Jan 07, 2021

Each of these have fairly different use cases.

WhatsApp is bad. They are owned by a data collection company notorious for gross privacy violations. Both the client apps and the server are completely closed source, which means either could be spying on you without any way to know. They do claim to implement the secure Signal Protocol, but how do you verify end to end encryption without seeing source code, anyway?

Telegram is a perfectly adequate choice. The user experience is similar to WhatsApp. It does practice some dark patterns - end to end encryption is only available in "secret chats" and calls, which means all other messages you send are readable by anyone with a warrant - and has had some high-profile exploits over the years, but the current iteration of its cryptographic protocol has been proved secure [1] (disclaimer: the paper claiming so came out within the last month, and I haven't found any discussion or review). All of the client apps are open source. The server is not, but if the clients are properly encrypting messages, that shouldn't be a security concern (To my knowledge. I am not a cryptographer).

Discord is community-oriented. It's primarily based around "guilds" (commonly referred to as servers) that function similar to Slack workspaces. A robust role-based permission systems has made it pretty much the de facto standard for large communities wanting a real-time discussion platform (think subreddits, Discourse forums, etc). They have some top-of-the-line engineers who sometimes publish cool blog posts about their ridiculously performant clients [2]. Nonetheless, nothing is encrypted, they aren't open-source, and they have an unclear monetization model [3].

Signal is designed, intentionally or not, as a SMS replacement. It's build around one on one and small group messages. Their encryption is strong, independently verified, and enabled by default (Signal falls back to SMS for others who don't use it). Think iMessage, but open-source and secure. You'll see HN complain about its UI from time to time, but really, it's quite good. It's also extremely easy to convince friends and family to switch to.

Matrix aims to be to real time chat what email is for asynchronous communication. Rather than a service, it's a standard, which means you'll see swaths of clients strewn about GitHub and other websites, the most feature complete of which is Element [4]. In practice (or for the time being), Matrix is just better IRC. VoIP and video calls are somewhat hodge-poged into the spec, but do work well, and encryption by default has been rolling out over the past year. Direct messaging, group chats, and communities are also all supported, although the latter suffers from the IRC-like limitation of only one "channel" per server.

I know nothing about Threema or Viber, sorry.

[1]: https://arxiv.org/abs/2012.03141

[2]: https://blog.discord.com/why-discord-is-switching-from-go-to...

[3]: https://cadence.moe/blog/2020-06-06-why-you-shouldnt-trust-d...

[4]: https://element.io/

Jan 06, 2021

Telegram's MTProto 2.0 encryption protocol was recently proved correct, but I haven't seen any peer review or discussion on the paper yet.

https://arxiv.org/abs/2012.03141

Jan 04, 2021

Telegram's protocol itself isn't necessarily a weakness - recently, a paper was published claiming to have proved the MTProto 2.0 protocol correct. Perhaps because of how recent this was, it doesn't seem to have garnered any discussion or review anywhere.

https://arxiv.org/abs/2012.03141