The Best Secure and Private Instant Messeger Alternatives to WhatsApp

Jun 8, 2021

Why does secure and private messaging matter? If you're not a "bad actor", that is, someone with harmful intentions, what would it matter if someone can see your communication or have access to the trail of your personal data left behind around the internet?

The answer is manifold: you deserve to be able to choose which parts of your life might go public, you deserve to know that personal information you send stays private (even from the company or organization that helps you send it), and you deserve to send communicate with friends and family without having your personal and private information sold to generate someone else’s profit.

There are deeper concerns, too, for people the world over who are struggling for legitimate democratic reasons; trying to overcome censorship that includes violent persecution is vital for the spread of democratic ideals, and secure messaging platforms can help make that possible.

Internet security is not an easy thing to understand

How does one secure one’s online presence? The truth is that this is difficult. The Electronic Frontier Foundation, one of the most important organizations around, actually stopped providing a simplified scorecard for the best secure messaging platform because the topic is so complex and difficult for non-tech-trained people to understand. With simplification comes the danger of assuming security. If you’re someone in need of extreme privacy and security on the internet, you should absolutely refer to the EFFs security guide which will help you understand and prepare in far greater detail.

Of course, the best way to protect yourself online is to just limit your use of all online services. Don’t use any online service and you can’t be tracked online. For many of us, that’s neither desirable nor possible, however, which leads us to the next best thing: use platforms that feature known elements that support privacy!

My one-stop recommendation: If you want to skip ahead and get my recommendation for the best possible messaging application, get Signal. It’s secure, a known quantity, trusted by many privacy-conscious users, and is EFFs own initial recommendation.

What matters when it comes to privacy and security?

There are a few major points that matter when it comes to online security.

Peer-to-peer (P2P) means that one device communicates with another directly, with no intermediary.
End-to-end encryption (E2EE) means that a device communicates with another via intermediaries, but does so with encryption that only the intended sender and receiver can decode.
Open-source software is software where the code has been released for public use and study. This is great for security reasons because it ensures that anyone can study the code of a program, see how it was built, secure it against bugs and security issues, and make sure that nobody placed malicious code in the program (like a “back door” which would allow, for instance, a company to access private E2EE communications). Apple recently fought the US Government in court to keep its Messages service free from just such a back door — though their service is obviously not open-source.

These are not the only things to be aware of when it comes to security and privacy! However, if you understand that these are generally good things, and a little bit about why they’re good, you’ll be way better off than those around you who don’t.

What’s problematic with Whatsapp and Telegram?

Whatsapp is owned by Facebook and several recent changes to both the WhatsApp terms of service, and how the application itself functions, have created serious privacy concerns. While their normal messages are still E2EE, messages to any business result in information also being shared to Facebook. A whole bunch of other user information, too, beyond the scope of the main content of an E2EE message is still collected, as well, and all of that is shared with Facebook and any company Facebook wants to share it with.

Telegram is not open-source; they keep their code hidden. Furthermore, Telegram does not enable E2EE by default, nor in groups which means that average users will be sharing a lot of data with Telegram. Even if Telegram chooses not to use this data, they could use it if they so chose.

Wire is no longer recommended, due to their transition to US-based servers, changes to their privacy policy, and a heavy shift toward the for-profit model. You’ll still find this one recommended a lot on the internet, but I’d urge you to go with another service like Jami if you’re searching for an Enterprise-level tool.

h/security • 45 guides

h/technology • 90 guides

h/android • 21 guides

Show 1 more

Supported platforms: Linux, FreeBSD, OS X, Windows, Android

E2EE and P2P
OpenSource

Tox is a simple but powerful messaging platform that puts security and privacy first. There are several Tox “clients” which are programs using the free Tox software to create applications that you would use to communicate! The biggest question here is which one to pick.

I recommend qTox if you plan on using it on Windows or macOS. Their design is solid and their team has been the most consistent about updates.

You could also use aTox, which is an Android-only implementation.

Potential cons: Tox is an awesome program with a lot of future potential, but it is currently unaudited. This means that no independent 3rd party which handles professional software auditing has evaluated the software for potential security concerns. Tox developers are very up-front about this, however, which is a good sign.

Supported platforms: Windows, Android, macOS, iOS, Linux

E2EE in place
P2P in place
Opensource under GNU license
Growing quickly in terms of functionality, placing itself as a potential Enterprise tool.
Lots of features, including screen sharing and conference calling (which, due to the P2P nature of the application, means that connections between larger groups will actually be more stable.
Free — so an awesome alternative to Zoom (which has some privacy issues).

