Alternate to Whatsapp?

schweizer

In my eyes the problem is not solved with Molly. A key requirement was:

manksudons89231 Does not require phone number

Molly does not solve that. Yes, you can use a burner phone number or a sms verification service but that usually costs money which violates your requirement

manksudons89231 no paid subscription

Additionally if you use a fake number for registration this a huge security risk. Someone else might get that number and take over your account. You can prevent that with a Signal PIN but if you do not use signal for seven days the PIN does not fulfil its function. Your current contacts will send their messages to the person that has taken over your account. There is no possibility to revoke your identity.

There are only few services that work without phone number. Threema is one of them but you have not tried or considered it even if it was recommended. So why are you asking if you already know your answer?

manksudons89231

schweizer

Yeah! I get what you're thinking. At first, I was confused too. But after testing Molly (Signal) and reading some policies, I realized one thing: Signal does use your phone number. Yes, I’m not denying that this is a privacy concern.

But, we need to understand that Signal is not a 100% privacy-based solution. Nothing in this world is perfect, and truly perfect services are rarely free. Even if they are free, maintaining them requires resources, coordination, and protection from bad actors—politics and malicious users are always a threat.

So, we have to move forward until a perfect solution exists. From what I read, Signal only uses your phone number for initial account creation. After that, users can switch to Username + PIN, and from then on, they can log in using only the username and PIN.

I understand that the phone number is the main ID, acting as a primary key that links everything—including PINs and usernames. Yes, that could be considered a privacy violation. But we are missing one point: we are not relying on one service forever.

If Signal ever exposes user IDs, sells data, or collects metadata, eventually a new service will appear somewhere on the web. For example, Elon Musk is building XChat, a standalone app under X Corp, which won’t require phone numbers.

Until then, Signal is the best option available with all features working. If we insist on perfect privacy, most other users won’t be like us, they live “on the surface,” sacrificing privacy for convenience. To coexist, we need features like status updates, VoIP, chat, disappearing messages, etc.

For instance, GrapheneOS also prioritizes privacy and security. But over time, it adapts to support mainstream apps so users can live in the “surface” world. Otherwise, GrapheneOS wouldn’t survive.

Watermelon

schweizer Additionally if you use a fake number for registration this a huge security risk. Someone else might get that number and take over your account. You can prevent that with a Signal PIN but if you do not use signal for seven days the PIN does not fulfil its function. Your current contacts will send their messages to the person that has taken over your account. There is no possibility to revoke your identity.

This isn't accurate. I linked above to a previous post I wrote, please check it because I put a comment there about Signal PIN that's relevant to this.

lackofhumor

manksudons89231 SimpleX Chat – Notifications are delayed until I manually open the app

If you look into SimpleX settings, you can decide how often you should receive notifications.
It can be set as:

when you open the application
every 10 minutes
live

Every 10 minutes might fail if you don't withdraw battery optimization.
Live works pretty well, except it will consume (a lot) more battery, which is against one of your requirements.

Apart from this, I find SimpleX to be promising.

manksudons89231 XMPP is good but apps build on this are so confusing

If you want to give it a chance, you can try OpenKeychain (for keys management) + Conversations (for messages delivery).
Among the pros you will have encrypted messages with async keys, possibility to stay always on TOR (or a proxy of your choice).
Conversations also implements OMEMO encryption (xmpp extension), so you might skip the keys part, even if it is advisable to have them.

manksudons89231 If you recently switched to GrapheneOS and are looking for a WhatsApp alternative, here is a good solution:
Molly

Overall I agree with your choice, it is the best balance between a usable client (important for other people if/when they switch) and privacy/security.

With molly (over signal) you also can encrypt the local db with a passphrase, feature that signal removed long ago.
This is important especially if you have a rooted phone.

Blastoidea

lackofhumor

It is my understanding that having a rooted phone is a security risk.

Watermelon

manksudons89231 After that, users can switch to Username + PIN, and from then on, they can log in using only the username and PIN.

Usernames in Signal are not an account login/identification method, they're a method to initiate communication with your account. Once someone establishes a chat with you using your current username, they will keep being in chat with you if you delete the username, and they can't know your future usernames if you change. Usernames are also never advertised on your profile details.

Compare that to phone numbers: all accounts must be associated to exactly one phone number behind the scenes; the phone number can function as a one-way communication initiation method just like usernames (configurable in the “Who can find me by my number?” setting); and can be advertised on your profile (configurable in the “Who can see my phone number?” setting, defaults to off).

tux_

You could set up your own XMPP server if you want full sovereignty (your own rules throughout), but onboarding people, especially non-technical users, is not going to be frictionless. Self-hosted Nextcloud Talk is another option, the app is pretty good actually but again you will need to onboard users (they will need an account on your server).

23Sha-ger

tux_ onboarding people, especially non-technical users

Getting your friends to switch to XMPP is a way to make them never talk to you again.
Been there, before Signal. Everyone used ICQ or Skype.
Now it's 2026, this is still not a noob-friendly protocol, just like most other non-federated ones.
Imagine you tell someone to run their own email server. Not feasible.

