Redundant Secure Messengers

I have previously written about multiple secure messaging systems.  On the text/IM front I have covered Signal, Silent Circle, Wickr, and Threema.  For voice communication I have talked about Signal and Silent Phone.  Email options I have covered include ProtonMail, Tutanota, and old-fashioned PGP.  I am sometimes asked why I cover so many different systems.  Even I have recommended picking one or two and sticking with them. From a blogging standpoint, I want to give the reader as many options as possible.  From a personal/actual-use standpoint, my reasoning is slightly different.  I feel there are good reasons to employ redundant secure messengers.


Compatibility:  This is perhaps the most practical reason I employ redundant secure messengers.  When I meet someone I want to give them as many secure options as possible.  By having multiple capabilities I am also more likely to meet others who have a compatible capability.

Resilience:  Having mulitple messengers also lends me a measure of resilience against vulnerabilities.  If a vulnerability is discovered in any one app, I can immediately roll to the next.  Also, by distributing my communications between apps, I further limit the damage that is done before the vulnerability comes to my attention.

Compartmentalization:  From a strict security standpoint, this is the biggest reason I use multiple messaging systems.  If I am passing extremely sensitive traffic I can break the message up into several chunks, each of which is transmitted through a different messenger.  This doesn’t protect the message against attacks on either the sending or receiving device, but it does protect it in transit.  While one messaging protocol may be broken or account compromised, it is unlikely that all of them are.  This only works with others who have a strong interest in security and who are willing to bounce between several applications.

Capabilities:  Though these services may seem redundant, they actually aren’t.  Each of these messaging services has slightly differing feature sets.  Threema, for instance, allows me to give out a “Threema ID”, a pseudoramdon, 8-character alphanumeric username.  I can give this out without revealing my phone number, email address, or a preferred username, helping me keep my anonymity intact.  Wickr is the only free instant messenger (of the ones mentioned here) that supports ephemerality.  It deletes messages after a pre-defined period of time.  It is also the only one with a desktop version.  And Signal is the only free option that supports end-to-end encrypted voice calling.  Having multiple messengers allows me to choose the feature-set that is most important for a given conversation.

“Out-Of-Band” Pathways:  Using multiple messengers also allows a secure pathway to send key fingerprints.  For example, if I am communicating on Signal and wish to verify a communicant’s key fingerprint, you can offer another secure pathway through which to send it.

I run Signal, Threema, and Wickr on my device.  Running redundant secure messengers may not be for everyone, but there is a reason for it.

Edited on 07/22/16 to add Out-of-Band section.


If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.

Leave a Reply

Your email address will not be published.