client no alternative client no w w w yes yes
openMittsu wIt is "tolerated" as of now
yes w banned w yes w no alternative client
Bots availableno=banned, yes=several available possibly from a built-in gallery
yes w yes w yes w yes w yes w w w w yes w yes w yes w planned yes w yes w no yes w yes w yes w w yes w
yesand many more for other protocols w
yes w
partial w wfew examples so far
yesw
yes w w yes w w auto-inviter w yes w
User addonsApps, widgets, integrations by third party developers or users themselves
yes w w
Install through app storew
planned as bots w yes w no
yesw
Hosted bots and addonsOptionally provided so that a user need not maintain a separate server
yes w no no
Tor access of vendor operated networkyes=Without involving Tor exit nodes, no=Tor exit nodes blocked, partial=otherwise
N/Auses Tor connection to peers
routing and connections
N/Adepends on provider
CLI wthe website also has an onion address
no via Orbot w fully self-hosted
N/Auses Tor connection to peers
yes w session/lokinet were designed to be non-compatible with tor yes w w yes w
IPv6 access of vendor operated networkStill green if only registration is limited to IPv4
yes
N/Adepends on provider
no w yes yes w fully self-hosted yes session is not currently compatible with ipv6, may be in future yes w
Vendor operated network inaccessible from countriesIf it is illegal or blocked here or if the vendor prohibits usage or its infrastructure blocks users from here. Encryption itself is outlawed in many countries, do not list these.
N/Adepends on provider
no China w
some countries attempt to censor Torbridges are available
possibly China is blocking access to Session and Lokinet China, Iran, Uzbekistan, Cuba w many and changing w
Vendor legal entity kindIndividual, entrepreneur, non-profit company, single-person for-profit, multi-party for-profit
mixedmostly volunteers and temporary contracts via multi-party for-profit merlinux GmbH
companyZoom Inc. w
For-profit PLC w individual anonymous individual individuals team of voluntary developers w non-profit company person
Transparency reports yes w w no no no
Transparanty is nonexistentw
Vendor jurisdiction canada w w Germany w USA Canada with two offices in France
USCalifornia w
UK with subsidiaries in France & US Germany w w anonymous Germany w
various countriesincluding Italy, Germany, USA and more w
US
Australiacomplicated 5 eyes jurisdiction with many anti-privacy and anti-encryption laws w
USA w Depends on the region, but every vendor reports to headquarter in USA USA w Switzerland
USA and Cayman Islands offshorexx cMix privacy layer in Los Angeles w
Infrastructure jurisdiction global Tor onion routed network
N/Adepends on provider
Canada US Netherlands & Sweden, various for EMS w N/A USA fully self-hosted
globalTor onion routed network
Australia w USA USA USA USA Depends on the region, but every vendor reports to headquarter in USA
Netherlands, USA, SingaporeNetherlands for UK/EEA w USA, Singapore w Maybe UK as a proxy w
Switzerland
Infrastructure provider Tor onion routed network
N/Adepends on provider
Amazon AWSw
Savoir-faire Linux (default) Amazon AWS AWS, Cloudflare N/A
Signal at presentAmazon w w GCP (BigTable w ) Fastly w
fully self-hosted
Toronion routed network
Hetzner and OVH, distributed Lokinetsession owned servers are primarily hetzner and ovh, lokinet servers are distributed worldwide in multiple countries and with various isps
Sideband uses the peer-to-peer and distributed messaging system LXMF w
Amazon w w GCP (BigTable w ) Fastly w Amazon w w GCP (BigTable w ) Fastly w Amazon w w GCP (BigTable w ) Fastly w Akamai Amazon, Azure + others
dedicated within data center & unknowndedicated servers within a shared data center for UK/EEA, unknown otherwise
a colocation data center w
Good ToSDR gradeyes=A,B, partial=C,D, no=E,F
A w
Dw
B w A w B w B w E w E w B w unrated w w unrated w E w D w E w
DomainCurrently delegated to the vendor, signals sustainability and commitment, URL including protocol
no yes w yes w yes w yes w yes w yes w yes w yes w yes w partial w yes w yes w yes w yes w w no yes w yes w yes w w w yes w no yes w yes w w
Reputation
First releaseyes=mature, large masses have tested it for years, no=only released recently
2018-01-07? w 2018-05-09 w 2022-03-15 w 2014-03-24 w 2021-06-25 w 2017 w w
2020-01-29w initial commit 2017-03-02 w
2020-06-26? w 2004-05-21 w v0.7.0 2022-04-23 w 2004-12-22 (as SFLphone) w 2015-11-06 w 2014-08-12 w w 2018-08-14 w Feb 24, 2020 w 2014-03-18 w 2005-09-02 w 2020-04-03? w 2015-05-19 w 1998-12-31 (as Gaim) w 2012 w w 2008-08-27 w 2022-01-25 w 2006 w 2019-07-11 w 2020-02-06 w 2022-7-6 w 2014-07-29 w 2021-01-14? w 2018-04-08 w 2021-05-02 w 2003-08-29 w 2011-10-29 originally named "Picaboo" 2013-08-14 w 2017-04-18? w 2012-12 w 2013 w 2019-11-05 w
Public issue trackerWhether outstanding bugs can be viewed by the public. partial=approximated via forum
yes w yes w w yes w yes w w yes w yes w w w yes w yes w yes w yes w yes w yes w yes w yes w w w yes w yes w yes w yes w yes w yes w yes w yes w w yes w yes w yes w yes w yes w w yes w yes w yes w w yes w w w yes w yes w w w no w yes w yes w no yes w only in-app reporting via "shake to report" w yes w yes w web only w yes w w w w requires registration yes w w w w w no w
Support teamyes=Dedicated, friendly, sufficient compared to user base
yes
issues groomedno question is left unanswered and they give quick answers, few issues remain open w w w w
friendly but few
partialissues seem to be reacted to, but many requests are rejected w
community wits own forum is offline
no yes
No past DDoSno=denial of service happened against vendor operated network
partialThe Tor network, which Briar relies on, is subject to many DDoS attacks. It has mitigated most of them and continues to implement its Vanguard protections ahead of scheduled Tor-core releases. w
partialThe Cwtch application utilizes Tor which has been subject to much stress in the past.
yes
now
DoS using the API for Android and iOS w
No past client vulnerabilitiesno=security exploits in client or server side
w w + issue tracker query w
yes wexploitation requires full device compromise, bad actor requires password
2019 w 2021 w 2012 w 2021 w not exploited in the wild w w w w yes
yesnone published since forking from Signal
2004-2017 w remote execution w not exploited in the wild w w
noremote listening w surreptitious sharing w geolocation by timing w HTML Injection in Quoted Replies w HTML redressing w
yes surreptitious sharing w
many privacy-related hacksw
nosurreptitious sharing w w RCE w pyzw RCE w
nosurreptitious sharing w geolocation by timing w prior to Ibex protocol vulnerabilities w
noman-in-the-disk w geolocation by timing w
no w
No past server vulnerabilitiesno=exploits in self-hostable server or data leaks by vendor
multiple high severity ones w yes partial w yes
now w w
no w w phone number leak w no w
No past financing hiccupsno=development can intermittently stop due to lack of funds
noHas 1 backer and no grant since 2018 GSoC, no progress on roadmap, but regular commits w
Ethical financing in the pastno=tax evasion
yes yes w Stripe cryptocurrency, A16Z VC w yes
noMicrosoft is paying little to no Tax in Scandinavia
Ethical business in the pastno=anti-trust investigations, bribes, hurting customers in other way
yes yes no
No past conflicts of interestno=shady ownership changes, investor may benefit from breaching privacy or project failure
yes yes no no
No past privacy glitchesno=uncovered cases when vendor secretly exploited user data
yes yes yes no no w
now group chat preview leak w
noZoom iOS w attorney w privacy w E2EE lie w
Server hosted untildate of vendor instance discontinuation
2023-12-31w
Server development untildate of abandoning maintenance
Client development untildate of abandoning maintenance
2024-04-05w
2022-10-06not officially discontinued, but no new release or post
2022-08-26not officially discontinued w
WikipediaPasses notability, URL
no yes w no no no no no no yes w yes w yes w yes w yes w no yes w no no no no yes w no no yes w
WikidataMay not be reliable due to anonymous edits, URL
no yes w no yes w yes w yes w yes w no yes w yes w yes w yes w yes w yes w yes w no no yes w no yes w no no yes w

Please review your changes below

Note that it will get lost if you reload this page! You need to copy & paste this manually to share your changes.

