A Defensive Computing Checklist    by Michael Horowitz
HOME | About | Domain Names | VPNs | Rules of the Road | DC Presentation | ChangeLog | Stats |

SECURE ENCRYPTED MESSSAGING

TOPICS BELOW
Introduction,   Limitations of SecureMessages,   Articles,   Product Comparisons,   Signal,   WhatsApp,   Threema,   Session,   Briar,   Olvid,   Google Android Messages,   Facebook Messenger,   Apple iMessage,   Brief Summary of other Messaging Apps,   A Better Alternative  

INTRODUCTION

For messaging apps, End-to-End encryption is the top of the line. It is offered by Signal, Threema, Wire, Session, WhatsApp and others and is often abbreviated E2EE. Simply put, E2EE insures that messages can only be read by the sender and the recipient. The people/company/app doing the sending/receiving of the message can not read it. Anyone listening to network traffic can not read it.

Some messaging apps use encryption sometimes, not all the time. Hopefully the data below will help with this.

Android 15 and iOS 18 introduced ways to hide the existence of apps on devices. Anyone interested in secure messaging should use these features. In addition to OS-level app run protection, the app itself may have an app-run password (my terminology). Some apps that offer this are Venmo, Paypal and ProtonMail. If your messaging app has this feature, turn it on and use a unique password.

LIMITATIONS OF SECURE MESSAGES  top

There are many ways that secure/encrypted messages can still leak.

  1. The underlying Operating System (iOS, Android for Signal) can be hacked.
  2. Even if you do everything right on a technical level, your security is only as good as the person you are communicating with. They may not be trustworthy. They may leak messages, either on purpose or by accident.
  3. You may not be communicating with the person you think you are (think SignalGate from March 2025)
  4. Either the sender or recipient can take a picture of the device doing encrypted messages and retain the picture forever. The person on the other end of the encrypted message has no idea this has happened.
  5. If messages are sent or received in public, then they may be observed over the shoulder or by a camera
  6. The app used for encrypted messages may make backups that are not encrypted. Or, it may save messages locally in an insecure way. Or, even if messages are stored locally such that only the app can see them, someone with access to the device that sent or received the message can see the message history. This access can either be physical or the device may have been hacked. Phones get hacked all the time. To defend against physical access to the device, messages should auto-delete. Defending against a device being hacked? Good luck.
  7. Metadata matters: Even if the actual messages can not be read, just the act of communication between two people (or a group) can be damaging. Articles about secure messaging rarely discuss what the messaging software knows about who is talking to who, when they were talking, etc. Encrypting the message is far from the whole story, anonymity is important too.
  8. Encryption is not privacy. Anonymity counts too, and encryption, even end-to-end encryption, does nothing about hiding your identity.
  9. Do you want to keep previously sent messages or have them quickly deleted? Difficult question. If you keep them, you have to worry about the backups being secure. If you want to delete them, you have to configure the app or the operating system. The Android messaging app may not even allow this. And, the software needs to delete them on both sides.
  10. The use of E2EE in mobile apps is taken on faith. This is not something an end user can verify. In contrast, the use of a secure website can be verified.
  11. On Android, someone could be tricked into installing a hacked app from outside the Play store. Even within the Play store, there may be multiple apps with the exact same name. A scam copy of an app can look exactly like the real thing, do what the real app does, but, also leak messages.

Taking a step back, Android and iOS are probably not the best place for secure communication. On mobile devices, you can not see the end to end encryption, so you have to take it on faith. With a web browser, you can fairly easily see and check and verify that a website is using encryption. Apps, however, are black boxes that do not allow introspection. Also, when looking at a website, you can tell what computer you are communicating with. In contrast, this is hidden when using mobile apps.

Another issue will always be usability. Nerds will never discuss this or even mention it, as it does not apply to them. Software with many features can be confusing for a non-techie. And confusion is likely to lead to mistakes that negate all the good a secure messaging app is trying to accomplish. Signal may well fall into this category. As it moves away from phone numbers as its main identifier, it has usernames, profile names and nicknames. An accident waiting to happen?

ARTICLES  top

March 14, 2025: Apple will soon support encrypted RCS messaging with Android users by Jess Weatherbed for The Verge. In the beginning there were SMS text messages with no security. Then text messages got extra features with RCS added to them. Apple introduced RCS support to iOS in an iOS 18 update in September 2024. But, that version of RCS did not include End-to-End encryption. So, even if iOS was texting to Android and both sides were using RCS text messages, still not secure. But, a new version of RCS will include E2EE and Apple as agreed to implement it in the future. Apple will add E2EE RCS messages to iOS, iPadOS, macOS, and watchOS. The article does not say, but it probably goes without saying that Android will support the new RCS flavor too. Thus, sometime in the future (no idea when) text messages between Google Android and Apple devices will be secure.