Jami is a potent new kid on the block, positioned as a Skype replacement (one that’s you know, actually secure). Their development team has shown a lot of dedication to providing stable and consistent updates and their software works on a wide number of devices.

Potential cons: As with other such systems, for the software to work, all users will need to be using Jami. Considering how difficult it can be to get people to try new applications, this could be a drawback. However, the huge range of features offered might be enough to make even grandma get the app.

Supported platforms: Linux, Windows, macOS, Android, FreeBSD, OpenBSD, NetBSD, Haiku, Raspberry Pi

P2P implemented
E2EE implemented
Multiple features; Possible to use as an entire internet community replacement.

Retroshare is an extremely powerful tool for creating anonymous and private networks of trusted friends, and offers a number of features that would allow for fully-fledged communities of such users to connect without ever once accessing the open internet (tools such as chat, email, large file sharing, built-in forums, “boards” which allow for public file/image sharing and communication (sort of like a social media’s feed), and recent support for voice and video sharing).

Potential cons: It’s ugly. The interface feels like something that an early 2000s software engineer would design and they severely need to hire a proper graphic design team to help them implement something accessible for the public. Functionally, the software is awesome and incredibly powerful, but be warned that the privacy of the network is its first point of security. Privacy of the whole network is compromised if even a single unverified member is allowed in (or if one member is compromised).

Supported platforms: Android

Briar is the coolest messaging application around because Briar does not require an internet connection to work. Say again? Briar functions, when online via the secure Tor network, but it can also sync using Bluetooth connections, that means that groups of people can still communicate if cell service and the internet are disrupted. This makes it one of the most powerful tools for avoiding censorship.

It also makes it one of the best possible apps to have in emergencies, since it can be used without a communications infrastructure. I live in an earthquake-prone area, so Briar is a massively useful app for my friends and family.

There is a massive amount of potential here as the app already includes in-built blogging, social forum, and .rss feed grabbing features, and the development team has huge goals for future releases.

Briar has also been audited by Cure53, a German cybersecurity firm, and it received high praise. Further auditing is likely to take place in the future to ensure that security is sound.

Potential cons: Right now there’s only support for Android, but support for other platforms is being considered. Implementing on iOS is going to present problems due to security problems with how iOS sends data to Apple. The app is also fully in the developmental stage.

While it’s fully functional at a very basic level it lacks most of the features of the more advanced apps located in this list. I strongly urge everyone to check it out and support the organization behind it (financially, with volunteer hours, or via using the app), but I’d stick to a proven medium for my serious day-to-day communications.

Briar will only be effective once a high number of users are using it, and for that to happen the team needs to get a major face-lift from a professional public relations firm. Right now, their marketing strategy is “this is for revolutionaries” which isn’t likely to endear them to the average user.

Supported platforms: Android, iOS, Linux, Web-interface

-E2EE enabled

Okay, so Jitsi is amazing but it’s also primarily a video/audio communications service. Think of it like a secure and more stable Zoom. However, it also does have an in-built text chat feature just like Zoom does, so it counts. Jitsi is actually implemented as the video/voice option for Element, the next option on this list.

Some services like Rocket.chat implement Jitsi as well, but Rocket is an Enterprise software (designed for communities and teams. Rocket is actually my main recommendation for teams and communities, though, as long as self-hosting is possible).

Supported platforms: Windows, Android, MacOS, iOS, Linux, Web-interface

E2EE enabled

Element is probably my favorite service aside from Signal because it is so darned feature-rich, and because it’s growing at a fast pace. It’s gaining a lot of name recognition as a general-use tool, which isn’t true of some of the others on this list, and it’s positioning itself as a replacement to not just apps like Telegram and WhatsApp, but also to social services and networking platforms like Discord or Slack.

Element is also hugely privacy-focused in the best way, hoping to provide a user-friendly alternative to other networks, one free of corporate data mining and advertising. It also has a fast-growing network of nearly 30 million.

Potential cons: It is still being developed so not all features are as polished as users might expect. The concept of a Federated network might be confusing to non-tech-trained people and Federated networks come with some unique privacy/security issues. If you’re only connecting with people you actually know, it’s no biggie, however, and Element will serve great as a social community nexus for your close friends, families, or clubs.

Potential cons: Element supports its free service with paid services and those paid services add a lot of great features, including a custom “home” which is hosted on a private server just for you. It’s not the cheapest service, costing $10 for just five total users, though upgrading for more users is possible. It’s not necessary to do this, however, and the free service of Element is totally great.

