I have previously written about the desirability of having multiple secure messaging systems. On the text/IM front I have covered Signal,
Silent Circle, Wickr, Wire, and Threema. For voice communication I have talked about Signal and Silent Phone Wire. Email options I have covered include ProtonMail, Tutanota, and old-fashioned PGP.
This is an updated and reposted article. It was originally posted on July 13, 2016. Some of the specific tools recommended in the original article are no longer recommended, and some of their specifications have changed. The core message of this article remains valid. I recently got a reminder of this from my new friend, Dee as you will read below.
Redundant Secure Messengers
I am sometimes asked why I cover so many different systems. At times even I have recommended picking one or two and sticking with them. From a blogging standpoint, I want to give the reader as many options as possible. From a personal/actual-use standpoint, my reasoning is slightly different. I feel there are good reasons to employ redundant secure messengers.
Reason 1: Compatibility with others
This is perhaps the most practical reason I employ redundant secure messengers. Secure messengers only work with themselves. While the next frontier of secure messengers will allow various messengers to work with each other, we are currently locked into messaging silos. When I meet someone I want to give them as many secure options as possible. By having multiple capabilities I am also more likely to meet others who have a compatible capability.
This actually happened to me recently. I had the good fortune of meeting a fan (now friend) named Dee. We were establishing communications and I offered Wire or Signal. She offered Wickr and Threema. Neither of us really wanted to budge… We eventually did, though. She installed Wire and I (re)installed Threema, and our conversation got me thinking about this topic again.
Admittedly this doesn’t happen too often. Most people don’t feel very strongly about any particular secure messaging app. When this does happen, I don’t want to miss out on a potential friendship for lack of a certain messenger. The most prolific example of this is the widespread adoption of Signal; lots of people in the military/intelligence community use Signal, so it’s in my best interest to have that application (even if I try to move them over to Wire, which is more convenient for me).
Reason 2: Resilience
Having multiple messengers also lends me a measure of resilience against vulnerabilities. If a vulnerability is discovered in any one app, I can immediately roll to the next. Also, by distributing my communications between apps, I further limit the damage that is done before the vulnerability comes to my attention.
Reason 3: Compartmentalization
From a strict security standpoint, this is the biggest reason to use multiple messaging systems. If I am passing extremely sensitive traffic I can break the message up into several chunks, each of which is transmitted through a different messenger. This doesn’t protect the message against attacks on either the sending or receiving device, but it does protect it in transit. While one messaging protocol may be broken or account compromised, it is unlikely that all of them are. This only works with others who have a strong interest in security and who are willing to bounce between several applications.
Reason 4: Out-of-Band Communication Pathways
Using multiple messengers also allows a secure pathway to send key fingerprints or other information that should be sent out-of-band. For example, when communicating on Wire and you wish to verify a communicant’s key fingerprint, you can offer another secure pathway through which to send it.
Reason 5: Capabilities
Though these services may seem redundant, they actually aren’t. Each of these messaging services has slightly differing feature sets. Threema, for instance, allows me to give out a “Threema ID”, a pseudoramdon, 8-character alphanumeric username. I can give this out without revealing my phone number, email address, or a preferred username, helping me keep my anonymity intact. Wickr is the only free instant messenger (of the ones mentioned here) that supports ephemerality. It deletes messages after a pre-defined period of time. It is also the only one with a desktop version. And Signal is the only free option that supports end-to-end encrypted voice calling. Having multiple messengers allows me to choose the feature-set that is most important for a given conversation.
This reason is less valid than it was a few years ago. Most of the messaging systems offer largely synonymous feature sets now. Signal, Threema, Wickr, and Wire all offer encrypted calling and texting. All offer ephemeral messaging, provide perfect forward secrecy, etc. There are minor differences between all, like the ability of Wire and Threema to send usernames that do not include or involve the user’s phone number.
I have a strong personal preference for Wire for a number of reasons I’ve written about here before (and probably will again) because it seems to offer the most features of any encrypted messenger. Still, there are minor things that both Signal and Threema do better than Wire, and overall the differences in all these messengers is relatively minor.
I run Signal, Threema, and Wire on my device. Running redundant secure messengers may not be for everyone, but there are some good reasons for it.