The Swiss digital community (Digitale Gesellschaft) just published an overview of messengers tested about privacy and security, only Google Translate version in English available otherwise German
https://
Almost all are interceptable nowadays.
I will publish soon many exploits or how a goverment intercept any of them.
Example, signal, worst "secure" software used by snowden
1) Signal capture your real phone number for login.
With that information i could localte you SS7 tracking or even do a remote injection (google pegasus nso) attack vector
2) Signal has a weak implementation of zrtp. They do not add key continuity.
So, each call is a new fresh key exchange without any cache. I could re-route the new call, and from server force a rtp relay to separate the streams and do a man-in-the-middle
3) Signal server is not opensource and no federation, so, we could not understand how server works and which info is sent
4) etc, etc.
Each software has weakness, so really ALL list publish is insecure. Zero security products.
If you want something secure, code your own, use opensource products, and have total control of the infraestructure, and try not using mobile devices as they have zero days exploits.
Droopy
Government Reverse Engineer
Droopy
Goverment Reverse Engineer
Before you spend money on printing your business cards, you might want to revise your spelling.
jaclaz
@droopy - I know that this overview just is a trigger to think about messenger security and privacy. You are completely right in your review. See sometimes its helpful to get a general overview of the market and have a low brew comparison.
Your contribution is very much appreciated.