January 17, 2025: 4 Easy Ways to Make Sure No One Can Read Your Text Messages by Max Eddy in the New York Times. Not a great article.

PRODUCT COMPARISONS  top

  1. March 19, 2025: The best encrypted messaging apps in 2025 by Nicholas Fearn and Amber Bouman of Toms Guide. The article covers: Signal, Telegram, Session, WhatsApp, Briar and Viber. Each app is the best for something.
  2. March 4, 2025 (Last updated): Real-Time Communication from PrivacyGuides.org. Their recommendations for encrypted real-time communication: Signal, Molly, SimpleX Chat and Briar.
  3. February 21, 2025: Best WhatsApp Alternatives 2025 by Hanna of secure email provider Tuta. An overview of ten WhatsApp alternatives for iOS and Android that focus on protecting your data, are easy to use, and have a decent number of users. Specifically the article looks at the pros/cons of Threema, SimpleX, Session, Signal, Element (formerly Riot), Wire, Telegram, iMessage and Google Messages.
  4. October 31, 2024 (last update): Best WhatsApp alternatives for privacy by Douglas Crawford of Proton.
    This article was initially published in February 2021 and then refreshed in May 2023 when Wickr and Keybase were removed from consideration. It was updated in Oct. 2024 because Session has moved from Australia to Switzerland.
    An excellent article. An evaluation of Threema, Session, Signal, Telegram, Wire, Element and Olvid. The first topic is: What's wrong with WhatsApp? All the listed products are considered good. All are open-source messaging apps that use end-to-end encryption (E2EE). Every product has its pros/cons which are clearly shown. The article includes a critique of WhatsApp - the biggest downside is that it does not protect your metadata. There is a great side-by-side comparison matrix in the article. By their criteria the best are Threema, Element and Session. The worst are Telegram and Wire. In the middle are Signal and Olvid. All criteria are not the same, we each have to make our own judgments. Again, excellent article.
  5. August 22, 2023: Not everything is secret in encrypted apps like iMessage and WhatsApp by Sira Ovide for the Washington Post. A cheat sheet to what information is encrypted and private in five chat apps.
    Is the content of every message automatically end-to-end encrypted?
    YES: WhatsApp and Signal. NO: Apple, Google, Meta
    Are backup copies of your messages automatically encrypted, with no option for the app company to unscramble them?
    YES: WhatsApp, Signal, Google (sort of) NO: Apple, Meta
    Are disappearing messages an option?
    YES: WhatsApp, Meta, Signal NO: Apple, Google
  6. Website: Secure Messaging Apps Comparison by Mark Williams. A detailed evaluation of 13 secure messaging apps. Only 4 are recommended: Signal, Threema, Wire and Session. The last site update was February 2023.
  7. Arguing against three products: How WhatsApp, Signal & Co Threaten Privacy from TU Darmstadt University (Sept 2020). Researchers performed crawling attacks on WhatsApp, Signal, and Telegram. Maybe not the best choices. Quoting: " ... very few users change the default privacy settings, which for most messengers are not privacy-friendly at all." The Telegram contact discovery service exposes sensitive information even about owners of phone numbers who are not registered with the service. More here.

SIGNAL  top

Information on Signal was moved to its own page on March 30, 2025.

WHATSAPP  top

INTRO: WhatsApp is owned by Facebook which should never be trusted. WhatsApp messages are end-to-end encrypted by default. So too are phone calls between WhatsApp users. It supports disappearing chats.

Your WhatsApp userid is your cell phone number. The service is unusable without a functioning mobile number, and you cannot hide your number from your WhatsApp contacts. If you swap the SIM card on your phone, and thus start using a new number, will have to change the number associated with your WhatsApp account.

To limit who can add you to groups and who can see information, such as your status and personal information, go to Settings -> Account -> Privacy

How to: Use WhatsApp from EFF. Long and detailed. A must read. Last Reviewed: Nov 15, 2023.

October 22, 2024: IPLS: Privacy-preserving storage for your WhatsApp contacts by Slavik Krassovsky, Kevin Lewi, Dillon George, Cheng Tian, Ercan Ozturk of Facebook. WhatsApp has lacked the ability to store your contact list in a way that can be easily and automatically restored in the event you lose it. They now have a new encrypted storage system called Identity Proof Linked Storage (IPLS) that lets users save their contacts and automatically restore them through WhatsApp. Users can create contacts directly within WhatsApp and choose to sync them to your phone or securely save them only to WhatsApp. They don't say if everyone gets this or if you have to turn on an option. They also don't say when it was/will be released.

