Why not ...

- Reading time: 40 minutes / whole rubric: 100 minutes -

In addition to the top dog WhatsApp, there are countless other providers who also want a piece of the pie and advertise their own islands as paradise.
“Island” is actually to be understood as such in this context: These are island solutions that want to bind users to themselves by deliberately excluding or separating them from other systems. Therefore should be generally questioned:

  • Is it free software (public domain or company property)?
  • Is there a dependency on a central authority?
  • How is the service financed (openly or covertly)?

In all central messengers listed below, metadata collection and analysis is possible or actively used. Metadata is not the actual content of the messages, but relates to the environment. Therefore, it is irrelevant in this context whether the communication is encrypted or not. This is often overlooked.

In addition to the “better known” messenger systems, there are many more reputable providers working with a solid business model - but also an incredible number of ominous services that come and go. In particular, you have to watch out for providers that use a lot of technical terms and throw around superlatives like:

  • extremely secure
  • best crypto messenger
  • unique privacy
  • quantum resistant
  • blockchain
  • truly private
  • cryptocoin
  • the safest, the best, the first, the greatest …

The crowning glory is when privacy is advertised and Discord is offered as a contact option or a cryptocurrency is foisted upon you. In these cases, it’s definitely not worth taking a second look, because the people behind it usually want exactly the opposite. So watch out, because some “only want their/your best” - specifically: access to personal privacy, data grabbing, money mining/siphoning.

Why not …

Post Mortem

Additional information

Also a good page with a detailed list on the topic “why not”: https://securechatguide.org/rejectedapps.html (external, English)
Cross-references: Privacy, Encryption

Cross-references/Recommendations:


Aether

decentral free free of charge Beta status / no active further development

Compares itself to Reddit/Twitter, Mastodon, Secure Scuttlebutt. At the comparison (external) there is no “classic” P2P-Messenger. At first sight nice web presence.

Supplementary to the protocol “Mim” (external) and the development (external; as of 2019?):

Heads up: this documentation is currently a work in progress - it is being made public as part of a product that is actively being built. There is no guarantee of a stable API.
0.1 DRAFT First public documentation of the protocol in draft form. This document is made available so as to enable discussion, and it not ready for use.

Project page: https://getaether.net (external)

Abraxas

central nonfree costs Not intended for private individuals, but for companies and government agencies.

Abraxas’ solution is (like Stashcat only to be licensed as a closed system and can only be used as an island system.

  • positive: german website; german terms and conditions
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: according to webbkoll (external) 2 third party cookies and 9 third party requests (third-party) on the website
  • Open: Tracker in Android app?

Federal levels / open specialized applications / solves all interface issues:

_Abraxas maintains and develops software solutions for public administrations of all federal levels and for organizations in the governmental environment. Based on modern technologies, our engineers and developers design and build modern applications for tax and road traffic offices, municipalities, police corps, law enforcement bodies, vocational training, human resources and municipal utilities.

In order to meet the high demands of users for open, powerful and practical applications, Abraxas covers all areas of modern software engineering - from consulting and requirements engineering, architecture and software development to project management, quality assurance, training and support.

Abraxas takes over the management of specific projects, automatically implements necessary adaptations in case of legal changes and ensures the integration of the solution into the customer environment. Abraxas integrates the data and processes from the population to the municipalities and cantons to the federal government and solves all interface issues - always with the goal of advancing digitization for the benefit of our customers and their customers.

Source: https://www.abraxas.ch/de/loesungen/fachanwendungen (external)
Also for the police: https://www.abraxas.ch/de/loesungen/fachanwendungen/polizei/instant-messenger-police (external)

Adamant

decentral free costs Cryptocurrency „ADM“

Messenger based on blockchain technology; “nice” comparison matrix (from Adamant’s point of view) also to other P2P systems.

  • positive: open source
  • positive: no trackers detectable in the Android app (0 permissions): Exodus (external)
  • negative: 0.001 ADM (0.00024 USD) per message
  • negative: closely linked to cryptocurrency (“ADM tokens”) -> no independence
  • negative: according to webbkoll (external) 2 third party requests (third-party) of Google fonts on the website

Project page: https://adamant.im/#trade-adm (external)

Berty

decentral free free of charge beta status

Also an open source project that advertises security/privacy (“The privacy-first messaging app”), but then uses “Discord” itself and offers it as a contact option. Actually, this contradicts itself, because the focus of the P2P messenger is supposedly various sensitive professional groups, activists, and also secret traitors:

Certain groups of people are at higher risk because of their activity: journalists, military personnel, government officials, activists, corporate members, lawyers, whistleblowers. Berty was designed with them in mind.

  • positive: decentral
  • positive: with end-to-end encryption
  • positive: open source
  • positive: no trackers in Android app (24 permissions): Exodus (external)
  • negative: no German website/terms of use
  • negative: still in beta status (“Berty will be released soon”)
  • negative: uses Cloudfront, Google AMP
  • negative: uses Discord as contact option
  • negative: according to webbkoll (external) 175(!) third party requests (third-party) on the website

Berty’s messenger comparison (external)
Project page: https://berty.tech (external)

Chiffry

central ° non free Entry free of charge ° decentralized possible but: server without federation
  • positive: German website
  • positive: with end-to-end encryption
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: free basic version is a lock offer with very limited functionality - for example, files can only be sent up to 0.5 MB and videos only up to 1 MB in this; only 10 group members, …
  • negative: own servers are only possible with the business version (but these are then self-contained systems)
  • negative: according to webbkoll (external) 2 third party cookies to youtube; 21 third party requests to among others google fonts, google, youtube, googleads, doubleclick, …
  • negative: 1 tracker (Google Firebase Analytics) in Android app (38 permissions): Exodus (external)

Project page: https://www.chiffry.de/versionen (external)

Cweb

decentral free free of charge beta status

All data is stored encrypted and exchanged between the device and an “Amazon S3 bucket” via a P2P protocol. Various service providers (Amazon, minio, wasabi, …) offer S3-compatible storage, but it can also be self-hosted. The messenger “Stone-Age” is based on Conversations - but the communication protocol XMPP has been replaced by Cweb.

