Signal, SimpleX, Session, Matrix: Which Messenger Is Right for Your Threat Level?
Your messenger is part of your security model. If you are lining up a no-KYCKnow Your Customer rules require users to submit identity information such as passports, selfies, addresses, or phone numbers before accessing a service.Glossary → trade, talking to a source, or trying to keep chats out of a subpoena, the app choice matters.
Most comparisons stop at encryption. That is not enough. The real questions are simpler: what metadataData about data, such as who contacted whom, when, from what device, and from which location. Metadata often remains exposed even when content is encrypted.Glossary → does the app keep, what identifier ties you to the account, who runs the server, and what laws control that operator.
| App | Identifier | Metadata Exposure | Server | Jurisdiction |
|---|---|---|---|---|
| Signal | Phone number | Low (sealed sender, minimal logs) | Centralised (Signal Foundation) | 🇺🇸 US |
| SimpleX | None | Minimal (no user accounts) | Federated / self-hostable | UK (but self-hostable) |
| Session | Public key (no phone) | Low (decentralised network) | Decentralised (Oxen nodes) | 🇨🇭 Switzerland (2024) |
| Matrix | Username + homeserver | High (federation sees metadata) | Federated (many servers) | Depends on homeserver |
Signal
The Signal Protocol is the standard other big messengers copied. WhatsApp, Facebook Messenger, and Google Messages use it for encryption. Signal stands out because the foundation still knows very little about the content of your chats.
The weak point is identity. Signal registration still hangs on a phone number, and contact discovery still depends on your contacts. Signal is a US nonprofit and has answered legal requests before. Its published responses show it retains little, mainly registration date and last connection time. Still, a real number ties the account back to you. Break that link before install with a surveillance-resistant number from Silent.link, LNVPN, or another burner source.
SimpleX Chat
SimpleX fixes the identity problem by removing accounts. There is no username, no phone number, no searchable profile. Each contact gets separate temporary message queues, so one conversation does not expose the others.
That design costs convenience. You add contacts by sharing a QR code or invite link directly. No search. No address book sync. SimpleX Chat Ltd is based in the UK, but the service stores little that can be tied back to a person. If your threat model is stricter, run your own SMP relay on a non-Five Eyes VPS and reach it over TorThe Tor network uses onion routing to obscure IP addresses and browsing paths by relaying traffic through multiple volunteer-run nodes.Glossary →.
Session
Session creates your identity from a random public key on your device. No phone number. No email. No registration. It routes messages through the Oxen Service Node network instead of a central server.
That network is decentralized, but not magically free of concentration. Node economics still push influence toward a smaller set of operators. Jurisdiction also matters. In November 2024, Session moved from Australia to a Swiss foundation after Australian police asked an employee for user data. That cuts one major risk. Switzerland is outside Five Eyes and usually demands stronger legal process. Session also hides IP data better than Signal through onion routingA routing method that wraps traffic in layers of encryption and passes it through multiple relays so no single node sees both sender and destination.Glossary →, though it has had less outside scrutiny than Signal.
Matrix
Matrix was built for federation and community coordination, not tight privacy. That model leaks metadata by design. Servers in a room can see membership, timing, and server addresses whether or not message content is encrypted.
The default matrix.org homeserver, run by Element, sits in the UK. Self-hosting removes that one exposure, but not the broader federation leak if room members sit on other servers. Matrix works when the point is open federation. It is a bad fit for financial privacy or other cases where metadata matters.
Threat-Level Recommendations
| Threat Level | Recommended App | Setup Notes |
|---|---|---|
| Everyday private communications | Signal | Burner number. Silent.link or LNVPN. |
| No-KYC trade coordination | SimpleX or Session | No phone number. Pick SimpleX if the other side will set it up. |
| Journalist / source communication | SimpleX | Self-host SMP relay on non-Five Eyes VPS. Access via Tor. |
| High-risk activist / dissident | SimpleX + self-hosted relay + Tor | Full stack: run relay on FlokiNET or 1984 Hosting. Access via Tails. |
| Team / community coordination | Matrix (self-hosted) or Signal groups | Run your own Matrix homeserver if needed. Signal groups are fine for lower-risk coordination. |
What No Messenger Protects You From
- Endpoint compromise: If your phone is infected with malware like Pegasus or Paragon, the attacker reads messages before encryption. See NSO Group/Pegasus explainer. GrapheneOS cuts this risk.
- Your counterparty: If the person you are messaging works with law enforcement, the app does not save you.
- Traffic timing correlation: A powerful observer watching both ends of the connection can still match message timing even without reading content.
Cunicula receives no funding from Signal Foundation, SimpleX Chat Ltd, Session/Oxen, or Element/Matrix.org.
Follow the Money
Funding shapes incentives. Signal takes support tied to the Open Technology Fund. The tools with the least institutional backing often make the strongest privacy choices because they had to build them in.
- Signal Foundation
- Open Technology Fund, linked to the US State Department and BBG. Brian Acton added a $50M donation in 2018. Jurisdiction: US. 501(c)(3).
- Element / Matrix
- Element AI raised $30M Series B. UK jurisdiction. Subject to RIPA and Five Eyes pressure.
- SimpleX · Session
- SimpleX is bootstrapped with no outside funding. Session is run by the Oxen Privacy Tech Foundation, later moved from Australia to Switzerland. No VC, no government money.
- WhatsApp / Meta
- $134B ad revenue in 2023. Your metadata feeds Meta's business model.
Frequently Asked Questions
Which encrypted messenger is the most private?
SimpleX Chat. It uses no phone number, no username, and no persistent account on a server. Each conversation runs through separate temporary queues, which makes cross-contact correlation hard. The trade-off is reach and setup friction. If you need something private but easier to use, Session is the practical fallback.
Can Signal be used without a phone number?
Signal still needs a phone number to register, but it does not have to be your real one. An anonymous number from Silent.link, LNVPN, JMP.chat, or a cash-bought prepaid SIM keeps your Signal identity separate from your main number. Signal stores the number and registration IP, so use a number and network path that do not identify you.
Is Matrix private?
Matrix encrypts content well, but metadata privacy is weak. In federated rooms, participating servers can still see room membership, message timing, and server addresses. The default matrix.org homeserver is UK-based. Matrix fits community coordination. It is a poor choice for financial privacy or other high-risk communications.
What messenger should I use for crypto trading and financial privacy?
Use SimpleX if both sides can handle the setup. It has no phone number and no persistent user ID. Signal is acceptable if you register with an anonymous number and enable disappearing messages. Do not use Telegram for sensitive trade or privacy chat. Regular Telegram chats are not end-to-end encrypted, and the server can read them.
What does the messaging server actually see?
Signal sees your phone number, registration IP, last connection time, and some account settings, but not message content. SimpleX sees temporary message queues with no user account to tie together. Session sees a random Session ID and stores encrypted messages until delivery. Matrix servers often see room membership, timing, and sometimes content if E2E is not enabled. Telegram sees everything in regular chats. Only Secret Chats are client-side encrypted.