Skip to content

Encrypted Messaging: How to Actually Have a Private Conversation

Most messaging apps are not private by default, and the messages you think only your recipient can see may be readable by the platform, law enforcement, or anyone who can compel the company to produce them.

πŸ“– The Basics

What It Is

Encrypted messaging means your messages are scrambled before leaving your device and can only be unscrambled by your recipient's device. The company running the platform never has access to a readable version of your conversation, which means they can't hand it over, sell it, or expose it in a breach.

How It Works

What End-To-End Encryption Actually Does

When you send a message on an E2EE platform, your app encrypts it using your recipient's public key before it leaves your device. The encrypted message travels through the company's servers, but they see only ciphertext they cannot read. When it arrives, your recipient's device decrypts it using their private key. The company at no point has access to the plaintext. This isn't a policy choice that can be reversed under legal pressure, it's a structural property of the architecture. A platform that genuinely implements E2EE cannot produce your message contents to law enforcement even if ordered to, because it doesn't have them.

What E2EE Doesn't Protect

End-to-end encryption protects message content. It does not automatically protect metadata, and metadata can be as revealing as content. Even with E2EE enabled, the company may retain records of who you communicate with, when, how often, and for how long. This is why the Metadata article matters to read alongside this one, since the two threats require separate protections.

Forward Secrecy and Why It Matters

The strongest E2EE implementations include forward secrecy (also called perfect forward secrecy): the encryption keys used for each session are temporary and discarded after use. Even if an attacker later compromises your device or the platform's systems and obtains past encrypted messages, they cannot decrypt historical conversations because the keys that encrypted them no longer exist. Without forward secrecy, a stolen encryption key unlocks everything ever encrypted with it. With it, the blast radius of any future compromise is limited to the current session.

  • Signal: E2EE by default for all messages, voice calls, and video calls, using the Signal Protocol, which is the most widely audited and respected E2EE messaging implementation available. What Signal can produce to law enforcement under compulsion: typically only the date an account was created and the date it last connected to Signal's servers. Signal requires a phone number to register, but you can create a username and configure your account so contacts reach you via username rather than phone number, keeping your number off of other people's devices. For most people, this resolves the identity-linkage concern adequately.
  • WhatsApp: E2EE by default for messages and calls, also using the Signal Protocol for the encryption layer itself. The content of your messages is protected. But WhatsApp is owned by Meta, and the metadata WhatsApp collects, like who you talk to, how often, when, your contacts list, and your device identifiers, feeds into Meta's broader data infrastructure. This is the meaningful distinction between WhatsApp and Signal: the encryption is similar, the surrounding data collection is not.
  • Telegram: not E2EE by default. Regular Telegram chats use client-server encryption, meaning Telegram's servers hold readable copies of your messages for multi-device sync. Telegram can read these, and can produce them if compelled. Secret Chats are a separate feature that must be manually activated for every one-on-one conversation. While these do use E2EE with forward secrecy, Secret Chats are not available in group conversations and are not available on all platforms. Most importantly, they are not the default experience. Most people using Telegram assume they have more privacy than they do.
  • Facebook Messenger: rolled out E2EE by default for personal chats in late 2023, after years of offering it only as an opt-in Secret Conversations mode. Similar to WhatsApp, Messenger is a Meta product with the same metadata exposure.
  • SMS and standard phone calls: not encrypted at any level that provides meaningful protection. Carriers retain message and call records. SMS messages are accessible to anyone positioned in the carrier infrastructure. SMS is not a private communication channel.
  • RCS (Google Messages / iPhone): RCS is the modern replacement for SMS, and as of May 2026, E2EE for cross-platform RCS conversations between Android (Google Messages) and iPhone is rolling out in beta. When the lock icon is visible, message content is protected in transit. The caveats: it's still in beta and requires iOS 26.5 and a supported carrier on the iPhone side; carrier infrastructure is still involved in the exchange in ways it isn't with Signal; and metadata remains accessible to carriers and the platform. RCS with E2EE is better than plain SMS, but it is not a Signal replacement. Think of it as a floor being raised, not a ceiling being reached. And not all RCS is E2EE, you have to double-check you are using E2EE.