Locked chats

  1. v1: In the first draft of the locked chats feature, you were able to lock a chat using the same thing that unlocked the phone (pin code, fingerprint, etc). Introduced around May 2023, the Chat Lock feature creates a new folder. More here WhatsApp now lets you lock chats with a password or fingerprint by Sergiu Gatlan for Bleeping Computer.
  2. v2: In December 2023, this feature was made more secure with a new Secret Code feature that allows you to further hide locked chats behind a custom password. Anyone who cares about security will use a password here that they do not used anywhere else. Locked chats with a Secret Code can then only be discovered by typing the secret code in the search bar. This prevents people who have access to your phone from even knowing that there is a locked chats folder. More here WhatsApp's new Secret Code feature hides your locked chats by Sergiu Gatlan for Bleeping Computer. The WhatsApp doc is here: How to turn on chat lock. Of course, it is undated.

November 8, 2023: Enhancing the security of WhatsApp calls by Daniel Sommermann, Sebastian Messmer, Attaullah Baig of Facebook. Two new optional features make calling on WhatsApp more secure.

  1. "Silence Unknown Callers" quiets annoying calls and blocks sophisticated cyber attacks. With this enabled, calls from unknown numbers do not ring your phone. More.
  2. "Protect IP Address in Calls" helps hide your location. Initial rollout began in October 2023. The feature causes calls to be relayed through WhatsApp Servers.

October 2023: Getting bad vibes from a group? Here are 3 options

  1. Mute notifications for a group. You can resume notifications later. How to mute or unmute group notifications
  2. Block individuals in the group chat or report material to WhatsApp if you believe it is inappropriately violent or BS. How to block and report contacts
  3. Leave a group. Only the administrators of that group chat are notified. How to exit a group

June 2023: Best WhatsApp alternatives for privacy by Douglas Crawford of Proton. This article exists because WhatsApp changed its privacy policy in 2021, and it now shares its users' metadata and transactional data with Facebook/Meta.

April 13, 2023: A blog from WhatsApp about three upcoming security features: New Security Features: Account Protect, Device Verification, Automatic Security Codes. End-to-end encryption alone is not enough to protect you from account hijacking, device malware, or impersonation.

  1. Account Protect: When you move your WhatsApp account to a new device, they will double check that it’s really you.
  2. Device Verification: Malware can use WhatsApp to send unwanted messages. To help prevent this, they have added checks to authenticate your account. You do not need to do anything to get this feature. More: Device Verification
  3. Automatic Security Codes: The security code verification feature helps to ensure that you are actually communicating with the person you think you are. You can check this manually by going to the encryption tab under a contact's info. Too hard? OK, they will make this easier with a new feature that allows you to automatically verify that you have a secure connection. What a secure connection means, they don't say in the blog. It surely has nothing to do with verifying the person on the other end. With the new feature, click on the encryption tab and you will be able to verify that your personal conversation is secured. More: Key Transparancy

January 19, 2023: Whatsapp accounts are being hacked using the phone number. If the voicemail system for your Whatsapp phone number uses a default pin code, you are at risk. This from a twitter thread by @ihackbanme. In brief:
  You're sleeping. A bad guy tries to login to your account via WhatsApp.
  You get a text message with a pincode
  The attacker clicks on the option that the SMS didn't arrive and asks for a verification by phone.
  WhatsApp calls you. You're sleeping. It goes to Voicemail.
  The voicemail stores the automated voice with the pincode
  The attackers check your voicemail by trying the default pincode which may be the last four digits of your cellphone number
  Then they can log in to YOUR WhatsApp.
  After getting in, bad guys setup a 2FA pincode that prevents you from logging back in

November 26, 2022: WhatsApp data leak: 500 million user records for sale by Jurgita Lapienytė for Cybernews. Someone is selling up-to-date mobile phone numbers of nearly 500 million WhatsApp users. A data sample investigated by Cybernews likely confirms this to be true. It is not known how the data was obtained. Defenses that I read about:
 --Beware of unknown numbers trying to message you or call you on WhatsApp
 --If you get a message from an unknown WhatsApp number, block the number and do not click on any links in the message
 --Configuration suggestions: Settings -> Privacy. Change "last seen and online" and "profile photo" and "about" to "contacts only"

How to Use WhatsApp Privacy Settings by Yael Grauer for Consumer Reports. Published January 8, 2021. Last Updated August 16, 2022.
Despite the end-to-end message encryption ... "when you use the app, you may be sharing more information than you realize with your contacts, anyone else with your phone number, and parent company Meta, which also owns Facebook and Instagram." Very long article. Some of the topics covered:

WhatsApp can make encrypted backups. However, as of December 2024, WhatsApp backups are not end-to-end encrypted by default. In other words, backups are stored in plain text (aka clear text) in the cloud. See this feature description from WhatsApp: About end-to-end encrypted backup (undated). Better yet, have WhatsApp message backups turned off.

