Messaging Apps — Independence · E2EE Reality · Metadata · Monetization · Future‑proof · Interoperability

Ratings assume corporations optimize for revenue, not user privacy — even when they claim otherwise. “Metadata” is often more revealing than message content. Interoperability column reflects EU Digital Markets Act (DMA) Article 7 gatekeeper obligations and IETF MIMI / MLS (RFC 9420) protocol alignment. Evaluated as of early 2026.

🔍

Active filters: No self-hosting required · Native client on all four: Android · iOS · Windows · Mac. Apps failing these criteria are dimmed with a red left border. W = web/PWA only. x = unavailable. · Interop key: Native federated MLS-ready RCS standard DMA API live DMA required Under review None By design: no

Rating scale: Very High High Medium Low Very Low Badges: non‑profit open source federated P2P paid / no ads corporate authoritarianism risk

App & Owner	Clients A i W M	Independence from platform / corp	E2EE / Security as actually deployed	Metadata Collected known & inferred	Monetization & Hidden Risks	Source Openness	Future‑ proof	Interoperability DMA / MIMI / XMPP / Matrix	Verdict
Privacy‑first / Open ecosystems
SignalSignal Foundation (US non‑profit) non‑profitopen source	AiWM	High	Very High Default E2EE all chats; Sealed Sender hides metadata	Phone number only (required) No message graph stored server-side Sealed Sender conceals who messages whom Phone # linkable to real identity	Donation-funded. No ads, no data sales. Risk: US jurisdiction, donor dependency.	Full OSS	Med‑High	None planned Below DMA gatekeeper threshold. Explicitly opposes federated interop — argues it creates unverifiable E2EE trust chains with closed-source partners.	Gold standard for private messaging. Desktop client mature & actively maintained. Only real concern is funding fragility.
Matrix / ElementElement (UK); Matrix.org Foundation federatedopen source	AiWM No self‑hosting needed	High*	High Olm/Megolm E2EE; key cross-signing; E2EE on by default in Element	Use matrix.org or any public server — no setup On matrix.org: IP, user graph accessible to Element Message content E2EE regardless of server Federation: no single entity controls the network	Enterprise hosting sales. No advertising model. Public servers free; no self-hosting required.	Full OSS	Very High	Native federated Is an interop standard. Matrix.org Foundation actively lobbied EU to recognise Matrix as a DMA Article 7 compliance path. MLS (RFC 9420) adoption underway for cross-ecosystem E2EE. Real-world federation works today.	Best long-term bet. Public servers work out of the box — no server to run. Privacy on public server similar to other managed apps. *Self-hosted = Very High independence.
ThreemaThreema GmbH (Switzerland) one‑time purchaseopen source	AiWM	High	High NaCl E2EE; no phone/email required; random Threema ID	No phone number or email required Minimal server logs; Swiss data law Small company; Swiss legal orders possible	Paid app (~€5 one‑time). Zero ads. Swiss privacy law enforced. Fully managed service.	OSS (2020)	Medium	None Below DMA threshold. Proprietary Threema protocol. No XMPP/Matrix bridge. No federation.	Very strong privacy; good-quality native clients all platforms. Small user base limits network effect.
SimpleX ChatSimpleX Chat Ltd (UK) — VC‑seed open sourceno user IDs	AiWM Desktop client newer, less mature	Very High	Very High Double-ratchet; no user identifiers at all — not even a username	No user IDs stored anywhere Separate queues prevent social graph analysis Hosted relay servers used by default (no setup) Very early stage; unproven sustainability	Free; VC-seeded. No self-hosting needed. Business model unproven. Architecture is uniquely surveillance-resistant.	Full OSS	Medium	By design: no No stable user identifiers anywhere — structurally incompatible with all standard interop models (DMA, MIMI, XMPP, Matrix) which require addressable users.	Most metadata-lean design today. Desktop client works but less polished than Signal. Uncertain long-term funding.