Verifying Who You're Actually Talking To

Even with perfect encryption, there's a remaining attack: a compromised server or sophisticated adversary could substitute their own keys into the exchange, quietly reading messages intended for someone else. Key verification is how you close that gap, it lets you confirm out-of-band that the keys your app received actually belong to your contact and not to an attacker sitting in the middle.

Signal calls these Safety Numbers. Both people open the conversation settings and compare a unique fingerprint...ideally in person, over a video call, or through another trusted channel. If the codes match, the key exchange was clean. If they don't, something is wrong. Once verified, Signal will alert you if the safety numbers change unexpectedly, which is a reason to pause before continuing sensitive conversations. Read our full guide on verifying Signal Safety Numbers.

iMessage introduced the same concept as Contact Key Verification. You can compare codes live or share a Public Verification Code that others store in your contact card. iMessage alerts you automatically if verification fails or an unrecognized device appears on someone's account.

Most threat models don't require this. But for journalists, lawyers, activists, public figures, or anyone communicating with sources where an adversary with real resources is a realistic threat, verifying safety numbers with your most sensitive contacts takes about thirty seconds and meaningfully raises the bar for any attack.

For Anonymity-Focused Requirements

When even a hidden phone number as an account identifier is too much exposure, a few options go further:

  • Session: no phone number, no email address, no personal information required. Registration generates an Account ID and seed phrase. Messages are E2EE and routed through a decentralized network of community-operated nodes using onion routing, so there's no central server to compel. The tradeoff is a lack of forward secrecy, as well as a smaller user base and a usability experience that doesn't match Signal's.
  • SimpleX: no user identifiers of any kind on the platform's servers. You connect by exchanging one-time invitation links. There are no accounts to correlate to an identity. Suited for the highest-sensitivity situations; user base is smaller and the experience is more technically demanding.
  • Briar: no central server at all. Messages sync directly between devices P2P, routed over Tor by default when internet is available, or over local Wi-Fi and Bluetooth when it isn't. This makes Briar usable in environments where internet access is restricted or monitored, and means there's no infrastructure to compel or take down. The tradeoff is that both parties need to be online at the same time for messages to deliver, and the user base is very small. Best suited for high-risk situations where network-level surveillance or infrastructure disruption is a realistic threat.

🎯 Why It Matters

In 2013, it came to light that the Justice Department, hunting for the source of a leaked classified report, had obtained a Fox News journalist's personal emails to figure out who he had been talking to inside the State Department. Law enforcement, working with the email provider, requested the stored messages rather than intercepting anything in transit. The source, State Department adviser Stephen Kim, was identified, prosecuted, and sentenced to 13 months in prison. The content of those messages wasn't intercepted, it was just requested from the provider who had stored it in readable form the whole time.

That's the core of this issue: when a platform can read your messages, so can anyone with the legal authority to make them produce it, or a third-party contractor, or a hacker. On platforms with E2EE, you don't have to trust a platform and the downstream parties.

It's also worth knowing that governments periodically push to change this. Law enforcement and intelligence agencies have argued for years that encrypted messaging apps create a "going dark" problem, where criminals and terrorists use them to evade lawful surveillance. The proposed solution is always some version of a backdoor: exceptional access that only the right people can use. The technical community's answer has been consistent for decades: there is no such thing. A backdoor that works for governments works for every other adversary too. You cannot build a weakness into encryption that only opens for the right key. When you use Signal or any other genuinely E2EE messenger, you're benefiting directly from the fact that this argument has so far prevailed. Stay vigilant.

πŸ’‘ Common Misconceptions

"If a platform calls itself encrypted, it is."

Telegram is the cleanest counter-example. Its default chats are not end-to-end encrypted. Secret Chats are E2EE, but they have to be manually activated, don't work in group conversations, and aren't on every platform. It's always worth asking what being 'encrypted' actually means to a platform.

"WhatsApp and Signal are essentially the same, both use the Signal Protocol."

The encryption layer is broadly similar. The metadata layer isn't. WhatsApp is owned by Meta, and the surrounding data like who you message, how often, your contacts list, device identifiers and more all flow into Meta's broader data infrastructure. Signal is architected to retain almost none of that.

"The goal is finding the most private messenger possible."

Privacy is a social system, not an individual choice. A messenger that's flawless on paper but nobody in your life will use is doing none of the work it's supposed to do. The realistic goal is to land at the most private place you can while still bringing your network with you. Signal hits that sweet spot for a lot of people.

