Follow us

Top 5 messengers for paranoiac people for 2021

Is secure messaging just an advertising bait?

Updated: October 29, 2021 By Hamna Imran

Title image for Top 5 Secure Messengers for 2021

Image source – pixabay.com

A Kingdom Prince might not hack yours, but a colleague or stranger can!

Even Jeff Bezos' WhatsApp is not secure, as reported by the newspaper "The Guardian".

Not only that, Facebook paid the price, so you don't have to!

Facebook had to pay a record penalty of $5 Billion for secretly leaking user data in the name of metadata, as FTC claimed that Facebook deceived users by making them believe that their privacy is safeguarded.

These incidents provoked security personnel to eliminate privacy issues in messengers, and some of them came up with apps safe for messaging while being completely anonymous.

I would argue about the end-to-end encryption of most of the commonly used messengers since you can receive messages and the history of messages when logging into another device.

Sean Wright, an InfoSec Researcher

Hell, lots of risks are present with the use of Facebook Messenger, Twitter, or WhatsApp.

Let's find some app that conforms to all standards together.

Disclaimer: This blog is not funded in any way, and the content here is just for the educational drive, and we don't want to deprecate any of the messengers. We want to encourage the concept of shielding your data and picking a secure messenger.

While all the messengers mentioned in this article are secure and offer most of the security features we need to protect our privacy, choosing one can be a headache; therefore, we present a table comparing all the features in detail.


Messenger/
Feature
Threema
Wickr Me
Signal
Session
Element/Riot
Phone number or email address requirement
No
Yes
Yes
No
Yes
End to end encryption of transmitted messages
Yes
Yes
Yes
Yes
Yes
Data Backup to Cloud
No
No
No
No
No
Advertisements
No
No
No
No
No
Access to Contacts
No
Yes
Yes
No
No
Copy of chats on the server
No
No
No
No
No
Open Source or not
Yes
Yes
Yes
Yes
Yes
Latest Security Audit
2020
2014
2014
No
No
(Matrix's encryption library reviewed by an independent party)
Cryptographic primitives
Curve25519 256 / XSalsa20 256 / Poly1305-AES 128
ECDH512 / AES-256 / HMAC-SHA256
Curve25519 / AES-256 / HMAC-SHA256
X25519 / XSalsa20 256 / Poly1305
Curve25519 / AES-256 / HMAC-SHA256
Can the Company read messages?
No
No
No
No
No
Metadata encryption?
Yes
Yes
Yes
Yes
Depends on your joined matrix server.
Self-destructing messages?
No
Yes
Yes
Yes
No
Free or Paid?
Paid
Paid
Free
Free
Paid

For everyone who still uses Facebook Messenger and WhatsApp, which one do you choose: a vulnerable messenger or a secure platform?

Non Encrypted messengers are a cakewalk for attackers and especially when left vulnerable. Once exploits are located, we must start to educate people about the risks and start transitioning to privacy apps.

Monthly Active Messenger users in millions August 2021

Image source – statista.com

What makes Messengers vulnerable to threats?

When messengers consume a pile of information from users, it is usually done on the name of data collection, more commonly termed as metadata collection.

This data includes:

  • Purchase history
  • Location
  • Contact information
  • Name
  • Gameplay Content
  • Search History
  • Browsing History,
  • User ID
  • Device ID
  • Product interaction
  • Crash Data
  • Performance Data
  • Health data
  • Customer Support Data
  • Messages
  • Call logs

This intrusive collection of metadata forced FTC to take action against Facebook.

If the vast database is even slightly exposed due to any reason, it can result in the loss of precious data. It has happened to many services in the past, and the internal factors involved were:

  • Weak Passwords
  • Insider threats (from employees)

Even a secure messaging app is only as safe as the device it is installed in.

Top 5 Most Secure Messenger for 2021

Many of us believed that all the private data we shared over our commonly used messenger apps like Facebook Messenger, Skype, Instagram, Snapchat, or Twitter was safe, but all of it was an illusion.

It shattered as soon as vulnerabilities started to arise.

But there is light as the end of the tunnel, and that is those messengers made for security.

I compiled a list of the top 5 Most Secure Messengers of 2021 to contribute to your struggle in keeping your data safe.

Threema
Threema Icon

Threema was developed by a Switzerland-based software company, "Threema GmbH," known very best to develop their Most Secure Messenger.

To maximize the anonymity, this does not require any phone number or critical registration details of the user.

 

Image source – threema.ch

Threema Messenger User Interface

Image source – behance.net

Moreover, Threema makes sure that your message is read by the intended recipient, which is made possible through Threema's High-level encryption.

Threema also made it clear that they delete the messages once they're delivered.

This feature helps to maintain privacy.

Another great feature offered by Threema is QR code and Fingerprint verification, which helps prevent MITM (man-in-the-middle-attack)


Security features
  1. End-to-end encryption in iOS
  • A private key is stored in iOS keychain 16/31 Threema Cryptography White paper
  1. End-to-end encryption in Android
  • Local Data in SQLite Database, which SQLCipher protects with AES-256
  • Encryption key derived from device's UID key and user's passcode)
  1. Openly accessible source code and external security audits
  1. Optional Contact Synchronization
  1. Ephemeral messages
  1. Private chat option
  1. New temporary keys are generated every time the app starts. Also, the temporary keys are volatile and are not saved in memory
  1. HTTPS is used as a transport protocol.
  1. Strong TLS cipher(Forward secrecy)ECDHE/DHE and TLSv1.2 are supported
  1. Combatting MITM attacks:
  • Threema  allows the verification of the person who you are chatting with through an ID
  • Even if a trusted CA store is tampered with or a certificate issued for Threema domain name, the app accepts only hardcoded pins by using public key pinning.