SessionOxen Privacy Tech Foundation (AU) open sourcedecentralised	AiWM	Very High	High Signal protocol variant; no phone number; onion-routed via Oxen network	No phone/email required Onion-routed; decentralised network, no central server Crypto-token (OXEN) funding = economic risk	OXEN crypto token funds infrastructure. No ads, no data monetization. Fully managed, no setup.	Full OSS	Med‑Low	None Decentralised Oxen network. Below DMA threshold. No standard interop protocol.	Strong anonymity design; good native clients. OXEN token valuation is a sustainability risk.
BriarBriar Project (non‑profit, EU/DE) non‑profitopen sourceP2P / Tor	AiWM Android only — fails filter	Very High	Very High P2P via Tor; works over Bluetooth/WiFi with no internet	No central server = no central metadata Works fully offline (BT/WiFi mesh) Android only — no iOS, no desktop	Grant-funded, no commercial model. Built for activists & high-risk users.	Full OSS	Medium	N/A P2P mesh over Tor/BT/WiFi — no server-to-server federation possible by architecture.	Technically excellent but Android‑only. Excluded from consideration if cross-platform is required.
WireWire Swiss GmbH (CH/DE) open sourceB2B focus	AiWM	High	High Default E2EE; MLS protocol for groups. Team/Wire for Business hosted service available.	Swiss/German law; no ad model B2B admin has org metadata access Ownership changed multiple times	Enterprise SaaS. No consumer advertising. Free personal tier exists. Ownership history is a governance concern.	Full OSS	Medium	MLS-ready First production messaging app to deploy MLS (RFC 9420) — the E2EE layer that MIMI is built on. Best-positioned privacy-focused app for future MIMI federation.	Solid quality clients all platforms. Consumer focus largely abandoned in favour of B2B. Ownership instability is a red flag.
Mid‑tier — privacy partially compromised
iMessageApple Inc. (US) corporate	AiWM Apple‑only — fails filter	Medium	Partial E2EE Apple-to-Apple; unencrypted SMS fallback; iCloud backup breaks E2EE by default	Apple logs message metadata (to/from, timestamps) iCloud backups (default on): Apple can read messages Used in many US law enforcement requests No Android client — E2EE breaks cross-platform	Hardware upsell — messages not sold to advertisers. But no Android & no Windows = platform lock-in.	Closed	Medium	DMA required Apple designated DMA gatekeeper. Interop compliance plan submitted; progress slow and friction-laden. Third-party iMessage access technically available but no Android = interop is still one-sided.	Excluded — Apple ecosystem only. No Android client exists and none is planned.
ViberRakuten (Japan/US) corporate	AiWM	Low	Partial E2EE for 1:1 and group chats; Channels & Communities NOT encrypted	Phone number, contacts, usage patterns Ad targeting in Channels/Communities Rakuten loyalty ecosystem data linkage Unclear data retention policies	Ad revenue in public spaces. Rakuten cross-app data sharing. Less aggressive than Meta but no strong privacy guarantees.	Closed	Low	None Below DMA gatekeeper threshold. Proprietary protocol. No interop roadmap.	Full cross-platform native clients. Declining user base; partially encrypted but surrounded by ad infrastructure.
