UPDATE 8/7/20: Wickr was caught sending metadata to Google and Microsoft servers and when pressed for answers, Wickr stopped replying.   The original discussion starts at 28:10 and a follow up (very short) discussion episode here.

Because of this, Wickr is currently not recommended until there have been answers or changes made.

10/3/22: this post is being updated and may contain outdated information.

If you were to ask someone why you should care about private communications, most people would pitch the need as a way to evade law enforcement or the NSA. While it does help against those specific aggressors, the real problem is that our information ends up in the hands of for-profit companies whose sole purpose is to build profiles on us without our consent or it's simply shared with third parties that have no business having access to this type of information to begin with.

But what kind of data are we talking about here?

To start, the content and metadata of text messages and voice calls are openly retained by carriers and third parties. Carriers have also been caught censoring content they don't agree with while Facebook Messenger scans all of your text, images, links, and content in the name of security and abuse prevention. Microsoft was brought into the spotlight last year after it was revealed that contractors were listening to Skype calls.

People worldwide sent upwards of 800 billion messages as of 2017, approaching the one trillion mark shortly assuming the current trends continue. Video chatting has been becoming more socially acceptable over the last handful of years but has noticeably ballooned in wake of the COVID-19 lockdowns. Traditional calling has fallen off dramatically thanks to convenience of instant texts and the more personal video calls, the average person still makes and receives around 180 calls per month.  

With so much data in the hands of companies that don't have our bests, or any, interests in mind, we must take matters into our own hands to minimize the intrusions.

So, we're going to run down most of the popular private communication platforms and discuss what makes them a suitable (or not) option.  Before we begin, lets talk about a handful of terms that are used through out this post, what they are, and why they're important.

General information

End to end encryption (E2EE): encryption that is applied on the computer or device before it's sent to its destination.  This is one of the most critical aspects of private communications because it prevents companies from seeing or hearing your conversations.

The New York Times explains what E2EE is succinctly.

End-to-end encryption scrambles messages in such a way that they can be deciphered only by the sender and the intended recipient. As the label implies, end-to-end encryption takes place on either end of a communication. A message is encrypted on a sender’s device, sent to the recipient’s device in an unreadable format, then decoded for the recipient.

Open/closed source: open source means that the code is publicly available to read and is typically posted on code repositories, such Github or Gitlab.  Closed source is the opposite, where they don't make any code publicly available.  

Some people put a lot of weight behind a project being open or closed source. The main problem with open source is that there is no way for us to verify that all the code that's posted on for Github is the same code they used on the app store or their website. We are placing our trust in the developer, just like we are in a company that doesn't make it's code publicly available. It's a good faith gesture but we shouldn't put much value in this.

Reproducible builds: something with a reproducible build, in the software world, means you can build the application from scratch and use it as if you downloaded from an app store or website.  This is ensures that the code you read on, for example, Github is the exact same code you're using and significantly lowers the chances that the application could be compromised.

Note, not all open source projects have reproducible builds.

Location of company and servers: this is important because different countries have different privacy laws regarding data collection, storage, and use.  For example, the US and Australia, compared to the rest of the world, are severely lacking in privacy protections whereas Switzerland or Germany have some of the best protections in the world.

Also, some countries will knock on the door of these services with secret demands to either get user information or compromise their system so they can gain access.  When possible, we want to try to avoid 5 eyes countries when possible for this reason.

Third part audit: companies can hire a third party company, such as Cure53, to come in and audit their code used in applications and server as well as do penetration testing to ensure their security is up to snuff.

For those who don't want to read the entire post and just want to know the top three recommendations, here you go (this post is also in order from worst to "best" as well)

1. Threema
2. Signal
3. Wire

If you want to try out any of the private messengers in this post before trying to fully commit friends or family, feel free to check out the Contact page for a list of CupWire accounts.

Note: you do have to be a member to access the Contact page.

Facebook Messenger

- Registration methods: email, phone number
- Closed source
- Based in US
- Conversations are not end to end encrypted by default
- Collects significant amounts of metadata and information

In short: some things Messenger collects are your contacts, location, phone number, email address, all content and messages sent through Messenger, who you talk to, when you talk to them, how often you talk to them, etc

- Publishes transparency reports
- Has not been audited

Facebook Messenger is the worst of the worst when it comes to communication apps. Absolutely everything is collected by default, merged with your profile (be it real or a shadow), and saved indefinitely in the storage of the most privacy invasive company in the world.  And if that wasn't bad enough, Facebook actively shares your messages with reckless abandon.

Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread — privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems, the records show.

There are no redeeming qualities to be found here.  Simply put, Messenger should be avoided at all costs.

Discord

- Registration methods: email, username
- Closed source with no plans to go open source
- Based in US
- Collects all content sent through the service and shares with third parties

In short: they collect everything from your IP address to every text, picture, video, file, audio clip, and anything else you send.

Discord can share your information with related companies, developers, agents, consultants, and related third parties

- No end to end encryption
- Publishes transparency reports
- Has not been audited

Discord is one of the most popular communication services out there, especially among the gaming community thanks to its integration with a multitude of platforms and its extensive feature set.  Even if games aren't your cup of tea, Discord has wedged itself into one of the best service for groups to communicate.

With over 250 million users, Discord has prime real estate to collect, store, and profile everything sent through their service thanks to an intentional lack of end to end encryption.  The reasoning behind this decision is one we've heard many times from companies and governments alike - "people use our service for illegal stuff".  Sprinkle in a little of "we don't read your messages anyway" and you have a clear view of their opinion on privacy.

Similar to Messenger, this should be avoided at all costs.

WhatsApp

- Can only be registered with a phone number
- Closed source
- Based in US
- Collects significant amounts of metadata and information

In short: some things WhatsApp collects are your contacts, location, phone number, device, mobile carrier, OS, who you talk to, how often you talk to them, etc etc

- End to end encrypted by default
- No transparency reports published
- Has not been audited

Way back in 2014, Facebook acquired WhatsApp for the obscene price of $19 billion dollars.  The reason why doesn't matter in the grand scheme of our privacy, but knowing Facebook owns WhatsApp does.

The main difference between Messenger and WhatsApp is that WhatsApp is E2EE by default.  That's not to say they aren't collecting tons of data though, it's just not the actual content of your messages like Messenger.  It's the little, seemingly innocuous pieces, filter through.  Things like who you talked to at what time for how long and where you were when the conversation started, ended, and everywhere in between.  

Metadata is often argued as better than the actual content because it's easier to obtain and retain thanks to having fewer protections on the books.  Even though the actual content is hidden, metadata can still reveal patterns and infer sensitive information.  

Just like Messenger and Discord, we should be avoiding this service whenever possible.  Facebook is the last company that should have its hands on our data.

Telegram

- Registration methods: phone number
- Open source
- Based in London, England
- Custom built encryption (MTProto2)
- They store regular chats across multiple servers in multiple jurisdictions
- Stores your phone number along side all of your contacts
- They store all content used on their service

In short: they store all content going through the service.  This includes text, pictures, videos, documents, and audio

- Not end to end encrypted by default
- Publishes transparency reports
- Has not been audited with MTProto2

Out of the box, Telegram doesn't provide you with any privacy.  Chats aren't E2EE, everything you send through their service is collected, and it's all backed up and stored neatly on their servers. They do have Secret Chats, which are E2EE, but it's only for one on one conversations with group chats and desktop users both excluded entirely.

Telegram also decided to cook up their own encryption instead of using a method that has been audited and is verifiably strong. Security experts overwhelmingly agree that rolling your own encryption is a bad move for multiple reasons.  On top of that, MTProto2 hasn't been audited by a third party and there seems to be little to no interest to have one completed.  They also don't seem interested in make Secret Chats the default because then you couldn't restore your chat history on a new device.

If you're already using Telegram and have switched numerous friends and family members to it, you're not in the worst position and would be largely fine if you're using their Secret Chats option diligently.

If you're looking to migrate from Messenger, WhatsApp, Discord, or not interested in managing Secret Chats, you'll want look elsewhere.  Telegram is more of a chat service that could be private if you managed it correctly but there's a few too many issues that make it difficult to be recommended in the face of better options.

Wire

- Registration methods: phone number, username, email
- Open source
- Based in Switzerland
- Collects and stores some metadata

In short: collects and saves conversation creator, timestamps conversation was created, list of participants in conversation, and the conversation name (if named), location and IP of when new device is registered.  Previously caught storing a list of everyone you've contacted in plain text.

