Best Secure Messengers for Private Conversations: A 2019 Overview

By Owen PatelCryptography Tutorial

Encrypt Your Chats the Right Way: Exploring Promising Messengers for Private Communication

Privacy in messaging is a concern not only for hardcore hackers but also for millions of everyday users who don’t want their intimate photos and love notes to become public. In our previous article, we explored the privacy and security of the most popular messengers. Now, it’s time to take a closer look at some lesser-known but equally interesting competitors that claim to offer even stronger protection.

Evaluation Criteria

Not much has changed since our last review. I removed the screenshot-blocking check (it’s too easy to bypass anyway), but added points for multi-device account support and whether messages can be sent by any means other than the internet.

  • FOSS — Is the source code available under a free license? How do developers interact with the community? Do they accept patches?
  • Degree of Centralization — Does it require a central server that can be blocked, use a network of servers, or is every client also a server (P2P)?
  • Anonymous Registration and Use — Is a phone number required? Are there other forms of “hard authentication”?
  • End-to-End Encryption (E2EE) — Some messengers have this by default, others let you enable it, and some don’t have it at all.
  • E2EE Chat Synchronization — This feature makes life easier, but is technically hard to implement and rare.
  • E2EE Fingerprint Verification (including group chats) — Not all messengers offer fingerprint verification, and some don’t make it obvious. Group chats without fingerprint checks aren’t private.
  • Group E2EE Chats — Allows encrypted conversations between multiple users.
  • Device Addition — Using the same account on multiple devices is not just convenient, but sometimes necessary.
  • Social Graph Protection — Does the messenger collect contact info or other user data?
  • Alternative Data Transfer Methods — Can messages be sent by any means other than the internet?

Wickr

  • Official website
  • License: Proprietary client, open protocol (source code)
  • Centralization: Centralized
  • Anonymity: Registration available without a phone number, but you can add one if you want
  • E2EE: Yes, by default
  • E2EE Sync: No, previous chats are not saved when logging in from another device
  • Fingerprint Verification: You can send a short video of your face to your contact, but there’s no notification and the feature is hidden deep in the app
  • Device Addition: Yes
  • Group E2EE Chats: Yes
  • E2EE Verification Notification: No notifications, but the option exists
  • Social Graph Protection: The app can access your contacts (not recommended)
  • Alternative Data Transfer: No

This blockchain-based messenger claims to be 100% anonymous. Chats go through servers, but all messages are deleted from both servers and devices, and users can set how long message history is kept. All data can be encrypted using standards like AES-256, ECDH-521, and RSA-4096 TLD, with a new key generated for each message. Messages are anonymized—no sender, recipient, or geotags. Three versions are available: me, ent, and pro, but only the first is free for personal use. Wickr is reportedly used in some government institutions, which may be good or bad depending on your perspective.

Tox (Antox)

  • Antox on Google Play
  • License: GPLv3 (source code)
  • Centralization: Decentralized
  • Anonymity: Yes
  • E2EE: Yes, by default
  • E2EE Sync: No
  • Fingerprint Verification: To start a chat, you must enter the contact’s ID or scan their QR code
  • Device Addition: You can import your profile from one phone to another
  • Group E2EE Chats: Yes
  • E2EE Verification Notification: Anyone with the group chat ID can join without prior fingerprint verification
  • Social Graph Protection: Yes
  • Alternative Data Transfer: No

Created by independent developers focused on privacy, Tox is open source and all messages are end-to-end encrypted by default. The interface is simple and user-friendly. Tox supports voice and video calls, instant messaging, file transfers, and group chats, all without ads. There are different clients for each OS: qTox and ÎĽTox for desktop, Antox for Android, and Antidote for iOS. This review covers only Antox.

Jami

  • Official website
  • License: GPLv3 (Android source, desktop source)
  • Centralization: Decentralized
  • Anonymity: Yes
  • E2EE: Yes, by default
  • E2EE Sync: No—previous chats are not synced when logging in from a new device
  • Fingerprint Verification: You can scan a QR code, search by nickname, or use a 40-character user ID
  • Device Addition: Multiple accounts can be linked to one device using a generated PIN
  • Group E2EE Chats: No
  • Social Graph Protection: Yes
  • Alternative Data Transfer: No

Jami is a fully open-source messenger, formerly known as Ring. It supports text messaging, secure audio and video calls, and file transfers. Connections use distributed hash tables, and all encryption and identification keys stay on the user’s device. No servers are used, making it a true peer-to-peer network for enhanced security.