N1b

Glad to see Signal/Molly to be the solution. For everyone still wondering about alternatives, I recommend having a look at the comparison table from German pen tester Mike Kuketz.

schweizer

Watermelon This isn't accurate. I linked above to a previous post I wrote, please check it because I put a comment there about Signal PIN that's relevant to this.

I think what I say is true and accurate. Signal has a feature that you can retrieve your account when you lost the pin. You must just wait for seven days. This makes sense if you loose acces to your phone because the SIM/phone number can usually be restored by your telco provider.

But if you use a fake number then the fake number provider can access this feature.

Anyway this was not my main point. The main point was that the OP asks a question but is deaf to consider answers that would solve his or her problem. To me this thread looks like a Signal advertisment. I use signal because it is quite widespread and more private than WA. But it is just not as private than other solutions.

Watermelon

schweizer I think what I say is true and accurate. Signal has a feature that you can retrieve your account when you lost the pin. You must just wait for seven days. This makes sense if you loose acces to your phone because the SIM/phone number can usually be restored by your telco provider.

What you gain access to is to re-register a new account using an existing user's registered phone number. According to the Signal support articles, this doesn't let your new account inherit the profile details, group membership, etc of the previous account, even if Signal PIN was disabled. (Disabled is actually more secure because this behavior is guaranteed because it cannot be bypassed by entering a correct PIN.) I don't know how it shows up in private chats and group chats, however. At the very least, this would cause the cryptographic identity to be changed, which Signal alerts about. But I don't know if it keeps the chats and displays an alert that the contact re-registered and new messages would be sent to you as message requests for example, or maybe your new account would appear as its own new contact with a new chat history besides the old chat with the previous history, etc.

ShoulderSurfin

manksudons89231 .. you are lucky. In my case .. they absolutely won't switch from iMessage. The concept that everyone should be able to easily (and privately) communicate is lost.

manksudons89231

ShoulderSurfin

Can I give you a suggestion?

Survival is more important than privacy.
For survival, go their way (it doesn’t matter if you are naked in the street).
For privacy, make them come your way (they eventually will).

schweizer

Watermelon What you say is true but it does not matter in real life. People who have stored you as a contact will continue to send messages to that number despite the warning that the keys have changed. Because we get flooded with those messages every time people reset their phone or change the phone.

Signal is not the only app affected by this. It happened to me with Whatsapp once when I changed my mobile number and the old number was reassigned quickly. Even with good faith of the new owner we could not prevent that messages intended for me ended up on his phone.

A hostile takeover will populate the profile details with the same data you used making it even more dicficult for your contacts to avoid being mislead.

schweizer

Watermelon But I don't know if it keeps the chats

It does afaik.

Watermelon schweizer A hostile takeover will populate the profile details with the same data you used

No. That was exactly my point.

I do not get the impression we understand each other. The most important profile detail imo is the picture. A hostile takeover will grab a picture of you and use it as their profile picture. Your existing contacts will see your old chats, your profile picture and a tiny grey message about change of security number. 99% of your contacts will continue such a chat. With the result that messages intended for you end up on someone elses phone.

Watermelon According to the Signal support articles, this doesn't let your new account inherit the profile details, group membership, etc of the previous account, even if Signal PIN was disabled.

Can you cite those articles? I do not believe it is true. If you do not have a pin or if you lost it you still keep your group memberships. There is just an info message to the group that your security number has changed.

Watermelon

schweizer People who have stored you as a contact will continue to send messages to that number despite the warning that the keys have changed.

I didn't talk about the key change warning. I gave that as an example of something I do know what it looks like.

schweizer Signal is not the only app affected by this.

Any app identifying accounts by the phone number would have the same “issue”. Honestly, this isn't an app issue, but an awareness issue. It's the same kind of people that ignore security warnings that would also use any insecure method to contact you if they can't for some reason reach you over a secure app (e.g. Signal), provided that the way Signal implemented the UI/UX of a re-registered account not inheriting details from the previous one is satisfactory (which I don't know). Your friends could be dumb, or you could make them aware. Honestly, I know some people are complete tech illiterates, but still have high awareness to security warnings. And you don't have to share things with people you don't trust to handle securely.

schweizer It happened to me with Whatsapp once when I changed my mobile number and the old number was reassigned quickly.

WhatsApp is nothing like Signal even if it copied Signal's protocol.

schweizer A hostile takeover will populate the profile details with the same data you used

No. That was exactly my point.

Watermelon

@schweizer I'm trying to address the data issue and the UI issue separately.

First, the data:

schweizer I do not get the impression we understand each other. The most important profile detail imo is the picture. A hostile takeover will grab a picture of you and use it as their profile picture.

schweizer Can you cite those articles? I do not believe it is true. If you do not have a pin or if you lost it you still keep your group memberships.

https://support.signal.org/hc/articles/360007059792-Signal-PIN

Quote:

Your Signal PIN is a numeric or alphanumeric code used to help you recover your profile, settings, contacts, and block list if you ever lose or switch devices.