You may either open a pull/merge request on GitLab, GitHub or Codeberg or send this snippet over in the Matrix chat room so one of our committers can do that for you.


About the project

We need your support

Please help us fill in the gaps, or contribute new columns or rows to the table. We have a wishlist in order of priority, but you are welcome to contribute whatever interests you.

Contact

Chat with us on Matrix:

Chat with us over the relayed XMPP MUC:

Subscribe to the feed of changes via RSS:

Copyright

The history of the source code repository contains specifics of the individual work done by our past volunteers. We have also tried to outline a summary of who had contributed so far on the following page:

CC-BY-SA applies to data to remain compatible with Wikipedia:

./LICENSE.data

The MIT License applies to software components:

./LICENSE

Copyright © 2022-2024 bkil & contributors

How to edit existing cells within the chart

Use the **Edit chart** button, click the grid and make some changes.

After you are done, click **Review edits** and copy & paste the content of the box showing the commands with the difference. You have two choices to proceed:

Credits

We would like to thank all participants for their contribution. Those listed here have given us a name to attribute to, but we have also received contributions whose authors chose to remain anonymous. Apologies if you have donated time to create value for the project and you are missing - feel free to submit a correction to add yourself. You are also welcome to add your contact information.

Gold level contributors

bkil

https://gitlab.com/bkil

new-data, fix-data, review-data, research-data, documentation, build-tools, ui-design, ui-code, moderation, support, boosting

erAck

https://gitlab.com/erAck

new-data, fix-data, research-data, build-tools, documentation, ui-code, moderation, support, feedback

mahdi1234

https://mastodon.social/@mahdi1234

new-data, fix-data, review-data, research-data, operations, moderation, support, boosting

Silver level contributors

Angel Operator From Heaven

moderation

Autmnmute

moderation

Evgeny Poberezkin

fix-data, support, feedback

gamaflow900

new-data, moderation

jjj333_p

new-data, moderation

ninchuka

moderation, support

secuencias

research-data, moderation, support, feedback

Bronze level contributors

Babba27

fix-data

cbug

fix-data

Dieter Castel

new-data

Jeremy O'Brien

fix-data

johanw666

support

neotdc

new-data

nopenothinghere

new-data

paciento

support, fix-data

Pavel Nedrigailov

fix-data

privateer

new-data, fix-data

pterocles

new-data

pvlk

feedback

qbw3ykpkzejp

fix-data

root_21

fix-data

Sharp-tailed Grouse

new-data, documentation

Than Harrison

new-data, fix-data, documentation

thehidden

fix-data

valldrac

feedback

vector7

fix-data

Former contributors

adb (Asiel Díaz Benítez)

https://github.com/adbenitez

moderation

Aminda Suomalainen

build-tools, fix-data, moderation

kiwi

moderation

nikkor

moderation

Notupus

moderation

Persona

foss

tinfoil

layperson

crowd

Private

Collaborative

Public

SecuChart: Comprehensive and interactive software comparison

Framework

SecuChart interactive messenger comparison

Licensing

Competition: types

Competition takeaway: mobile friendliness

Competition: takeaways

Competition: IM, DSNS, VoIP, messaging on Wikipedia

https://en.wikipedia.org/wiki/Comparison_of_cross-platform_instant_messaging_clients

https://en.wikipedia.org/wiki/Comparison_of_software_and_protocols_for_distributed_social_networking

https://en.wikipedia.org/wiki/Comparison_of_instant_messaging_protocols

https://en.wikipedia.org/wiki/Comparison_of_VoIP_software

https://en.wikipedia.org/wiki/Comparison_of_user_features_of_messaging_platforms

Competition: Wikipedia takeaway

Competition: SecureMessagingApps.com

https://securemessagingapps.com/

Competition: Messenger-Matrix

English:

https://messenger-matrix.de/messenger-matrix-en.html

German:

https://messenger-matrix.de/messenger-matrix.html

Competition: SecureChatGuide

https://securechatguide.org/featuresmatrix.html

Competition: dessalines docs

https://docs.google.com/spreadsheets/d/1-UlA4-tslROBDS9IqHalWVztqZo7uxlCeKPQ-8uoFOU/htmlview

https://github.com/dessalines/Messaging-Services-Comparison

https://gitlab.com/dessalines/Messaging-Services-Comparison

Competition: Berty advertising FAQ

https://berty.tech/faq#what-are-the-advantages-of-berty-compared-to-the-other-messengers

Competition: freie-messenger

https://freie-messenger.de/systemvergleich/

Competition: Threema advertising FAQ

https://threema.ch/en/messenger-comparison

Competition: eylenburg

https://eylenburg.github.io/im_comparison.htm

Competition: SignalUsers fans wiki

https://community.signalusers.org/t/wiki-in-depth-feature-comparison-between-private-messaging-apps/12238

Competition: JayXT

https://jayxt.github.io/MessengerComparison/en/

https://github.com/JayXT/MessengerComparison

Q: Can you add messenger "A", etc.?
Each new messenger will add one more column, which will make mobile table browsing experience worse. Presence of more than five messengers will noticably deteriorate desktop browsing experience.

Competition: Wiki of Tox clients

https://wiki.tox.chat/include/clients_features

Competition: Matrix clients

https://matrix.org/ecosystem/clients/

Competition: PrivacyGuides

https://www.privacyguides.org/en/real-time-communication/

Competition: DivestOS

The only tabular one that is usable on mobile!

https://divestos.org/index.php?page=messengers

Competition: SecuShare

https://secushare.org/comparison

https://secushare.org/features

Competition: bitmessage wiki

https://wiki.bitmessage.org/index.php/FAQ#How_does_Bitmessage_compare_to_other_messaging_methods

Competition: PrivacyTests browsers

https://privacytests.org/

Competition: digdeeper browsers

https://digdeeper.neocities.org/ghost/browsers.html

Competition: acz shadow browsers

https://web.archive.org/web/20220511020224/https://tilde.club/~acz/shadow_wiki/browsers.xhtml

References: Motivation

References: Sources

Features: Property and value details

Features: Dark mode

Features: High contrast

Features: Restricted item comparison

Features: Permalink

Features: Item category filter

Features: Sticky headers

Features: Mobile friendly

Features: Abbreviated mode overview

Features: Abbreviated mode hover

Features: Transposed table

Features: Property-judgment mapping

Features: Persona

Features: FOSS persona

Features: Tinfoil persona

Features: Layperson persona

Features: Crowd persona

Features: Other suggested persona

Features: Documentation

Documentation: Rendering of gemini, markdown

Also looks good enough on GitLab as markdown:

Documentation: Messenger analysis pages

Features: Edit via JavaScript

JavaScript editor: motivation

JavaScript editor: edit widget

JavaScript editor: review mode

JavaScript editor: view mode

Implementation: Property syntax

CSV columns:

Implementation: Item syntax

CSV columns:

Implementation: Command line helpers

Implementation: Fixed HTML template

Implementation: Fixed styles

Implementation: Generated HTML input fields

Implementation: Generated table

Implementation: Generated styles

Implementation: Abbreviated mode

Implementation: GitLab CI

Future: Item scoring

Future: Item ranking, tiers

Future: Rewrite in faster language

Future: git API JavaScript editor

Future: Data caching via JavaScript

https://bkil.github.io/openscope-dict-eng-hun/

Future: Pro & con view

Future: Property subset comparison

Future: SCSS rewrite

Future: Start evaluating remaining messengers

Future: Generalize for other comparisons

Explanation of properties

General guidelines

The summary of a cell should fit at most two lines in a full view. It should only contain links if no details text is present. Further information and links should be pushed off to the details field. This is so that the interactive region of toggling the details and activating a link do not overlap.

Analysis

Textual review that can not be compared objectively through properties. Links to related technical articles.