Google Messages (RCS)Google / Alphabet (US) corporate	AiWM Android‑primary — fails filter	Low	Partial E2EE for 1:1 RCS on Android; group E2EE limited; SMS fallback unencrypted	Metadata feeds Google ad identity graph Deep Google account identity integration Message frequency/contacts visible to Google Business messages: Google reads content for spam	Ad-driven Alphabet. Metadata feeds identity graph. Google kills products unpredictably (Allo, Hangouts, +).	Closed	Low	RCS standard RCS (GSMA) is itself a carrier-level interop standard — works across telcos by design. Different layer from DMA app-level interop. Not a designated DMA gatekeeper for messaging.	Excluded — Android-first only; no iOS app, no native desktop. Your communication graph is an ad product.
LineLY Corporation (Naver/SoftBank, JP/KR) corporate	AiWM	Low	Partial "Letter Sealing" E2EE opt-in; not default everywhere; backups unencrypted	User graph, location, usage, purchase data JP govt data-sharing controversy (2024 Naver breach) Line Pay & commerce data linkage	Sticker market, Line Pay, shopping, advertising. Deep commerce data linkage. Data sovereignty incident 2024.	Closed	Low	None Below DMA threshold. Dominant in JP/TH/TW but no interop standard. Proprietary protocol.	Full native clients all platforms. Dominant in Japan/Thailand/Taiwan. Restructuring post-breach adds uncertainty.
High‑risk — pervasive data collection, authoritarian exposure, or structural deceptions
WhatsAppMeta Platforms (US) corporate	AiWM	Very Low	Content only Signal protocol for message content; metadata fully exposed to Meta	Full social graph: who you contact & when Device fingerprint, IP, location, phone model Backup to Google/iCloud: content readable by default Contact list uploaded even for non-users Cross-app identity: Instagram & Facebook linked	Meta's core business is advertising via behavior profiling. "We don't read messages" is technically true and strategically misleading.	Closed	Low	DMA API live Third-party chat API deployed 2024 under DMA Article 7. Meta-controlled gateway — technically compliant, deliberately friction-laden. Critics: "compliance as moat." Signal & others declined due to Meta's closed server.	Polished native clients all platforms. Content encrypted, context fully monetized. The world's largest private social graph extraction operation.
Facebook MessengerMeta Platforms (US) corporate	AiWM	Very Low	Low‑Med Default E2EE rolled out 2023‑24 under pressure — years of plaintext history already extracted	Full social graph, years of historical plaintext Reactions, GIFs, links = sentiment & interest signals Cross Facebook / Instagram / WhatsApp identity fusion Usage timing & frequency sold as ad signals	Advertising behemoth. E2EE added under regulatory pressure. Any content sharing analyzed for ad targeting.	Closed	Low	DMA API live Shares Meta's DMA gatekeeper obligation with WhatsApp. Same gateway API. Meta controls the bridge — no neutral protocol.	E2EE is damage control, not a privacy redesign. Historical data already extracted and monetized.
TelegramTelegram (Dubai; legal uncertainty post‑Durov arrest) corporate	AiWM	Low	Low Default: server-client encryption only (Telegram holds keys). E2EE only in "Secret Chats" — NOT groups, NOT channels	Telegram reads all non-Secret messages server-side Full social graph, channel membership, IP addresses Durov arrest (FR 2024): legal cooperation now established Channel/group content monetized via ads (2021+)	Marketed as "secure" but NOT E2EE by default. Durov arrest ended independence fiction. TON crypto + Premium + ads = revenue model.	Client OSS, server closed	Low	None Not designated a DMA gatekeeper (contested; below threshold or appealing). MTProto is proprietary & closed server-side. No standard interop path.	Most dangerous gap between privacy perception and reality. Polished clients all platforms. Billions think it is encrypted — it is not by default.