A final con is that the whole structure/concept might feel a little strange to new users. There’s also a way to access the larger public collection of global “rooms”, which can be cool but can be even more confusing, and can open up additional privacy concerns. I’m not sure I’d recommend Element for the average user because of this.

Supported platforms: iOS, MacOS

E2EE enabled by default (with one serious caveat, discussed below)
Integrated and powerful

Apple really is a solid company to go to for the average user who wants to protect their data and information. Because of how Apple has implemented their hardware and software design, and because of their willingness to stand up for privacy concerns in court, they remain the only major company that provides the un-tech-educated user with a modicum of privacy and security.

Potential cons: Only works with other iOS and macOS users, so it’s an ecosystem-limited product. This sucks if you want to communicate with anyone who doesn’t have an Apple product (in which case you’ll need to use one of the other apps on this list).

There’s also a huge caveat when it comes to keeping the supposedly E2EE messages secured. If users have iCloud enabled for Messages, the E2EE encryption becomes pointless, so make sure to have that feature turned off.

Finally, you're still going to be using a corporate-owned application that stores its data in the US and comes with all the baggage of those issues inherent in its design.

Supported platforms: Windows, Android, iOS

E2EE enabled

Viber is an interesting option, especially if you’re traveling internationally. That’s because their cheap international calling service allows for international calls to be placed to anyone, even if they’re not using Viber. They’re also trying to position themselves as a private social network replacement with their new community feature. Since anyone can create a community, this allows people to set up networks of contacts within Viber’s secure system.

Other neat functionality includes a “send reminder to self” feature and a to-do list built into the app.

It’s a very easy-to-use platform and the service is quite remarkable. As with all such apps, you’ll just need to convince everyone you know to join it instead of one of the alternatives. If you have a lot of friends who are outside your country, this might be the best option.

Supported platforms: Windows, Android, MacOS, iOS, Linux

E2EE

Wickr is a powerful secure platform that mostly concentrates on Enterprise-level software for companies and the military, but their “Me” version is free for private individual use. It includes audio and video calling (but only one-to-one, not for groups) and group text messages (but only up to ten people at a time).

One of the biggest benefits of Wickr is how heavily they’ve been audited. They’ve even initiated a “bug bounty” program where they’ve paid developers to go through their software to uncover problems.

Supported platforms: Windows, Android, iOS, Web-interface

E2EE
No intermediary servers
Based in Switzerland

Threema is one of my favorite apps with one massive caveat: it’s a paid service. It only costs $2.99 for lifetime access to the application, which is frankly incredible, but in my testing, I ran into heavy resistance from people over even that much of a cost. It’s great if you’re privacy-conscious or need to communicate securely, but for average users, the cost is going to be a problem.

It’s an extremely secure app with a ton of features, including groups and lists, 50MB file sharing, polling features for groups, voice and video calling, various themes, quoting, and more.

I’m happy to have purchased the app even just for this review, because the company is really solid, but, again, I think that the friction caused by even this small fee is going to cause people a lot of grief when it comes to migrating from a “free” service like WhatsApp or Telegram. I imagine that one of the free services I list will do better.

Supported platforms: Windows, Android, MacOS, iOS, Linux

E2E enabled
Well-known with a large and swiftly-growing userbase
Open-source software (free and open-source, actually, which is better than just open-source).

Signal is probably the best-known alternative to WhatsApp and Telegram and it is by far the preferable option of the three. Signal has been praised by privacy experts, the United Nations, Edward Snowden, and many notable figures in governments, the tech industry, and activist circles. Their software is heavily audited and potential security concerns are far more likely to be found out than with some of the other services available because of its open-source nature.

Signal is advancing really quickly and has plans to implement a payment option! The only other service I’m aware of that offers secure payments is Status, and their entire infrastructure is firmly in the early-beta realm. If a known quantity like Signal can make a secure and private transaction system work, one where non-volatile, easy-to-access, and simple payment processing can take place, I think it could place Signal at the top for a very long time to come. I, for one, know I’d want to start using it as my default payment processor.

Potential cons: The largest cons are that while Signal’s size is growing, that also means it’s more likely become an increasing target for "bad actors" trying to breach it. Also, the service has been blocked in a few locales, like China, where using it might actually invite unwanted attention.

Signal has required the use of phone numbers to sign up in the past, and this can be a problem for entirely legitimate reasons. Not everyone can get a cell phone or a phone number, and in some places, laws regarding phone numbers attach a lot of private information to owning one. Signal has been working to solve this problem, however, and will likely roll out an alternative sometime in the future.