  • positive: open source
  • positive: no trackers in the Android app “Stone-Age” (37 permissions): Exodus (external)
  • negative: no german project page
  • negative: still in beta status (“expermental”, “prototype”, “demonstrate the approach”)
  • negative: uses Amazon S3 (Simple Storage Service) - therefore only “quasi P2P”.
  • negative: uses G-Mail as email provider for contact
  • negative: no voice/video calls
  • negative: according to webbkoll (external) 2 third party cookies and 4 third party requests (third-party) from Google fonts on the website

Stone-Age: https://f-droid.org/packages/com.cweb.messenger (external)
Project page: https://cweb.gitlab.io (external)

Cwtch

decentral free free of charge beta status

Also a solution that uses TOR.

  • positive: decentralized
  • positive: open source
  • positive: no trackers detectable in Android app (10 permissions): Exodus (external)
  • positive: according to webbkoll (external) no cookies and no third party requests (third-party)
  • negative: no german project page
  • negative: still in beta status!

Project page: https://cwtch.im (external)

Discord

central non free free of charge 'hefty' terms of use

The “terms of service” (external; from 28.03.2022) of the messenger, which is popular and often used in the computer games scene and by students, reads fiercely, as Discord gets the rights to all of the content shared there:

Your content is yours, but you give us a license to it when you use Discord …
… To use, copy, store, distribute, and communicate content … publish, publicly perform or publicly display … monitor, modify, translate and reformat, … to sublicense …
(as of 06/16/2022)

(Until 28.03.2022 (external): By uploading, distributing, transmitting or otherwise using your content on the service, you grant us a perpetual, non-exclusive, transferable, royalty-free, sublicensable, worldwide license to use, host, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display your content in connection with the operation and provision of the Service.)

  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: ‘heavy’ terms of use
  • negative: 6 trackers in Android app (22 permissions): Exodus (external).
  • negative: according to webbkoll (external) 6 Third-party requests (third-party) on the website

Project page: https://discord.com (external)

Facebook Messenger

central non free free of charge Facebook Ireland Limited has changed its name to Meta Platforms Ireland Limited as of 04/01/2022.
  • positive: german terms of use (external) and german data policy (external; not “privacy policy”)
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: uses unique Nmmer as user ID (“user ID” (external)
  • negative: 4 tracker in Android app (64 permissions): Exodus (external).
  • negative: according to webbkoll (external) 36 Third-party requests (third-party) on the website.
  • days, since the last Facebook scandal: https://dayssincelastfacebookscandal.com (external)

Project page: https://www.facebook.com/games/fbmessenger_android (external)

ginlo

central non free private free of charge Discontinued as of 31.12.2019 / continued as of Jan. 2020 by "ginlo.net GmbH".

The messenger service SIMSme was acquired by Babbler in March 2019 and the name was changed to “ginlo”. According to Wikipedia (external), the architecture is allegedly similar to that of GoldBug.

  • positive: german website and german terms and conditions
  • positive: according to webbkoll (external) NO third party requests (third-party) on the website
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: phone number required to sign up and use (different from Goldbug).
  • negative: The possibility to enter the AES key manually does not exist. (Difference to Goldbug)
  • negative: The RSA key is generated by the app. So you can neither change the key length nor generate your own key pair. (Difference to Goldbug)
  • negative: 1 Tracker (Amplitude) in the Android app (44 permissions): Exodus (external).

(Source: Wikipedia)

December 2019: Termination

Discontinuation of “Ginlo “ (former post-messenger “SIMSme “ due to insolvency of Brabbler AG at end of year 2019.

”… If you still want to download images, videos, files etc. from ginlo, please do it right away. Because all your encrypted content, metadata and personal data will be irretrievably deleted by the end of December at the latest. …”

January 2020: continuation/acquisition

“In January of this year, Brabbler co-founder Karsten Schramm took over the ginlo project from Brabbler AG’s insolvency and transferred it to the newly founded ginlo.net GmbH.”

Source: Press release from 14.07.2020 (external; PDF)

Project page: https://www.ginlo.net

ICQ New

central non free free of charge no encryption
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: no German website/terms of use
  • negative: heavy usage rules (see below)
  • negative: no encryption
  • negative: 5 trackers in Android app (56 permissions): Exodus (external).
  • negative: according to webbkoll (external) 8 Third-party requests (third-party) on the website.

In April 2020, “ICQ” was renamed “ICQ New” by the ownership group (Mail.ru).

In the rules of use established by the operator ICQ Inc. on June 7, 2000, the user waives all his intellectual property rights to the data made available through the ICQ service

Source and more: https://de.wikipedia.org/wiki/ICQ (external)

Project page: https://icq.com (external)

IRC

decentral ° free free of charge ° decentral but server without federation

Internet Relay Chat, or IRC for short, is one of the oldest services and thus also one of the Internet’s chat bedrock. Thus, the software is very mature, but the operation is still done via text commands, which can be difficult for newcomers.