Summary

Highlight in a few words why it is interesting. Note that this should be our own phrasing for the purpose of consciously differentiating messenger items from each other. It is usually not a good choice to copy some generic advertising text or heading from the homepage of the messenger. Those both lacks context and usually uses wordy marketing & sales pitch language.

Screenshots

List URLs in the details. We can generate a gallery widget from this in the future. See:

Android Google Play

Most mobile users will prefer to install through their app store included out of the box.

Google Play version

This facilitates comparing Android API version support and approximate space usage of various messengers. It is only updated once every few months across the whole chart.

Android F-droid/apk

F-droid version

See note at "Google Play version".

Other mobile

Alternative phones like KaiStore, Blackberry, OpenStore, PureOS, Microsoft Store

Other Android

Alternative app stores like Amazon Appstore, Huawei App Gallery, Samsung Galaxy Store, Opera Mobile Store, Aptoide, GetJar, Uptodown, Applivery

Apple iOS

Desktop

See:

Web

See:

Languages

The higher the amount of people reachable the better.

Protocol

List the canonical names of the protocols supported.

Protocol open

Server license

Client license

Register without app

Is there some alternative way to start using the service without installing an app? This may be achieved with or without another account through another established app, protocol or platform, such as through a web app, IRC, XMPP, Matrix, the Fediverse or email.

Spell check

Grammar correction as you type, spelling suggestions, how many languages it covers. Whether it is using the OS default service or reimplements it in some way.

Replies

Group chat

Whether they are persistent between restarts, chat log, file transfer, inline images, offline messaging

Voice calls

Video calls

Group calls

Audio, video

Voice messages

Ideally push to talk, may be useful where voice call is not supported. Also voice notes

Screen sharing

Whether multiple participants can share their screen or only one at a time.

Audio filtering

Noise cancellation, gain control, voice activity detection

File transfer

Retry, pause, resume, file size or type limit.

Message formatting

Font size, bold, italic, underline, strike-through, list, blockquote, code, pre, colors, clickable link, table, subscript, superscript, line break, horizontal rule

Emoticons in message

Deprecated. Please do not fill in this property for new messenger items. Work towards refactoring existing cells into the below new properties instead and then empty this cell. (Was: Compose, show)

Unicode support

Emoji composer

Emoji reception

Sticker packs

Whether they are animated. Where is it stored, at each individual or is it available group-wide?

Link preview

Unfurling: who downloads the page, the sender, the recipient or the server of one or the other

Inline images

Supported image formats: png, jpeg, gif, webp, avif

Inline videos

Supported video formats: mp4, webm, av1

Polls

Multiple choice voting. How seamless is its integration to the client interface: is it more like a bot that you need to converse with or can you click on buttons.

Reactions

Read public content without registering

Provides free tasting to look around before committing to install anything or having to remember another pair of credentials. See:

Multiple devices

If the same account can be used at the same time from multiple devices, syncing contacts, messages and notifications.

Online account replica

If the user lost all of their devices, can they continue from where they left off after purchasing a new one and at most by typing in a password? Manually cloning the internal storage of the device externally every day and restoring it on a new one is expected to produce a similar result, except if the app locks itself down via DRM (hardware credential store, eSIM, serial number, etc.). Hence, concentrate on features of the messenger that makes full restoration possible without such external manual workarounds.

Multiple accounts

If you can stay logged in with multiple accounts on the same device and application without external isolation techniques. Notifications shouldn't interfere either.

Application locking

Unlock the account or certain chats with a PIN code, passphrase or biometrics such as (fingerprints or facial likeness)

Remote message removal

Also called redaction, retraction or deletion. Used if you sent the message to the wrong chat, to hide stale information or by moderators to hide spam from others so as few will have to read it as possible.

Note: An adversary can always use the analog loophole of taking photographs of the display. Hence, we can assume that such a feature caters to cooperative peers.

Remote message correction

Also called editing. The main use case is to fix typos or to better summarize stale information resulting from further discussion if later comments invalidate some of the former ones.

See the note at remote message removal.

Message expiration

Also called retention time, disappearing/ephemeral/self-destructing messages. The main use case is to keep your chat log clean, to publish limited time offers or requests and to help maintain as few copies of sensitive information as possible on the long term.

See the note at remote message removal.

Presence status

Whether it is supported and how many levels can be differentiated. A user may signal towards another whether they are online (available for chat) or offline (busy, away, do not disturb, hidden, stealth, custom status message).

Presence of another user may be shown within either direct messages or group chats.

Presence not mandatory

If it has presence broadcasting, can you hide the fact that you are online from another user?

Tinfoil persona may consider it a threat to anonymity if one can log behavior patterns of another such as what time of day the user is connected to the network, travelling, attend classes or what custom messages they are using. They may correlate such activities across accounts.

A messenger may not allow the user to override presence, instead substituting it with recent activity based status detection. The messenger could independently provide for scheduled or bot based authorized message delivery delegation, so such an option may still provide for privacy advantages.

This can also provide for improvement to quality of life and work-life balance of a layperson. One could for example allocate 30 minutes of active chat time in front of their device when they initiate conversation and another 30 minutes where they switch their status to "do not disturb". The latter would provide an opportunity to reply to any new incoming message about topics being followed while signalling to all peers that they would prefer not to engage in further requests until the next working day.

Typing indication

Whether sending and showing is supported. Mention in the explanation whether it can be disabled and its default state.

Read receipts

Whether sending and showing is supported.

Receipts not mandatory

Themes

Appearance, dark scheme, night mode, OLED, prefers contrast, reduced motion, color blind, custom base color, large fonts, visual style presets, automatic switching

Landing page

Introductory website maintained by vendor, may use SaaS subdomain, URL

Manual

Knowledge base maintained by the vendor, user manual, tutorial, extensive FAQ, URL

Vendor can't curate content

Otherwise users need to moderate their content themselves based on peer to peer power structures.

Spam protection

If it gained worldwide adoption

Account deactivation after device compromise

Solvable with centralized or federated servers or with revocation certificates in P2P.

Account recovery after device compromise

Solvable with centralized or federated servers or with subkeys, revocation and secret sharing in P2P.

CPU idle

Power saving

Ensure that device wakes up as few times as possible, filters and batches events on the remote side, no sockets kept open indefinitely, delegated peer tracking

Bandwidth frugal

Conservation by lazy loading, previews, adaptive detail, incremental sync, fewer round trips, tokenization, batching transfers to improve compression, tweaked key schedule, multicasting hubs

Disallow screenshots

Logo

Avatar, prefer FOSS, externally hosted, Wikimedia URL

Threat model

End-to-end encryption

This is more important for closed or non-self hosted servers. See:

E2EE keys shielded from operator

Regardless of this, certain OS vendors might also have access to your keys

Deniability

Deny sending a message, repudiability

Replay prevention

Of third party buffering nodes

Downgrade resistance

Mitigation against downgrade attacks

Contact list confidential

If the client never sends over its contact list to the server

Metadata protection

Perfect forward secrecy

Security team

yes=regularly scanning for vulnerabilities proactively, found bugs inspected for security implications, partial=reported vulnerabilities promptly fixed and released

Large bug bounty

Reproducible builds

Audits

Usage without phone number

Transparent financing

yes=it is clear how the project can operate indefinitely, no=we know nothing, partial=public statements were made but not convincing

No-cost tier

Payment choices

Active development

Multi-party development

Isolated self-hosting

It can be deployed on-premise in a LAN without internet

User can extend network with node

Improving the scaling of the system and communicate with anyone (i.e., if P2P or federated)

Identity not controlled by vendor

Will the system still work if the developer goes bankrupt

Open documentation

Copyleft, editable by users through a wiki or source code repository, URL

Web forum

Publicly readable, URL

Contact

URI including the scheme prefix, preferably of group chat, such as matrix: acct: xmpp: msrp: news: mailto: irc: sip: mumble: ssh:

Syndication

URL of RSS, Atom, twtxt or gemini text feed

Offline

Servers required

List all server software or instance by name that are mandatory to keep this network running or to host it in isolation

Servers optional

List all server software or instance by name that can provide extra features when using this network

Serverless WAN mode

If communicating over the internet might scale without (a vast amount of) dedicated servers, i.e. by supernode promotion and DHT. See:

Serverless LAN mode

If you can communicate without an internet connection and a server. See:

Network store and forward

You can compose messages to your peer even if the two of you aren't online at the same time

Wireless mode

Built-in support for peering with nearby nodes over ISM wireless either to sync or as part of a mesh. See:

IP shielded from peers

See:

Proxy support

HTTP, Tor, SOCKS5

Third party clients

See:

Bots available

User addons

Apps, widgets, integrations by third party developers or users themselves

Hosted bots and addons

Optionally provided so that a user need not maintain a separate server

Tor access of vendor operated network

See:

IPv6 access of vendor operated network

Still green if only registration is limited to IPv4

Vendor operated network inaccessible from countries

If it is illegal or blocked here or if the vendor prohibits usage or its infrastructure blocks users from here. Encryption itself is outlawed in many countries, do not list these.

