Instant Messengers
TLDR
Use either XMPP or Simplex. The rest of the options are outclassed by these ones. Some P2P messengers are also good and have their use cases, but due to the limitations of P2P they are still outclassed in most situations.
Legend
| No info | Worst | Bad | Barely Decent | Probably Okay | Good |
Table
Check our Criteria. Feel free to open an issue to discuss these ratings or provide new information.
| Name | Telemetry Rating | Network Architecture | DNS dependent | Metadata Resistant | Information Required | E2E Encryption | Operating System | License | Verdict |
| High, Meta telemetry | Centralized | Yes | No | Phone Number | Yes | Various | Proprietary | Do Not Use | |
| Telegram | Unrated | Centralized | Yes | No | Phone Number | No | Various | Client is free software, proprietary server | Do Not Use |
| Skype | Probably high, sources needed | Centralized | Yes | No | Microsoft Account | N/A | Various | Proprietary | Do Not Use |
| Discord | Extremely High | Centralized | Yes | No | Email and potentially Phone Number | No | WebUI and Electron, 3rd party clients prohibited | Proprietary | Do Not Use |
| Signal | Google Libraries on the official app | Centralized | Yes | Yes | Phone Number | Yes | Mobile, Electron | MIT, server partially proprietary | Avoid |
| Threema | Unrated | Centralized | Yes | N/A | Payment Info, Bitcoin is an option but no Monero | Yes | Android, iOS, Web | Client under GPLv3 , proprietary server | Avoid |
| Wire | Unrated | Centralized | Yes | N/A | Credit Card | Yes | Various | AGPLv3, GPLv3 | Avoid |
| Session | Unrated | Decentralized, Swarms (blockchain) | Yes | Yes | None | Yes | Mobile, Electron | N/A server, GPL (clients) | ? |
| Matrix | Unrated | Decentralized, dominant instance, Federated | Yes | no | Email (main instance) | Yes | WebUI, electron (official client), various (3rd party clients) | Apache (official implementations), various (other) | Check other options |
| XMPP | None (could vary on client) | Decentralized, Federated | Partially, can be used through Tor/I2P | no | None (depends on server) | Yes | Various, depends on client | CC-BY-SA 2.0 (specification), various (clients) | Good |
| GNU Jami | None | Decentralized, P2P | No | N/A | None | Yes | Android, most desktop OSs | GPLv3 | Okay |
| Briar | None | Decentralized, P2P | No | N/A | None | Yes | Android, Linux | GPLv3 | Okay |
| Simplex | None | Decentralized, P2P | No | Yes | None | Yes | Android, iOS, Linux, MacOS | GPLv3 | Good |
Criteria
Essential
- Must be completely free software, both clients and server.
- Must be decentralized (federated or P2P) and self-hostable.
- Must support and use E2EE.
- Minimal telemetry.
- No personal information required (no phone number or credit card, better if it avoids email too).
Nice to have
- Has been independently audited.
- Is metadata resistant.
- No for-profit business behind.
- No dependency on DNS.
- May be used through Tor and/or I2P.
- Multiple implementations of clients and servers.
Analysis
Pending
Meta owned.
Telegram
Pending
Requires a phone number, it's centralized and only a special, non-default type of chats is E2EE.
Skype
Pending
Microsoft owned.
Discord
Pending
Read the following articles: Spyware Watch Dog, Drew DeVault, Opal.
Signal
Pending
An in-depth analysis is planned, meanwhile, Signal's two biggest flaws are:
- it is centralized.
- it requires a phone number.
Threema
Pending
An in-depth analysis is planned, what is important to know is that it's centralized and it's server is proprietary software. It is also paid and does not support either Monero nor cash by mail.
Wire
Pending
Centralized. It's paid and requires credit card, no other payment options.
Session
Pending
Matrix
Pending
I plan to make a full article about Matrix, until then, here's some quick commentary:
The official (massive) instance, matrix.org, is Cloudflared and employs a Google ReCaptcha to keep people away, and is hosted on Amazon servers.
When taking into account that standards like XMPP and IRC have been around for decades, we can safely affirm that Matrix is a completely over-engineered system, ignoring all well established international standards and run by a for-profit entity with venture capital funding.
Outclassed by XMPP in every aspect, but If you really need to use Matrix, be sure to use an independent homeserver or self-host. Avoid the official server.
Read this excellent article for more issues with matrix.
XMPP
WIP
XMPP stands for the "eXtensible Messaging and Presence Protocol". It is currently one of the, if not the best choice for instant messaging currently available. No one owns XMPP. It's a free and open standard for everyone to use since 1999.
It has been used under the hood of thousands of other Instant Messengers, such as WhatsApp, Facebook Messenger, Zoom Chat and a long list of big services have made use of the XMPP standard to build their vendor-locking messengers.
We're interested in the federated XMPP network. It provides users the ability to communicate with other users even if they are in a different server, just like email.
XMPP is an evolving protocol and during the years it has supported multiple encryption methods: GPG, OTR and OMEMO. We strongly recommend OMEMO because it's the best supported and more modern method of the three.
You can easily self-host your own XMPP server and gain your own data sovereignty.
XMPP is an incredibly flexible protocol and as such it can be used through Tor and/or I2P, making it censorship resistant becoming independent of DNS and the ICANN and allowing users to be completely anonymous from the server of your choice.
It is not entirely perfect, as the server receives some metadata from the users, notably the user's Contact list (for sync between devices). It is also susceptible (as almost every other client-server protocol) to MITM attacks, that's why it's important to choose a trusted server.
Nonetheless, all those disadvantages disappear when you self-host which makes you able to own your data, and even if you don't self-host, there are several public XMPP providers with excellent reputation that you can choose from.
Client support is also good, there are multiple choices to choose from. You can find our recommended clients here.
Conclusion
Considering that the advantages surpass by far the drawbacks, XMPP is one of the best choices regarding IM.
XMPP vs other options
Comparing XMPP to the rest of client-server IMs (Signal, Threema, Matrix...) in this list, it's the clear winner.
P2P options like Briar and Jami are good contenders and they have the advantage that there is no server to trust. But both of these have the inherent limitations of P2P software and issues of their own, such as slow development and poor client support.
Lastly, we have SimpleX. SimpleX is decentralized and doesn't depend on any single unique identifiers such as phone numbers, usernames, nor even randomly generated strings. Servers (which act more as relays and you can swap them on the fly) have zero knowledge about the clients connecting to them. You can host your own relay if you wanted to and some relays even have Tor support. It's only drawbacks is that there's only one implementation and that you can't sync between your phone and desktop clients (yet).
Due to these convenience of use reasons and it's historical availability and robustness, XMPP is still an important contender even if SimpleX provides unique privacy features.
GNU Jami
WIP
Briar
Pending
A peer to peer messenger that works over Tor. There is an Android client which works well, the desktop client is not good yet.
SimpleX
Pending
SimpleX is decentralized and doesn't depend on any single unique identifiers such as phone numbers, usernames, nor even randomly generated strings. Servers (which act as relays and you can swap them on the fly) have zero knowledge about the clients connecting to them. You can host your own relay if you wanted to and some relays even have Tor support. It's only drawbacks is that there's only one implementation and that you can't sync between your phone and desktop clients (yet).