The fight for freedom today is about system access control and personal data. Messaging protocols are something that will continuously evolve over time. There’s no avoiding it. I like this resource for comparing popular apps.

https://www.securemessagingapps.com/

My Recommendations

  • Email with PGP — A little old fashioned, but reliable. Plus everyone has email.
  • Signal — Practical and modern. Basically replaces iMessage/RCS/WhatsApp.

Other Technologies I Like

  • SimpleX — Likely the next step in messaging tech.
  • Matrix — This one’s all about interoperability with other protocols and platforms.

Choosing a Messaging Solution

There are many factors to consider in a world that is hostile to user privacy at pretty much every level.

Verifiable end-to-end encryption is the bare minimum protection which makes open source a prerequisite for my list.

Metadata, network usage, and identity should be protected as well. There isn’t really anything fool-proof we can do here due to the way the internet was originally built. Proxies (VPN), mixnets (tor/i2p), and minimal to no information requirements for signing up are all ways of dealing with this trickier class of personal data.

Don’t underestimate the value of ease of use and low barriers to entry. Desirable functionality, a dead simple UI, and multi-platform support are prerequisites for widespread adoption. A communication standard or application without users is not much use at all.

On a similar note, social network effects are the most difficult hurtle to overcome. How is it no-one likes facebook, but everyone still uses it? People use a platform because their contacts use it and the platform owners neglect or refuse to implement interoperability with alternatives. Interoperability technologies are exactly the answer in these cases.

If I didn’t include your favourite messaging app, it’s probably because it lost out on one or more of these aspects to the ones I chose. For instance, I think IRC, XMPP, and Session are too limited in terms of features for what most people expect out of a social app. Although they are less vulnerabile than matrix in terms of metadata, I don’t see them getting real traction. If you want something cutting-edge, I prefer SimpleX to Session.

To be frank,

end-to-end ecryption is sadly only level 1. If you haven’t installed your own operating system on your device (phone, laptop, etc.), changing your messaging solution basically amounts to good will and “supporting the cause” with limited effect. The real point here is not to choose the OS or protocol that I tell you to. The point is that you should engage in the dynamic where you choose, or where you have the option to choose. Because that simple act puts pressure on manufacturers and coders to keep your trust.

Nerds, corporate, and regulators can probably figure out the details. The harder levels of this stuff regarding specific libraries, security audits, hardware vulnerabilities… not really worth looking into for most people.

EU Digital Markets Act

The European Union has introduced legislation requiring interoperability for “number-independent interpersonal communication services” (NIICS). You’ll know them as popular messaging and video-chat platforms like iMessage, Facebook Messenger, and Google Messages.

It is possible for this interoperability to be achieved while preserving end-to-end encryption. However there is a significant technical challenge. Given many government’s hostility toward individual privacy, encryption may take a back-seat as a priority in the legislation. These types of platforms principally derive their value from keeping users, not from technological quality. The goal is to break the network effect and let whatever comes next to emerge.

We Will Internet

Today’s internet is different. It’s the age of global digital superpowers, decentralized concensus, radio beam-forming, and global high-speed internet coverage. Be safe out there.