  • positive: very common
  • positive: no central system
  • positive: no login required to use
  • positive: simultaneous connection to different servers possible
  • positive: different apps/programs as clients to choose from
  • positive: bridge to chat standard XMPP
  • negative: no offline messages and no distribution to multiple devices
  • negative: no fixed chat addresses but only temporary nicknames (“nicks”)
  • negative: in “channels” (rooms) only text messages and no files like photos, audio, video
  • negative: operation via text commands

External sources:

Notify

central non free costs Nicht für Privatpersonen, sondern für Firmen und Behörden gedacht.

A commercial platform for companies that want to “serve” different islands with information at the same time. It includes: WhatsApp, Instagram, Facebook Messenger, Apple Business Chat, Telegram, Viber, Notify, Webchat.

Cross reference: Are bridges and their use legal?

  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: 2 trackers (Google Firebase Analytics & CrashLytics) in Android app (30 permissions): Exodus (external).
  • negative: according to webbkoll (external) 25 Third-party requests (third-party) on the website.

Project page: https://www.messengerpeople.com/notify (external)

Olvid

central non free Entry free of charge Lockangebot
  • positive: usable without phone number
  • positive: client software is open source
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: server code is not open source
  • negative: no german website/terms of use
  • negative: “secure” calls only with paid version; full functionality has to be bought (“bait offer”)
  • negative: 1 tracker (OpenTelemetry - OpenCensus, OpenTracing) in Android app (21 permissions): Exodus (external).
  • negative: according to webbkoll (external) 13 third party requests (third-party) among others also for Google fonts/Cloudflare on the website

Project page: https://olvid.io (external)

Revolt Chat

central ° non free Entry free of charge ° dezentral möglich aber: Server ohne Föderation / Beta-Status

Revolt Chat is based on its own self-developed protocol and sees itself as an alternative to Discord and Rocket Chat.

  • positive: open source (server and client)
  • positive: server hosted in the EU
  • positive: no trackers detectable in the Android app (0 permissions): Exodus (external)
  • positive: according to webbkoll no third party requests on the project page
  • negative: centralized system; no federation! *)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: only beta status (external)
  • negative: currently no apps yet; web application only.
  • negative: in beta still no end-to-end encryption

Why there is no federation? See the FAQ (external) for an answer:

From personal experience, I’ve generally found federated protocols to not be suitable for real time communication, Matrix is incredibly buggy at times and it’s left a sour taste in my mouth.

So the answer is something like: “too complicated for us, and nobody wants it anyway” - not very convincing, because apparently this questioner does exist, otherwise this would not be a frequently asked question (FAQ).

Project page: https://revolt.chat (external)
Developer page: https://developers.revolt.chat/api (external)

Rocket.Chat

decentral free selfhosting free of charge ° decentral but server without federation

Teammessenger as an alternative to Slack with the basic goal of “self-hosting”.

schul.cloud

central non free costs Nicht für Privatpersonen, sondern für Bildungseinrichtungen gedacht.

Nicht mit der „HPI Schul-Cloud“ zu verwechseln!

school.cloud is based on stashcat and uses an in-house developed, non-public protocol for data transfer.

  • positive: german website; german terms and conditions
  • positive: public security messages (external)
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: free basic version is a loss leader with very limited functionality
  • negative: 2 trackers (Mapbox and Google Firebase Analytics) in the Android app (43 permissions): Exodus (external).
  • negative: according to webbkoll (external) 55 (!) third party requests (third-party) on the website

More information: >> here <<
Project page: https://schul.cloud (external)

Session

decentral free free of charge Cryptocurrency "$OXEN"

Session (formerly known as “Loki Messenger”) is a fork of the app Signal that doesn’t use a phone number for identification, but has various features removed from the protocol. Currently, there is a change in the name from “Loki” to “Oxen”. Session uses onion-routing through Oxen Service Nodes for transport and the “LOKI coin” has become the “$OXEN”.

Oxen about itself:

Oxen is many things. A private cryptocurrency. A secure messaging platform. A network anonymity layer. Tools to build a more private future for the Internet.

The messenger app “Session” is closely related to the cryptocurrency “$OXEN” (formerly: “LOKI coin”):

Authorization for a server to operate on the network is attained through the server operator con3 ducting a special staking transaction, which requires that an operator provisionally lock an amount of Loki cryptocurrency assigned to their node (approximately 18,550 Loki coins; equivalent USD 7,420 dollars as of 10/02/2020).

Source: Whitepaper Feb. 2020 (external; PDF)

  • positive: no phone number required for registration or use
  • positive: app is open source
  • positive: no trackers detectable in Android app (40 permissions): Exodus (external)
  • positive: according to webbkoll (external) no cookies and no third party requests
  • negative: no german website
  • negative: perfect forward secret, deniability and self-healing have been removed or are not available
  • negative: desktop application is just another Electron application with all its bugs, like trying to connect to gvt1.com on first startup
  • negative: Session brags about its own Onion routing, but it’s not possible to set a custom guard/bridge relay or other proxy (e.g. through Tor first) in the app. That’s it for session usage metadata….
  • negative: The generated key is based on a 13-word seed, there is no option to increase it
  • negative: The creation of an alias cannot be skipped, which makes security against social engineering attacks and the creation of anonymous accounts more difficult, especially for new users
  • negative: No ability to use multiple accounts at the same time or run multiple session instances at the same time
  • negative: No protection against spam; account must be changed if ID becomes known
  • negative: you can’t even change the language manually (it automatically takes the language of the operating system) -> metadata on screenshots
  • negative: no voice/video calls
  • negative: “Link preview” feature is not mentioned in the Quarkslab audit (external) -> is it safe to turn on the option or use it?
  • negative: Loki Nodes (nodes) store messages and files.
  • negative: entry to cryptocurrency “$OXEN” -> no independence

Source among others: https://restoreprivacy.com/secure-encrypted-messaging-apps/session/ (external; also read comments!)

