Homepage


Using HTML > Markdown > Gemtext converter, will be broken


Private instant messenger overviews


An attempt to simplfy choosing a messenger from my search for the best. My current favourite is XMPP. => ./picture/xmpp.svg xmpp logo

If there are any errors or you have suggestions please let me know.


let me know


I will prioritise messengers with:

Ease to use

Support for all major platforms

Native clients

Self-hostable servers

Ease to use


I will only list messengers with:

Encryption (unless self-hostable)

No phone number required


Consider using a privacy respecting operating system for the safety of yourself and your contact.


Key

~ = informational

¶ = in-page link

Review dot points are top to bottom by piority

Client = App, application, program

Server = service provider website


Where to start


What should I use?

Consider your use case. I have listed some suggestions below.


Looking for Slack or Discord\-like grouped chat channels? Have a look at Matrix ¶

Looking for Telegram or Whatsapp\-like simple 1-on-1 or single room group chats? Have a look at XMPP ¶ or DeltaChat ¶

Looking for peer-to-peer 1-on-1 chats? Have a look at Jami ¶

Want to communicate with e-mail with an easy interface? Have a look at DeltaChat ¶


Matrix ¶

XMPP ¶

DeltaChat ¶

Jami ¶

DeltaChat ¶



Wikipedia's Comparison of cross-platform instant messaging clients


Improve privacy on privacy disrespecting services



FAQ about messengers


Why should I avoid phone number services?



Why should I care about encryption?

Messages should only be able to be read by you and your peers. If anything were to be leaked from the server you would not need to worry about your messages being publicly available online.


I don't have anything to hide

You may not but your contact might


Which messengers to avoid


Avoid anything without a viewable client and encryption method source code. Server source code is prefered but methods that don't give the server your encryption key should be good to use (such as encrypting an E-Mail outside the servers webmail interface)


I don't know what any of that means

It's basically any messenger that is run for profit, which is probably 95% of messengers


Helpful tool: tosdr.org see an easly readable overview of a sites Terms of Service


"Privacy focused" messengers


Requires phone number, centeralized server. Not the worst but there are better choices* Wire Bought out by another company, centeralized server


Popular messengers


usemumble.neocities article

stallman article

Discord TOS overview (tosdr.org) just look at this

non-free, no encryption, paid services for common features, suspicious funding methods, electron client, alternative clients are against ToS, account lockouts for "suspicous" (no phone number regestered) activity, takes half a month for account deletion (which only removes your account name and avatar from their servers, messages remain), saving all your text and voice chat data to their servers. It's really bad


I have to use it

Use it with Firefox Discord Container to put the website into a browser container. Or use a seperate profile in your web browser for it.

To avoid electron, consider using Pidgin with the purple-discord plugin (text only). Only uses 10MB of RAM while idle!

firejail it on GNU/Linux* Telegram => /picture/telegram.png Telegram TOS overview (tosdr.org)

Server is non-free and centeralized. Telegram has access to your encryption keys* Facebook Messenger Facebook TOS overview (tosdr.org)

Accounts made with phone number without a Facebook account can't be deleted (unless this was changed)


Firefox Discord Container

purple-discord plugin

Telegram TOS overview (tosdr.org)

Facebook TOS overview (tosdr.org)


Why not electron?


Electron, Chromium Embedded Framework or any other downloadable web applications are slow, bloated and full of security flaws. It's basicly a seperate web browser for your programs which will eat up RAM and leave you behind on web browser security fixes because they are seperated processes from your main web browser. For something as simple and private as sending messages it is not recommended.


How do I check that something I'm running uses electron?


If you press Ctrl+Shift+i it should open a developer console. Another way is to press the Alt key, if a menu pops up at the top with something like "File Edit View Help" it likely uses electron.


--------------------------------------------------------------------------------


Private messenger feature comparison


Protocols depend on client so I have based XMPP on Dino/Conversations and Matrix on Element. Consider Jitsi when you want to do a voice/video call or screenshare on messengers that do not have it. DeltaChat allows you to send Jitsi links from the application but I will not list it as having call features.


Jitsi


Encryption method/s


XMPP: OpenPGP, OMEMO: Based on a Double Ratchet and PEP, OTR & others

Matrix: ?

DeltaChat: Implements the Autocrypt Level 1 standard

Session: Session Protocol built on libsodium

Jami: TLS 1.3 with a perfect forward secrecy requirement for the negotiated ciphers for calls and file transfers. Messages are encrypted with an RSA key.