"SMS is fine for personal stuff."

SMS isn't encrypted at any level that provides meaningful protection. Carriers retain message and call records for long periods, and that history is routinely produced under legal request. RCS with end-to-end encryption is starting to roll out cross-platform and meaningfully raises the floor...but it's a floor, not a replacement for a proper app like Signal.

"If Signal were really private, the people who run other apps wouldn't keep claiming otherwise."

Public figures who run competing messaging products have a recurring habit of spreading misleading claims about end-to-end encrypted apps like Signal...usually right around the time they're promoting their own platform as an alternative. The claims tend not to survive contact with Signal's published cryptographic protocol, the history of independent audits, or its public transparency reports, which show that the only thing Signal can produce under subpoena is account-creation and last-connection timestamps. When you're evaluating a claim that an E2EE messenger is broken, ask what evidence is being cited and whether the person making the claim sells a competing product.

πŸ—£οΈ Henry's Take

The single line I'd put at the top of this entire section if I could: privacy is a social system, not an individual choice. The most private, secure, anonymous messenger in the world does nothing if no one in your life will use it. Unless your threat model requires it, I think the goal should be to find the most private place you can land while still bringing your network with you. That's the sweet spot. For most people, Signal hits it. It's free, the experience is competitive with mainstream apps, and the cryptography behind the marketing has been independently audited many times over. There are certainly more private and anonymous messengers than Signal, but they tend to be much harder to convince friends & family to adopt.

My personal stack is small. Signal for everything, with a few specific people reachable via iMessage when they don't use Signal. One iMessage trick: iMessage lets you add an email address as an identifier on your Apple ID, and anyone who messages that email gets the same end-to-end encryption as if they'd texted your number. You can pair that with a custom domain to give out a dedicated email-as-iMessage handle that's never your real phone number. I love this as it lets me keep E2EE with people who I don't want to share a phone number with, without asking them to install anything new. For the rare cases I have to send actual SMS, a VoIP service handles it so my real number never touches the message. (I don't use my SIM's phone number for anything!)

The last thing worth mentioning, because it gets sloppy in public discourse: a recurring pattern in this space is high-profile figures (billionaires...) who run competing messaging products spreading misleading claims that Signal is compromised, that it works with intelligence services, that its encryption isn't real. These claims almost without fail come from people with their own messenger to promote, and their product is typically objectively worse. The protocol is public, the implementation is open source, the audits are documented, and Signal's response to every subpoena it has ever received is on the record. I like to trust the verifiable thing, not the snake oil salesmen.

βœ… Henry's Picks

These are the messengers I actually use and trust.

For most people:

  • Signal: End-to-end encrypted by default for messages, voice, and video. The Signal Protocol underneath has been audited repeatedly and is widely respected enough that it's used inside other apps (including WhatsApp and Facebook Messenger). Signal can hide your phone number behind a username, which addresses the phone-number-as-identifier concern for most threat models. My daily driver.
  • iMessage: A reasonable secondary when the people you talk to are deep in Apple's ecosystem. End-to-end encrypted between Apple devices, with cross-platform RCS E2EE rolling out in 2026. Pair it with Apple Advanced Data Protection so iCloud backups of your messages are also E2EE.

For higher privacy or anonymity needs:

  • SimpleX: No user identifiers on the platform's servers. Connect by exchanging one-time invitation links. Right for the high end of the threat-model spectrum.
  • Session: No phone number, no email, no central server. Onion-routed through community-operated nodes. Trade-off: no forward secrecy, smaller user base.
  • Briar: Peer-to-peer with no central server at all. Routes over Tor when there's internet, and over local Wi-Fi/Bluetooth when there isn't. Designed for restricted-network and high-risk environments.

Avoid for private conversations:

  • Telegram, unless you're using Secret Chats explicitly and you understand what they do and don't cover.
  • SMS, where any alternative exists. Cross-platform RCS with end-to-end encryption is a real improvement over plain SMS, but it's not a Signal replacement.

See the broader recommendation set at Techlore's SPA Tools.

πŸ”— Go Deeper

Related wiki articles:

Techlore content:

  • Go Incognito v2, Lesson 3.5β€”Safe Communication

External sources:

Found an error? Report it here β†’