Why do you need end-to-end encrypted messaging?
Even with nothing to hide, protecting yourself from the unadulterated collection and use of the data that you constantly create is probably a good idea. Before consumers understood that their data is a commodity, the precedent was established that they give up their rights to that data when they sign up to online platforms.
Using end-to-end encrypted messaging services can make this data inaccessible to those that wish to collect it, or nearly impossible to read if they are able to get their grubby little hands on it. In short, having an end-to-end encrypted messaging service will offer you some protection from aggressive and intrusive advertisements, as well as other bad actors who would try to use your data maliciously.
Ultimately, your data is never going to be completely invulnerable, but the average person can protect theirs to the highest degree within reason using a combination of end-to-end encryption, a VPN, and a robust rotation of passwords across their various accounts and devices.
What is encryption?
Without getting too hung up in technical jargon, the encryption process scrambles the contents of the data that you encrypt, creating a complex mathematical puzzle between your data and would-be data harvesters. The desired recipient has a key that can be used to undo this process and reveal the data that you have sent to them- in this case, a readable message. The type of encryption used will determine who has this key. End-to-end encryption is your best option for truly private communications, as only the sender and recipient will have the key to unravel this puzzle, and leaves the data obfuscated to even the chat’s host.
For a full explainer on cryptography, read our recent feature: We Cannot Live Without Cryptography!
There is a significant lapse in the security offered by any type of encryption used in these apps. It will not protect your data if your device, or the recipient’s device, is stolen or compromised. Even though the data will be safe in transit, that same data is vulnerable while sitting on those devices. You can further protect yourself with a robust passcode or biometric locks like a fingerprint or facial recognition scanner that some newer devices offer.
Which popular messaging apps use end-to-end encryption?
Signal is the gold standard for private messaging apps at the moment. It is free and open source. Using end-to-end encryption as the default, Signal keeps all forms of communication on the platform just about as safe as they can be. These features include one-on-one chat, voice, and video calls, as well as group chats in all of those forms.
Interestingly enough, one of the co-founders of WhatsApp, another entry on this list, has personally invested 50 million into this company. Being endorsed by one of the men that created your main competitor is a nice accolade, but the CEO of Signal says it all much more succinctly than I ever could: “Because we’ve built Signal to completely avoid storing any sensitive information, I can stand on stage in front of thousands of people and publish all of my account data publicly without revealing anything other than how long I’ve had Signal installed and the last date I had Signal installed.”
Viber is another great private messaging app. It offers end-to-end encryption as the default for its one-on-one and group chats, including text, voice, and video. Do note though, that communities and channels on Viber are not end-to-end encrypted, but you should avoid sharing personal information in those places either way.
On the less positive side, when you join a Viber group, your phone number will be visible to everybody. Also, Viber is known to be used by spammers to blast messages and potential viruses.
By default they also collect personalized data which they use to sell ads and monetize that way, but they have a range of options you can turn off to prevent this. Visit the “Personal Data” section of the app’s privacy options and review how your data is used. Also, you may request and/or delete your data from Viber’s servers.
When you actually get to chatting, there are further protections for a compromised device. Functions called “Hidden Chats,” lets you hide sensitive chats behind a PIN code, and “Secret Chats,” which allows you to set a timer for sent messages that deletes them from both users devices when it expires.
The ever popular WhatsApp messenger is not known to be the most secure platform (part of Facebook), so it has lost a lot of favor with more security-conscious users, most of which have moved to other apps like Signal, Telegram or paid app Threema. All of that aside, it does still offer end-to-end encryption as the default for all of its private chat applications. These include messages and calls, both the group and one-on-one versions, as well as any photos or files you send on the app.
What is not private anymore are communications with businesses that are also on Facebook. These communications will share data with both Facebook and the business you’re in communication with. While this is undesirable for those looking for a private messaging app, it doesn’t necessarily mean that you need to go about finding something else if you’re already a WhatsApp user. After all, using it for purchasing from businesses is entirely optional.
Facebook Messenger has a shady past in regards to user privacy. From admitting that they scan user messages and files, to forcing the app’s installation with the Facebook app, seemingly to slip more permissions by the user.
Even with that being the case, Facebook has added “Secret Chats.” This enables end-to-end encryption for those one on one text chats. The only time this option isn’t available for text chats is when using Messenger to communicate with businesses integrated into Facebook’s marketplace. In its current iteration, Facebook Messenger is a poor pick for privacy concerns, being out-shined by other apps like WhatsApp and Signal.
iMessage & FaceTime
Maybe this will be surprising to some, but iMessage, the messaging app exclusive to Apple devices, offers fairly private communications with a few caveats. iMessage uses end-to-end encryption for its text chats, both group and private messages. FaceTime which is used for video chat also has end-to-end encryption for its single and group video and voice calls. Also, Apple doesn’t share your data with third-parties.
Now, about those caveats. iMessage will only have this desirable type of encryption when messaging other iMessage users, and FaceTime can’t make fluid contact with anyone using a non-Apple device (iOS 15 added a feature to send a link so that Windows and Android users can join calls via a web browser).
You can tell if a message will be end-to-end encrypted or not based on the small arrow to the right of where you add your text. A blue arrow is an iMessage and will use end-to-end encryption, and a green arrow is an SMS message and will not. This applies to group chats as well. If all users are on Apple devices, and have iMessage enabled, the group chat will be end-to-end encrypted.