Vendor legal entity kind

Individual, entrepreneur, non-profit company, single-person for-profit, multi-party for-profit

Transparency reports

Vendor jurisdiction

Infrastructure jurisdiction

Infrastructure provider

Good ToSDR grade

Domain

Currently delegated to the vendor, signals sustainability and commitment, URL including protocol

First release

Public issue tracker

Support team

yes=Dedicated, friendly, sufficient compared to user base

No past DDoS

no=denial of service happened against vendor operated network

No past client vulnerabilities

no=security exploits in client or server side

No past server vulnerabilities

no=exploits in self-hostable server or data leaks by vendor

No past financing hiccups

no=development can intermittently stop due to lack of funds

Ethical financing in the past

no=tax evasion

Ethical business in the past

no=anti-trust investigations, bribes, hurting customers in other way

No past conflicts of interest

no=shady ownership changes, investor may benefit from breaching privacy or project failure

No past privacy glitches

no=uncovered cases when vendor secretly exploited user data

Server hosted until

date of vendor instance discontinuation

Server development until

date of abandoning maintenance

Client development until

date of abandoning maintenance

Wikipedia

Passes notability, URL

Wikidata

May not be reliable due to anonymous edits, URL

Screenshots

Why

Where to link

Upload upstream

The picture should ideally be lossless PNG or WEBP. Keep it small by not showing much true color content if possible.

You should ideally submit a pull request in the repository of the respective software if you need to add a screenshot. It could reach their website and their app stores as well.

Wikimedia Commons (Wikipedia):

F-droid:

SecuChart-assets

Mirrors:

(on demand: Codeberg)

Placeholder assets

If you would like to show mock user generated content on the screen within discussions, it is best to choose public domain material:

Threat modeling

Definition

Threat model aims

Resources

LINDDUN method

https://www.linddun.org/

Microsoft's STRIDE

https://en.wikipedia.org/wiki/STRIDE_%28security%29

Links

Ideas for the interface design

Items missing

Some of these may be investigated in the future by volunteers. Others may be added to a list that list legacy or scam alternatives or may be discounted.

Properties missing

Here are some ideas regarding new aspects to research, feel free to factor these to atomic property definitions or suggest more:

Properties disqualified

Here are some properties we have investigated and deemed redundant or to not be worth our time (at least while the rest of the table is empty):

The Fediverse vs. Matrix network

Aims of The Fediverse

Aims of Matrix

Social networking services

https://en.wikipedia.org/wiki/Social_networking_service#Definition

Fediverse is SNS

Matrix is not SNS

IPFS

Bootstrapping is a critical problem with any similar project. IPFS ships with a hardcoded list of servers:

They are probably financed and operated by the project owners. Such a VPS usually costs quite a lot of money, but I haven't checked the exact specs.

The documentation does list the IPv4 address of one node, but refers to most through a domain name. The (single) domain name is probably hardcoded in many places and they also have to pay for that and operate a name resolver as well, increasing the number of bottlenecks from 1 to 3: bootstrap.libp2p.io

Most of the world might have trouble reaching IPFS because it is not very good with traversing NAT:

The workarounds might be good enough for those fortunate enough to be able to forward ports, but those could already just as well run a normal FTP/SFTP/Synching/rsync server for the same effort.

It probably solves various problems pretty well, like synchronization between your data centers or creating virtual clouds this way, but it is hardly what will solve the problem of decentralizing computation to the hardware of users if it gained worldwide traction.

Comparing BitTorrent, IPFS, Secure Scuttlebutt and Hypercore (Dat)

PC vs. smartphone threat level

PC advantages

A PC is a platform where:

Google Play

Drawbacks (compared to F-droid):

Google advantages:

Former mobile exploits

If you are using an out of date version of a mobile OS, because perhaps the vendor did not produce as update for you, you may still be affected by some of these.

2016 Surreptitious Sharing

This could also be interpreted as a flaw within each vulnerable application itself as well.

"Surreptitious Sharing" Android API Flaw Leaks Data, Private Keys: vulnerability in messaging apps [using the API] like Skype and perhaps Signal, and Telegram, that could lead to privilege escalation and data loss, including private keys. The attackers were able to get Threema, and another encrypted messaging app, Signal, to share its database as an audio recording. The researchers claim they were able to retrieve the file, save it, and open it as a database file. The two claim Signal was vulnerable - chiefly because of the way it processed the file - and crashed for them on each start.

2017 Broadcom wifi over the air

Over The Air: Exploiting Broadcom's Wi-Fi Stack (Part 2)
Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
In this blog post we'll complete our goal of achieving remote kernel code execution on the iPhone 7, by means of Wi-Fi communication alone.
Posted by Gal Beniamini, Project Zero

2022 UNISOC

Kryptowire Identifies Security and Privacy Vulnerability in Mobile Device Chipset from China [...] allows malicious actors to take control over user data and device functionality.
found a vulnerability which can be used to disrupt the device's radio communication through a malformed packet.

Security guides

Protecting yourself:

Helping how to define your own "threat model":

News

Legality of third party clients

TL;DR Their servers = their rules

Legality

If you (=the user) use the telecommunication service (=the service) provided by a given legal entity or natural person (=the provider), a legal contract is made between the user and the provider.

Courts accept various forms of consent when agreeing to a contract:

The provider has legal basis for restricting in what ways the user may access the service.

Benefits of restricting access method

No further elaboration would be needed, but let me share a few technical insights into why it is desirable for the provider to restrict alternative access methods (e.g., a third party client):

Tor

Intermediaries

How decentralized is Tor? Is it serverless? Can it continue to operate when its principal vendor loses interest? Can it stay operational without any financing at all?

If you use Tor or an app uses it under the hood, it first connects to 10 servers called "Directory authority nodes" to get a node list. Their IP address are hard coded in the application. They are probably ran by the Tor Foundation.

It then discovers the address of relay servers operated by select volunteers from the public Tor directory and attempts to connect to some of those.

If you are using proxies or bridges, you are using even more intermediate servers:

If your destination lies outside the Tor network, you will also have to discover and utilize exit relays.

The general latency, low offered bandwidth and the constant changing of the network topology also makes supporting voice/video calls unfeasible.

Topology

The directory authority nodes can be interpreted to form a centralized high-availability core.

Tor relays and exit nodes can be interpreted to be forming a closed internal federation whose services can be utilized without registration. The admittance of their operators is subject to undisclosed criteria of curation by the foundation and automated monitoring.

Not all nodes are equally privileged. Your messenger is only a Tor client, while volunteers or funding is needed to run Tor relays (and other Tor servers) around the globe to keep it running. This separation precludes automatic scaling of the system by growing capacity along with an increasing user base of the client.

Let's trivialize the traffic flowing towards the directory servers. The traffic volume flowing towards the few relays and exits is huge and is amplified sixfold by forming circuits. This means that there exist built-in limiting cost centers - bandwidth choke points not correlated with how many people install the messenger clients themselves.

Attacks

Was threat actor KAX17 de-anonymizing the Tor network?
Thirteen Years of Tor Attacks

References

Using VPN services

Advantages

Disadvantages

It is possible to detect and block Tor/VPN users either by the target website or the ISP.