DiscordDiscord Inc. (US) — VC‑backed corporate	AiWM	Very Low	None No E2EE whatsoever. All messages readable by Discord and any legal request	All message content readable by Discord Full network graph, server membership, activity timing Voice/video activity metadata logged Game activity, screen share data, integrations Targeted ad rollout underway (2024‑25)	Zero encryption by design. Nitro subscriptions + ads + B2B. Game activity & social behavior = valuable profiling data for youth.	Closed	Low	None Not a DMA gatekeeper. No interop planned. No E2EE = bridging would expose all content.	Polished native clients all platforms. Treat every Discord message as readable. Large behavioral dataset with zero encryption protection.
SnapchatSnap Inc. (US) corporate	AiWM No native desktop	Very Low	Low E2EE for snaps claimed; Memories & Spotlight server-side; "ephemeral" is a UI metaphor, not cryptographic	Face scan data (AR lenses) = biometric Snap Map: precise continuous location Memories stored unencrypted on Snap servers Heavy ad targeting to teen demographic My AI (chatbot) conversations retained	Advertising to teenagers. Biometric data from AR filters. "Disappearing" is a UX feature, not a security guarantee.	Closed	Low	None Not a DMA gatekeeper. No interop roadmap. Product identity (ephemeral media) incompatible with standard messaging interop.	Mobile-only product. Among the highest-risk platforms for youth. Biometric + location + social graph + ad targeting on adolescents.
X / Twitter DMsX Corp / xAI (Elon Musk) corporate	AiWM No native desktop DM client	Very Low	Very Low E2EE DMs announced (2023) then paused; 2025‑26: partial, premium-only, unverified	DM content readable by X/xAI for "AI training" Public post + DM graph merged for Grok AI Political content amplification owner-controlled Verified identity data cross-referenced	AI data extraction + advertising + arbitrary moderation. DM content explicitly used for Grok AI training. No governance checks on owner.	Closed	Very Low	Under review DMA gatekeeper status uncertain post-Musk (threshold contested, political complications). No interop implemented. ActivityPub (Mastodon) bridge rumoured but not delivered.	DMs are an AI training corpus. Worst governance transparency of any major platform. Avoid for anything sensitive.
WeChatTencent (China); CCP access mandated by law corporateauthoritarianism risk	AiWM	Very Low	None No E2EE. All messages accessible to Tencent & by law to Chinese state security	Full message content readable by Tencent Real-name registration required in China Active censorship & keyword monitoring WeChat Pay financial transaction surveillance Social credit data integration (PRC users)	State surveillance infrastructure as a product. Non-Chinese users messaging Chinese accounts trigger monitoring.	Closed	Very Low	DMA required Designated DMA gatekeeper. Zero compliance implemented. EU enforcement severely limited by Chinese jurisdiction — effectively unenforceable in practice.	Not just privacy-hostile — actively a state surveillance tool. Necessary for China engagement; dangerous for sensitive communication.
TikTok DMsByteDance (China); legal status volatile US/EU corporateauthoritarianism risk	AiWM Mobile-first product	Very Low	Very Low No meaningful E2EE; ByteDance employee backend access documented	Biometric data: face & voice from videos Keystrokes, clipboard (historical reports) Precise location, device graph Project Texas (Oracle): China access restrictions contested Algorithm feeds polarizing content to maximize watch time	Advertising + algorithmic attention maximization. ByteDance Chinese ownership implies CCP data access obligation.	Closed	Very Low	DMA required Designated DMA gatekeeper. Under active enforcement for other DMA violations. No messaging interop implemented. Ownership/legal status adds further uncertainty.	Primary concern is feed algorithm & behavioral extraction. DMs have no privacy protections. Regulatory future uncertain.