OMEMO: Based on a Double Ratchet and PEP

Session Protocol built on libsodium


Account creation difficulty


XMPP: Medium-Hard. You will need to find a client with a high amount of features. You will need to find a server with modern features.

Matrix: Easy-Medium. Popular client available (Element), others are available if needed. Default homeserver is easy to setup but not recommended, other servers are harder to find but most have modern features.

DeltaChat: Easy-Medium. Official client available. May require configuration depending on your E-Mail provider and if you are using an existing E-Mail adress or creating a new one.

Session: Very easy. Official client available. Click create and type in a display name

Jami: Very easy. Official client available. Click create, choose username (optional), choose password (optional), choose display name and picture (optional) and backup account to device storage (optional).


Logging in with another device


XMPP: Sign in with XMPP ID and password. Will need configuration to recover encrypted messages.

Matrix: Sign in with Matrix ID and password. Will need another signed in device or a recovery key/phrase to recover encrypted messages.

DeltaChat: Sign in with E-Mail and password, configuration will be needed if you do not have a backup. Will need to input a set of numbers from another signed in device or a deltachat account backup to recover encrypted messages.

Session: Enter recovery phrase and a display name to use

Jami: Load account profile from device storage


Censorship


XMPP: Account can be deleted by server admin. You can be banned from group chats by group moderators

Matrix: Account can be deleted by server admin. You can be banned from group chats by group moderators

DeltaChat: E-Mail account can be deleted by server admin. You can be removed from group chats by group moderators (I believe)

Session: Onion routes could be blocked by server administrators or your local network connection. Only group creator can remove users from group chats

Jami: Contact server, proxy, bootstrap and TURN address could be blocked by server administrators or your local network connection. You are able to configure them to different URLs. Group chats currently unavailable

Briar:


Onion routes


Contact ID


XMPP: username@domain.name

Matrix: username:domain.name

DeltaChat: username@domain.name

Session:

Jami:


username@domain.name


Attachment limit


XMPP: P2P 1-on-1 with XEP-0166 Jingle: Unlimited, server upload is server dependent. Expiry date is server dependent

Matrix: Server dependent

DeltaChat: E-Mail server dependent. Usually 10~MB

Session: ?

Jami: Unlimited


XEP-0166 Jingle


Metadata leakage


XMPP: host server knows your IP unless the server supports a tor address

Matrix:

DeltaChat:

Session:

Jami:


soon


XMPP:

Matrix:

DeltaChat:

Session:

Jami:


--------------------------------------------------------------------------------


Server-based


Protocols


Why protocols?

Protocols are good for messengers as there is no one point of failure. A protocol can't be taken down or become bankrupt like a single server, for example: Wikipedia's list of defunct instant messaging platforms


Wikipedia's list of defunct instant messaging platforms


--------------------------------------------------------------------------------


XMPP => ./picture/xmpp.svg (formally Jabber) protocol ¶


XMPP does not have an offical client or server, you will need to choose your own. Servers can connect to any other server. Some clients can make accounts in-app to compatable servers


My recommended clients:

Windows: Dino unofficial alpha Windows builds

Android: Conversations (download from F-Droid)

GNU/Linux: Dino

Untested: iOS: Chatsecure, monal.im

Untested: Mac: monal.im

Web: conversejs.org


unofficial alpha Windows builds

Conversations

F-Droid

Dino

Chatsecure

monal.im

conversejs.org


Servers picked at random with many features (full complience, see below for info)

trashserver.net 🇩🇪 Germany

hookipa.net 🇩🇪 Germany since around 2007. 100MB attachment limit, lasts for 30 days. Deletes after a year of inactivity

xmpp.social 🇩🇪 Germany since around 2007

jabbers.one 🇩🇪 Germany. 50MB attachment limit, quota 200 MB, lasts for 10 days

openim.de 🇩🇪 Germany

anonym.im 🇩🇪 Germany

jabber.lqdn.fr 🇬🇧 France

chinwag.im 🇦🇺 Australia since 2015

xmpp.is/.chat/.co/.cx/.fi/.si/.xyz 🇷🇴 Romania

lightwitch.org 🇮🇹 Italy


trashserver.net

hookipa.net

around

xmpp.social

around

jabbers.one

openim.de

anonym.im

jabber.lqdn.fr

chinwag.im

xmpp.is/.chat/.co/.cx/.fi/.si/.xyz

lightwitch.org


e2e.ee/.wtf/ee.e2e.ee/noarchive.chat 🇳🇱 Netherlands Free usernames must be more than 8 characters

riotcat.org 🇩🇪 Germany / Click jabber. Need to request account Can only register from within a client!


