00 Detailed Reviews

Detailed Messenger Reviews

Apps are listed in order of "Highly Recommended" first, then "Worth a Try", then "Not Recommended" last. Apps within the same recommendation level are ordered alphabetically.

Blackberry Messenger Enterprise

Platforms: Android, iOS, MacOS, Windows
Communication types: Text, group chat, audio and video chat, photos, audio clips, files, location, contacts, screen sharing
Country of origin: Canada
Source code: closed
Encryption protocol: BlackBerry Certicom
Shared Secret exchange: ECDH P521
Message Encryption Cipher: AES-256
Business model: Subscriptions
Android app requires Google Play Services: Yes
Requires a phone number: No
Requires an email address: Yes
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Yes
Ephemeral messages: No
Puddle test: Data recoverable Messages are saved on the server
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (2): Glympse, MixPanel
Websites: BBM Enterprise Security Note
Version tested: 1.12.1.13 (Android), 1.7.0.13 (iOS), 1.12.0.14 (MacOS)
Last tested: 4/3/2021
Notes:

4/3/2021- I updated BBMe to "highly recommended" because they recently removed Google tracking from the mobile apps.

[A big thank you to the cool cat (you know who you are) who helped me test BBMe and pointed out some things I missed.]

One of the giants and first to the secure messaging arena is BlackBerry Messenger. This app is now opening up it's enterprise application to everyone. This is great news for adoption of secure messaging:
https://www.techrepublic.com/article/blackberry-opens-bbm-enterprise-for-personal-use-after-emtek-discontinues-bbm-consumer/

I was very excited to try this app now that it is available without a corporate account. The new publicly available accounts will be free for the first year, then the fee is US $2.49 every 6 months. This is a very reasonable price for such an app.

If you use an alternate Android OS such as LineageOS and are trying to stay away from Google, BBMe could present some trouble for you in signing up. You need to have a Play Store account and a valid payment method setup in order to create a subscription. I ran into this problem because I don't use a personal Google account anymore. My solution was to instead sign up on an iPhone with my Apple Store account. Then once all setup on an iPhone you are able to install the app on Android and sign in with your BlackBerry Messenger PIN without needing to verify a payment method in the Play Store.

Data leakage (especially photos) prevented! BBMe gives you an option on whether it saves photos to your phone's photo gallery, or keeps them encrypted only in the BBMe database! I love that BBMe give me a choice!! I can turn this feature off, and be sure any photos in BBMe stay only in BBMe and are not leaked. Thank you! All other data is also saved encrypted on the device in a BBMe exclusive database.

BBMe does have "Timed messages" however these cannot really be considered "ephemeral" messages. These timed messages set a timer for the message to expire once they have been read by the recipient. However the timeout options are very short- only up to 60 seconds at most and the timeout period only begins once a message has been read. Therefore it is possible that a message is never read and it will never expire. Also this feature is reset upon every new message to be disabled, so it is not a feature that can be easily used to ensure every message will expire after it is read. With such a short timeout and no way to set this timeout as a permanent or always on feature the timeout is really only practical for the most sensitive messages. To me this feature isn't very useful except in rare circumstances so I can't set ephemeral messages as a listed feature of BBMe.

One feature I do really like is "Retractable" messages. Any message you send can be retracted and the message contents will be deleted from all recipient's devices if possible. There will still be a message remaining that just says "Message retracted" on the recipient's devices so there will be some meta data remaining that shows a message was sent. This remaining data can be deleted as well just like any other message but this is an additional step that must be done on each device. There is also an option to retract an entire chat. If you do this then create a new chat with your recipients then you are essentially forcing a complete key change for a conversation and deleting all history. This is a nice feature to have to be able to cleanup old conversations or easily keep the amount of data retained on devices very low.

There is a "Feeds" section in BBMe which will alert you when any of your contact's keys change. Each contact has a key fingerprint that you can compare in person or using another communication channel to verify the key you see matches the key on their device.

BBM is a mature product, so the chat session does have lots of useful features including quoting, editing and retracting your sent messages, deleting messages (on your device only), search, screenshot alerts, mentioning participants, and delivery and read receipts for every person in the chat. You can also use audio and video chat and on desktop versions do screen sharing. In the chat room details there are some notification options, sections which show all pictures, files and links from the chat grouped together, and a list of all room participants. Groups are able to have up to 250 participants at once.