To Session there was once a tweet, in which it was about that one of the developers probably has a great proximity to right-wing extremism. This was then controversially discussed, whether this says something about the software.
This was also briefly mentioned at the CCC: https://media.ccc.de/v/df93bf36-c048-4dea-ad2b-898ac3255cfa (external)

Explanation of what Session is using for onion-routing and why it doesn’t use Lokinet: getsession.org (external)
Roadmap where you can see that Lokinet integration is not finished yet: oxen.io (external)
Source code for desktop: https://github.com/oxen-io/session-desktop/releases (external)
Project pages: https://getsession.org (external), https://oxen.io/ (external)

Signal

central non free free of charge Signal is recommended by Edward Snowden - but is also controversial.

Just like WhatsApp, Signal is defacto a closed system, also uses only phone numbers for registration, uses the same encryption, and is also headquartered in the United States of America (USA).

  • positive: no trackers detectable in the Android app (68 permissions): Exodus (external).
  • positive: results at webbkoll (external): 0 cookies, NONE third-party requests.
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: the desktop client is based on Electron
  • negative: phone number required for registration and use
  • and much more …

More information: >> here <<

Project page: https://signal.org (external)

Slack

central non free partly without costs Nicht für Privatpersonen, sondern insb. für Firmen gedacht.

Designed for workgroup communication (groupware). According to Wikipedia (external), Slack seems to use tracking and analysis tools extensively.

  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: only limited basic version is free of charge
  • negative: according to webbkoll (external) 6 cookies; 2 from third parties; 69 (!) third party requests (third-party) among others to Google, Youtube, … on the website

Project page: https://slack.com/intl/de-de/pricing (external)

Speek

decentral free free of charge Questionable copy of Ricochet Refresh.

Speek is based on Ricochet Refresh. While the original is trimmed to make things work cleanly and securely, Speek focuses on a “better” operation/user interface.

  • positive: open source app
  • positive: uses TOR
  • negative: questionable copy of ricochet-refresh
  • negative?: Uses Telegram as a public chatroom.

As it is, Speek has to be taken with a grain of salt, as the developer of Ricochet-Refresh has given the following (warning) advice:

tldr: Speek.App is literally just reskinned Ricochet-Refresh w/ some sketchily implemented patches on top and the Ricochet-Refresh git history removed. Please don’t be fooled by slick marketing and purple websites. If your safety is a real concern (ie you are an activist or a whistleblower or something), don’t use Speek.App. To everyone else, sure YOLO.

long version: Speek.App is a fork of a dev version of Ricochet-Refresh from sometime around October 2021. They have updated the style (dark mode skin, tweaked toolbars, backgrounds, etc) and added some quite badly implemented features (bad in the sense that the code changes are amateurish and buggy, not that the usability enhancements are themselves a bad idea). I performed a light audit on their changes a few weeks ago, and while there isn’t anything that stands out as a backdoor, or cryptography fuckery, or anything like that, the changes are very badly implemented (like around first-year of uni if I’m being generous). They have also stripped out nearly all references to Ricochet-Refresh and the Blueprint for Free Speech organization (the non-profit which maintains Ricochet-Refresh through grants).

Source: awsomealternatives.org (external)

So despite their omissions, Speek.App is based off of Ricochet-Refresh … So, the normal way of going about this is to create a clone of a git repo, and start a new branch with your commits on top. Instead, the Speek.App team essentially copy+pasted the code into a new git repo, and made a v large ‘initial commit’. I’ll leave it to the community to speculate as to whether this is due to maliciousness or incompetence. …

Side note (you can skip this paragraph if you’re not a turbo-nerd): a side effect of this approach is that they have essentially copied all of the source of (a now old) version of tor (which Ricochet-Refresh uses for ed25519 encryption primitives) and the fmt library (which we use for debug logging, only enabled by a compile-time flag not set in our official releases). We include these external dependencies as a git submodule, which is basically a soft-link to an external git repo to make it easy to update versions (for instance if we need a new feature or if there has been a critical bug-fix). Copying and pasting breaks this link so the version of tor in the Speek.App repo is now several months old. …

the takeaway is don’t use Speek.App if you care about your anonymity and safety. I did not find anything actively malicious (eg backdoors, broken crypto, etc). However, in terms of code-quality, the new features are implemented very amateurishly and almost certainly contain bugs if not outright security and or privacy vulnerabilities.

I’m sure an intrepid security researcher with some free time can find some interesting around their RichTextBox usage ;)

Anyway, it sure would be nice if y’all restored the AUTHORS.md file at least :)

Source: reddit.com (external)

Project page: https://speek.network (external)

Sphinx

decentral free free of charge? Cryptocurrency „bitcoin“

Another one about easy money for all: “Earning is the key that starts the flywheel. Speech and assembly support decentralized earning.”

  • positive: open source
  • positive: decentralized
  • negative: cryptocurrency “bitcoin” -> no independence.
  • negative: no German website
  • negative: no imprint
  • negative: 3 trackers (Bugsnag, Google Firebase Analytics, MixPanel) in Android app (21 permissions): Exodus (external).
  • negative: according to webkoll (external) HTTPS not as default, 18 requests to 5 hosts.

Project page: https://sphinx.chat (extern)

Stashcat

central non free costs Nicht für Privatpersonen, sondern für Firmen und Behörden gedacht.