Chat.Onion

  • Description page
  • License: Open source, no license
  • Centralization: Decentralized
  • Anonymity: Yes, users are assigned an ID immediately
  • E2EE: Yes, by default
  • E2EE Sync: No
  • Fingerprint Verification: To add a contact, both users must scan each other’s QR codes
  • Device Addition: Only available for smartphones; no option to log into an existing account
  • Group E2EE Chats: No
  • Social Graph Protection: Yes
  • Alternative Data Transfer: No

Chat.Onion is based on onion routing, like the Tor browser, hiding users’ IP addresses, metadata, and other identifying info. Each message passes through several proxy servers in random order before reaching its destination. Each user gets a 16-character ID, but you can just scan a QR code for convenience. The app and website are both minimalist.

Firechat

  • Official website
  • License: Proprietary
  • Centralization: Decentralized
  • Anonymity: Yes and no. No phone number required, but approximate location can be determined
  • E2EE: Yes
  • E2EE Sync: You can import keys when logging out to decrypt messages later
  • Fingerprint Verification: You can restrict encrypted messages to verified contacts only
  • Device Addition: Yes
  • Group E2EE Chats: Yes
  • Social Graph Protection: Somewhat, but users in the same “public room” are grouped by proximity, which isn’t very secure
  • Alternative Data Transfer: Bluetooth and Wi-Fi

Firechat, developed by Open Garden, works in a unique way: it connects users within about 200 steps of each other into a network via Bluetooth or Wi-Fi, without needing internet access. This mode may have security trade-offs, as it could be possible to identify users through social engineering. It’s not suitable for chatting with friends in other countries. The interface is unintuitive, and its main use case is for coordinating events or protests. Still, if it’s being developed, there must be demand.

Adamant

  • Official website
  • License: GPLv3 (source code)
  • Centralization: Decentralized
  • Anonymity: Yes
  • E2EE: Yes
  • E2EE Sync: Yes
  • Fingerprint Verification: You can scan a contact’s QR code or enter their ID
  • Device Addition: Yes, via passphrase (like Bitcoin wallets)
  • Group E2EE Chats: No
  • E2EE Verification Notification: No
  • Social Graph Protection: Yes
  • Alternative Data Transfer: No

Another blockchain-based messenger, Adamant was created in Russia and is heavily promoted. Developers claim maximum privacy, though it’s unclear compared to what. No personal info is required for registration. Message history isn’t stored on the device but loaded from the blockchain, allowing access from multiple devices. You can also send cryptocurrency (ADM, ETH, BNB) to contacts, with more coins promised in the future. Upon registration, users get a messenger ID, a crypto address, and a 0.1 ADM bonus.

Cyphr

  • Official website
  • License: Proprietary
  • Centralization: Centralized
  • Anonymity: Registration only via email
  • E2EE: Yes (messages are sent only if the recipient is online)
  • E2EE Sync: Yes
  • Fingerprint Verification: No
  • Device Addition: Yes
  • Group E2EE Chats: Yes (messages are sent only if all recipients are online)
  • E2EE Verification Notification: No
  • Social Graph Protection: Yes
  • Alternative Data Transfer: No

Cyphr is developed by Golden Frog and is proprietary. The creators promise not to store user metadata on their servers and call it a zero-knowledge app. However, some data is stored on the server until the recipient receives the message: the encrypted message itself, the time sent, and the recipient’s name. Messages use 256-bit symmetric encryption. Overall, Cyphr is solid except for its closed source code.

Silence

  • Official website
  • License: GPLv3 (source code)
  • Centralization: Decentralized
  • Anonymity: No, SMS messages are sent to a phone number
  • E2EE: Yes
  • E2EE Sync: No
  • Fingerprint Verification: Yes
  • Device Addition: No, the app is tied to your phone number
  • Group E2EE Chats: No
  • Social Graph Protection: No (your carrier knows you sent an SMS)
  • Alternative Data Transfer: No

Silence is a fork of Signal (which itself evolved from TextSecure) and encrypts only SMS messages. This makes it unique among the messengers reviewed here. Silence can be set as your default SMS app on Android and works where there’s no internet or where internet use is restricted. It’s only available for Android; there’s no iOS version.

Conclusion

This time, things look better: all the messengers reviewed at least offer encrypted chats. I won’t recommend any specific one—choose what suits you best. My goal is simply to help you navigate the variety of messengers out there.

For your convenience, all the information is summarized in a table. Remember, the scores are not an absolute measure of security; they only indicate the presence of certain important features.

Leave a Reply