{"id":18997706,"url":"https://github.com/s0/state-of-secure-messaging","last_synced_at":"2026-02-07T22:02:40.443Z","repository":{"id":72164846,"uuid":"53949641","full_name":"s0/state-of-secure-messaging","owner":"s0","description":null,"archived":false,"fork":false,"pushed_at":"2016-04-14T18:03:20.000Z","size":9,"stargazers_count":2,"open_issues_count":1,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-15T12:42:17.263Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/s0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-03-15T14:07:59.000Z","updated_at":"2018-01-06T00:35:34.000Z","dependencies_parsed_at":null,"dependency_job_id":"a63d5e89-8f0a-47a0-b59c-ba5cf65d33f4","html_url":"https://github.com/s0/state-of-secure-messaging","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/s0/state-of-secure-messaging","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s0%2Fstate-of-secure-messaging","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s0%2Fstate-of-secure-messaging/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s0%2Fstate-of-secure-messaging/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s0%2Fstate-of-secure-messaging/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/s0","download_url":"https://codeload.github.com/s0/state-of-secure-messaging/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s0%2Fstate-of-secure-messaging/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29209843,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T21:35:21.898Z","status":"ssl_error","status_checked_at":"2026-02-07T21:35:20.106Z","response_time":63,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T17:42:14.224Z","updated_at":"2026-02-07T22:02:40.401Z","avatar_url":"https://github.com/s0.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# State of Secure Messaging\n\nThis document is intended to be a high-level summary of the various features /\ncharacteristics of current open source secure messaging systems. This document\nonly covers **completely open source end-to-end encrypted systems** (by systems,\nI mean the underlying network architecture and protocol, not specific client\nimplementations).\n\nIn essence, for all of these systems, all content of messages is encrypted on\nthe sender and receiver's devices.\n\n### Note\n\nThis document is a very rough draft, and there is still lots of work left to be\ndone.\n\n## Features\n\n| Feature | Signal | Tox | Ricochet | Pond | Twister DMs |\n| :---------------------- | :---------------: | :------------: | :------------: | :----: | :------------: |\n| Architecture | Central | P2P | P2P | ? | P2P |\n| Hidden Metadata | ![](cross.png) | Some | ![](tick.png) | ? | Some |\n| Censorship Resistant | ![](cross.png) | ? | ![](tick.png) | ? | ![](tick.png) |\n| Contact Discovery | Mobile Number | ? | ![](cross.png) | ? | ? |\n| Offline Messaging | ![](tick.png) | ![](cross.png) | ![](cross.png) | ? | ![](tick.png) |\n| Group Messaging | ![](tick.png) | ![](tick.png) | ![](cross.png) | ? | ![](cross.png) |\n| Multi-Device Support | ![](tick.png) (3) | In Development | ![](cross.png) | ? | ![](cross.png) |\n| Calling | ![](tick.png) | ![](tick.png) | ![](cross.png) | ? | ![](cross.png) |\n| Video Chat | ![](cross.png) | ![](tick.png) | ![](cross.png) | ? | ![](cross.png) |\n| Deniability | ![](tick.png) | ![](tick.png) | ? | ? | ? |\n| Forward Secrecy | ![](tick.png) | ![](tick.png) | ? | ? | ? |\n| Future Secrecy | ![](tick.png) | ? | ? | ? | ? |\n\n## Metadata Leakage\n\nInformation (that is not part of the content of a message) that may be\nundesirable for others to know about.\n\nAgain this is just a very quick list of things I could think of that could be\nconsidered metadata. Suggestions welcome.\n\n**Key:**\n * `-` leak does not matter / makes no sense.\n * ![](cross.png) the data is leaked.\n * ![](tick.png) the data is not leaked.\n * `?` needs clarification / investigation.