Stashcat is also the basis of schul.cloud and uses an in-house developed, non-public protocol for data transfer.

  • positive: German website; German terms and conditions
  • positive: no cookies on the website
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: no visibility into security audits
  • negative: no federation/interoperability
  • negative: 2 trackers (Google Firebase Analytics, Mapbox) in Android app (44 permissions): Exodus (external).
  • negative: according to webbkoll (external) 1 third-party request (third-party) to Youtube on the website

More information: >> here <<

Status.im

central non free free of charge? Kryptowährung „Etherum“

Messenger with exchange for digital money (“Crypto Wallet”). Very closely interwoven with the cryptocurrency “Etherum”. In the whitepaper (external), the headline reads: “The Status Network - A strategy towards mass adoption of Ethereum”.

  • Positive: no trackers detectable in the Android app (15 permissions): Exodus (external)
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: no german website
  • negative: entry to cryptocurrency “Etherum” -> no independence
  • negative: according to webbkoll (external) 24 third party requests (third-party) on the website

Status.im (Status Research & Development GmbH) from Switzerland has invested over 99 million (external) in various companies - including $10 million in Matrix (with 5 million each to Matrix.org and New Vector).

Messenger comparison from status.im: https://our.status.im/private-messengers-what-can-they-really-see (external)
Project page: https://our.status.im (external)

Teamwire

central non free costs Nicht für Privatpersonen, sondern insb. für Firmen gedacht.
  • German website; German terms and conditions
  • positive: federation between different Teamwire servers is possible https://teamwire.eu/produkt/backend-federation/ (external)
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: 2 trackers (Amplitude, Google CrashLytics) in Android app (24 permissions): Exodus (external).
  • negative: according to webbkoll (external) 3 third party cookies and 28 third party requests (third-party) on website

Project page: https://teamwire.eu (external)

Telegram

central non free free of charge In a nutshell: Rather not suitable for private communication

The privacy-handbuch.de has reassessed Telegram: https://www.privacy-handbuch.de/handbuch_74b.htm#20_12_20 (external)

  • positive: app is open source
  • positive: according to webbkoll (external) no third party requests (third-party)
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: server code is not open source (proprietary) (external)
  • negative: there are different information about the company headquarters
  • negative: requires phone number for identification/use
  • negative: phone numbers and names are uploaded
  • negative: end-to-end encryption not preset
  • negative: no content encryption possible in group chats
  • negative: end-to-end encryption bound to one device per call partner (either phone or desktop or tablet or …)
  • negative: Disabling of online and read status not possible
  • negative: cryptocurrency (Telegram Coin “GRAM”) (failed attempt)
    Apparently $1.7 billion was invested by investors in Telegram’s crypto-network (source (external)) but info from May 2020: Telegram cancels cryptocurrency Gram and blockchain platform TON without replacement (external)
  • negative: 1 tracker (Google Firebase Analytics) in Android app (56 permissions): Exodus (external)

Danger from viewing phone numbers in group chats.

Telegram, is used by pro-democracy activists in Hong Kong to keep communications away from the prying eyes of Chinese authorities. Telegram has been banned there since 2015, but users have taken remedial action. Unfortunately (in 2019), a dangerous new technical problem has emerged with group messaging that makes phone numbers viewable. Protesters claim that this has already allowed government agencies to identify and identify individuals.

This particular problem does not open up private message content and affects “only” public groups. But it shows what can happen when authorities can compromise privacy in secure platforms. And it’s here that we see what the broader debate around encryption is all about, and why there’s so much passion for the issue.

“I need help from @telegram,” tweeted local software engineer Chu Ka-Cheong. “We and multiple teams have independently confirmed a serious vulnerability that leads to phone numbers being shared with members in public groups, regardless of privacy. Telegram is heavily used in #hkprotest, it puts HKers in immediate danger.”

Source: forbes.com (external)

More information

Project page: https://telegram.org (extern)

TeleGuard

central non free free of charge? No safety audit

Finally another new messenger as an isolated solution and with a proprietary protocol - the world has been waiting for this! And again with great promises:

  • FOCUS ON PRIVACY.
  • DESIGNED TO BE THE MOST PRIVATE MESSENGER IN THE WORLD
  • highly encrypted
  • No meta data and no IP’s are stored
  • To delete your account, simply uninstall the application.

… allegedly.

  • positive: From beautiful Switzerland!
  • positive: phone number not as user id
  • positive: no trackers detectable in Android app (25 permissions): Exodus (external)
  • positive: according to webbkoll (external) no third party requests (third-party)
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: proprietary protocol
  • negative: no security audit known / no review of implementation by independent third party
  • negative: encryption (except “Salsa 20”) not specified in more detail
  • negative: no desktop/web client available

Data storage.

The information in the FAQ (external) contradicts each other. From FAQ #10:

To delete your account, simply uninstall the application. Only the assigned ID remains on the server. No other data is stored.

Funny, because how does the provider know after “just uninstall the application” that it should delete still stored offline messages including metadata? And others then can’t send messages to the chat account anymore? But right in FAQ #11 it talks about offline messages stored on the server:

The messages are stored only until they are delivered. After delivery they will be deleted immediately.

So when the application is deleted, the account data as well as metadata and encrypted messages for offline messages are not deleted after all. Somehow this does not fit together.

Encryption

Better than a “complex encryption system” would be an encryption system that is comprehensible and up-to-date for interested parties. Complexity does not have to be positive. Where at least according to Wikipedia Salsa20 is not as complex as claimed: “Salsa20 (also Snuffle 2005) is a stream cipher, … and is based on a few simple operations” (external). So some more details about the implementation would be very interesting.