The only drawback about Threema is it costs 2,99 EUR/month, which is not a huge deal-breaker.

You have to pay a small price to protect your data and privacy and help the Company stay in business because there are no ads for funding.

Nothing like Free lunch exists if you get a service for free. Most probably, you are paying with your data.

Amazon Wickr Me
Wickr Icon

WickrMe is an America-based software company known best for its one of the world's most secure messenger services. It has its main office located in New York City.

Recent news has revealed that Wickr has joined hands with Amazon, one of the US Big Five Information Technology companies.

 

Image source – logos.download.com

Amazon Wickr Me Messenger User Interface

Image source – underspy.com

They offer 4 packages based on the user's necessities Basic, Silver, Gold, and Platinum.

Their free basic package supports chatting with up to 10 persons, secure voice/video call with up to 70 people, SaaS, 1Gb file transfer, Secure screen sharing, and unlimited searching.


Security Features present
  1. Cryptography
    Communications are locally encrypted on the device of a user. Even Wickr doesn't possess decryption keys
  1. Every File is encrypted with a new random key
  1. Even if a breach happens, Wickr servers cannot share user communications; they are undodgeable during transit and get deleted on delivery
  1. Multi-factor authentication
  1. Account takeover protection
  1. Device encryption at rest
  1. Message revoke
  1. Secure link preview
  1. Screenshot detection
  1. Constant bitrate VoIP
  1. Constant time hardened Crypto implementation
  1. Scrypt based password hashing

The Company promises a solution to this. Also, since Amazon has joined hands with Wickr, we expect drastic changes as well.

Signal
Signal Icon

Signal Messaging app is developed by a USA-based software company identified as Signal Technology Foundation and Signal Messenger LLC.

It is not just an application but a protocol and an innovation introduced by the legendary privacy activist Moxie Marlinspike.

 

Image source – en.wikipedia.org

Signal Messenger User Interface

Image source – macrumors.com

This protocol is integrated into many famous messenger apps like Facebook Messenger, Facebook WhatsApp messenger, Skype, etc. But it could not be verified because they are closed source applications, unlike Signal Application.

A non-profit organization created a Signal; therefore, it is entirely free.


Security elements
  1. Strong End to End encryption
  1. Hide messages on your lock screen
  1. View media once the option
  1. In-App payments
  1. Incognito keyboard
  1. Signal PIN
  1. Disappearing messages
  1. Note to Self-chat

Session
Session Icon

The Session app was developed by two Australian Software Companies known as Oxen Privacy Tech Foundation (OPTF) and Loki Foundation.

The Session is considered one of the truest private messengers in the market as it does not even need a phone number to register your account.

It is a modification of Signal Messenger.

Image source – arcanelost.com

Session Messenger User Interface

Image source – getsession.org

Currently, they're making their moves to recognize Session Messenger as the best secure messaging application.


Security Features
  1. Client-side E2E encryption
    Encryption is done through Session protocol, built on libsodium, which is a trusted cryptographic library
  1. Chat Anonymously
  1. Open Source public key based
  1. Serverless transfer
    Messages are transmitted through a decentralized online routing network, much like Tor, the system used is called onion requests.
    It ensures that no server saves a message's origin and destination

Their privacy policy, in a nutshell, states that they never know who the user is or with whom he/she is talking or even what he is texting, speaking, listening, sharing, etc. It means they do not collect our information leave alone share it.

Element
Element Icon

The Element was developed by a UK-based software company "Element" formerly known as Riot and Vector.

For security-conscious to consider, they offer end-to-end encryption and allow you to set up your server to store your data.

Yes, that's where their provided free matrix account comes into play.

Image source – onetwotwo.sg

Element Messenger User Interface

Image source – element.io

You can also use element messenger to communicate with another messenger that supports matrix protocol, including Slack, SMS, Signal, Telegram, Facebook Messenger, Google Hangout, Skype, Discord, and even iMessage.

Of course, to implement cross-platform chatting, you'll have to do some homework with coding also set up a matrix server with such integration.


Security aspect
  1. End to End encryption with cross-signed device verification is based on Olm, Megolm, and Double Ratchet standards
  1. Open-source
  1. Decentralized storage, so you can choose your server if you want to
  1. Independently audited
  1. Two-factor Authentication: Secret key to login into devices
  1. It can be used on a Web browser

However, many users are not happy that it requires email and phone no while registering.

Also, it comes with 4 plans, same as Amazon Wickr Me, which are Nickel, Silver, Gold, and Platinum.

Conclusion

Lack of privacy features on commonly used Messenger has led to the development of new security-focused messengers.

Daily we hear about security breaches and identity thefts, so it's inevitable to become more cautious about our privacy. Ever wondered which is the most vulnerable app of 2021?

To those relying entirely on Messenger for day-to-day conversations, you have a choice now.

Keep reading this, and let me know what you think! Please, share your opinion in the comments.

Tags: 
Security
Author
Hamna Imran
Cyber Security student and keen learner, writing articles for several other websites.

Leave a comment

click to select