If you are able to meet in person, there is a handy way to add a contact by scanning their QR code or through NFC. Otherwise you can add contacts by searching for their BlackBerry PIN, email or phone number.

This app is available for multiple platforms on mobile and desktop devices, so this makes it a great option for almost anyone to use. Messages are synced perfectly when you have this installed on multiple devices, and the interface experience is fairly consistant between the various operating system options. This versatility to use BBMe almost anywhere is an advantage over many other messengers.

My verdict: It has the security features you need, only a couple things I wish were better

Overall BlackBerry Messenger Enterprise is a great app with a solid history. The encryption is robust and the chat experience is very nice. For a centralized system it has the security features that are required to be a recommendation. I wish it had longer message timeouts and a way to set all messages to timeout by default. Also it would be very nice if there were a Linux client for the desktop.
Note that BlackBerry is based in Canada if you are concerned about 5 Eyes.

Briar Project

Platforms: Android (via Google Play, F-Droid repo or APK)
Communication types: Text and forums
Country of origin: None
Source code: open
Encryption protocol: Bramble, SpongyCastle
Shared Secret exchange: ECDHC brainpoolp256r1
Message Encryption Cipher: AES-256
Business model: Free open source project, Bitcoin donations, other funding
Android app requires Google Play Services: No
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (0): None
Websites: Source Code
Version tested: 1.3.6
Last tested: 8/4/2021
Notes:

7/7/2019- Update: You can now add remote contacts by exchanging Briar URLs. In the contacts list choose the "Add contact at a distance" option and enter the Briar URL of your remote contact which they will need to send you via another channel. This is also where you will see your own Briar URL to send to others.
In some places like Forums, you will see three ### symbols next to a contact's name which signifies their level of trust for you. One red # means that this contact is not known to you and was added to someplace like a forum by another member. Two yellow ## means that the person was added to your contacts remotely (at a distance). Three green ### means that you added the contact in person by scanning QR codes.
Now that the restriction of having to meet someone in person to create contacts has been removed, I think this app will have a much broader use than just small local groups.

Pros:
Secure P2P encryption
On F-Droid
Does not require Google Play services
Works over wifi, bluetooth or Tor
Cons:
Android only
Pro or Con:
Transferring to another Android phone: There does not seem to be a possible way to preserve your account or data, you can recreate another account with the same name on the new phone.

On Copperhead, the battery optimization settings need to be set to Off so that it will remain connected.
Android battery use is somewhat high, even with battery optimization turned on.

Encryption:
Public/private key pairs are generated on the device. Key exchange is performed in person by scanning the QRCode of the other person's public key on their device or by exchanging your Briar URLs. This establishes a trusted key pairing between devices.
A shared secret is calculated from a hash of the key pair (using Diffie-Hellman) which is then used to generate a master key. The shared secret is then erased.

My verdict: Great option for peer to peer communication.

There are still some limitations, such as being Android only and text only (though sending photos is being worked on). However being peer to peer, open source and able to be used without an internet connection makes this app very attractive. In my testing it has been very reliable, with the understanding of the nature of peer to peer communications.

Molly

Platforms: Android
Communication types: Text, voice, video, files, images
Country of origin: USA
Source code: partialopen
Encryption protocol: Signal
Shared Secret exchange: X3DH Curve25519 or Curve448
Message Encryption Cipher: AES-256
Business model: Free open source project supported by donations
Android app requires Google Play Services: No
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: Phone
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Temporarily
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (0): None
Websites: Source Code
Version tested: 5.26.11-1-FOSS
Last tested: 12/5/2021
Notes:

Molly is a fork of the Signal messenger app that adds a few more security features, removes the ability to send normal unencrypted SMS messages and also has a build that removes Google Firebase and Maps libraries. This alternative to Signal uses up to date source code from the official Signal clients so works in almost exacty the same way as the official application. If you already use Signal then creating a backup of your Signal data and importing it into Molly works perfectly.
One advantage I feel Molly has over Signal is that Molly removes the ability to send regular unencrypted SMS messages, thus making Molly a foolproof encrypted messenger. There is no way to mistakenly send an unencrypted message, because you can only send messages to other Signal/Molly users. This does mean that you will need to use a separate SMS app for regular SMS messages but I feel this should be the way people use SMS.
Molly also adds several security and privacy features such as: (Lifted from https://github.com/mollyim/mollyim-android/tree/master)
Molly uses the Signal encryption protocol which is one of the best available right now. It takes advantage of the latest in elliptical curve cryptography, ratcheting, perfect forward secrecy, key fingerprints and ephemeral messages.