Project page: https://teleguard.com/de (external)

Threema

central non free costs Die „beste unfreie“ Lösung (wenn man das so sagen kann)

The app is now open source, which also includes the cryptography. This is also documented in a whitepaper (external). By the way, unlike Signal, Threema is not planning a crypto payment system, which seems very reasonable:

No, we are not working on a corresponding feature, and with Threema it will not be possible to make payments in the future - for good reason.” And, “In our view, secure messaging is therefore not compatible with payment processing.”

  • positive: open source app with documentation
  • positive: functioning and transparent business model
  • positive: no cryptocurrency or online payment systems planned!
  • positive: multi-device capable
  • positive: independent of phone number as identifier
  • positive: customized version Threema Libre for Android does not require proprietary software library from Google or other third parties
  • unclear: tracker in Android app “Threma” (as payment versions cannot be checked by Exodus). But no trackers detectable in Android app “Threma work” (36 permissions): Exodus (external)
  • positive: according to webbkoll (external) no third-party cookies and no third-party requests (third-party)
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: server code is not open source
  • negative: no native desktop app

There is an unofficial desktop client (external) based on Electron.

Threema’s opinion of itself: “What makes Threema better than all other messengers?” (external).

Data protection

Threema is rated as very good in terms of data protection by several supervisory authorities, and the LfDI Dr. Brink has also expressly welcomed the launch (https://www.baden-wuerttemberg.datenschutz.de/lfdi-gute-entscheidung-fuer-threema-schulen-brauchen-mehr-orientierung/). The Swiss government agency Educa.ch has published a list “Messenger services for use in educational contexts” (external; PDF), in which Threema also scores well.

**Sources.

Project page: http://threema.ch (external)

Threema Libre

With “Threema Libre”, there is a customized version for the Android app store F-Droid, where all proprietary software libraries from Google or other third parties are removed. Threema provides a separate F-Droid repo for this, which must be added to the F-Droid app before installation. Furthermore, a license is required, which has to be purchased in the Threema store. The license model is not customer but app related. Regarding the use of licenses from the Playstore for the Google-free version, Threema has formulated:

Since we can not verify licenses purchased via Google Play, Threema can not be downloaded with it in our store / F-Droid. However, if the purchase was less than a year ago, I am happy to offer you a refund and you can purchase a license through our store. Unfortunately, for purchases made more than a year ago, a refund is not possible due to Google Play restrictions. If you want a refund, please create a data backup first and then send us the Google Play invoice number.

… Presumably this applies to all customers.

Limitations compared to the PlayStore version:

  • Push: Google’s push service “firebase cloud messaging (fcm)” does not work, “Threema push” is used.
    Info about this from the source code: Github (external)

  • Emojies: There are no built-in emojies available. Instead, the system emojies are displayed/used (depending on the Android version, they can be accessed by a long press on the Enter key).
    Info about this from the source code: Github (external)

  • Google Voice Assistant does not work.

Found/found any other limitations? Feel free to report them: >> Contact <<

General info about push services like FCM/GCM: Kuketz (external)
Info about building (compiling) the app: Github (external)
Data backup: https://threema.ch/de/faq/data_backup (external)
Installation: Threema (external)

Threema Work

  • positive: no trackers detectable in the Android app “Threma work” (36 permissions): Exodus (external).

Since many also use a private smartphone in the professional/school environment, every user of Threema Work should still consider the following points during installation or decide for themselves:

  1. deposit the phone number
    Recommendation: Do not store the phone number, because it will also be displayed to external contacts (including parents and students, of course).
  2. save the e-mail address Recommendation: Only store the professional/school e-mail address - no private e-mail address.
  3. release the address book/contacts
    Recommendation: Do not share, as the app runs on the private smartphone, sharing would also import private contacts. Teachers, for example, should manage the school contact only in Threema Work.

The settings can still be changed under “My profile” after the initial setup, and the user’s own profile can also be further personalized there.

For schools applies: Private smartphones of teachers for the use of Threema Work must be included in the device list on the “Form for the use of private DV devices” (external) from the “VwV Datenschutz an öffentlichen Schulen” and approved!

TikTok

central non free free of charge TikTok automatically reads the contact list or phone book.
  • negative: actually everything (external)
  • negative: 5 trackers in the Android app (67 permissions): Exodus (external)
  • Query via webbkoll (external) not possible

Project page: https://www.tiktok.com (external)

Viber

central non free free of charge Data octopus

Viber belongs to the Japanese multinational conglomerate “Rakuten”. The headquarters of “Viber Rakuten” is in Luxembourg and the technical development takes place in Belarus.

Viber (like WhatsApp) stores, among other things, data from the device address book - and also from non-users. This provides a very precise insight into the social environment. How do you know if one of your contacts uses Viber and you are being abused for evaluation purposes without being asked? You don’t. But you can at least make a request that this should not be done:

If you are not a Viber user and do not want your phone number to be recorded, please contact us at: https://help.viber.com/en/contact (external)

  • positive: widespread - especially in Eastern Europe and Russia
  • positive: German website, terms of use and privacy policy (external)
  • positive: non-Viber users can be called internationally at low prices
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: maximum hold time to pick up messages is 2 weeks
  • negative: minimum age is 13 years old
  • negative: advertising overlays
  • negative: phone number required for registration and use
  • negative: server location unknown (only discovered hint: system administrators are also employed in Minsk, Belarus)
  • negative: company headquarters unclear (Israel, Belarus, Cyprus, New York?)
  • negative: data is shared with Rakuten Inc. as well as all subsidiaries (external)
  • negative: data is shared with many advertising partners and service providers (external; PDF)
  • negative: intensive tracking (external; PDF)
  • negative: storage of financial data generated by payment services, subscription fees, or purchases
  • negative: storage of data from other sources and presumed data (presumed gender, presumed interests, income, location, character traits, preferences, …)
  • negative: collection also of non-users (name and mobile number) from the address book
  • negative: no external verification of source code possible (source code is company secret)
  • negative: no independent security audit possible
  • negative: 7 trackers (Adjust, Braze, Google AdMob, Google CrashLytics, Google Firebase Analytics, MixPanel, TwitterMoPub) in Android app (66 permissions): Exodus (external).
  • negative: according to webbkoll (external) 18 third party requests (third party) on the website.