From I Accidentally Hacked a Peruvian Crime Ring by Albert Fox Cahn for Wired (Dec 2021). The article makes a strong case for securing an account with an optional PIN or two factor authentication. And, despite the WhatsApp end-to-end encryption, Facebook knows who your contacts are, what groups you belong to, and when and to whom you send messages. Quoting: "With a simple subpoena ... they can get much of your account information. With a full warrant, the platforms can provide records on every aspect of your digital network (apart from the message itself). They can record who we communicate with, how often, the groups we're part of, and the identity of every member, along with your full contacts list. Even worse, WhatsApp can do this in nearly real time, transforming a 'privacy-protective platform' into a government tracking tool."

September 2022: WhatsApp will soon let users hide their online status from their friends. From: Some lucky WhatsApp users can now hide their online status by Chandraveer Mathur for Android Police.

Private WhatsApp groups are not very private. See Google Is Letting People Find Invites to Some Private WhatsApp Groups by Joseph Cox of Vice (Feb 2020)

How to minimise targeted ads on social media: WhatsApp from Privacy International (May 2019)

Upgrading WhatsApp Security by Martin Shelton on Medium (Feb. 2017)

You are safer when WhatsApp does not automatically download stuff (pictures, audio, video, documents) because you never know if the file is malicious. To prevent automatic downloads:

  1. iPhone: Configuring auto-download from WhatsApp. By default, it automatically downloads images over a cellular connection. Audio and video will automatically download on Wi-Fi. To change this: WhatsApp -> Settings -> Data and Storage Usage. Tap on photos, audio, videos and documents and choose Never, Wi-Fi, or Wi-Fi and Cellular.
  2. Android: Configuring auto-download from WhatsApp. By default, it automatically downloads images over your cellular connection. Other types of files? Doesn't say. To configure: WhatsApp -> More options -> Settings -> Data and storage usage -> Media auto-download. There is no Never option, instead you have uncheck a bunch of checkboxes as per the video.

Articles from WhatsApp about Privacy and Security. None are dated.

  1. Privacy good starting point
  2. About two-step verification
  3. Account security tips
  4. About end-to-end encrypted backup
  5. About end-to-end encryption

THREEMA  top

From my research, Threema seems to be the best encrypted communication app. Steve Gibson, of the Security Now podcast, prefers it. The Mozilla foundation gave Threema an excellent rating on their Privacy Not Included website where they considered it a Best Of product. Sven Taylor of Restore Privacy also liked it. The app is developed in Switzerland, and has more than 10 million users, including the Swiss government and the Swiss army. It has passed two independent security audits.

Threema does text and voice messages, voice and video calls, groups, distribution lists and file sharing. Users are identified in the system with a randomly generated 8-digit Threema ID. Users must create a username and password to log into the app. Optionally, users can link their Threema account to an email address or a phone number and give it access to their contacts. Again, this is optional. The mobile app costs $5 in the US, a one-time charge. There is a version for Windows, macOS and Linux, but the mobile app is still required. There is also a web interface, but it too requires the mobile app.

January 10, 2023. Messenger billed as better than Signal is riddled with vulnerabilities by Dan Goodin for Ars Technica. Academic researchers examined Threema and found 7 vulnerabilities. They privately told Threema about this and some/most of the problems were fixed. Is secure enough in January 2023? I don't know, I need to find an independent expert. Quoting: "Matteo Scarlata and Kien Tuong Truong, two of the ETH researchers who co-authored the paper, said that all the flaws stem from a single trait: the use of a custom protocol rather than an established one that has stood the test of time." The researchers also said "... that a company whose main product is based on cryptography, should always have a cryptographer at hand to assess its security and to propose already-existing protocols when possible, for example the battle-tested TLS instead of creating their bespoke client-to-server protocol". In Threema's response they claimed the bugs were in an old outdated protocol. They failed to say that it was only old because it was revised based on this recent research.

From the Privacy Not Included website of Mozilla: Threema Reviewed on Sept. 8, 2021. Quoting: "Threema is one of the best privacy-focused messaging apps we have seen, with its end-to-end encryption, no phone number required to sign up, and its commitment to not collect user data. "

SESSION  top

TLDR: Session seems to be better than Signal. Both are free and open source. Both use the Signal protocol for encryption.