\n\n| Data | Observer | Signal | Tox | Tox over Tor | Ricochet | Pond | Twister DMs |\n| :------------------------------------ | :------- | :------------: |:-------------: | :------------: | :------------: | :----: | :------------: |\n| Usage | Edge | ![](cross.png) | ![](cross.png) | ![](tick.png) | ![](tick.png) | ? | ![](cross.png) |\n| Usage | Server | ![](cross.png) | - | - | - | ? | - |\n| Usage | Public | ![](cross.png) | ![](tick.png) | ![](tick.png) | ![](tick.png) | ? | ![](cross.png) |\n| Usage | Contact | - | - | - | - | - | - |\n| Contacts Currently Communicating With | Edge | ![](tick.png) | ![](cross.png) | ![](tick.png) | ![](tick.png) | ? | ![](tick.png) |\n| Contacts Currently Communicating With | Server | ![](cross.png) | - | - | - | ? | - |\n| Contacts Currently Communicating With | Public | ![](tick.png) | ? | ? | ![](tick.png) | ? | ![](tick.png) |\n| Contacts Currently Communicating With | Contact | ![](tick.png) | ? | ? | ![](tick.png) | ? | ![](tick.png) |\n| Contacts | Edge | ![](tick.png) | ![](cross.png) | ![](tick.png) | ![](tick.png) | ? | ? |\n| Contacts | Server | ![](cross.png) | - | - | - | ? | - |\n| Contacts | Public | ![](tick.png) | ? | ? | ![](tick.png) | ? | ![](cross.png) |\n| Contacts | Contact | ![](tick.png) | ? | ? | ![](tick.png) | ? | ![](cross.png) |\n| IP Address | Edge | - | - | - | - | - | - |\n| IP Address | Server | ![](cross.png) | - | - | - | ? | - |\n| IP Address | Public | ![](tick.png) | ![](tick.png) | ![](tick.png) | ![](tick.png) | ? | ? |\n| IP Address | Contact | ![](tick.png) | ![](cross.png) | ![](tick.png) | ![](tick.png) | ? | ? |\n\n**Data Definitions:**\n\n* **Usage:** The observer can see when you are using the given system, or even\n just the fact that you *do* use it, or have used it in the past.\n* **Contacts Currently Communicating With:** The oberver can see when you are\n communicating with a particular contact (either IP Address or Identifier on\n System). A leak of this kind directly leads to a leak of **Contacts** as\n detailed below. Seeing a single message while knowing the sender and recipient\n counts as a leak of this kind.\n\n From the point of view of the Contact observer, we exclude communications only\n with this contact. IE: we consider there to be a leak only when one contact\n can see you communicating with a different contact.\n* **Contacts:** The observer can see one or more associations (either IP\n Address or Identifier on System) between you and someone else.\n\n If for example an edge observer could observe a connection between you and\n another user of the same system (as above) (e.g. a direct TCP connection\n between 2 IP Addresses) then this counts as a leak of this kind. Over time an\n adversary could build up a map of all of your \"contacts\" presuming you message\n each of your contacts at least once since observation begins.\n* **IP Address:** Self Explanatory. Can be tied to a geographic location and\n your identity in many situations.\n\n\n**Observer Definitions:**\n\n* **Edge:** Nearby network infrastructure, so your local network, ISP, NSA and any\n network you may connect to as a guest or otherwise all count as entities that\n can observe edge traffic, in essence anyone between you and the \"system\".\n\n **Has Information:**\n * IP Address\n * Physical Location\n * Real Identity\n\n* **Server:** Only applicable to Centralized systems.\n\n **Has Information:**\n * IP Address (and potentially other associated information)\n * Identifier on system\n\n* **Public:** Any person on the internet / whether using the system or not.\n\n **Has Information:**\n * Identifier on system (e.g. username / pubkey)\n\n* **Contact:** Someone on your contact's list.\n\n **Has Information:**\n * Identifier on system (e.g. username / pubkey)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs0%2Fstate-of-secure-messaging","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fs0%2Fstate-of-secure-messaging","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs0%2Fstate-of-secure-messaging/lists"}