Key references & evidence basis

DMA / MIMI: EU Digital Markets Act Art. 7 gatekeeper interoperability obligations (force March 2024). IETF MIMI working group (2022–); MLS RFC 9420 (2023). Matrix.org DMA position paper. WhatsApp third-party API: Meta developer docs.
Signal: Signal Foundation transparency report — govt requests return only registration date & last connection. signal.org/bigbrother. Desktop client (Electron) actively maintained on Win/Mac/Linux.
Matrix: Matrix.org spec; Olm/Megolm; matrix.org E2EE docs. Public servers: matrix.org/ecosystem/servers. No self-hosting required — E2EE regardless of server.
Wire: Wire MLS announcement (2023): first production app deploying RFC 9420. Wire for Teams hosted service available. wire.com/blog/mls
WhatsApp: Meta Privacy Policy enumerates metadata collected. Signal protocol for content confirmed. 2021 ToS controversy confirmed ad-data linkage. DMA API: launched March 2024, criticized by EFF and others as "interoperability theatre."
Telegram: Telegram FAQ confirms cloud messages are server-decryptable. Durov arrest (Aug 2024, France) led to confirmed data cooperation. TON + Premium + channel ads = revenue model.
Discord: Discord Privacy Policy: messages stored and processed. No E2EE documented or claimed. Ad platform launched 2024. DOJ subpoenas fulfilled regularly.
Snapchat: Snapchat Privacy Policy: Memories on servers. Snap Map collects precise location. AR lens biometric data covered by BIPA settlements. No native Win/Mac client.
WeChat: Citizen Lab surveillance architecture research. PRC Cybersecurity Law (2017) + National Security Law (2020) mandate backdoor access.
TikTok: Forbes (2022): ByteDance employee access to US user data. Senate hearings (2023). DMA enforcement proceedings ongoing (2025–26).
X / Twitter: E2EE DMs announced May 2023, paused. xAI/Grok Terms confirm DM content used for AI training. DMA gatekeeper designation contested.
iMessage: Apple transparency reports: metadata provided to law enforcement. Advanced Data Protection must be manually enabled. No Android client — fundamental cross-platform barrier.
Google Messages: Android-only app; Messages for Web is QR-paired companion. No iOS app. RCS is a GSMA carrier interop standard, separate from DMA application-level interop.

Last updated: March 2026 · Ratings are subjective assessments of structural risk based on publicly documented behavior and verified research. Not legal advice.

Messaging Interoperability: Regulatory Landscape

🇪🇺 European Union

Digital Markets Act (DMA) — Article 7

Status: Legally binding. Compliance deadlines passed. Enforcement ongoing.

The DMA (Regulation (EU) 2022/1925), in force March 2024, designates large platforms as gatekeepers and mandates that they open messaging to third-party interoperability on request. Article 7 applies specifically to number-independent interpersonal communications services.

Designated gatekeepers for messaging (as of 2026)

Meta — WhatsApp and Facebook Messenger (separate designations). WhatsApp third-party API launched March 2024. Technically compliant; widely criticized as deliberately friction-laden. No neutral protocol — all traffic routed through Meta-controlled gateway, Meta retains metadata on all bridged messages.
Apple — iMessage. Compliance plan submitted; implementation contested. Apple argues the lack of an Android client means iMessage can't practically achieve interoperability without a fundamental redesign. Negotiations ongoing with the European Commission.
ByteDance / TikTok — Designated gatekeeper. Under active DMA enforcement proceedings for separate violations (algorithm transparency, data access). Messaging interop: none implemented.
Tencent / WeChat — Designated gatekeeper. Compliance effectively unenforceable: WeChat infrastructure is in China, Chinese law prohibits compliance with foreign interoperability mandates that would expose traffic to non-Chinese parties. EU fines theoretically possible but practically uncollectable.

The technical problem: MIMI & MLS

The DMA mandates that gatekeepers interoperate but says nothing about how. The IETF MIMI working group (More Instant Messaging Interoperability, formed 2022) is producing the application-layer protocol. It is built on top of MLS (Messaging Layer Security, RFC 9420, published 2023) as the shared E2EE primitive. This solves the hardest problem: how do two apps with different encryption stacks exchange end-to-end encrypted messages without one party needing to trust the other's server?

Key tension: messaging apps that use their own proprietary E2EE (Signal Protocol, MTProto, etc.) must either abandon their implementation in favour of MLS, run a translation layer that inevitably weakens the E2EE guarantees at the boundary, or refuse to interop — which is what Signal has done, arguing correctly that cross-protocol E2EE bridges create unauditable trust chains, especially against closed-source gatekeeper servers.

Matrix is the only major ecosystem that is both already federated and actively integrating MLS, positioning it as the most technically coherent DMA compliance path. The Matrix.org Foundation submitted formal position papers to the EU arguing this case.