Session has a lot going for it. It is an end-to-end encrypted messenger designed for absolute privacy. Quoting their website "Session is a decentralized messenger that supports completely private, secure, and anonymous communications." It does one-on-one real-time messaging and, like email, you can also send someone a message when they are off-line. It does open and closed group chats, voice calls and file transfers. No personal information is required to create a userid in the Session world (this used to be called a Session ID, now it is an Account ID). Session uses the Signal protocol for its encryption, but unlike Signal, it does not require a mobile phone number. Session is open source and minimizes metadata. The software runs on Windows, macOS, Linux, Android and iOS. In comparison, Signal is pretty much mobile only.

One downside, when I first looked at Session, was that there was no getting-started hand holding for newbies. Now there is a 5-page Lite paper Send Messages Not Metadata. But, it is useless for newbies. By nerds for nerds.

October 2024: On his Security Now podcast, Steve Gibson was impressed with Session when he first ran across it. On the October 29th edition of the show he said: "I wasn’t aware of the 'Session' messaging app, but it looks quite interesting ... It appears to be what you would get if you were to combine the ultra-robust and well proven Signal protocol - which Session forked - with the distributed IP-hiding Tor-style Onion routing which we briefly discussed again recently. And on top of all that, Session is 100% open source ... Session's messaging transport was deliberately designed like Tor's to hide each endpoint's IP address through a multi-hop globally distributed server network, and that the entire content of the messages used the impenetrable Single protocol used by Signal and WhatsApp to exchange authenticated messages between the parties ... From here it appears to be a total win. Establishing an anonymous identity with a public/private key pair is exactly the right way to go and that's exactly what they do plus much more and all with their source code being openly managed on Github."

October 22, 2024: Encrypted Chat App 'Session' Leaves Australia After Visit From Police by Joseph Cox for 404 Media. This was the original story. You have to subscribe to their newsletter to read the entire article. Quoting: "Session, a small but increasingly popular encrypted messaging app, is moving its operations outside of Australia after the country’s federal law enforcement agency visited an employee’s residence and asked them questions about the app and a particular user. Now Session will be maintained by an entity in Switzerland."

November 4, 2024: Encrypted messaging app developer moves out of Australia after police visit employee's home by Josh Taylor for The Guardian. Quoting: "Developed in Australia in 2018, Session is an encrypted messaging app that is open source and decentralised. The app runs on the tagline: 'Send messages, not metadata.' It allows users to send messages with anonymity, by opting for 66-character account IDs rather than verifying a user via emails or phone numbers. Messages are sent over a decentralised onion routing network similar to Tor (a popular encrypted browsing app) and no single server knows the message origins or destination."

BRIAR  top

As security goes up, convenience always goes down. Briar seems to be high on the security side and thus it is a bit harder to use than competing apps. That said, I have not used it. One example of this is finding other Briar users. You are on your own here. Another example is non-synchronous messages. Briar needs to be running the background to accept an incoming message. This means disabling battery optimizations. The way it handles messages when the recipient is off-line is a bit confusing.

About Briar:

  1. Initially, it was Android only. Now, there is also a desktop version that runs on Windows, macOS and Linux. iOS is not likely for the future
  2. A phone number is NOT required, in fact no personal information is needed to use Briar. You pick your own userid/password
  3. It is text only. No audio, no video.
  4. It supports group chats
  5. It does not access a phone's list of contacts
  6. The software is Open Source
  7. Messages are stored securely on your device, not in the cloud
  8. There is no central server, messages are sent directly between the users' devices
  9. When there is an Internet connection, it uses the Tor network for user-to-user communication
  10. When there is no Internet connection, the Android app can communicate using Bluetooth, local Wi-Fi or memory cards
  11. If you are not online when you are sent a message, there is a separate Briar Mailbox app for receiving your messages

From Briar

March 19, 2025: In an article about EU software with better privacy than US software, Briar is recommended. Privacy-Respecting European Tech Alternatives by Jonah Aragon of Privacy Guides. Quoting: "Briar is an open source project not legally incorporated in any jurisdiction, although it has received funding from European initiatives like NGI and the NLnet Foundation, and includes many Europeans in their voluntary board and team." Other recommended Instant Messaging apps were Element and SimpleX.

July 30, 2024: Briar Review by Kim Key for PC Magazine. Quoting: "Briar is the most privacy-focused private messaging app we've tested, but its stringent policies also make it less functional for most users. Briar is an open-source app intended for use by activists, journalists, political figures, or anyone else who is worried about surveillance. Briar doesn't need a central server to sync messages between users, which is great, but it also doesn't offer much in the way of entertaining features or opportunities to find new and old friends to chat with."

OLVID  top

I first heard of the end-to-end encrypted messenger Olvid in December 2023 when the French government mandated its use. See French government recommends against using foreign chat apps by Bill Toulas of Bleeping Computer (Decr 1, 2023). The Prime Minister of France requested that all government employees uninstall foreign communication apps such as Signal, WhatsApp, and Telegram in favor of the French messaging app Olvid.

