Top 5 Most Private and Secure Messengers: Signal Alternatives Reviewed

By Ava McKinneyOnline Safety

Choosing Among the Most Private and Secure Messengers: Signal’s Siblings

By now, you probably don’t need another reminder about why your messages should stay private by default. There are plenty of messengers out there, each offering some level of data protection. But not all are created equal, and each has its own unique features. In this article, we’ll look at the most private and secure messengers available today.

To keep this review focused, we’ll skip mainstream options like WhatsApp, Telegram, and Facebook Messenger. These require a phone number to register, and their security is entirely in the hands of the developers. Instead, we’ll focus on apps that offer true anonymity, strong encryption, and open-source code that’s been independently audited.

Why Not Signal?

Signal has a great reputation among privacy enthusiasts, and it’s well deserved! Its advantages include:

  • Open-source code
  • Strong cryptography enabled by default
  • Security audits
  • Cross-platform support
  • Useful features: file sharing, audio and video calls
  • Self-destructing messages

But there are serious drawbacks:

  • Requires a phone number to register. Only recently did Signal add the option to show a nickname instead of your phone number.
  • Signal shares phone numbers with third-party companies, and there has already been a successful hack where phone numbers were leaked to attackers.
  • Centralized infrastructure. If the main components go down, the messenger stops working.

Given these issues, it’s wise to consider alternatives to Signal. Maybe you’ll find an app with similar strengths but without these weaknesses. Let’s explore!

Session

Session stands out for its strong data protection and enhanced anonymity. It operates on the Oxen network, which works similarly to Tor: messages are routed through a chain of service nodes from sender to recipient. Clients are available for Android, iOS, macOS, Windows, and Linux.

When you register, you get a unique user ID and a secret phrase for account recovery. All the essential features are here: calls, disappearing messages, file sharing, group chats, and more. For notifications, Session can use Google infrastructure (for faster delivery), but privacy-focused users can disable this option.

Without Google servers, messages will still arrive, but with some delay. In testing, even “fast delivery” wasn’t always instant.

The main downside is that the developers made some controversial security choices: they don’t use Perfect Forward Secrecy (PFS) or plausible deniability.

What is Perfect Forward Secrecy (PFS)?

PFS is a cryptographic feature that ensures the security of encryption keys, even if long-term server keys are compromised. Each session uses a unique temporary key, so even if an attacker gets the long-term keys, they can’t decrypt past or future messages.

What is Plausible Deniability?

This feature allows users to deny the existence of certain data even under coercion. For example, you can set up multiple passwords: one for harmless data, another for sensitive information. If pressured, you can provide the password for the harmless data, keeping the sensitive info hidden.

Another oddity: to run your own service node, you need to lock up about $15,000 worth of OXEN cryptocurrency. This is meant to prevent spam from unreliable nodes.

Pros:

  • Full anonymity via the Oxen network
  • No user data required for registration
  • Account recovery with a secret phrase
  • Minimal metadata transmission
  • Open-source code
  • Decentralized network structure
  • Encryption by default (strong crypto algorithms)
  • Code audit completed

Cons:

  • Infrequent updates
  • Anonymity applies only to messages
  • Slow message delivery
  • Minor bugs
  • No PFS
  • Other questionable security architecture choices

SimpleX

Probably the most interesting and mysterious messenger in this roundup. SimpleX meets all modern requirements: audio and video calls, file sharing, disappearing messages, user groups, and more. Registration is anonymous and doesn’t require a phone number or any other data. The network is federated, and you can connect your own relay servers. There are plenty of settings: you can add your own nodes, WebRTC ICE servers, and XFTP servers for file transfers.

Data is protected using the SimpleX Messaging Protocol (SMP), wrapped in TLS for communication with relay servers. The developers release updates regularly and fix bugs, so the app is stable. Of course, the code is open source.

SimpleX uses strong cryptography, including post-quantum algorithms. Its architecture and client customization options are more advanced than most messengers. The ability to run your own servers is another big plus.

However, I’m still cautious about SimpleX. The project doesn’t make money, yet its support level rivals commercial apps. Suspicious! Also, SimpleX is registered in the UK, where the government often tries to undermine citizens’ right to encrypted messaging. The code audit was commissioned by DARPA (the US Department of Defense). Still, the code is open, and encryption hasn’t been banned yet, so maybe there’s no need to worry.

It’s also worth noting that the developers chose Haskell as the programming language. Functional programming fans will appreciate this, but it limits the number of people who can review the code.