On data collection and secrecy regarding the company:

Viber packages data collection in marketing very cleverly:

We cannot and will not sell the content you share.

… but the contents are hardly interesting for any company - but Viber can use and successfully sell the much more valuable metadata!

Viber collects massive amounts of data from its users. The company itself is extremely tight-lipped about it.
A spokeswoman puts Viber everywhere and nowhere.

Sources: https://www.zeit.de/2012/09/Telefonsoftware-Viber (external), https://www.zeit.de/2012/09/Telefonsoftware-Viber/seite-2 (external)

At least users from California can object to the sale of their data (“Do Not Sell My Data”) thanks to the “California Consumer Privacy Act” (CCPA): https://support.viber.com/customer/portal/emails/new?type=CA (external)

Unfortunately, there is hardly any information from/about Viber itself. Neither about the company, nor about the location of the servers. Here is a rare interview with executive officer Veronika Kesova (2017): https://productized.medium.com/inside-of-viber-office-in-minsk-belarus-17320ce4a922 (external)

Wikipedia: https://en.wikipedia.org/wiki/Viber (external)
Privacy policy: https://www.viber.com/de/terms/viber-privacy-policy (external)
Project page: https://www.viber.com (external)

WhatsApp

central non free free of charge Often in public criticism because of: Data protection and privacy

WhatsApp uses only phone numbers for registration and as user ID. The company is based in the United States of America (USA) and the business model is to collect, add/enrich and ‘sell’ metadata.

Advantages/disadvantages in a nutshell:

  • positive: extremely widespread - especially in Europe and the U.S.
  • positive: convenient setup through automatic contact matching
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: privacy concerns and as a consequence ban of use in many areas (in companies, educational institutions, administration, …)
  • negative: uses phone number as user ID
  • negative: 1 tracker (Google Analytics) in Android app (56 permissions): Exodus (external)
  • negative: according to webbkoll (external) 19 Third-party requests (third-party) on the website
  • Days, since the last Facebook scandal: https://dayssincelastfacebookscandal.com (external)

More information: >> here <<

Project page: https://whatsapp.com (external)

Wickr

central non free costs Aimed at enterprise customers (Wickr Pro and Wickr Enterprise)

Wickr is geared as a messenger solution for companies; only very limited version in the “free” variant.

  • positive: end-to-end encryption
  • positive: free trial version (Wickr Me)
  • negative: no German website
  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: only 10 group members in free (limited) version (Wickr Me)
  • negative: file sending maximum 10 MB per file in basic version (Wickr Me)
  • negative: 3 trackers (Bugsnag, Countly, Google Firebase Analytics) in Android app (20 permissions): Exodus (external).
  • negative: lt. webbkoll (external) 3 third party cookies and 26 third party requests (third-party) on the website

Further very good overview/article: https://restoreprivacy.com/secure-encrypted-messaging-apps/wickr/ (external; English)

Prices: https://wickr.com/product-tiers/ (external)
Project page: https://wickr.com (external)

Wire

central non free costs Aimed at enterprise customers (Wire Enterprise and Wire Government)

Wire is aimed as a messenger solution for companies; only very limited version in the “free” variant.

Wire says it stores a database with “plain text storage of threads between users” on the server. “This allows us to ensure a better user experience when multiple end devices are used - for example, to synchronize call histories with other end devices,” Wire explained.

The company’s headquarters was moved to the U.S. (external) in November 2019.

  • positive: German website; German T&Cs
  • positive: no cookies on the website
  • positive: client and server are open source (external)
  • positive: own server for business clients possible
  • positive: clients for all major platforms
  • positive: officially audited
  • positive: an interface to standardized chat (XMPP) is planned = interoperability
  • positive: no trackers detectable in Android app (19 permissions): Exodus (external))
  • negative: central service (=dependency).
  • negative: no interoperability at the moment resp. no interface to chat standard XMPP
  • negative: only telephone number or e-mail address as user ID or identifier
  • negative: storage of messages in plain text in databases
  • negative: only 5 group members in free (restricted) version
  • negative: no federation of self-operated servers with other wire servers
  • negative: according to webbkoll (external) 2 third party cookies and 25 third party requests (third-party) on the website

Interoperability

A developer commented as follows on GitHub in October 2019:

Update: internal discussions around federation (between Wire servers as a first step) are happening. what would need to be done to implement: a) XMPP federation between Wire servers b) XMPP API between Wire servers and clients We have no plans to ever implement b) (to speak XMPP between Wire clients and Wire Servers.), or at least not in the next few years. So please don’t focus your efforts on that part. We plan to implement federation between Wire servers first. Whether that makes use of XMPP or not remains to be seen. …

Source: https://github.com/wireapp/wire-server/issues/631#issuecomment-541728717

Further very good overview/article: https://restoreprivacy.com/secure-encrypted-messaging-apps/wire/ (external; English)