About Olvid:

  1. The software is open source and has been audited by techies working for the French government
  2. There is a free tier and a paid tier. Encrypted texts are free. Receiving encrypted voice calls is free. Initiating encrypted voice calls is not free. Using Olvid on multiple devices is not free.
  3. No personal information is needed to use Olvid. No phone number, no email, no name, no address, no date of birth. Nothing.
  4. Olvid runs on iOS and Android, as does everything else listed on this page. But . . . they also provide installable software for macOS and Windows.
  5. There is no central directory that connects users. Good for security not great for usability.
  6. Unlike competing software it does not nag for access to your contracts/address book
  7. It does not rely on any trusted third party
  8. They guarantee your privacy even if their servers get hacked.
  9. No SIM card required, just Internet access.

In December 2023, Steve Gibson, on his Security Now podcast said, "... it looks pretty good ... Olvid is not some random homegrown messaging app designed by the Prime Minister’s nephew ... I really like its integration with the desktop. That's something I've been missing as a crossplatform iOS and Windows user. And Signal is annoying with its required tie to a phone number."

Assorted: See their FAQ. Secure audio calls are not yet supported on Windows and macOS. They make no mention of ChromeOS support. A feature called Olvid Web lets you use Olvid in a web browser on Windows, macOS and Linux. But, you need an Android compatible device to serve as a gateway.

GOOGLE ANDROID MESSAGES  top

Under the right conditions, messages sent with the Google Messaging app on Android to another user with the Google Messaging app, are fully end-to-end encrypted.
The conditions:

Note: when messages are encrypted, a very small padlock icon will appear inside the send button and timestamps. In addition, it will say "RCS chat with xxxx"

Note: Even with E2EE encryption, Google knows who you communicated with and when.

See also:

  1. RCS chats by Google FAQ from Google
  2. messages.google.com
  3. Turn on RCS chats in Google Messages from Google
  4. Use end-to-end encryption in Google Messages from Google.
  5. Learn about Rich Communication Services (RCS) messaging from Google.

FACEBOOK MESSENGER  top

Trusting Facebook (aka Meta Platforms) is a mistake.

As of November 2023: Facebook Messenger is not end-to-end encrypted by default, but it can be enabled. It might be called Vanish Mode or a "Secret Conversation". Encrypted conversations are not available on the Facebook website.

Starting December 2023: Perverts rejoice. Facebook has started to enable end-to-end encryption in Messages by default. The full roll-out will take time. They said: "It will take a number of months to complete the global roll-out. When your chats are upgraded, you will be prompted to set up a recovery method, such as a PIN, so you can restore your messages if you lose, change or add a device." Where this new PIN fits in is not clear to me. This does not apply to group messaging, that, is still being tested and is planned for the future. It does apply to calls and to the Facebook platform itself. When E2EE works correctly, Facebook has no access to the messages. But, one person can still report a bad message to Facebook which does give them access. I have not seen a discussion of backups. If the backups are not encrypted, then this is a sham. More: Meta rolls out default end-to-end encryption on Messenger, Facebook by Bill Toulas of Bleeping Computer.

June 27, 2023: Meta is rolling out new parental control tools for Instagram and Messenger by Ivan Mehta for Techcrunch. The new system pre-emptively blocks unwanted DMs on Messenger and Instagram, and nudges teens to take a periodic break. See it at the Meta Family Center.

January 2023: Facebook/Meta is planning to add more users to the end-to-end (read, fully) encrypted version of Facebook Messenger over the next few months. Users will be chosen at random and notified by Facebook. The fully encrypted version of Messenger now supports link previews, chat themes, user active status, and Android floating bubble mode. More.

In August 2022, Facebook turned over their badly encrypted chat logs to the police who arrested a teenager for getting an abortion. See This Is the Data Facebook Gave Police to Prosecute a Teenager for Abortion by Jason Koebler and Anna Merlan of Motherboard. Just after this s--- hit the proverbial fan, Facebook started testing end-to-end encryption for certain Messenger chats. I don't know how they define "certain" Here is their press release about this. Do not trust Facebook.

APPLE IMESSAGE  top

iMessages are end to end encrypted between Apple users. Blue messages are encrypted, green are not.

iMessage can fall back to un-encrypted text messaging, if need be. To prevent this fallback:
Settings -> Apps -> Messages -> disable the "Send as Text Message" option. Last verified on iOS 18.2.

FaceTime phone calls are also end-to-end encrypted.

iMessage supports group chats. iOS version 18 was released September 16, 2024. From what I have read, once an Android device joints a group chat, there is no encryption at all, not even amongst the Apple devices in the chat.