e2e.ee/.wtf/ee.e2e.ee/noarchive.chat

riotcat.org


Avoid:

creep.im 🇬🇧 France, United Kingdom. Can only register from within a client Requires a captcha to contact creep.im users

sum7.eu


creep.im


Or choose your own client\*\* and server\* (Click one on the left)


Advanced serverlist

Check server uptime


\*Check how long servers have been up to lower chances of having to move hosts later on and location of servers for speed here


\*\*OMEMO allows the client to automaticly end to end encrypt messages and attachments to another client with OMEMO with any compatable server.


compatable


The higher server complience is for a server, the more modern features you will be able to use with a client, if compatable. These features include



\*Both users servers must have the same features to be compatable with each other


Resources


https://kill-9.xyz/no\_category/xmpp XMPP servers comparision

https://privacy.flounder.online/article\_xmpp\_guide.gmi Guide: Start Chatting With XMPP (Very Easy)


https://kill-9.xyz/no\_category/xmpp

https://privacy.flounder.online/article\_xmpp\_guide.gmi


XMPP overall review


Pros

\+ Extremely lightweight

\+ Been around since 1999, used and proven through many corperate services (WhatsApp, Zoom, Google and Apple mobile push notifications and many more, check the sidebar)

\+ No file size limit on 1-on-1 chats using peer-to-peer Jingle (XEP-0166)

\+ Ability to edit messages

\+ User text and avaiabilty statuses


many more, check the sidebar

XEP-0166


Cons

\- Hard to "start using". The user needs to know that there is no main client like other services

\- Link previews aren't common on clients


Informational

~ E-mail like contact addresses: name@server.com


name@server.com


Client reviews


Dino (Windows, GNU/Linux) ¶


Unofficial alpha Windows builds Official Website


Unofficial alpha Windows builds

Official Website


Pros

\+ (Currently a pull request) Optional link previews

\+ Supports calls

\+ Connect multiple accounts at the same time

\+ Low RAM usage on Linux ~30MB


Cons

\- Doesn't encrypt new conversations by default (there are pull requests to fix this)

\- High RAM usage on Windows alpha ~60-100MB


Informational

~ GTK interface

~ Still in beta


https://axia.neocities.org/img/chat/dinoscreenshot1.png


\--------------------------------------


Conversations (Android) ¶


F-Droid Website Github


F-Droid

Website

Github


The best XMPP experience, developer constantly pushing XMPP forward


Pros

\+ Supports calls

\+ Connect multiple accounts at the same time

\+ Embedded audio file player


Cons

\- Non F-Droid users will be put off by it costing money upfront on Google Play, making it harder to migrate people to it

\- First launch prompts to create an account on the conversations.im instance which is free for 6 months then paid. Might confuse people to think XMPP is a paid service.


F-Droid


Informational

~ No embedded picture viewer or video and gif playback

~ Many different forks if you dislike certain features


=> /img/chat/conversations2.jpg


=> img/chat/conversations1.jpg

=> /img/chat/conversations2.jpg


\--------------------------------------


Gajim (Windows, GNU/Linux) ¶


Pros

\+ Nice interface

\+ Plugin to preview image URLs

\+ Connect multiple accounts at the same time


Cons

\- Doesn't support calls on Windows. Perhaps consider using Jitsi (open source in-browser voice and video calls)

\- Doesn't encrypt new conversations by default

\- High RAM usage ~100MB

\- Some issues with sending attachments

\- Long Chat log timestamps on each message


Jitsi


=> img/chat/Gajimtabbed-chat.png


--------------------------------------------------------------------------------


Matrix protocol => /img/chat/matrix%20logo%20white.svg ¶


Matrix does not have an offical client, you will need to choose your own. There is an official server and servers can connect to any other server.