- End to end encrypted by default
- Publishes transparency report
- Has had multiple third party audits

This is where we start to see communication services put privacy first.  Wire is open source, everything is E2EE, and they're based in Switzerland for that extra bit of reassurance.  They also allow you to register with an email address or username so you don't have to give out personal information, such as your phone number, to use their service.

Wire's also available on virtually every platform and supports end to end encryption no matter if you're texting, calling, or video chatting.

However, there has been some suspicion raised about Wire regarding metadata collection and the recent news of investments from a US company as well as a partial relocation to the US. However, the company and its servers are still under Swiss jurisdiction.

In the big picture, putting a headquarters in the US is fairly irrelevant since everything is on EU servers under Swiss jurisdiction but while most of the metadata that's collected isn't intrusive, collecting location/IP when registering a new device is unfortunate.

Signal

- Registration methods: phone number
- Open source
- Based in US
- Keeps minimal metadata

In short: only keeps time the user registered with Signal and their last active session

- End to end encrypted by default
- Publishes transparency reports
- Has been audited
- Has reproducible builds

Signal is the most notable private messenger and is the go to recommendation for many.  Open source, text, voice, and video calls are fully E2EE, and they've been tested in court showing they keep next to no information about their users. They've also been adding more features for "normal" people, such as sticker packs, to make the transition from services like Messenger easier.

The largest complaints come from the fact that Signal, currently, can only be used with a phone number and they're entirely based in the US.  I don't believe either of these to be an issue but it's something to be aware of as some people have specific priorities, such as not using services from the US.  

Wickr

- Registration methods: username
- Some parts are open source
- Based in US
- Collects minimal information

In short: Wickr collects hashed representations of device ID, basic usage statistics, such as the number of messages sent by all Wickr Me users daily, what types of messages our users tend to send (e.g., voice messages more often than text), and so forth, and crash logs

- End to end encrypted by default
- Has transparency reports
- Has not been audited

Wickr takes what Signal and Wire and builds upon it.  Instead of requiring a phone number or an email address, you can only create an account with a username, they don't log or store metadata at any time, and they even have measures in place to help thwart forensic recovery tools from getting your messages after you've deleted them.

The largest complaints about Wickr are that it's partially closed source and based in the US.  Between anonymous account creation, no metadata collection, fully E2EE, and the ability to overwrite data, those two drawbacks are largely trivialized.

Threema

- Registration methods: Threema ID, email address, phone number
- Closed source
- Based in Switzerland
- Collects minimal data
- End to end encrypted by default
- Publishes transparency reports
- Has had third party audits (2015, 2019)

While you could use your email address or phone number to sign up, they allow you to create an account with a randomly generated Threema ID, making account creation completely anonymous.  Threema operates under the "can't tell anyone anything if we don't have anything" mentality when it comes to metadata collection. They don't log who communicates with whom, messages are deleted from servers as soon as they're delivered, and group messaging is managed without any server involvement.  All of this is complimented by everything being planted under Swiss jurisdiction.

This is also the only service in this post that requires a one time, upfront purchase (~$3).  

Briar

- Registration methods: username
- Open source
- Briar has no centralized servers

In short: messages are sent from device to device directly

- Collects no metadata
- Works over Bluetooth, Wifi, and Tor
- Does not publish transparency reports most likely because there are no servers or content being stored
- Has been audited
- Has reproducible builds

Briar is the the most unique messenger when it comes to privacy as it has no centralized servers at all. Accounts are created with a username and they're only stored on device.  This is great but if you uninstall Briar or forget your password and your account is gone.

Everything is managed peer to peer and can be used without internet (through Bluetooth) if needed.  When sending messaging with internet enabled, everything goes through Tor to provide a level of privacy that you don't get with any other service.  You can even build Briar from scratch to ensure nothing has been tampered with.  This service is as close to completely anonymous communication as one can get.

Biggest downside would probably be its limited availability, which is currently Android only.

Briar is a fantastic tool but it's really only practical for a very specific type of user. Journalists, activists, whistleblowers, or extreme enthusiasts are the only ones who find long term practical use for this.

If you are already using a service such as Wire or Signal, there is no need to move to another service.  It's incredibly difficult for most people to move their friends and family from one service to another and there's no reason to try and do that for minimal, if any, privacy gains.

If you're using a service such Messenger, Discord, or plain SMS, pick a service and jump in with both feet.  At the end of the day, you can't go wrong with most of these options.

Want to join the discussion?  Check out this post, and others, over at the CupWire subreddit and leave a comment.