What is the best messenger today?

Xtreix

When a message recipient flags a WhatsApp message for review, that message is batched with the four most recent prior messages in that thread and then sent on to WhatsApp's review system as attachments to a ticket.

Although nothing indicates that Facebook currently collects user messages without manual intervention by the recipient, it's worth pointing out that there is no technical reason it could not do so. The security of "end-to-end" encryption depends on the endpoints themselves—and in the case of a mobile messaging application, that includes the application and its users.

An "end-to-end" encrypted messaging platform could choose to, for example, perform automated AI-based content scanning of all messages on a device, then forward automatically flagged messages to the platform's cloud for further action. Ultimately, privacy-focused users must rely on policies and platform trust as heavily as they do on technological bullet points

So far, I haven't seen evidence that this is happening automatically without users manually flagging messages. So as long as you trust your message recipients, it shouldn't be too concerning for lower threat model users. For large whatsapp groups, this could be concerning.

I feel like some weight should be given to the SEC fining wall street firms billions of dollars for allowing employees to use WhatsApp during COVID, due to whatsapp not preserving communications, which goes against federal recordkeeping requirements. If WhatsApp maintained records, I feel like that may have come up during these various legal proceedings.

But yes, it's totally not worth the risk to use WhatsApp for higher threat model communications or if you're being targeted, especially due to the message metadata leaks. But I personally think WhatsApp still fits in well for most people to casually message friends and family due to its combination of usability features, mostly acceptable encryption promises, and by the sheer fact that people are more likely to use it.

Sbpr https://blog.whatsapp.com/end-to-end-encrypted-backups-on-whatsapp?lang=en_US

unless it has changed, i believe encrypted backups are opt-in and not encrypted by default

N1b
Good post!
Signal have recently made improvements to their management of my telephone number, enabling it to be hidden to others.
Might be worth a new look 😀
Perhaps together with an anonymous VOIP number?
Otherwise, so irritating that WhatsApp is so easy for everybody's granma to use, and so disrespectful of privacy...

Sbpr Thanks for this detailed write up. I have a similar threat model to yours and would love to hear your opinion on Telegram

leo Unless this has changed, Telegram doesn't use E2EE by default, so we have to assume that most users don't have it enabled.

N1b not having encrypted messages by default (and only for 1:1 conversations via very hidden secret messages functionality) destroys all usability for me. I can't trust a "private" family group chat that is out there for everyone to read, no matter what company is behind it.

Thanks a lot for your perspective, I agree with you. I have seen a trend of switching from WhatsApp to Telegram in my friend circle and after all I am not sure this changes anything for me, as both WhatsApp and Telegram are using closed-source encryption by default. As you pointed out, at least WhatsApp promises that it uses end-to-end encryption.

Sbpr

The second part is them moving to Google Drive/iCloud for backups exclusively. While there have been attempts to backup and restore locally, I've never had luck.

Don't know about iOS but on Android it's still possible to have local backups and use these to restore WhatsApp. If you have backups enabled but don't configure a Google account it stores local backups in /Android/media/com.whatsapp/WhatsApp. I have been able to use these to transfer chats between phones without requiring Google Drive or the transfer chats feature.

sandfish786

if you concerned about phone number and want a private secure foss msgr product https://simplex.chat is your solution.

-uses signal protocol
-encrypted backups that can be exported and imported.
-zero phone number requirements
-security audited Nov 2022, July 2024, January 2025
-hidden profiles with separate passphrase
-multiple profiles, multi incognito profiles (per contact even)
-uni-directional msg relay routing
-random relay servers
-socks / tor routing possible
-desktop may have diffrent profiles, link up mobile device (docking), mobile device profile overlays desktop (like laptop docking into workstation); once undock, desktop profile reappears
-recent investment by Jack Dorsey, among others
-Global Village VC seed round

https://simplex.chat

Using matrix self hosted with wireguard vpn. Signal as a backup.

[deleted] Briar has a very annoying "feature" that reveal your last IPs and BT address to all of your contacts so your device will never be so anonymous

SpiderUser
A private messenger is only considered "good" when it has high adoption and user base, which will also
lead to broader peer reviews and community help to resolve issues.
No matter how "private decentralized quantum resistant _insert_gimmick_here" a new project will be, if
nobody is using it, and you would have to convince all your contacts to have it just for you, has no formal
reviews etc...No matter how good is it on paper and how good the team behind it.
When Signal (or what it is now) started, it was a small hobby project by a single person, it had many issues,
many crashes, was separated in 2 apps called RedPhone and TextSecure. I was one of the early adopters
but it really took time, patience and effort. Had terrible quality and frequent drops as well.
What I want to say if you have something proven, working, and battle tested, no need to jump on new shiny
stuff first, let it get some adoption and then decide.

My close family and I all use SimpleX. My close friends have switched to Signal mostly because of me. I use Molly personally.