Pros:

  • No user data required for registration
  • Open-source code
  • Frequent updates
  • Encryption by default (strong crypto algorithms)
  • Detailed network customization
  • IP address protection via SMP server relays (both built-in and custom)
  • Code audit completed
  • Minimal metadata transmission, despite the federated network

Cons:

  • Only partially decentralized (federated network)
  • High service traffic consumption
  • Registered in the UK
  • No group calls

Jami

Jami is a fully decentralized messenger that doesn’t require any user data for registration. Messages are encrypted with RSA and wrapped in TLS as they travel between nodes. You can customize bootstrap servers, add and use nodes in the Jami DHT network, and change STUN and TURN servers.

There’s even plugin support and an SDK for writing your own. For example, you can use a plugin to change your video call background.

During registration, you create a nickname that’s stored on the Jami NameServer (NS). If you lose your profile (e.g., forget your password), you can’t recover it or reuse your old nickname, since the nameserver already knows it. This helps prevent identity spoofing. The nameserver only stores the name, but it’s still a small metadata leak.

Another observation: when migrating your account to another device, it’s temporarily uploaded to the Jami network, protected by a password generated by the app. The quality of this password and whether it’s truly unpredictable is unclear and worth further research.

Pros:

  • No user data required for registration
  • Open-source code
  • Decentralized network structure
  • Frequent updates
  • Encryption by default (strong crypto algorithms)

Cons:

  • Questionable metadata protection approach
  • No code audit has been conducted

Status

Status is another interesting messenger, which also includes a crypto wallet and a Web3 browser. Like the others in this review, it doesn’t require a phone number to register, uses strong cryptography for messages, and is open source. Like Session, it uses blockchain technology. Status has its own ERC20 SNT token, which you can buy or earn (for example, by running your own network node).

Previously, Status used bootstrap servers to get service info during startup, but as the network grew, these are no longer used by default. However, you can enable them in the settings if needed.

The app automatically connects to the nearest nodes, but you can select a node manually or even run your own and connect only to it (a great option for privacy). The number of settings is impressive.

The company is registered in Switzerland, which has strict privacy laws.

During testing, I encountered some minor bugs. For example, on first launch, you have to agree to the privacy policy and terms of use, but the hyperlink just takes you to the main website. The actual documents are at the bottom of the page, and they refer to the website, not the messenger itself.

Pros:

  • No user data required for registration
  • Account recovery with a secret phrase
  • Open-source code
  • Decentralized network structure
  • Encryption by default (strong crypto algorithms)
  • Built-in crypto wallet and browser
  • Based in Switzerland
  • Code audit completed

Cons:

  • Noticeable bugs
  • Messenger is still little-used and not fully tested

Briar

Briar works over the Tor network and can even function without the internet — using ad hoc connections over Bluetooth or Wi-Fi (in the latter case, both users must be on the same network). No phone number is required for registration.

The ability to work completely offline is a killer feature. The range is limited, but in a tech apocalypse, it could be invaluable!

On Android, Briar can even be distributed offline. In the settings, select “Share this app offline,” and it will create a Wi-Fi hotspot for another device to connect and install the app.

As for privacy, Briar uses minimal user metadata, so you don’t have to worry much about leaks.

Downsides: there’s no device sync. If you log in from a new phone, you can’t access your old chats. If you lose your account password, you lose the account. There are also no audio/video calls or full file sharing — you can only attach images. In today’s world, these limitations may be dealbreakers. However, Briar does have a built-in blogging system for sharing your thoughts with the world.

Another drawback is the limited settings. For example, you can’t take screenshots in the app, and there’s no way to disable this restriction. You also can’t manually enter Tor bridge addresses, only enable or disable their use. Modern WebTunnel bridges aren’t supported either. The developers have made all the choices for you, leaving little room for customization.

Pros:

  • No user data required for registration
  • Anonymity via the Tor network
  • Open-source code
  • Decentralized network structure
  • Encryption by default (strong crypto algorithms)
  • Code audit completed

Cons:

  • Fewer features compared to other messengers
  • No device sync
  • Limited customization

Conclusion

Here’s a quick summary:

  • Jami — A solid, secure, and decentralized option.
  • Session — Great if you need anonymity and message confidentiality (with some caveats).
  • Status — A multi-tool with a messenger, crypto wallet, and browser.
  • SimpleX — A stable messenger with flexible customization and regular updates.
  • Briar — A post-apocalypse messenger: simple, robust, and able to work without the internet.

As you can see, there’s no perfect messenger. Each has its strengths and weaknesses. Hopefully, this article helps you weigh your options and make the right choice.

Leave a Reply