Encrypted chats can be backed up to iCloud, where all bets are off. Apple gives your iCloud data to assorted government agencies as the law requires. Consider disabling iCloud backups and checking that it remains disabled as iOS is upgraded to new versions. At the least, turn off iCloud backups of your chats.

Apple says they can not read encrypted iMessages and we are supposed to assume that this means no one can. That is not necessarily true. Apple can add a government agency to an existing chat. In this case, Apple can not read anything, but the government agency can.

Even if Apple can not read your iMessages, there is still the issue of whether they know who you communicated with and when. Can they? Not sure, if they did not know, it is safe to assume they would brag about not knowing.

Configure system settings so that messages are only saved for a set amount of time.

Focusing on encryption is relatively easily, verifying the identity of the person you are communicating with is a whole other thing, complicated by the fact that one person can use multiple iOS devices. iOS 17.2 is scheduled to have a new optional feature, called Contact Key Verification, that improves this identity verification. Bad news: How it works is complicated both at the technical level and at the user interface level. After reading about it, I was lost. Good news: This is not intended for everyone to use. It solves a problem that only people with significant reason to believe that spies or governments want to compromise their communications.

From this article: Upcoming Contact Key Verification Feature Promises Secure Identity Verification for iMessage by Glenn Fleishman for Tidbits (Nov. 8, 2023). "Apple relies on increasingly outdated notions of end-to-end security for your messages with other people. While the company has regularly applied fixes to iMessage and its Messages apps to improve security and privacy, it hasn’t kept up with industry lessons and innovations."

One part of this system that I did understand is that the identity verification has to occur outside of Apple's world, which is good. Quoting the above article: "... you want a separate out-of-band pathway that can’t be subverted. Security experts typically recommend you do this in person or by secure end-to-end video where you can see each other (FaceTime, or Zoom with its end-to-end option enabled). You should also be able to rely on a non-secured voice call, but you may want to have established some answers or code words to eliminate the possibility of an attacker using an AI voicebot to fool you - with a sufficient sample of the target’s speech, they're pretty good."

BRIEF SUMMARY OF OTHER MESSAGING APPS  top

A BETTER ALTERNATIVE  top

One problem with any app on a mobile operating system is the operating system itself. We saw that in March 2025 when Jeffrey Goldberg of The Atlantic wrote about how The Trump Administration Accidentally Texted Me Its War Plans. My point is that everyone knows Signal is not appropriate for the highest level of security, which is what war plans should have. Quoting from the article "Several former U.S. officials told Harris and me that they had used Signal to share unclassified information ... But they knew never to share classified or sensitive information on the app, because their phones could have been hacked by a foreign intelligence service, which would have been able to read the messages on the devices." And that's my first point. You don't build a skyscraper on sand. Any mobile app can only be as secure as the mobile operating system and they get hacked all the time.

I don't use Signal, but the article above also makes clear that you may not know who you are communicating with when using it (see the SignalGate topic above).

Cellphones are spying machines. Considering any cellphone for secure private messaging is lazy and/or stupid. The best security is found elsewhere.

One aspect of this is that the end user can not see the encryption, so there is no way to know when there is no encryption. With a web browser, there is a lock icon that insures data is encrypted in transit. There is nothing like this with mobile apps. So, right off the bat, a secure HTTPS website is safer than any mobile app. We saw an example of this in March 2025 when it was revealed that Apple's iOS Password Manager was often using HTTP instead of HTTPS. See Apple's Passwords app was vulnerable to phishing attacks for nearly three months after launch.

Another aspect is Location tracking. Mobile Operating Systems really want to track their location. Some people know how to deal with this, but many do not.

My suggestion for secure communication is to use plain old simple boring webmail. Anyone can use webmail, even non techies. But not all webmail, of course, just webmail between two users of the same secure email provider. Two good choices would be ProtonMail and Tutanota, there are probably others.

The above Secure messaging apps require software to be installed and learned. For many non techies, this can be too much to deal with. In contrast, a webmail system has no learning curve and no software needs to be installed.

With webmail, the browser can prove that encryption is being used. You can see the HTTPS. There is no visibility at all into mobile apps. Maybe they are using encryption, maybe not.

I am out of step here with every techie in the world.

Both ProtonMail and Tuta offer free and anonymous accounts. Go sign up as DaffyDuck123 and let your enemies try to figure out that that's you. Phone numbers are not a thing here.

Just like E2E encrypted messaging programs, neither ProtonMail nor Tuta can read messages sent between their customers. With ProtonMail, Proton and the rest of the world can see the FROM and TO address of emails between two ProtonMail users. Since these can be anonymous, no big deal. Note however that Proton and the world can also see the subject line and the name of any attached file. Forewarned is forearmed. What is not visible to Proton and the rest of the world is the body of emails or the contents of attached files.