If you intersperse your clearnet vs. Tor/VPN access patterns, one with a bird's eye view can actually correlate it pretty easily (i.e., state actors and funded malicious organizations). If you are using certain sites for longer stretches or even register on some, this can even be achieved purely with local inference.

You place ultimate trust in what a VPN provider says because there is no way to verify it, except after the fact if they were exploited. You can't influence whether they use encryption or turn off logging for example.

In case of going through a VPN, your local ISP can still log the timing & size metadata of packets (along with DNS, NTP and other leaking things if not set up correctly on any of your nodes). The ISP of the VPN provider can also log (and MITM) everything that could have been logged in the first place.

At least with your local ISP, you have a signed contract and you kind of know who they are (usually a local company), whereas in case of a VPN provider, they are almost always the NSA. You also support the local economy by using local services instead of foreign ones.

References

- http://tilde.club/wiki/vpnwhy.html

DON'T USE VPN SERVICES. Why not?
No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

- https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/

VPN servers seized by Ukrainian authorities weren't encrypted
On the disk of those two servers was an OpenVPN server certificate and its private key [...] the company also uses data compression to improve network performance. [...] an attack known as Voracle, [...] uses clues left behind in compression to decrypt data protected by OpenVPN-based VPNs

- https://vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru

How Data Brokers Sell Access to the Backbone of the Internet.
ISPs are quietly distributing "netflow" data that can, among other things, trace traffic through VPNs.

- https://twitter.com/josephmenn/status/1437885720169836544

The at least until recently CIO of big VPN ExpressVPN is one of the three former U.S. intelligence operatives who agreed today not to fight charges they illegally helped UAE hack people. Kind of makes you think.

- https://techradar.com/news/new-research-reveals-surfshark-turbovpn-vyprvpn-are-installing-risky-root-certificates

New research reveals Surfshark, TurboVPN, VyprVPN are installing risky root certificates - TechRadar
Security design flaw paves the way for surveillance or man-in-the-middle attacks

Messaging Layer Security (MLS)

List of existing MLS implementations

E2EE security guarantees of web apps vs. desktop apps

WIP

Beware that this whole article is work in progress with parts missing, parts needing rewording and parts needing integration from uncommitted local changes!

Encrypted mailbox providers

A disclaimer is justified for so called "encrypted mailbox providers" in general. Emails are routed basically as clear text around the world and can also be assumed to be stored as such on most nodes. It does not enhance your privacy guarantees sufficiently if the online mailbox provider promises to encrypt individual emails before storing them. Such providers have confessed to opting to deactivate their protections multiple times in the past.

Failure to generalize

Various articles attempt to generalize this claim and phrase it as if web browser based applications lacked certain security guarantees or as if theoretical basis precluded us from developing secure web apps. Let's try to investigate these claims in detail.

Do not use webapps in zero-trust designs

Stealthily switching the frontend

Let's assume that all else is equal: both the desktop app and the web app are FOSS.

A common claim is that the vendor could alter the code for the interface any day without the user having control or even noticing.

App distribution platforms

It is commonly mentioned that installing software from reputable third party distribution channels independent from the software vendor should guarantee accountability. Examples include the package manager of the Linux distribution or the Windows Store.

Web app distribution platforms also exist of equivalent functionality, such as the Chrome browser market, typically promoted for web extensions or userscripts.

Vendor hosted software

In certain cases, people install apps from software repositories controlled by the software vendor or a party not affiliated with the OS vendor, such as:

The security guarantees are all similar in the above cases. In an arrangement so called "TOFU" (trust on first use), the user verifies the fingerprint of the repository, website or the initial download and does a cross check on it to make sure it is authentic. Afterwards, assuming it is a FOSS reproducible build and has been reviewed, certain blatant intentional backdoors could be dismissed, assuming the check of signatures is implemented properly during updating.

Bait and switch

An automated mechanism set up on our device usually checks for and installs software updates found in the vendor repository, especially if it is marked as a security fix. Such checks may happen daily.

The vendor has in most of these cases a means to provide packages with different content to certain targeted subsets of users in a "bait and switch" scheme and possibly switch it back afterwards before detection.

This would apply to any platform, including web, desktop and native mobile apps that support daily updating through its own servers or stores.

Desktop app trust

When inspecting onboarding workflows at a big tech company in the knows, I have seen how many third party (mostly FOSS) stuff one needs to install on a Windows or Apple computer by hand by visiting dozens of websites, clicking download, install, next, next... This includes Homebrew, but most things were not available from there. Assume a dozen other things were needed as well as a daily driver. This was part of an initial setup process of individuals entrusted with management of their gear. On Linux set up just for secretaries without admin privileges, the sysadmin would surely just clone an image on all hardware and be done with it.

As you visit these dozens of websites to download your installers, you are initiating TOFU (trust on first use). It assumes the same level of trust as installing ("visiting") a modern web app built on a Service Worker from the same domain. The alternative to TOFU would be to meet the developer in person or exchanged a business card containing a QR code with their certificate.

Incidentally, I have seen another company where these exact same installers were already downloaded by an sysadmin and supplied over a local network share. However, it provides little help

With most Linux distributions, if you aren't looking for some very specialized tool or a trunk version of something, you could get away with just installing everything from the official package manager. This places all trust on your distribution, so it is a different scenario, but not all people have this luxury depending on their occupation.

HTML email

HTML markup in email is severely restricted since the last decades. They can't run JavaScript. It can't even apply most parts of HTML or CSS freely either, but only a strict subset that varies by client.

Solutions

They mention some simple workarounds except Service Workers.

It is possible to implement a FOSS webapp which

A webapp can be implemented in a way so as that the offline part (for example, within a Service Worker) is only ran once, and only pulls in additional resources using SRI or after checking their cryptographic signature (in case of updates). This places trust equivalent to installing a desktop software package from the website of a vendor. The same could have been implemented in various other (more twisted) ways even decades ago, but I better not go into that here.

Web (-Browser based) Apps, especially if FOSS and engineered from the grounds up for offline use via Service Workers, are for most intents and purposes isomorphic to non-browser based apps. It's just another containerization technology and runtime.

It is equivalent to saying that the software vendor of the mobile app or desktop app is untrusted in the exactly same way, along with its update mechanism.

At the same time, nothing keeps you from self-hosting the web apps you use either on a trusted server or even on localhost and review all code changes before running them.

It is unfortunate that very few good and complicated webapps are FOSS or support separation of frontend & backend properly. Being able to self-host Element Web while using an outside Synapse is a rare pattern.

Vulnerabilities

Programming errors occur frequently in native apps as well (be it email or other messengers) - it is not tied to E2EE web apps. I.e., RetroShare also had a critical remote code execution just recently and it is written in C++ (a language with manual memory management), not JavaScript.

Protonmail XSS

Compose a email to any protonmaail user with Subject:
#"><img src=x onerror=prompt(1);>

Send email to victim
How to accidentally find a XSS in ProtonMail iOS app
$body = "<html><head>"

$body += "<title>test</title></head>"

$body += "test`">`'><i>I</script><script>alert(1)</script>testscript</i>"

$body += "</body></html>"`


And neither one was HTML email - they were just plain text!

Vid shows how to easily hack 'anti-spy' webmail (sorry, ProtonMail)
Filtering evil JavaScript is tricky if you're encrypting in the browser

Serverless P2P messengers

Disambiguation

"P2P" is ill defined, thus we discuss its conflicting meanings separately:

Commonalities

Definition

Where did the term "P2P" originate from?

Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. [...] The architecture was popularized by the file sharing system Napster, originally released in 1999.

Basically in the 90s, you could find centralized file hosts (FTP, BBS) where people would upload their wares from where others could later download them. Then came a new model where everyone could store their wares on premise and others could access it directly without having to upload/download to such centralized hosts and that was called P2P file sharing. So the term originates from a specific type of distributed storage where instead of operating centralized nodes with costly spacious HDDs and paying an arm and a leg for bandwidth costs, their specs could be greatly reduced by allowing peers (who either have or want the files) to chime in.

