Security Chart of Messaging Apps

On By ncscoutIn communications
IntelTechniquesSecureE2EE CommsComparisonBeta v. 0.1October 2020                   
                         
MessagingConfideDustJitsiiMessageMatrix/ElementSessionSignalSudoTelegramThreemaWhatsAppWickrWireNotes          
E2EE Messaging (In-Network)YESYESYESYESOPTIONALYESYESYESYESYESPARTIAL*YESYES*Whatsapp cloud (Google) backups are not E2EE          
Country of OwnershipUSAUSAUSAUSAUKAustraliaUSAUSAUAESwitzerlandUSAUSAUSAMany other cloud backups (Google, iCloud, etc) may not be E2EE          
14-Eyes AssociationYESYESYESYESYESYESYESYESNONOYESYESYES           
Open SourceNONOYESNOYESYESYESNOYESPARTIALNOPARTIALYES           
3rd-Party MetadataYESYESYESYESNONONONOYESNOYESYESNO           
3rd-Party AnalyticsYESYESYESYESNONONONOYESNOYESYESNO           
FundingVariousMark Cuban8×8AppleMatrix/ElementLokiSignalAnonyome LabsVariousThreemaFacebookVariousWire           
Registration RequirementsNoneEmailNonePhone/EmailNoneNonePhoneNonePhonePaymentPhoneNoneEmail           
Device Contact AccessOptionalYESNOYESNONOYESOptionalYESNOOptionalOptionalNO           
Message Control Across DevicesYESYESYESNOYESNONOYESYESNOYESYESYES           
Ephemeral MessagesYESYESYESNONOYESYESYESYESYESYESYESYES           
User ID FormatMember IDEmailNamePhone/EmailUsernameUsernamePhonePhonePhoneUsernamePhoneUsernameUsername           
Free Version AvailableYESYESYESYESYESYESYESYESYESNOYESYESYES           
Desktop/Browser AvailabilityYESNOYESYESYESYESYESYESYESYESYESYESYES           
Third-Party AuditYESNONONONOIn ProgressYESNon-PublicNOYESNONon-PublicYES           
                         
EmailCTemplarDiscreetMailboxPosteoProtonmailTutanotaSudo                 
E2EE (In-Network)YESYESYESYESYESYESYES                 
E2EE (Non-Network)YESNOYESYESYESYESNO                 
Country of OwnershipIcelandCzech RepublicGermanyGermanySwitzerlandGermanyUSA                 
14-Eyes AssociationNONOYESYESNOYESYES                 
Open SourceYESNOYESYESYESYESNO                 
3rd-Party MetadataNONOYESNONONONO                 
3rd-Party AnalyticsNONOYESNONONONO                 
FundingSelf FundedSelf FundedSelf FundedSelf FundedHorizonSelf FundedAnonyome Labs                 
Registration RequirementsNoneNonePaymentPaymentNoneNoneNone                 
Free Tier Daily Email Limit20010010 (Trial)YES150YESNO                 
Custom DomainYESYESYESNOYESYESNO                 
WildcardsYESNOYESNOYESYESNO                 
2FAYESYESYESYESYESYESYES                 
Desktop/Browser AvailabilityYESYESYESYESYESYESYES                 
Third-Party AuditNONONOYESYESNONon-Public                 
                         
VoiceFaceTimeJitsiMatrix/ElementSignalSudoTelegramThreemaWhatsAppWickrWire              
E2EE Calls (In-Network)YESYESYESYESYESYESYESYESYESYES              
Country of OwnershipUSAUSAUKUSAUSAUAESwitzerlandUSAUSAUSA              
14-Eyes AssociationYESYESYESYESYESNONOYESYESYES              
Open SourceNOYESYESYESNOYESPARTIALNOPARTIALYES              
3rd-Party MetadataYESYESNONONOYESNOYESYESNO              
3rd-Party AnalyticsYESYESNONONOYESNOYESYESNO              
FundingApple8×8Matrix.orgSignalAnonyome LabsVariousThreema GmbHFacebookVariousWire              
Registration RequirementsPhone/EmailNoneNonePhoneNonePhonePaymentPhoneNoneEmail              
Device Contact AccessYESNONOYESOptionalYESNOOptionalOptionalNO              
Max # of Users on Call (Base Tier)32751:11:11:11:11:181:14              
User ID FormatPhone/EmailNameUsernamePhonePhonePhoneUsernamePhoneUsernameUsername              
Desktop/Browser AvailabilityYESYESYESYESNOYESNO (Voice)YESYESYES              
Third-Party AuditNONONOYESNon-PublicNOYESNONon-PublicYES              
                         
VideoFaceTimeJitsiMatrix/ElementSignalSudoTelegramThreemaWhatsAppWickrWireZoom             
E2EE Video (In-Network)YESYESYESYESYESYESYESYESYESYESPARTIAL             
Country of OwnershipUSAUSAUKUSAUSAUAESwitzerlandUSAUSAUSAUSA             
14-Eyes AssociationYESYESYESYESYESNONOYESYESYESYES             
Open SourceNOYESYESYESNOYESPARTIALNOPARTIALYESNO             
3rd-Party MetadataYESYESNONONOYESNOYESYESNOYES             
3rd-Party AnalyticsYESYESNONONOYESNOYESYESNOYES             
FundingApple8×8Matrix.orgSignalAnonyome LabsVariousThreema GmbHFacebookVariousWireVarious             
Registration RequirementsPhone/EmailNoneNonePhoneNonePhonePaymentPhoneNoneEmailEmail             
Device Contact AccessYESNONOYESOptionalYESNOOptionalOptionalNOOptional             
Max # of Users on Call (Base Tier)32751:11:11:11:11:181:14100             
User ID FormatPhone/EmailNameUsernamePhonePhonePhoneUsernamePhoneUsernameUsernameEmail             
Desktop/Browser AvailabilityYESYESYESYESNOYESNO (Video)YESYESYESYES             
Third-Party AuditNONONOYESNon-PublicNOYESNONon-PublicYESNO             
                         
Contributors: Gustov, Up, X, MB 

Coming from IntelliTechniques, this is a comparison chart of the various ‘secure’ messaging apps out there, including mobile apps and email services. The top of the list is (not shockingly): Signal and Wire for messaging and Tutanota and Protonmail for email.

As I discussed in Radio Contra Episode 31, setting up a wifi-only device for communications is absolutely critical at this point in time.

5 thoughts on “Security Chart of Messaging Apps

  1. Riaan Booysen

    Hi brother Thanks for that info. My group is switching over to dust.

    Greetings from South Africa Riaan b

    Chance favours the prepared

    > >

    2. John Claye

      As far as i can surmise, all messaging apps are unsecure, since they are all being hosted on a (probably) compromised mobile device, on a (certainly) compromised network. I could be wrong, of course. If someone has info to the contrary i would appreciate it.

      2. I found a book on Kindle that goes along with this and has good suggestions how to deal with INSECURED phones.

        By Justin Carroll & Drew M.

        ComSec: Off-The-Grid Communications Strategies for Privacy Enthusiasts, Journalists, Politicians, Crooks, and the Average Joe.

        COMSEC uncovers the methods used by businesses, data brokers, and governments to harvest our data using the surveillance device that we allow into our lives in order to stay constantly connected. The authors share detailed first-hand knowledge about the tools, tradecraft, and techniques used to mitigate and eliminate the threats posed by tracking our communications. These same tactics, taught to covert law enforcement officers, military operatives, and the clandestine community, are explained here for anyone to adopt for their own personal communication strategy.

Comments are closed.