Email is, obviously, asynchronous. Many messaging apps offer synchronous communication. Do you really need synchronous communication?

Webmail solves one of the biggest problems with messaging apps - that the underlying OS can be hacked. Webmail ca be used on a Chromebook running in Guest mode. ChromeOS in Guest mode offers a virgin OS, with no information about you at all. The only running software is the Chrome browser. There are no browser extensions or favorites/bookmarks. You can not add an extension to Chrome while in Guest Mode. There are no Gmail accounts, heck there are no accounts at all. A virgin Operating System. I have never heard of a hacked Guest Mode Chromebook. iPhones? All the time. Better still, Guest Mode leaves no traces behind. Think of it like private browsing mode, but for the entire operating system rather than one single web browser. If the Chromebook is taken by bad guys, spies, law enforcement or whoever, they can not tell that you have a webmail account (assuming you only use it in Guest mode).

The secure Email company knows the pubic IP address that you connect to their service from. If they were compelled, they might have to provide this information to law enforcement. There are three defenses: use a VPN, use Tor or never connect from a place associated with you (home and office, obviously). But, a Guest Mode Chromebook can not run a VPN or Tor (or anything else other than Chrome). So, if you want to use secure email from home, you will need a router that contains VPN client software. They are not that expensive. The router can connect to a VPN and, after making the VPN connection, the Chromebook can connect to the router. This way, the only IP address that the world will see is that of a VPN server. Some routers also support Tor, but more support a VPN.

For the highest level of anonymity, be aware that if you pay for a VPN, then the VPN provider knows who you are. To combat this, use a free limited account from ProtonVPN or Windscribe or Tunnelbear or another company. Or, pay for the VPN in cash (a few support this). Or with a gift card. Or, have someone else pay for the VPN service. Both Mullvad and IVPN offer gift cards for their service that offer a fixed amount of time. These gift cards can be applied to any account on their service.

Signal limits you to one account. This is not the case with ProtonMail or Tuta.

  • ProtonMail includes protection from Homograph attacks and Enhanced tracking protection.

    PROTON MAIL APPS

    If you use the ProtonMail app on either iOS or Android, be aware that it can be protected by an app run password. This is a short number (they call it a PIN code) that must be entered before the app can run. This is a great feature as it provides protection against someone who has your unlocked mobile device. It also lets you protect the account with a very long password, while providing a shorter one for everyday use.

    - - - - - - - - - -

    On Android, I tested this on Android 14 using app version 4.0.11 in May 2024. To enable the app run password: Settings -> Auto Lock -> ON. This prompts for a numeric PIN code. The minimum length is 4 digits. The maximum is not obvious. Another aspect to this is when the app lock kicks in, which is controlled by the "Auto Lock Timer" setting. This defaulted to the most secure value: "immediate". Other timing options ranged from 5 minutes to a full day.

    While configuring the Android app, maybe turn off these options: Anonymous Telemetry and Anonymous crash reports.

    From Proton: How to use the auto-lock feature on Android. This is sad. The article has no dates, so it might have been written in the 1970s. It is also wrong about the length of the PIN (it says the only length is 4 digits). And, there is no provision for feedback about the article. Disgracefully amateurish. I did contact Proton and they said (May 2024) that the PIN can be up to 8 digits.

    - - - - - - - - - -

    On iOS, I tested this on iOS 17.4 with app version 4.14.0 in May 2024. You set the app run password at: Settings -> App PIN. To control when the PIN code is requested, set the Timing option, which ranges from 1 to 60 minutes. It is annoying that the same features have different names on iOS vs. Android. Again, amateurish.

    From Proton: How to set up Face ID, Touch ID, and PIN code lock on the Proton Mail iOS app. This article too has no dates and no provision for feedback. But, it does say that the PIN code length is from 4 to 21 characters. This is, technically, wrong. The PIN code is numeric. Saying "characters" implies that it accepts letters. It does not. Interesting that on Android, the maximum PIN length is 8 digits. The article also covers turning on AppKey protection. It does not, however, explain what this is.

    From Proton: Security recommendation: enable Face ID or PIN protection on the Proton Mail iOS app Last updated June 12, 2023.

  •  This page: 10 views per day (over 988 days)   Total views: 10,222   Created: August 15, 2022
    This Page
    Last Updated

    April 4, 2025
    Site Page
    Views TOTAL

     1,178,122
    Site Page
    Views TODAY

      565
    Website by
    Michael Horowitz
    top
    Copyright 2019 - 2025