The original intention of messaging projects which variously advertise themselves with loosely related terms such as "P2P", decentralized, distributed, federated, independent, blockchain-based, serverless was possibly of related nature: to allow a new competitor in the messaging apps space to enter without a huge investment. Just look at how many millions of dollars operation of the centralized Signal (or the matrix.org home server) costs.

Applying the term to messengers is not trivial and I think it should be avoided if possible, especially as cryptocurrency scammers started using this label for their marketing efforts. However, I would say that such messengers would apply a network topology that minimizes the use of centralized nodes which could pose as bottlenecks or cost centers and should do as much computing on the edge nodes (the device within your hand) as feasible to enable this. The sustained growth of capacity would thus be ensured by the growth of the user base.

This also sounds to be in line with the spirit of unhosted web apps.

Some misleadingly advertise themselves for enhanced anonymity and privacy. For such, the only scalable architecture proven so far was similar to centrally operated mixnet-based email remailers from the 90s (also loosely inspiring the similarly centrally operated Tor network). None of these are resistant to censorship either, despite what various advertising campaigns wants us to believe.

One can ask whether each client gets to "keep" a copy of their own UGC (friends, messages, attachments) as if they had an complete backup or profile take-out updated in real time. Or if instead a user blindly entrusts such storage duties to the vendor to then access it piecewise later on, possibly resulting in total data loss if anything happens to the vendor?

Some think that "P2P messengers" should provide for pure anarchism as in not relying on any third party hosted infrastructure or vendor human resources at all, but this can be refuted extensively.

E2EE in public rooms

Why should you not enable E2EE in public rooms? Some of these reasons are specific to the current implementation of Matrix servers and clients, while others are more general in nature.

Dedicated hardware communication solutions

Main article:

Use cases

Such projects advertise many use cases that would otherwise be better served with another technology.

Coordination between emergency responders

Informing the public during disasters

A disaster struck area requests assistance

Between civilians during disasters

For high density and short range use (a few hundred meters), see:

Disaster victims requesting assistance

Caveats:

Existing alternatives:

See also:

Costs

Seasonality

HAM

As a better alternative, licensed hardware amateurs with the required radio operator skills within each local community could bridge longer distances:

They could keep in touch with the local community using messengers supporting unlicensed wireless ad-hoc mesh, delay tolerant networking or 1-on-1 syncing using standard hardware.

Their position and contacts could be shared on an offline map.

LAN messengers

Main article:

Assumptions

User story

Hosting servers within a LAN or building small meshes could still make sense, for example in the context of a large housing complex or even a dense village district. If everyone within a 500m range has the same power source, you could mind as well assume that they could either all have LAN or neither of you would. And at least you could play LAN games with your neighbors, along with syncing your mobile DTN mirrors especially if you commute to school or work.

PAN messengers via mesh and delay tolerant networking

Main article:

Direct connection

You only have a direct connection between two clients if they are:

Topology

Physical layer

Meshes

LoRa is not very spectral efficient given high density

DTN

A mesh necessitates having a certain amount of nodes online to maintain a spanning tree. This will be problematic when power & communications links go down in certain towns.

On the other hand, if you focused more on gossip & opportunistic replication and building F2F based on real world web of trust, information could spread much better. This is something that every network gets wrong that is developed in the first world as a "hobby" (or via grant, VC, crowdfunding, etc).

Avian carriers

This started as a joke, but pigeons can actually be thought to complete two round trips per day autonomously by placing their food up to 160 km away from their nest.

If coupled with either low tech monitoring of their arrival or wireless sync and charging and a constant and planned stream of backup birds and hardware, it could provide a commercially viable decentralized alternative to erecting and maintaining expensive relay sites over long distances.

Crowdsourced citizen science WAN messengers

It would be feasible to implement a hybrid P2P/F2F system where as much roles would be delegated to supernodes and friends as possible and the only remaining duty of the central server would be to sign new releases & the peer database pyramid before they get injected to the P2P storage network. I postulate that you could serve the whole world from even a VPS costing a few dollars (or a free PaaS even) if implemented right.

Parent article:

Goals

Bottlenecks

Why not fix an existing solution

As an empirical data point about such a development project, consider how Torrent was adapted to WebRTC as WebTorrent. It is a use case that was much more desirable for users. PeerTube is also built on top of it. However:

Now consider doing something like this to another well known protocol, like Tor, I2P, Freenet, GNUnet, Secure Scuttlebutt or Dat.

Some of the privacy-focused overlay routing networks also provide too low bandwidth, too high latency, setup latency or regular circuit switching to be comfortable for live voice & video calling and many use cases for screen sharing. See also:

Peer exchange

Basically what would be a big win if the application was continuously updated within its distribution media (either daily within the app market or possibly minute by minute if you download the package from its own web site or repository). It's just a CSV that needs to be updated (and resigned) within the bundle.

For example, as the package for pybitmessages hasn't seen an update since 2018 (and most similar apps are rarely updated more than once every few months and usually manually), such a dynamic list would not work except for listing the mostly-on nodes possibly added manually (that incidentally Tox is also doing, but they admit that it's not enough). CI/CD has been a thing for decades now, so it's kind of appalling to see that few FOSS projects are doing it to this day.

See the Peer Exchange BitTorrent extension:

http://bittorrent.org/beps/bep_0011.html

Peer discovery

It might be feasible to infrequently scan neighboring IPs for possible peers on well known ports. Many ISPs already assign IP ranges in a kind of cartographic locality, so it would provide low latency paths automatically if you scanned in increasing distance from your own WAN IP (and/or its "aliases" over the virtual allocation range). This would only be feasible if a sizable proportion of the population would have it installed, let's say 1%, otherwise it's considered spamming.

See the Local Service Discovery BitTorrent extension:

https://www.bittorrent.org/beps/bep_0014.html

Rendezvous server

A rendezvous server helps peers find each other by exchanging introductions, facilitating peer event signalling or hosting pointer invitations. It should be publicly reachable. It need not be a full blown complicated peer node itself.

A mostly static web server with a few lines of PHP or CGI could suffice. You could substitute various preexisting technologies, for example public DNS records (or even free dynamic DNS), git repository, static web hosting of each member that can be updated through an API.

A custom rendezvous server could also be replaced by a bot connecting to some other popular available server, whatever is common within a given community: a mailing list, forum, matrix chat, bulletin board, whatever you and at least some of your friends already have access to. Lacking that, you could sometimes even run a tiny dedicated server piggybacked onto some other system, as in:

https://gitlab.com/bkil/freedom-fighters/-/blob/master/hu/service/game-backend.md

See also the Holepunch BitTorrent extension:

https://www.bittorrent.org/beps/bep_0055.html

It could also be implemented as a supernode feature - built into the default client so nodes with publicly routable address could volunteer automatically.

Friend-to-Friend topology

Existing messengers advertised as P2P always use a supporting underlying network of dedicated servers that are pretty expensive to maintain, hence why 90% of the new alternatives that pop up always involve a cryptocurrency for monetization.

F2F would be an alternative as a way for users to maintain reputation among each other and to refrain from committing abuse without consequences.

Consider that if you only ever link to your friends directly and you trust them, metadata collection (it terms of keeping logs or deleting expired or retracted messages according to gentleman's agreement) wouldn't be an issue at all.

It could be useful for:

NAT traversal

In the framework of WebRTC/ICE, STUN & TURN are used together, because STUN itself can only connect a subset of nodes (up to 90%, but it's much worse among mobiles). And bandwidth (CPU?) costs at TURN relays can be quite significant, hence why it is a central point of failure.

But nothing would keep a hypothetical real P2P network from building up a spanning tree via F2F to forward packets and distribute routes among static volunteers and/or dynamically established pairs. And STUN/TURN is kind of an anonymous, stateless service. With global deployment, it needs either funding, or credentials to access it and/or F2F authorization. It also requires an independent signalling path via which you forward peer invites, and that is also usually some kind of central server on presently implemented systems.

Skype did it decades ago with automatic super node promotion, but I have yet to find another messenger (or data sync or social networking service solution) that is capable of anything like that.

