Encrypted Messaging Apps: Signal, Session, and Matrix Compared

Most people believe that using a messaging app with a padlock icon means their conversations are private. The reality is more nuanced. End-to-end encryption (E2EE) is a genuine technical protection, but different apps implement it differently, protect different things, and expose different metadata. Understanding what each app actually does — and doesn't do — is the starting point for making a sensible choice.

What end-to-end encryption actually means

In a genuine E2EE system, messages are encrypted on your device using keys that exist only on your device (and the recipient's device). The server that routes the message in transit never holds a key capable of decrypting it. Even if the company operating the service is compelled by a court order to produce message contents, they cannot — because they genuinely don't have access to them.

This is distinct from "encryption in transit," which simply means the connection between your device and the server is encrypted. In that model, the server decrypts and re-encrypts messages as they pass through — meaning the operator can read everything if compelled or compromised. Most older messaging services (including standard SMS and many business tools) work this way.

The keys in an E2EE system are generated locally, stored locally, and the mathematical relationship between them makes it computationally infeasible to derive the private key from the public one. When implemented correctly, this is a robust protection against passive surveillance.

Signal: the gold standard, with caveats

Signal is built on the Signal Protocol, which is the most widely audited and respected E2EE protocol in existence. It uses X3DH (Extended Triple Diffie-Hellman) for initial key agreement and the Double Ratchet algorithm for ongoing message encryption. The Double Ratchet provides forward secrecy — each message uses a different key, so compromising one key doesn't expose past or future messages.

Signal's distinguishing features include:

• Sealed sender: Signal obscures who is sending messages to whom, even from Signal's own servers. The server knows a message is being delivered to a recipient but cannot determine who sent it.
• Disappearing messages: Messages can be set to auto-delete after a configurable time period on both ends.
• Minimal metadata collection: Signal collects almost nothing. In response to a 2016 grand jury subpoena, Signal could only produce the date of account creation and the date of last connection — nothing else.
• Note to Self / sealed groups: Group messages use sender keys that provide strong encryption without the overhead of per-member ratchets.

The principal weakness of Signal is its requirement for a phone number to register. Your phone number is your identity on Signal, which means it is tied to a real-world identity in most cases. Signal can see which phone numbers have accounts. This is a deliberate design choice that simplifies contact discovery, but it is a meaningful metadata weakness for users who need anonymity rather than just confidentiality.

Session: anonymity-first design

Session was built specifically to address the phone number problem. It requires no phone number, no email address, and no personal identifier of any kind. Instead, each user generates a Session ID — a public key derived from a cryptographic keypair generated on the device. You share this ID to connect with others, and it is not tied to any real-world identity.

Session's encryption is derived from the Signal Protocol, though with modifications. It routes messages through the Oxen Network (formerly LOKI), a decentralised network of service nodes, rather than through a central server. This means there is no single company that can be compelled to produce metadata or that can be seized to take the network down.

For group messaging, Session supports both small closed groups and larger open groups. The decentralised routing adds some latency compared to Signal, and the network is smaller and less battle-tested. But for use cases where anonymity matters more than convenience — activists, journalists in hostile jurisdictions, anyone who cannot afford to tie their communications to a phone number — Session is a serious option.

Matrix and Element: federated, team-oriented

Matrix is a protocol, not a single app or service. Element is the most widely used client. The architecture is federated: rather than a single central server, Matrix rooms exist across a network of homeservers that synchronise messages with each other. You can run your own homeserver, which gives you control over your data that neither Signal nor Session offers.

E2EE in Matrix is implemented at the room level using the Megolm algorithm. Crucially, E2EE is optional — it must be enabled per room, and many Matrix rooms are unencrypted. Megolm is a group ratchet that provides reasonable security, but its forward secrecy is weaker than Signal's Double Ratchet: keys rotate per session rather than per message.

The federation model means that metadata — who is in which rooms, who talks to whom, message timestamps — is visible to the homeserver. If you're using a public homeserver like matrix.org, the operator of that server can see your room membership and activity patterns, even if not the encrypted content. Running your own homeserver eliminates this exposure.

For teams and organisations that want control over their infrastructure, Matrix is compelling. For individuals, the setup complexity and weaker forward secrecy make it a less obvious choice than Signal.

What none of them protect against

Even the best E2EE messaging app cannot protect against:

• Traffic analysis: An adversary watching your network traffic can determine that you are communicating with a contact, even if they cannot read the content. Timing analysis can reveal communication patterns.
• Device seizure: If an attacker has physical access to an unlocked device, message history is readable regardless of how strong the encryption protocol is.
• Screenshots: Any participant in a conversation can screenshot it. Disappearing messages cannot prevent this.
• Malware on the device: A keylogger or screen capture malware reads messages before they are encrypted or after they are decrypted.
• Social engineering: The weakest point in most communication chains is human, not cryptographic.

Matching the app to the threat model

No single app is correct for every situation. The right choice depends on what you are protecting and from whom:

• Signal: Best for most people. Strong protocol, excellent forward secrecy, minimal metadata, wide adoption. Use it if you are comfortable linking your identity to a phone number.
• Session: Best when you cannot use a phone number or need anonymity at the identity level. Slower, less mature, but genuinely decentralised.
• Matrix/Element: Best for organisations that want to self-host and control their infrastructure. Requires careful configuration to enable E2EE everywhere. Not ideal for individuals seeking maximum security with minimum effort.

The hardware you run these apps on matters as much as the app itself. A compromised phone undermines any messaging protocol. Norypt GrapheneOS phones provide the hardened foundation that makes secure messaging actually secure — isolating apps, removing surveillance infrastructure, and ensuring the operating system itself is not working against you.