See my review on Signal for more details on how the core functionality of Molly stands up, since Molly os forked from Signal with some minor changes.
Encryption:
I'll let Signal explain this.

My verdict: Excellent alternative to Signal
If you already use Signal then this option may appeal to you if you wish to gain even more freedom from Google or don't like that Signal can also send unencrypted SMS messages. This apps works almost identical to Signal and is fully compatible with messaging to both Signal and Molly users.

Signal

Platforms: Android (Direct APK download), iOS, MacOS, Windows, Linux (Debian)
Communication types: Text, voice, video, files, images
Country of origin: USA
Source code: partialopen
Encryption protocol: Signal
Shared Secret exchange: X3DH Curve25519 or Curve448
Message Encryption Cipher: AES-256
Business model: Free open source project supported by grants and donations
Android app requires Google Play Services: No
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: Phone
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Temporarily
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (0): None
Websites: Source Code, Technical docs
Version tested: 5.5.5
Last tested: 4/4/2021
Notes:

Signal is a great way to get started in the encrypted messaging world. It works very much like standard SMS messaging apps and also uses phone numbers of your contacts just like SMS does. When you do use encryption to send messages to other Signal users the encryption protocol used is one of the best available right now. It takes advantage of the latest in elliptical curve cryptography, ratcheting, perfect forward secrecy, key fingerprints and ephemeral messages.

One disadvantage of being similar to an SMS app however is the use of your phone number as your ID. This is a problem if you want to keep your phone number private.

Signal is not Foolproof:
Another issue with this app is that both encrypted Signal messages and unencrypted SMS messages are displayed on a single screen in the app. So there is a chance of accidentally sending an unencrypted message when you really meant to send an encrypted message. If you are trying to avoid the possibility of mistakenly sending any messages unencrypted then this app will not work for you.
[Information provided by JR]

What the server sees:
- The phone number used for your registration.
- SHA-2 Hashes of your contacts' telephone numbers to check for a match. OWS claims to delete this as soon as it is no longer needed.

What Signal claims to keep:
- The day you first joined the service
- The last day you used it.

Disadvantages:
- People must know your phone number. It is possible to register a burner number or a VOIP number, but this is an advanced-use case.

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

Encryption:
I'll let Signal explain this.

Whether Signal is fully open source is an open debate. The Github repo for the server does not seem to be up to date, and other pieces of the system such as the new SGX contacts isolation is not available. So I am marking this partially open for now.

My verdict: Best SMS replacement app
This app may be the easiest to convince other people to use. However it requires the use of your phone number as an identifier, so if you are not comfortable giving some people your phone number there are better options to communicate with them. See my Signal Installation Guide for details on getting started with this app.

Snikket (XMPP)

Platforms: Android, iOS
Communication types: Text, group chat, video, files, images
Country of origin:
Source code: open
Encryption protocol: Signal
Shared Secret exchange: ECDH25519
Message Encryption Cipher: AES-128
Business model: Donations, planned paid Snikket server hosting
Android app requires Google Play Services: No
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: No (Unless OMEMO Encyption is set to Always)
Perfect forward secrecy: Yes
Messages stored on server: Yes
Ephemeral messages: No
Puddle test: Data recoverable Messages are saved on the server
Hammer test: Data recoverable You can leave a conversation but this does not delete it. Android client also leaks files.
Has contact verification: Yes
Leaks files: Android
Android app trackers (0): None
Websites: Getting Started
Version tested: Android: 2.10.2, Server: test 35-fbc5a
Last tested: 11/26/2021
Notes:

Snikket is a little different than most apps listed on this website in that it is actually a suite of different applications. Currently the suite consists of an XMPP server based on Prosody, an Android client based on Conversations and an iOS client based on Siskin. So there are really 2 clients and one server, however I am grouping them together because the intent of the Snikket project is to create a more unified XMPP chat experience. Currently most XMPP clients are only available on one or two platforms, between Android, iOS, Windows, Mac and Linux. So using XMPP on different platforms is often a very different experience with the client user interfaces and features available. Snikket is trying to fix this by providing more consistant experience across all platforms and feature sets available by default. There are plans to add desktop and web based clients as well.


