These apps are strongly not recommended for various reasons, including not being end-to-end encrypted (E2EE), abondoned projects, geared towards enterprise environments, cost too much or have serious security problems.
Apps that are not E2EE:
- AOL Instant Messenger
- Blackberry Messenger Consumer
- Google Hangouts, Allo, Duo
- Yahoo Messenger
Apps not recommended for other reasons:
- AnyTalk- http://anytalkapp.com- Not encrypted by default, requires a phone number to signup and search for contacts. Encrypting messages requires manual exchange of keys and multiple device management looks cumbersome (http://anytalkapp.com/en/support/).
- BCM Messenger- February 2020 BCM shut down and no longer usable.
- BitChat- BitChat is now mesh.im
- Bleep- (bleep.im)- a client that used the bittorrent system for messaging, no longer in development. I was not able to add a contact when I tried it.
- BraxMe- (brax.me)- Looks to be a dead project, no app updates since April 2017.
- Bridgefy- (bridgefy.me)- Broadcast messages are not encrypted, your phone number is your ID, users of the app can be discovered by loading a phone with phone numbers and doing a contact search against Bridgefy.
- Bubcon- (https://bubcon.com/datenschutz-app/) Phone# required, collects your contacts info, Android only (Oct 2017), single device only, messages stored decrypted at rest
- Cellcrypt- (https://www.cellcrypt.com)- Looks like a good product but enterprise focused, lowest cost is $90/month
- Chat.onion- (https://onionapps.github.io/Chat.onion/) This app does not encrypt messages, it only uses base64 encoding! It looks like the project was started and never implimented enryption, no updates since 2016.
- Chiffry- (https://www.chiffry.de) Data not encrypted at rest but that feature is on the roadmap (https://www.chiffry.de/en/versionen)
- Conclave- (https://about.conclave.global) This messenger seems to have gone offline sometime before 10/21/2018
- Connect.im- No recent development since March 2017, seems like a scam trying to get people's bitcoin addresses and keys.
Note from Nadim Kobeissi:
Cryptocat began in 2011 as an experiment in making secure messaging more accessible. In the eight ensuing years, Cryptocat served hundreds of thousands of users and developed a great story to tell.
Now, I have moved on in my life to other things and no longer have time to maintain this project.
Cryptocat users deserve a maintained secure messenger, which is why I recommend Wire.
The Cryptocat source code is still published on GitHub under the GPL version 3 license.
- Cypher- December 2017: Golden Frog has no plans to provide further updates. April 2020: Cyphr will retire in one week, on May 2, 2020, at which time all Cyphr services will end and your account will close.
- Delta Chat- (https://delta.chat)- PGP encrypted email, not instant messages.
- Facebook Messenger- Chats are not encrypted by default. Plus it's Facebook; slurp, slurp, your data is the product!
- FaceTime- iOS only, closed source, data saved on Apple servers
- FreeMessage- FreeMessage has now been integrated into the GMX mail app, however now if you send a message to a non-FreeMessage user it gets converted into a regular SMS message.
- Grape- (https://www.chatgrape.com/open-source) Another team/work oriented messaging tool, all platforms except Linux, monthly subscription.
- iMessage- iOS only, closed source, data saved on Apple servers
- Jitsi- Video conferencing
- Kullo- (https://www.kullo.net) Essentially just an encrypted email system, not really chat.
- Line- (https://line.me) No information about security on main website, does not seem to be a focus at all although there are articles online claiming they are E2EE (https://linecorp.com/en/security/encryption_report).
- MEGA- (mega.nz)- Android leaks files, it is questionable as to who controls the company (https://www.zdnet.com/article/mega-denies-claims-by-kim-dotcom-of-nz-government-control-of-company/
- Mesh- https://mesh.im- Windows only and alpha status for now (12/12/2019)
- Meshenger- (https://firstname.lastname@example.org/introducing-meshenger-97f930ca7b1c)- Email, not instant messages: quot;The vision of Meshenger is to create decentralised platform for secure email and live chat on top of the IOTA Protocol.quot;
- Mumble- Voice chat for gaming. You can send text and links but that is not its primary intent.
- Nandbox- (https://nandbox.com)- 4 trackers: Facebook Analytics, Facebook Login, Facebook Share, Google Firebase Analytics.
- NetTalk Duo/Connect- (nettalkconnect.com)- Application hasn't been updated in 2 years.
- Nextcloud Talk- (https://nextcloud.com/talk/)- Enterprise product, audio and video are E2EE but not chat.
- OnionMessenger- Defunct project
- Peerio- Peerio is closing: https://support.peerio.com/hc/en-us/articles/360021688172-Peerio-Service-Closure-FAQs
- PulseSMS- (messenger.klinkerapps.com)- This app doesn't offer E2EE, what it does offer is using SMS on multiple devices using your phone by connecting each device to an encrypted cloud server. Which is very cool! But once your message leaves your phone it is sent over standard open SMS channels unencrypted.
- SafeUM- (https://safeum.com)- Free version only uses secure websockets, need to pay 5 Euro/month for message encryption (https://safeum.com/price)
- GDATA Secure Chat- App has been discontinued (G DATA Secure Chat is discontinued)
- Semaphore- Targeted for business, monthly subscription
- ShadowTalk- Made in China, application costs $20 for iOS and $7 for Android, bad English translations.
- Silent Circle- Enterprise product, $9.95/mo
- SIMSme- SIMSme has been replaced by Brabbler Ginlo
- Skype- Private Conversations are not enabled by default, not available in video calls or group chats, only available in beta Skype Insider version.
- Slack- Team/work oriented
- Squealock- App has been removed from iOS and Play stores, cannot log into app.
- TamTam- (https://tamtam.chat)- 4 trackers (2 Google ones) and you can sign in using a Google or OK.ru account. Created by mail.ru group.
- Tor Messenger- App no longer in development (Sunsetting Tor Messenger)
- unSend.it- Last update was in 2017, website is now accupied by squatters with sponsored links
- Usecrypt- Monthly subscription of $13.99 per month.
- WeChat- (http://www.wechat.com) No information about security on website, requires a phone number to register.
- WhatsApp- EFF's concerns- Unencrypted backups at rest, data sharing with Facebook
- Whispeer- App appears dead- no updates to it since 2018 and I cannot log into the app with my account.
- xTorChat- January 2019- Website is offline, cannot log into app
- Ziptonite- Website certificate says: "Expires on: Aug 4, 2018" so I'm not even going to bother if they can't keep basic website security practices.