You’ll also need to check your settings just to make sure they’re in order. Open up your Messages settings and make sure you have the setting called “iMessage” turned on. If you wish to never send an unencrypted message, you’ll also need to turn off “Send as SMS,” but this will preclude you from using iMessage to send messages to anyone not using an Apple device. Finally, if you have iMessage backed up on iCloud, then there are non-encrypted versions of your messages being saved to iCloud, so you’ll want to turn that off as well if you’re dead-set on the maximum privacy possible.
Skype comes installed on all Windows 10 devices (Windows 11 dropped it in favor of Teams), a practice we’re not entirely happy about, so you might want to see that undone unless you use the platform regularly. Also, your Skype account is associated with a Microsoft account which is required to use Skype. Microsoft also collects user data and says they may share this with third-parties for advertising purposes.
According to the company, all voice, video, file transfers and instant messages are encrypted in their platform when communicating between Skype users. If you make a call from Skype to a phone number (mobile or landline phones), that call is not encrypted. In hybrid scenarios, for example, in a group call that has both Skype-to-Skype and one user on a regular phone carrier, the latter is not encrypted, but the Skype-to-Skype portion is.
Skype doesn’t use stronger end-to-end encryption on phone or video calls however. For secure chat, the app offers a “Private Conversation” option. These messages and calls aren’t saved anywhere but your device, and have end-to-end encrypted audio calls, text messages, and file sharing.
Here’s another app with good potential for security, if you choose the right settings. Video and voice calls are encrypted by default on Telegram end-to-end, however texts and file sharing are not. Telegram’s default messaging mode is only encrypted between the sender and Telegram servers — read about their cryptography protocol here.
This type of encryption is used for all but one of Telegram’s chat options. In a one-on-one conversation using Telegram, you can initiate a “Secret Chat.” What this means is that the messages in that chat are end-to-end encrypted, and the sender has complete control over whether or not the receiver can keep those messages that they exchange. You can set parameters over how long the message exists after it’s been read, or even delete it from both chat participants’ apps at once. These secret chats are not stored to Telegram’s cloud either, so the messages are as secure as can be, so long as your device isn’t compromised.
WeChat is the largest messaging platform with 1.2 billion monthly users in the first quarter of 2020. In China, it’s sometimes referred to as “The App for Everything,” being a staple of a huge number of businesses that find their home there. Some interesting examples include paying appliance and dinner bills by scanning QR codes in the app, scheduling appointments or meetings, and allowing the usage of sub-apps to expand its functionality (there are a staggering 3.2 million available for download).
While this may sound like an endorsement, in the realm of securing your information WeChat is lacking.
While the data in your messages is encrypted in transit to and from their servers, it is stored on said servers for a time. This leaves WeChat more vulnerable to large-scale or personal data breaches from leaks or in-transit attacks on your data, and it’s no secret that they will yield this information to government agencies.
On top of that, WeChat is home to more fraud than any other app investigated by the Chinese Supreme People’s Court, citing that over 50 percent of online fraud investigated was on WeChat. Even with claims that your privacy is their responsibility, Tencent, the owners of WeChat, fail to deliver a safe environment for your data.
Although Discord is a great platform for meeting friends (originally aimed at gamers), it’s not a messaging app for those that assign a high degree of value to their online privacy. The platform does not offer end-to-end encryption for text or audio/video communication. While your data is encrypted in transit to Discord servers, it is stored on said servers. Even when you use the app’s privacy settings to disable their ability to “Use data to improve Discord,” they still collect this data and store it in their database.
If you find yourself using this app, be careful about any sensitive personal information you transmit, even in your DM’s. If you limit your personal data on the platform and use it only for social interactions like gaming with your friends, or conducting your book club remotely, it does have a place as a service.
Snapchat is a bit odd with how it goes about protecting your data. Snaps — the photos the platform is known for, which disappear after being opened — are end-to-end encrypted, and no longer accessible to even Snapchat. Being that those types of messages are safe in transit, and are automatically deleted, protects them in the case that your device is lost or stolen. However, these safety measures are not applied to the other forms of communication offered in the app. Your text and voice messages, be it one-on-one or group versions, are not encrypted end to end, meaning they can be intercepted by Snapchat or those entities that they share data with.
Seeing a massive boom in popularity in tandem with growing numbers of workers doing their jobs remotely. Zoom has become a household name, the proverbial saltine of digital meetings. In late 2020, Zoom added the ability to enable end-to-end encryption for your meetings, and you can even set it as the default type of encryption for your Zoom organization (they still call it a “technical preview”). You can verify this setting is on by checking for an icon of a padlock inside of a green shield in the top-left corner of your meeting.
If you are using Zoom without this, all (and I do mean all) of the data within your meetings is aggregated by Zoom. Their privacy page is open about the fact that your voice, face, and the content of your meetings is analyzed to provide products and advertisements, and shared with their marketing and analytics partners. One scarier line from said privacy page says that resellers may be able to access the personal data of people who’ve licensed accounts from them. With this in mind, using end-to-end encryption seems vital to protect your personal or corporate meetings, especially if your account owner has licensed Zoom through a reseller.