The Snikket server is designed to be very easy to setup and provides a large set of features enabled by default. The server design makes it easier for anyone with basic Linux skills to setup their own server so that they can have control over all their XMPP data. Using any of the Snikket clients with a Snikket server will ensure that features work out of the box without special configurations.


I am very pleased with the way Snikket is approaching the XMPP problem of inconsitancy of experience across platforms. I have setup my own Snikket server and it took only 30 minutes on an existing VPS server I had running. That time included installing the docker and docker-compose packages, configuring new DNS rules for the server domain, downloading the Snikket server files and starting the 4 docker images, and configuring the firewall rules on the server. It was another 5 minutes to create my first invitation on the server and signup from an Android device using that invitation to signup for a new XMPP account. This process eliminates many barriers for both self-hosting your own XMPP server and makes the signup process for a new user account much easier.


Here is some good reading on the issues with OMEMO encryption and contact trust and verification. These are not easy concepts for the normal person to grasp: Blind Trust Before Verification. OMEMO encryption only works in private (members only) conferences and individual chats, so it will not work in open group chats.

Here are some settings to make Conversations more secure:

Settings->OMEMO Encryption: Set to "Always"


Settings->Expert Settings->Blind Trust Before Verification: Disable


Manage Accounts->Click on account->Top right corner hamburger->Archiving preferences: either "Contacts" or "Never"


XMPP by design does save some information in unencrypted format so it is important that you trust the administrator of your server. By self hosting you are in control of all the information on your own server, however if you communicate with XMPP users on others servers there still is some unencrypted information that those users will have saved on their server. This data may include:

When XMPP was first developed there was no encryption implemented in the design. OMEMO adds encryption to the message contents, but the underlying system of XMPP remains unencrypted. It is just the nature of this system that confidentiality is only available for message contents. In many ways it is very similar to PGP which only added encryption to the message contents of emails.

Another aspect of security is that on Android photos are automatically saved to your phone's photo gallery where they are saved unencrypted. And if you have any backup or cloud syncing setup for your photos then these photos from Snikket wil also show up in your online storage. You can turn off storage access for the app, thus preventing any photos or files from being able to be saved to the device, but that also prevents them from being downloaded and viewed in the app as well, essentially making Snikket a text only messenger. Photos are saved in Local Storage/Device Storage/Snikket/Media.

My Verdict: The best XMPP suite and data protection with self hosting.

I fully support the direction this project is going to achieve wider adoption of XMPP for both users and those who wish to host their own server. Creating applications that are designed to work with the server out of the box and a server that is easy to administrate is a different tactic than all the other XMPP software out there.

Threema

Platforms: Android (Threema Shop), iOS, Web
Communication types: Text, group chat, voice, files, voice chat
Country of origin: Switzerland
Source code: partialopen
Encryption protocol: NaCl
Shared Secret exchange: ECDH25519
Message Encryption Cipher: XSalsa20
Business model: One time app purchase fee
Android app requires Google Play Services: No
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: No
Messages stored on server: Temporarily
Ephemeral messages: No
Puddle test: Data not recoverable Messages are saved on the device only.
Hammer test: Data not recoverable When messages are deleted on all devices.
Has contact verification: Yes
Leaks files: No
Android app trackers (1): Mapbox
Websites: Cryptography Whitepaper, Audit (2019), Audit (2020), Open source info
Version tested: 4.52
Last tested: 4/4/2021
Notes:

Threema is very easy to setup and use. Linking to an email or phone number is totally optional. To add a contact you need to acquire their Threema ID via a separate channel, search your contacts list for a match, or scan their fingerprint QR code in person. These three methods attach 3 levels of "verification" to your contacts: This is a nice feature so you can have and easily see different trust levels of your contacts.
It is also very easy to create encrypted group chats with multiple contacts. All individual and group chats will show up in the same list.
Search feature in individual and group chats.
Threema is partially open source
From the FAQ:
Which data gets stored at Threema?

Using Threema ought to generate as little data on servers as possible – this is part of the concept. For that reason, data like e.g. contacts or group chats are stored in a decentralized way on user devices, instead of on a Threema server. Our servers assume the role of a switch; messages and data get forwarded, but not permanently stored. Where there is no data, there is nothing to be accessed or misused. However: without some kind of (temporary) data storage, there cannot be any asynchronous communication. In the following we will explain what kind of data we store, how we store it and for how long.