The basic design flaw of many messengers is that the only way to reach users who are not publicly routable is through relays, and only a few nodes are TCP relays (optional setting) a lot like if it went over TURN. Rather, this should be the default (and detected during runtime even), and it should be modelled after ICE - select between STUN alternatives and only resort to something like TURN if there is no solution otherwise. This would reduce the load on relays tenfold at least.

Store and forward buffering

I think solving store & forward in a decentralized system is best done through a friend-to-friend topology. I.e., not only your own devices store your messages, but also some owned by your circles. And having to run a separate 24/7 mailbox/relay hardware peripheral isn't going to cut it either (what about e-waste and wasting power - see why shared hosting is the best for the world)

External overviews

Changelog

2023-05

2023-04

2023-03

2023-02

2023-01

External comparison charts

See the following for sources of inspiration (copying is not allowed except the license-compatible Wikipedia and we need references to each cell value anyway)

Browsers

Allo

Overview

The project closed down in 2019.

https://allo.google.com/

Opinions

A look at how private messengers handle key changes

Berty

Opinions

Remarks about code quality and comment thread.

Berty Messenger for iOS and Android - Zero Trust Open Source Peer-to-Peer Messenger based on IPFS protocol

Briar

Opinions

https://chican3ry.medium.com/ergonomics-are-a-security-issue-some-notes-on-briar-8ae36be29335

2021-12-13 editors

https://matrix.to/#/!sOLQNHloevPHIEWcYN:matrix.org/$u2PJQHTfmHPkmfJgcGyDXni2CntFJazLa0SsP1tE3P0?via=matrix.org&via=tchncs.de&via=midov.pl&via=grin.hu&systemtest.tk&via=altillimity.com

I am not online all the time, I only connect some times, receive all the messages maybe reply some and go offline again, to save battery and mobile data (btw, briar is heavy for battery and mobile data so I was not even able to have it running all the time, it was draining my data plan) other contacts that are in my same situation will not be online all the time so the chance we are both online at the same time is low, but anyway none of my contacts use Briar, they delete it immediately pretty scared and annoyed "hey!!! that crap drained my data plan!!!)

2022-02-13 editors

https://matrix.to/#/!sOLQNHloevPHIEWcYN:matrix.org/$JOnO6qLcSoTTckauS1uikNaNBRlM6erZu8A6vuGhEZo?via=matrix.org&via=tchncs.de&via=midov.pl&via=grin.hu&systemtest.tk&via=altillimity.com

Do Briar and Jami use a lot of background/idle data?
like hell, I had to uninstall them

Cwtch

User tests

2022-03-03 editors

https://matrix.to/#/!sOLQNHloevPHIEWcYN:matrix.org/$MdrDM3MKJWsarcoIbuB5CYup9ob1g5jaIiT3Y6uzgHo?via=matrix.org&via=tchncs.de&via=midov.pl&via=grin.hu&systemtest.tk&via=altillimity.com

I have restarted the app, now I see you
Cwrch is not stable and hard to work with. For p2p, briar and anonymous messenger are more stable for me.
Your last messages on Cwtch didn't arrive for me, it is really unstable

2022-03-14 editors

https://matrix.to/#/!sOLQNHloevPHIEWcYN:matrix.org/$YIXmx5pG45YG4TR_5Bm0PYDtYvCs8Xjo5jg79awSwKA?via=matrix.org&via=tchncs.de&via=midov.pl&via=grin.hu&systemtest.tk&via=altillimity.com

I can only confirm what was said on 2022-03-03. Tested two phones + desktop. Pairing them together was quite a nightmare. After pairing, some messages never arrived. Or got notifications, but no messages delivered. Group was possible to create from desktop only (not sure why), but I could invite mobile clients, which was another pita experience. Only one of the mobiles eventually joined group and a day later was able to finally exchange some group messages.

Delta.Chat

Opinions

Discord

Opinions

Freedom

https://stallman.org/discord.html

Hangouts

Freedom

https://stallman.org/google.html

Apple iMessage

Privacy

FBI Document Says the Feds Can Get Your WhatsApp Data - in Real Time
A previously unreported FBI document obtained by Rolling Stone reveals that "private" messaging apps WhatsApp and iMessage are deeply vulnerable to law-enforcement searches
FaceTime Privacy & security guide

Censorship

Freedom

https://stallman.org/apple.html

Jami

2021-11-06 editors

https://matrix.to/#/!sOLQNHloevPHIEWcYN:matrix.org/$82MDgkimqTXA7o66AHW3uTu1t-DxM9n80ZpRsrbtYBk?via=matrix.org&via=tchncs.de&via=midov.pl&via=grin.hu&systemtest.tk&via=altillimity.com

Well, despite I like Jami, it has flaws. Not syncing messages, draining your battery, etc etc.

2022-02-13 editors

https://matrix.to/#/!sOLQNHloevPHIEWcYN:matrix.org/$JOnO6qLcSoTTckauS1uikNaNBRlM6erZu8A6vuGhEZo?via=matrix.org&via=tchncs.de&via=midov.pl&via=grin.hu&systemtest.tk&via=altillimity.com

Do Briar and Jami use a lot of background/idle data?
like hell, I had to uninstall them

Jericho Comms secure group chat program using one-time pads

https://joshua-m-david.github.io/jerichoencryption/index.html

Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin - John von Neumann

I see that it uses file image data or freshly taken pictures as its source of random numbers:

This uses the underlying thermal noise of a CMOS sensor, however its weakness lies in that it does not account for biases due to defects in the sensor or dust, and an even bigger issue is image enhancement artifacts introduced by post processing of the camera driver or firmware and that the demosaicing algorithms themselves introduce elaborate correlation within the bits (i.e, to interpolate the missing information).

It falls back to Salsa20 on failure:

After scrolling through the source, I say that it is mostly well engineered. However, it contains tens of thousands of lines of code and additional external algorithms. Reviewing that is not implausible for a dedicated researcher given a weekend, but this would not be sufficient for a careful review. Doing that would be awkward because its test coverage and modularization is not that great in that aspect. And based on the sheer number of lines, I would bet that it has quite a number of technical flaws.

And then it also misses the opportunity to use more modern technologies (like Haxe, TypeScript and SCSS).

Overall, this project also just reiterates what we know of OTP vs. stretching based encryption: OTP is theoretically superior, but managing and communicating the huge key material itself is awkward _(all the extra chores to authenticate the key material in the database is just unproductive for example)_. Compare this to just a few lines of code to use the Web Crypto API or some other well known built-in encryption primitive:

LINE

Censorship

Matrix

Feature support of various clients

https://matrix.org/ecosystem/clients/

E2EE in public rooms

This section was migrated to #public_room_e2ee

Algorithms

Megolm group ratchet: Partial Forward Secrecy
XMPP with OMEMO is similar to Matrix MEGOLM for E2EE
Why are large public rooms not encrypted?

Plans

We should not copy & paste each and every blog post they broadcast, but may want to link to things that are frequently asked.

Are We P2P Yet?

Opinions

Matrix metadata leaks
Matrix? No, thanks.
Privacy research on Matrix.org
Notes on privacy and data collection of Matrix.org

Reasoning Why Disroot went back to XMPP in 2018:

Matrix Closure
Matrix notes - anarcat
Aminda

Novaburst

https://web.archive.org/web/20230602104826/https://dimension.sh/~novaburst/ac3bf733.htm

Matrix - The Mossad Facade that fooled the privacy community

Replies:

Deployment

German states of Schleswig-Holstein and Hamburg deploy a Matrix-based solution for 500,000 users across public offices and education
Bundeswehr developed Bwmessenger, a chat service that's built on Matrix's software, and 50,000 from the force are now using the service.
What are XMPP and Matrix and what makes them special?
XMPP vs. Matrix
Ein Fehler in der Matrix (German lawyer regarding GDPR compliance)

Protocol utilization

Populus-Viewer is a tool for decentralized social annotation, built on pdfjs, wavesurfer.js and the Matrix protocol. You can use it to read PDFs, listen to audio, or watch videos, and have rich discussions in the margins, with your friends, classmates, or scholarly collaborators.
A privacy focused social media based on Matrix
Matrix-CRDT enables you to use Matrix as a backend for distributed, real-time collaborative web applications that sync automatically. The MatrixProvider is a sync provider for Yjs, a proven, high performance CRDT implementation.

