Chatting About Private Messengers
Since the first "Merry Christmas" was sent on December 3, 1992, SMS has been a dominant feature of mobile phones. It wasn't that long ago that mobile carriers charged significant money for text bundles that every teenager seemed to use up in a day.
A networking quirk allowed SMS to be created, but it was never intended to be a secure platform. It's more like a postcard than a sealed envelope. You might wonder, what's the big deal with SMS, whether it's for a flight update or planning a family celebration?
As we've discussed before in "Are Companies Negligent for Still Using SMS OTPs?", nothing about SMS should be considered secure. And while Rich Communication Services (RCS) is a modern messaging protocol developed by the Global System for Mobile Communications Association (GSMA) to replace traditional SMS and MMS on cellular networks, even that isn't as secure as it should be. The same is true for most other messaging platforms, especially those on social media.
Our philosophy is simple: this conversation is between A and B, so everyone else can C their way out of it. Private conversations have always been important for our well-being. It doesn't matter if everyone is planning a night out at the movies or discussing a serious health issue, those conversations should be private by default.
In our Privacy Toolbox we list two messengers that are well known in privacy circles: Signal and SimpleX. Both provide end-to-end, zero-knowledge architecture and Perfect Forward Secrecy (PFS) to protect your conversations. Both support one-to-one and group chats, voice, and video calls. The main technical difference is that Signal has a centralized architecture, while SimpleX is decentralized. Each approach offers its own benefits, which we'll discuss in a minute.
We're also testing a new beta messaging client called "bitchat" that forgoes using networks altogether in favor of peer to peer communications using Bluetooth mesh networks. Developed by Block Inc. and Jack Dorsey, co founder of Twitter, bitchat is an interesting solution for situations where no networking is available, extra security is required, or where crowds gather, such as at a conference. Since it was just launched in July of 2025, it has a long way to go to be a production ready solution, but it does show a lot of promise.
Comparison
So, how do they stack up?
| Feature / Aspect | Signal Messenger | SimpleX Chat | BitChat |
|---|---|---|---|
| Overview | Open-source messaging app focused on privacy, supporting text, voice, video, and group chats. Widely adopted with a focus on end-to-end encryption (E2EE). | Privacy-focused messenger without user IDs, using temporary pairwise identifiers for maximum metadata protection. | Secure, open-source, peer-to-peer messaging app using decentralized architecture and E2EE, operating over Bluetooth mesh or internet. |
| Platforms Supported | Windows, Mac, Linux, Android, iOS | Windows, Mac, Linux, Android, iPhone, Self-Hosted, AppImage or Flathub, F-Droid | iOS and Android |
| Encryption | End-to-end encryption (E2EE) for all communications (text, voice, video, files) using Signal Protocol. | Double ratchet E2EE with quantum-resistant encryption, platform-independent backups. | Robust E2EE for all communications, no central servers. |
| User Identifiers | Requires phone number for registration (usernames optional since 2024). | No user IDs; uses temporary, anonymous pairwise identifiers for each connection. | No phone numbers or user IDs required; operates via direct connections. |
| Decentralization | Centralized servers; messages routed through Signal Foundation servers. | Decentralized; users can choose or host servers, supports Tor for IP protection. | Fully decentralized, peer-to-peer with no central servers, enhancing privacy. |
| Metadata Privacy | Minimal metadata collection (last login time); group membership hidden from servers. | Best-in-class metadata privacy; no long-term identifiers, asymmetric connections prevent correlation. | High metadata privacy due to peer-to-peer architecture, no server storage. |
| Key Features | - Disappearing messages - Group chats (up to 40 for video calls) - File sharing - Video/voice calls - MobileCoin payments (beta, low adoption) |
- Disappearing messages - Group chats - Video/voice calls - Multiple profiles in one app - Self-hosted servers |
- Offline messaging via Bluetooth mesh - File sharing - Limited feature set compared to Signal |
| Security Audits | Regularly audited by third parties; open-source code with deterministic builds. | Protocol audit in 2024. Planned full audit in 2025. | Open-source, auditable code, but no specific audits performed as of this writing. |
| Censorship Resistance | Moderate; relies on centralized servers, uses techniques to bypass censorship. | High; decentralized servers and Tor support enhance resistance. | High; peer-to-peer and offline capabilities make it highly resistant. |
| User Base & Adoption | Large (over 40 million users as of 2022); widely adopted by everyday users. | Smaller user base, newer app. | Small user base, recently launched. |
| Ease of Use | User-friendly; phone number-based contact discovery simplifies setup. | Less intuitive; requires QR code/URL for contact initiation, no contact discovery. | May face challenges with NAT traversal or firewall configs; less polished UI. |
| Cost | Free, supported by donations; no ads. | Free, supported by donations; no ads. | Free, open-source; no ads or subscriptions. |
| Unique Strengths | - Largest user base - Polished interface - Strong E2EE - Non-profit focus |
- Best metadata privacy - No user IDs - Decentralized and Tor-friendly |
- Offline messaging via Bluetooth - Fully decentralized - High censorship resistance |
| Limitations | - Phone number requirement - Centralized servers - Vulnerable to metadata attacks |
- Smaller user base - Complex contact initiation - No fingerprint change notifications |
- Limited features - Potential connectivity issues - Small user base |
| Best For | Everyday users, family, and friends needing a secure, user-friendly app. | Privacy enthusiasts, those avoiding identifiers, and users needing decentralized options. | Users in censorship-heavy environments or needing offline communication. |
Quick Comparison
- Signal is the most user friendly and widely adopted, ideal for general use but requires a phone number, which may compromise anonymity for some users. Its centralized nature makes it less resistant to platform level bans.
- SimpleX Chat excels in metadata privacy due to its lack of user IDs and decentralized design, making it ideal for high privacy use cases like journalism or activism, but its smaller user base and complex contact setup may deter casual users.
- BitChat is unique for its peer to peer, offline capable design, suitable for extreme censorship scenarios or areas with no internet, but its limited feature set and smaller adoption make it less versatile. Still in initial development.
If you're curious about how any messaging platform stacks up, https://www.securemessagingapps.com/ is a great resource to learn more and compare.
Final Thoughts
Switching to a secure platform can be challenging because all those you know and love have to be there as well. We've found that Signal is the easiest messenger for everyone to use as it's very user friendly. SimpleX is a great backup due to the variety of new "chat control" measures being considered. bitchat is fun to experiment with and we look forward to seeing how it develops over time.
Regardless of which platform you choose, ensure you have one in place to keep your private conversations private.
Remember, we may not have anything to hide, but everything to protect.