Assessment

Assessment: Meta compliance is compliance theatre. Apple compliance is legally stalled. WeChat/TikTok compliance is geopolitically blocked. The EU has created a legal obligation without a practical enforcement mechanism against China, and without mandating a specific protocol, leaving gatekeepers free to implement the minimum technically arguable surface area.

🇺🇸 United States

No federal law — stalled bills, antitrust adjacency

Status: No binding legislation. Legislative progress stalled as of early 2026.

The US has no equivalent to the DMA. Interoperability has been raised through three separate tracks — dedicated bills, broad platform antitrust legislation, and DOJ/FTC antitrust enforcement — with limited progress in any of them.

The ACCESS Act

The most directly relevant bill: Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act, first introduced 2021 by Senators Mark Warner (D-VA), Mazie Hirono (D-HI), and Richard Blumenthal (D-CT). Reintroduced in modified form in 2023. Key provisions:

Requires large "covered platforms" (500M+ monthly active users) to maintain interoperability APIs and support data portability.
Would mandate that users on one platform can communicate with users on another.
Includes a delegated authority mechanism: the FTC would set technical standards rather than Congress specifying a protocol.

Progress: None. Never reached a floor vote in the Senate. The bill was backed by Democrats and opposed by tech industry lobbying. Under the 119th Congress (2025–26, Republican majority), no companion bill has been reintroduced. Senator Warner has continued to advocate but without traction.

American Innovation and Choice Online Act (AICOA)

Broader platform self-preferencing bill led by Senator Amy Klobuchar (D-MN), co-sponsored bipartisanly (including Sen. Chuck Grassley, R-IA). Passed Senate Judiciary Committee in 2022 — a notable moment. Contained provisions that would have indirectly pressured interoperability by restricting how gatekeepers could preference their own messaging products. Died before a Senate floor vote amid Apple/Google lobbying and WhatsApp E2EE objections. Not reintroduced in meaningful form.

DOJ Antitrust: United States v. Apple (2024)

The DOJ filed suit against Apple in March 2024, explicitly citing iMessage as a mechanism for platform lock-in. The complaint argued that Apple deliberately degraded cross-platform messaging (green bubbles, withheld RCS support until late 2023) to make iPhone switching costly. Messaging interoperability is directly framed as a remedy consideration. Case ongoing as of early 2026 — no remedies phase yet. If the government prevails and an interoperability remedy is ordered, it could be more impactful than any bill so far.

FTC posture

Under Lina Khan (2021–24), the FTC discussed data portability and interoperability as structural remedies in platform markets, citing European precedent. Under the current administration (2025–), the FTC has deprioritised this approach. The FTC's Meta enforcement action (seeking divestiture of Instagram/WhatsApp) remains active but is focused on acquisition remedies, not interoperability mandates.

House activity

The House has seen less activity than the Senate on interoperability specifically. The Platform Competition and Opportunity Act (Rep. Hakeem Jeffries, D-NY + Rep. Ken Buck, R-CO) addressed acquisitions. Rep. Yvette Clarke's (D-NY) work on algorithmic accountability touched adjacent terrain. No House bill specifically targeting messaging interoperability has advanced past committee.

Assessment

Assessment: The US is roughly 3–5 years behind the EU on platform interoperability law. Legislative progress has collapsed under the current Congress. The most realistic near-term forcing function is the DOJ v. Apple antitrust case, not legislation. Without a federal law, US users have no interoperability rights and no DMA-equivalent leverage over gatekeepers.

Bottom line: The EU has law but weak enforcement. The US has neither law nor near-term prospect of one. In both jurisdictions, the gatekeepers (primarily Meta and Apple) have successfully delayed genuine interoperability by exploiting the absence of a mandated technical protocol. MIMI/MLS provides the missing protocol layer — but only if regulators require its adoption, which neither the EU nor US has done.