History

2014-08-12 Synapse server v0.1 with integrated webclient (+48k SLOC imported from unknown source):

It debuted with a `Twisted>=14.0.0` dependency that was released on 2014-05-12

2014-09-03 Public announcement:

2014-09-30 Riot Android SDK:

2015-06-02 Riot Android, probably forked from the Android SDK (+14k SLOC imported)

2015-06-09 Riot Web (React JS SDK):

2016-06-09 Vector (Android)

Financing

2018-01-29 $5M investment by Jarrad Hope's Status:

to expand its team significantly over the course of 2018 and continue development of both the Matrix protocol and improving the Riot.im client
create a bridge between Matrix and Whisper - Ethereum's own real-time communication protocol - and allow Status dApps to be integrated as widgets within Riot.im. It also allows the Status Network token to be used, enabling cryptocurrency payment mechanisms in Riot.im.
Status migrated its community from Slack to Riot.im last year,

2019-10-10 $8.5M investment by Notion Capital, Dawn Capital and European seed fund Firstminute Capital:

improving the user experience in Riot for the app to be, as Hodgson puts it, "properly mainstream" - aka: "a genuine alternative to WhatsApp and Slack for groups who need secure communication which is entirely within their control, rather than run by Facebook or Slack".
they'll be turning on end-to-end encryption by default for all private conversations.
building out their flagship Matrix hosting platform (Modular.im) and building it into Riot - "so that groups of users can easily hop onto their own self-sovereign servers".
they intend to work on combating abuse [...] the question of how you moderate hateful communications could easily get overlooked.

2020-05-21 $5M investment by Automattic (WordPress.com)

Automattic just opened up a role for a Matrix.org/WordPress Integrations Engineer
we should expect to see Automattic's communities migrating over to Matrix in the coming months
Imagine if every WP site automatically came with its own Matrix room or community?
Imagine if all content in WP automatically was published into Matrix as well as the Web?
Imagine there was an excellent Matrix client available as a WordPress plugin for embedding realtime chat into your site?
Imagine if Tumblr became decentralised!?

2021-07-27 $30M investment by Protocol Labs and Metaplanet (Jaan Tallinn of Skype and Kazaa):

transforming the Element app
finish building out P2P Matrix and get it live (including finishing Dendrite)
implement native decentralised E2EE voip/video conferencing for Matrix
fully build out our relative decentralised reputation system in order to combat abuse in Matrix.
getting Spaces out of beta
adding Threading to Element
speeding up room joins over federation
creating 'sync v3' to lazy-load all content and make the API super-snappy
lots of little long-overdue fun bits and pieces (yes, custom emoji, we're looking at you).

Amount of cryptocurrency donations:

Financial statements of company:

Olvid

TODO

https://www.olvid.io/assets/documents/2020-12-15_Olvid-specifications.pdf

2022-03-28 trackers

https://matrix.to/#/!sOLQNHloevPHIEWcYN:matrix.org/$-RvqSCyOvxk3PAYFKpJptizTLlHUoPETydYgaunwL40?via=matrix.org&via=tchncs.de&via=midov.pl&via=grin.hu&systemtest.tk&via=altillimity.com

Olvid does not have a built-in tracker but in the Android version of Olvid and only in it, what is detected as OpenTelemetry by the app analysis tools is in fact an OpenCensus library which is a dependency of the Google Drive connection library. Olvid doesn't bring up any telemetry data, but some components of the library are used for communications with Google Drive, including automatic cloud backup with Google Drive, as described here. So: Olvid cannot remove the dependency as long as Olvid provides the ability to do automatic cloud backups with Google Drive, as described here. If you do not enable automatic cloud backups with Google Drive, no lines of code from this library will be executed within Olvid. If you enable automatic backups to the cloud with Google Drive, some lines of code from this library will be used, but not for telemetry data retrieval.

Session

A Review of Lokinet (Oxen): A Road to Nowhere?

Signal

Access to contact list

Technology preview: Private contact discovery for Signal

It details two alternatives:

The Difficulty Of Private Contact Discovery

From that overview of possible implementation alternatives, but somehow discounted encrypted bloom filters citing concerns about bandwidth costs.

However, that would have actually worked perfectly if they updated the set on demand when checking for a new contact number and/or if the database was synced P2P via WebRTC to reduce their bandwidth costs.

And also, as I think 99% of the users only have domestic contacts, sharding by region might actually work.

As such contact discovery can be pretty hard on the server side, federated servers would be great to have here as well.

Note that secure, zero-knowledge contact discovery can be an issue for any alternative system even if it used some other identifier, like an email address (or matrix ID, Friendica profile URL, etc.

Stepping back from a theoretically sound solution to one where you must trust a vendor that also happens to have a sketchy safety record is dubious at best.

EU hardening guide

Opinions

Why not use Signal for mobile chat?
A look at how private messengers handle key changes
Signal vs. Telegram: Which encrypted messaging app wins?

TLS proxy censorship issue

SimpleX

Reviews

Skred Messenger

https://skred.mobi/en/accueil/

It is a branded licensee of TwinMe messenger:

Editor TODO notes

https://matrix.to/#/!sOLQNHloevPHIEWcYN:matrix.org/$rjHOU7LsJ2OWHxivmgRNOUhcyJB4ZV5oZn_vwKYKEXw?via=matrix.org&via=tchncs.de&via=midov.pl&via=grin.hu&systemtest.tk&via=altillimity.com

It is Tox-like in that they have video and voice calling as well as text messaging, but claim to be peer-to-peer.
Both were also completely closed-source last time I checked.

Skype

Freedom

Slack

Freedom

https://stallman.org/slack.html

SnapChat

Opinions

Essentially spyware
Like all social media apps, nothing on it is "real", and it's damaging your mental health
It was created to provide safer sexting for young adults and promotes predatory behavior
Like most social media, it tricks you into wanting more and it is addictive

Late to the E2E encryption party

Only snaps are E2E encrypted, not messages or group chats
And it doesn't care about your privacy (see also ToSDR: https://tosdr.org/en/service/311 )

Telegram

Bans

Opinions

Security Analysis of Telegram (Symmetric Part)
Telegram Messenger Review - January 19, 2021 By Heinrich Long
A look at how private messengers handle key changes
Signal vs. Telegram: Which encrypted messaging app wins?

Vulnerability analysis

THE MOST BACKDOOR-LOOKING BUG I'VE EVER SEEN: discovered and fixed in Telegram's self-rolled cryptographic protocol about seven years ago

Law enforcement

Telegram reportedly surrendered user data to authorities despite insisting '0 bytes' had ever been shared
Government pressure may have finally won out

Alternatives

MTProto server reimplementation

Threema

Research

Opinions

Threema: Three Strikes, You're Out - Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?

Thunderbird

Opinions

https://spyware.neocities.org/articles/thunderbird.html

Tox

2022-03-13 testing

A Brief Review of the qTox Peer-to-Peer Chat Program

Security properties

Tox Handshake Vulnerable to KCI (key-compromise impersonation)

WeChat

Censorship

WhatsApp

Privacy

FBI Document Says the Feds Can Get Your WhatsApp Data - in Real Time
A previously unreported FBI document obtained by Rolling Stone reveals that "private" messaging apps WhatsApp and iMessage are deeply vulnerable to law-enforcement searches

Opinions

Yes, You Can Stop Using WhatsApp - But Don't Make This Mistake
A look at how private messengers handle key changes

Freedom

Wickr

Ownership

https://aws.amazon.com/blogs/security/aws-welcomes-wickr-to-the-team/

AWS welcomes Wickr to the team | Amazon Web Services

Wire

Opinions

A look at how private messengers handle key changes

XMPP

Opinions

XMPP: Admin-in-the-middle: Server-side parties can transparently modify, log, and monitor nearly everything when communicating via XMPP
XMPP with OMEMO is similar to Matrix MEGOLM for E2EE
What are XMPP and Matrix and what makes them special?
XMPP vs. Matrix

Reasoning Why Disroot went back to XMPP in 2018:

Matrix Closure

Zoom

Freedom

https://stallman.org/zoom.html