Messages and group chats: As soon as a message has been successfully delivered to the recipient, it is immediately deleted from the server. All messages and media are transmitted end-to-end encrypted in Threema. This means: even if someone intercepted your message, it would be completely useless. Only the intended recipient is able to decrypt and read a message.
No contact lists are stored when synchronizing contacts: The email addresses and phone numbers from your address book get anonymized (hashed) before they reach the server. Once the comparison is finished, they are immediately deleted from the server.
Key pairs are generated in a decentralized way on your device. Your private key is never known to us, and therefore we cannot decrypt any message contents.
Threema doesn't log who is communicating with whom (which Threema IDs are communicating).

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

Encryption process (from the whitepaper):

This process uses the Box model of the NaCl cryptography library.
A shared secret is generated using both the private key of one chat participant and the public key of the other participant. So both participants are able to generate the same shared secret without the need for any negotiations over the internet or transmitting any information at all, except for initially acquiring the other participant's public key. This also has the advantage of being able to generate the secret while the other participant is offline. This shared secret cannot change, unless one of the participants changes their Threema ID (and thus their key pair).
Each message has a random nonce generated for it, this acts as a salt value, and is combined with the shared secret to encrypt the message. This does not provide perfect forward secrecy, but it does insert an element of randomness so that analysis of Threema encrypted messages is made more difficult than a series of messages encrypted with Public Key Infrastructure methods that use the same symmetric key for every message.
For group chats when a message is send the message is encrypted separately for every member of the group using the same method as a one to one chat. So if there are 12 participants in a group, a message will be encrypted 11 times, once for each of the other group members, and each message will have a different nonce.

This looks interesting- an open source implimentation of the Threema client (not official): openMittsu

My Verdict: Almost perfect

Truly this is an app that provides almost a perfect secured messaging system. Limited meta data, very easy to use, foolproof encryption. The only features missing are perfect forward secrecy on message encryption (data in transit is additionally encrypted with TLS) and ephemeral messages. Oh and being able to use it on multiple devices would be nice as well. But the simplicity of use and low cost are what make this app a top choice for me.

TwinMe

Platforms: Android, iOS
Communication types: Text, group chat, voice, photos, video, files, streaming music
Country of origin: France
Source code: closed
Encryption protocol: WebRTC/TLS
Shared Secret exchange: ECDH
Message Encryption Cipher: AES-256
Business model: Pro version of the platform
Android app requires Google Play Services: No
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: No
Leaks files: No
Android app trackers (0): None
Websites: Encryption
Version tested: 9.1.1
Last tested: 11/28/2018
Notes:

TwinMe is easy to setup and to connect with another TwinMe user, you can either scan their QR code in person or send them an invite link.
This app is truly peer to peer, so sometime when you try to send a message it will just appear with a spinning circle next to it. This just means that the other person is not online. You can close the app and it will work in the background and deliver the message once the other person is online.
The interface is professional looking, though the iOS version seems more consistant with the host OS than the Android version.
One cool feature is the ability to stream music from your device to your contact's device.
On Android Google Play Services are not required. The Android version I first tried from the Amazon app store would not launch at all. The version from the Google Play Store (downloaded via Yalp) did run.
On Copperhead, the battery optimization settings need to be set to Off for TwinMe to stay connected when in the background.
Added in version 8.3.0 is the ability to delete messages you have sent from both your device and the device of your chat partner. Simply swipe the text to the left and the delete icon will appear.

Encryption:
TwinMe is a direct peer to peer connection between devices, so there is no middle server to need to protect information against. All encryption is done on the transport level with TLS.

My Verdict: One of the best peer to peer chat apps!

This app is very reliable and easy to use. It has a unique feature with its music streaming ability. I wish it had quoting of messages, ephemeral messages and contact verification. Not having a server in the middle handling messages makes this a very safe app to use.
The FAQ mentions that you can preserve your ID and contacts when changing to a new device by doing a full backup with iTunes or your PC, so just be conscious of having that information in any backups you may do.
With both iOS and Android apps this can be used by a majority of phone users.