How can I disable a PIN? Without a PIN, reinstalling the app on the same device would mean that all of your Signal contacts are lost.

There is some more hints in the Signal UI, including during onboarding, which I can't repeat to see if they're different than other places. But anyway, the settings within Molly says for the option of disabling the PIN that you will “lose all data”. Notice the word “all”.

I don't have a definite answer about group memberships, but I presume they won't carry into the app with the new account on the attacker's device. I think it's a reasonable presumption from Signal's descriptions, hopefully they're not misleading, but it's unlikely they're misleading.

Second, the UI:

schweizer It does afaik.

schweizer Your existing contacts will see your old chats, your profile picture and a tiny grey message about change of security number.

schweizer There is just an info message to the group that your security number has changed.

Surely the cryptographic identity is changed when this attack happens, so for sure there would be the warning you mentioned. (I don't even think there's an option to turn off these important warnings in Signal, unlike WhatsApp where they're opt-in.) But beyond this, I don't really know, I wish Signal were documenting it explicitly. Take in mind that, assuming for a moment that WhatsApp has the same property I described in the data part above (I don't really know) or would have it added in a future update, it still has unencrypted backups available, which restore your identity and should also restore the cryptographic identity with zero authentication, so WhatsApp isn't a good example to infer about Signal despite their similarities and the Signal protocol in WhatsApp.

brev

manksudons89231

I switched to GrapheneOS because WhatsApp was accessing the microphone silently, spamming me, and selling metadata

Selling metadata? No doubt, but do you really think it's running a hot-mic and using that to send you targeted ads?

Watermelon

brev do you really think it's running a hot-mic

It can do that on normal Android using your phone's sensors. Sensors aren't protected by a permission in normal Android as on GrapheneOS.

de0u

brev do you really think it's running a hot-mic

Watermelon It can do that on normal Android using your phone's sensors.

Is there a source for that? At first glance it does not seem consistent with Android documentation:

It has been demonstrated that it is possible to very laboriously recover low-quality audio via typical phone sensors (source), but I don't think that implies that WhatsApp is routinely doing that. Continuously scanning audio, whether collected using the regular microphone or using audio estimated from sensor data, would use a lot of CPU and battery.

Watermelon Sensors aren't protected by a permission in normal Android as on GrapheneOS.

It's a threat that is worth addressing for people facing a high threat level, and it's great that GrapheneOS addresses it. But I think it would be good if an allegation that WhatsApp does this in practice were supported.

schweizer

Watermelon But anyway, the settings within Molly says for the option of disabling the PIN that you will “lose all data”. Notice the word “all”.

True. But you are confusing things. The user that takes over your account looses all your chats. But your friends do not loose anything. They still see their old chats with you which they can and will continue.
The same happenes with group memberships.

That WA has the same issue does not matter here because the topic is a WA alternative that does not require a phone number. Given that, Signal is not the answer.

Watermelon

de0u Is there a source for that?

The GrapheneOS team.

de0u but I don't think that implies that WhatsApp is routinely doing that

de0u But I think it would be good if an allegation that WhatsApp does this in practice were supported.

I said WhatsApp can do it, not that it does do it. They don't really need to do it because WhatsApp has trash privacy and fake encryption as it is already. But any attacker exploiting WhatsApp would be able to abuse WhatsApp's access to sensors without needing to exploit the OS to break out of the sandbox to achieve it as on GrapheneOS. WhatsApp is also reportedly incompatible with some of GrapheneOS's exploit protections because it's so terribly buggy and insecure, so revoking Sensors permission is a more practical way to stop exploited WhatsApp from listening to sensors than relying on the exploit protections that cause WhatsApp to crash.

de0u

Watermelon What is meant by WhatsApp having "fake encryption"?

de0u

de0u If being able to mine user social graphs means encrypted content is using "fake encryption"... can't Signal do that?

Watermelon Signal doesn't do it [...]

How is that known? They know which account sends every message, to which account, right?

Watermelon [Signal] doesn't have the wide reach that WhatsApp has, and doesn't collect info about you from other services that they operate like Facebook/Instagram, and doesn't create shadow profiles for unregistered users via embedded Like buttons in websites, etc…

The claim was "WhatsApp has trash privacy and fake encryption" (Watermelon). No matter how long a list of privacy issues is posted, that doesn't add up to an encryption problem. So far I think only one encryption issue was mentioned (the problem with web-based access to keys). Since Proton also has a web client, if a web client makes WhatsApp's encryption "fake" then Proton's encryption is also "fake", or perhaps neither one is.

Is the claim that WhatsApp's encryption and Proton's encryption are "fake", or is there some additional problem with WhatsApp's encryption?

« Previous Page Next Page »