Prices: https://wire.com/de/preise (external)
Project page: https://wire.com/de (external)

xx-Messenger

central non free free of charge Cryptocurrency „xx coin“

A system developed in the Cayman Islands (tax haven) that also uses TOR. Great animated and elaborate website but marketing blubber without end. Outside hui and inside …

  • negative: cryptocurrency “xx coin”
  • negative: Not everything is open source, there are proprietary elements: “Metadata shredding is a proprietary, xx-native technology that prevents messages from being linked or decrypted”
  • negative: Poor and uncharitable translation into German e.g. “TP6T” instead of xx-Messenger, “Apfel” instead of Apple, “mit einer vollständig geschütztem digitalem Währung”, American date format “01.25.2022”, “Nachdem Transaktionsdaten durch neutralisiert wurden xx cMixwerden Zahlungen an…”, “Kekse” instead of cookies, …
  • negative: no imprint
  • negative: 2 trackers (Google CrashLytics, Instabug) in Android app (8 permissions): Exodus (external)
  • negative: lt. webbkoll (external) 51 (!) third-party requests (third-party) to 16 unique hosts including Google, cloudflare, vimeo, …

Project page: https://xx.network/de (external)

Zoom

central non free free of charge Often in public criticism because of: Data protection and privacy

Zoom is booming and foolproof to use - so made for fools?

  • negative: central service (= dependency)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: app is not open source
  • negative: server code is not open source
  • negative: especially poor data protection
  • negative: new security vulnerabilities on a regular basis
  • negative: high costs for the public (tax money)
  • negative: maximum 40 minutes per conference with free version
  • negative: attention tracking (Zoom monitors its users and reports if a conference participant does not have the video window in the foreground for more than 30 seconds)
  • negative: Zoom hides the fact that you can enter a conference without having to install the software
  • negative: 1 tracker (Google Firebase Analytics) in the Android app (35 permissions): Exodus (external).
  • negative: according to webbkoll (external) 30 third party requests (third party) on website

Over 6 million euros for Zoom?

… Adding up the expenditures of the universities from the responses, they paid Zoom a total of 2,764,771 euros in 2020. Overlaid on all universities for which no data is available, German universities paid the U.S. company about 6.4 million euros. …

Source: https://netzpolitik.org/2021/private-infrastruktur-fuer-die-lehre-so-viel-bezahlen-hochschulen-fuer-zoom (external)

Warnings about Zoom

Some examples on operating systems:

  • Mac: Update code in Zoom can be abused by attackers to execute arbitrary code as root: objective-see.com (external; external)
    “The ’S’ in Zoom, Stands for Security”.
  • Windows: link conversion in messages can be used by attackers to get Windows user’s password: arstechnica.com (external; English)
  • All OS: Registered users with the same email domain automatically see each other in Zoom address book, unless Zoom knows the domain as shared hoster and has it on a blacklist - vice.com (external; English)

Quirks in use

  • split screen and then close the window by clicking on the X crashes Zoom on various platforms
  • it is impossible to force HD resolution

Project page: https://zoom.us (external)


post mortem

Some services have already been discontinued (which always highlights the dependence on centralized systems). These include:

Grape

decentral non free Entry without costs Ending: November 2021
  • positive: own servers are possible (but these are then self-contained systems)
  • negative: general terms and conditions in english only
  • negative: 6 Tracker in the Android app (38 permissions): Exodus (external)
  • negative: according to webbkoll (external) 9 third party cookies and 27 third party requests (third-party) on the website

Grape is the basis for the Untis Messenger (external).

Press release, 11/17/2021: Grape is no more.

With regret we have to announce that UberGrape GmbH - the company behind Grape - has filed for insolvency. …

Source: https://www.grape.io/de/blog/grape-ist-nicht-mehr (external; 11/17/2021)

Hoccer

central non free free of charge Ending: Mai 2020

Using the “Nearby” or “Worldwide” function, one receives offensive, crude but “clear” messages from strangers again and again. Unfortunately, this function is activated by default and must be deactivated by the user. deactivated by the user. Therefore, Hoccer seems to me especially not suitable for children or teenagers!

  • positive: test winner at Stiftung Warentest in August 2015
  • negative: not open source
  • negative: not child-friendly, due to ominous contacts through “Nearby” function

05/2020: discontinuation of Hoccer (external)
On the website was/is informed that the messenger service “Hoccer” was discontinued in May 2020:

”… with great regret we have to inform you that we have to discontinue the service of the popular Hoccer app. The last few months have been very challenging for our entire team. The effects of Corona have unfortunately also affected us on a personnel as well as on a sponsor level, so that we have to shut down “Hoccer” with a heavy heart. Until the end we tried to keep our messenger up and running to provide you with the best possible platform for secure communication. As you can imagine, this was connected with high costs, which we could only cover through company cooperations and sponsors in the last years. Due to this discontinuation within the Corona crisis, we accordingly have no other choice. We thank you for your loyal use of our app and hope that you will find a suitable alternative that will continue to protect your privacy. …”
(as of May 2020 / 20.07.2020)

Privalino

central non free costs Ending: September 2019
  • The “children’s messenger” Privalino is a Telegram clone with further restrictions; all messages are stored and evaluated in plain text.
  • It can only be used with mobile numbers - no landline numbers are possible (this is possible with WhatsApp, for example).

Discontinuation of “Privalino “ (external) among other things due to data protection and DSGVO to September 2019:

”… Ultimately, however, we could not inspire enough parents for our idea. …”


Additional information

A good (English) page with a detailed list on the topic “why not”: https://securechatguide.org/rejectedapps.html (external, English)
Cross-references: encryption, privacy