OnionShare

Platforms: Linux, MacOS, Windows, Android
Communication types: Text
Country of origin: None
Source code: open
Encryption protocol: Tor hidden services/TLS
Shared Secret exchange: ECDH25519
Message Encryption Cipher: AES-128 or better
Business model: Free open source project
Android app requires Google Play Services: No
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: false
Ephemeral messages: Yes
Puddle test: Data not recoverable
Hammer test: Data not recoverable
Has contact verification: No
Leaks files: No
Websites: Source
Version tested: 2.3.2
Last tested: 8/5/2021
Notes:

OnionShare is a desktop application that offers an easy way to create servers for hosting websites, file sharing, file drop and chatting. All servers are accessible through a Tor .onion address so inherit all the security and privacy features of the Tor network.

The chat features are fairly basic at this time. It is text only and there are no notifications when new messages arrive. You also must have an active connection to the server to receive messages. If you are offline any messages sent to the server do not get delivered to you. As a consequence there is no history of saved messages that can be retrieved while you were offline.

The OnionShare application creates the server part of the chat system. This is very easy to do, you do not need to have any server administration experience or do any complicated systems setup. Just run the OnionShare application, choose a few settings and start the server on your own home computer. The server will have a .onion URL that you can send to anyone you want to connect to the chat server. To send and receive messages the "client" part of the chat system is actually the Tor Browser. Paste the .onion URL into the Tor Browser address bar and you are now connected to the chat server as a new user. There is no need to register accounts on the system, if you have the URL you can just connect to it. When first connected you are given a random name, which can be changed. By using the Tor browser this also makes it very easy for anyone to join the chat (as long as they have the URL) and the only requirement is to have the Tor Browser installed.

The Tor Browser on Android does also work as a client, however at the time of this review the interface is still scaled the same as when using the desktop Tor Browser, so the text is very small. But it is still usable. Also on Android when switching to another application the connection between Tor Browser and the OnionShare chat server is stopped, so if any messages are sent when you are not actively in Tor Browser these messages will not appear when you return to the Tor Browser. The desktop Tor Browsers do keep an active connection even when using other applications so as long as the tab is not closed you can receive messages from OnionShare while using other applications on a desktop.

No messages are stored anywhere to disk on either the server or client sides. You send a message to the server, and the server immmediately sends out that message only to those clients with an active connection. There is no history saved anywhere. The clients are really just a tab in the Tor Browser, so as soon as that tab is closed all the data and messages from the chat session are gone. These messages are therefore ephemeral as they are destroyed as soon as the clients are closed.

Because you must have an active connection to send/receive messages I see this chat system is best when used for short communcations when you really need privacy and ephemeral messages. You can quickly create a new chat server if you are communicating on another platform but feel the need for more privacy and security. This isn't really a system you would leave up running all the time. There are no notifications (yet) so you must manually check the Tor Browser tab for any new messages. Also if someone goes offline there is no way to queue a message for them to receive when they return. So this is really a system for when all parties in a conversation can be actively online at the same time.

The only other real downside to this system I can find is that there really isn't any type of contact verification. When someone connects they can put in any name for themselves that they want. So having a second scure channel of communication is important to send the URL to the chat server and verify that the person you wanted to connect is truely the one connected (verify the name they used).


My verdict: Excellent option when you want a private ad-hoc conversation
All participants must be actively online since all messages are transferred in real time without any queues. The server is very easy to setup (and take down) on a regular desktop PC, and the Tor Browser is the only requirement needed to connect to the server. All messages are destroyed as soon as the Tor Browser tab for the chat is closed.

Session Messenger

Platforms: Android, iOS, MacOS, Windows, Linux
Communication types: Text, group chat, photos, files
Country of origin: Australia
Source code: open
Encryption protocol: Session Protocol (using libsodium)
Shared Secret exchange: ECDH25519
Message Encryption Cipher: XSalsa20
Business model: Loki Services
Android app requires Google Play Services: No
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: No
Messages stored on server: Temporarily
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (0): None
Websites: FAQ, Whitepaper, Source
Version tested: Android: 1.11.6, MacOS: v1.4.0, iOS: 1.2.0, Linux v1.7.0
Last tested: 9/12/2021
Notes:

Session audits: Session clients code audit and blog announcement.

Session (previously called Loki) is still in beta but so far I am very impressed with the functionality and features of this app. It runs on top of a distributed network of servers that run the Loki Network.