Official server (matrix.org) is not recommended as it is slow and bans users randomly. Also has also been hijacked before.


hijacked


My recommended clients:

Android and iOS: Element

Desktop: Element, until there's a better native alternative

Web: Element


Element

Element

Element


Clients and servers


Matrix overall review


Cons

\- Chat rooms and spaces (Element's grouped chats) can't be deleted

\- Heavy to run for server owners, meaning less servers will be able to host their own server

\- Potentially shady history


Potentially shady history


Informational

~ Modern chat gimick bloat such as emoji reactions and stickers

~ Some servers require an E-Mail address to register (can be removed after registration)


Resources


Notes on privacy and data collection of Matrix.org


Client reviews


Element ¶


Official Website


Element is the most popular and feature rich client available for Matrix, but it uses electron


Pros


\+ Spaces lets you group chatrooms between other users, similar to Slack or Discord


Cons

\- Can only handle one account unless you use workarounds

\- Android client is over 100MB


workarounds


Informational

~ You need to keep your encryption key if you do not have another logged in device which may be difficult to remember or weak if you don't use a password manager

~ Visually similar to Discord, often concidered a good alternative


img/chat/riot-web-large.png

(old screenshot)


=> img/chat/riot-web-large.png


\--------------------------------------


Cinny ¶


Official Website


Cons

\- Electron

\- Can only handle one account


Informational

~ Beta

~ More Slack/Discord style interface than Element

img/chat/cinnyscreenshot.png


=> img/chat/cinnyscreenshot.png


--------------------------------------------------------------------------------


DeltaChat => /img/chat/delta-chat.svg ¶


Website FAQ (well documented)


Website

FAQ (well documented)


\- Official desktop client uses electron! (Runs on a web browser, bloat!)


DeltaChat is an e-mail client with a traditional messenger interface. It automatically encrypts when messenging another DeltaChat user. Different clients are possible but I haven't tested them, for example adbenitez/deltachat-cursed


adbenitez/deltachat-cursed


Pros

\+ Compatability with E-Mail, something almost everyone already has


Cons

\- Slow. Upon pressing send it takes Gmail to Outlook 5-12 seconds to receive

\- Doesn't work with two-step verification login on E-Mail accounts except Gmail on phones, you need to create an "app password" from the your E-Mail provider settings. Solutions to this are well documented but consider this if you have less tech-savvy contacts. Some E-Mail providers also try to scare you out of using app passwords for being only used by "insecure apps".

\- Questionable usage of funds

\- Press enter to send is not default on desktop

\- Chat bubble design doesn't work well on desktop computers


Solutions to this are well documented

Questionable usage of funds


Informational

~ No voice or video calls, intergrates Jisti links for calls

~ First message to new contacts are unencrypted because encryption files need to be exchanged

~ Using an existing E-mail address could be bad for anonymity. Consider what information about your E-Mail address is available on the internet when talking to people, especially if your E-Mail address is on haveibeenpwned

~ GIF attachment autoplay

~ May have issues with attachments if your servers attachment download limit is low. 10MB is ususally the recommended limit

~ Supports multiple accounts but only one at a time

~ Some E-Mail providers might not allow sending .exe or zips with .exe (I don't know if the encryption fixes this)


haveibeenpwned


=> img/chat/deltachatscreenshot.png


--------------------------------------------------------------------------------


Session => /img/chat/Session_messenger.png ¶


\- Desktop client uses electron! (Runs on a web browser, bloat!)


Website TOS overview (tosdr.org)


Website

TOS overview (tosdr.org)


Pros

\+ Optional support for link previews

\+ Promises to hide your IP


Cons

\- Plans to make clientside features paid in the future (See: Session: Session Pro and beyond)

\- Feels sketchy

\- Currently does not support voice or video calls


Plans to make clientside features paid in the future


Informational

~ Uses random 66 number and letter ID codes for adding contacts. Example: 056fc434103b82d15...

~ Android application optionally uses google services for push notifications. Can be disabled on first launch


=> img/chat/sessionscreenshot.png


--------------------------------------------------------------------------------


Peer-to-Peer


--------------------------------------------------------------------------------


Jami => img/chat/logo-jami.svg ¶


Gives me too many problems. I am checking the progress the program is making because it has great potential


Pros

\+ No limit on attachment size


Cons

\- Unrelyable on mobile right now, need to adjust settings to not drain battery life


Informational

~ Peer to peer, no servers

~ Accounts are stored in local files


=> img/chat/JAMI_Conversation.jpg


--------------------------------------------------------------------------------


Briar ¶


Only for Android and (soon) desktop computers. Focuses on being unable to be censored


--------------------------------------------------------------------------------


ADVANCED | Self-hosted ¶


rocket.chat (official web/Electron)


rocket.chat


XMPP


https://snikket.org easy server software

XMPP Server (Prosody)


https://snikket.org

https://landchad.net/xmpp


Mumble


Official site

Server


IRC


irchelp.org

IRC interface

Another IRC interface


Extra related resources



Similar pages



the final redpill: you have to use what your friends use



/tech/