I like very much that the encryption uses the Signal protocol, which is very good. The Signal app is designed to use a centralized server infrastructure, however this messenger uses the Signal protocol on top of the decentralized Loki network. This decentralization greatly improve the anonymity and robustness of the system.

Features I like:
It should be noted that currently in 2021 file attachments for messages are not stored on Session service nodes but are stored encrypted on a central server. The encryption key for the file is sent directly from the sender to recipient along with a link to download the file from the server. Therefore the file attachment is still end to end encrypted, it is just temporarily stored on a central server. More information can be found at https://docs.oxen.io/products-built-on-oxen/session/attachments.

The feature set of the mobile apps is slightly behind the desktop apps.

My verdict: I am loving it!

I will wait a while and see how this app develops, but I am already loving this. It has all the privacy features needed and runs on top of a decentralized network. The speed is very fast, and the desktop client (Linux) is very feature complete. This is very early in the development still, but it has great promise. This is one app to keep around to test and see how it develops.

SimpleX Chat

Platforms: Android, iOS, MacOS, Windows, Linux
Communication types: Text, group chat, photos, files
Country of origin: None
Source code: open
Encryption protocol: NaCL
Shared Secret exchange: ECDH25519
Message Encryption Cipher: XSalsa20
Business model: Free open source project supported by donations
Android app requires Google Play Services: No
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Temporarily
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (0): None
Websites: Whitepaper, Source, Security audit
Version tested: Android: v4.4.0, Linux v4.4.0
Last tested: 1/6/2023
Notes:

Simplex Chat is a messenger that offers a unique design for sending messages. When two devices wish to communicate, each device creates a unique messaging queue on their choice of server to receive messages from the other device. This queue is only used to receive messages from that particular device. When setting up communication with another device, a new queue is created. Think of it like you are setting up a new unique email address for every person you are emailing with.

Using unique queues (or addresses) provides better privacy and anonimity by avoiding there being a single identifying name, address, number, encryption key or other type of ID. This makes determining common relationships and contacts among multiple users of the messaging system much more difficult. You can provide the same name to your contacts if you wish, or choose to create new names for each contact, it is up to you how to seperate your identities.

This system is similar to a Peer to Peer messenger, except there is a server which acts an intermediary to receive messages, which your device then picks up the messages from. This has a few advantages over a direct device to device system. First it allows messages to be sent to you even when you are offline. The server will receive the messages and retain them until your device does come online, so both devices do not need to be online simultaneously to transmit messages. Second, since your contact is connecting to a server and not your actual device, they never see connection information about your device so it cannot be tracked or traced. You may also setup your server with a Tor onion address to use as an option for receiving messages via the Tor network.

This messenger uses proven end to end encryption libraries and techniques so transmission of information is secure. Messages are also only retained on the server for as long as it takes them to be retreived, and are deleted from the server once delivered. You can host your own SimpleX Messaging Queue server so you have more control over the data. However using your own server may make you more uniquely identifiable if only you or a few people use the server.

Sending files and images seems to work fine, and you can create group chats which use invites to add members. You can reply to messages and also delete messages that have already been sent. There is also video and audio calling but I have not tried that feature.

There was a security audit done on the cryptographic library code, and a few issues found and corrected. You can read the full report
here, with the announcement here. This is great news, and further audits of the non-cryptographic code may be also completed in the future.

Version 4.4.0 for mobile devices added features for ephemeral messages and contact verification. The ephemeral messages are optional as you can choose whether or not you want to use them for each contact. You both need to have ephemeral messages enabled and agree on a "delete after read" time of 30 seconds, 5 minutes, 1 hour, 8 hours, 1 day, 1 week or 1 month. I think this system is very fair in that both parties agree and then all following messages will be deleted at the set timeout period. When you send a message with disappearing messages enabled an icon will appear next to the message. If you change the message timeout to a different value then previous ephemeral messages (which have not been deleted yet) will show their timeout time as well so that you know when they should be deleted.

Contact verification is also possible by comparing a hash that should match on both your device and your chat partner's device. This is easiest done in person by scanning each other's QR code, but it can also be done by sending the code you have to your contact using another trusted communication channel. Once verified there is an icon that shows next to their name to indicate they are verified.

My verdict: So much to like, this could be a winner!

What I like: