I used to use Session Messenger due to the ease of use as it doesn’t ask for any information to make an account. But since they removed Forward Secrecy then I’m keeping clear from it.
Many have recommended SimpleX but when I used it I found that it didn’t hide my IP address over Tor. I know this can be done using third party apps but I don’t want to goto all that trouble. I just want a free messenger that works like Session but with Forward Secrecy and for Anonymity. Any recommendations?
What do you mean? You should be able to use Tor with SimpleX Chat according to their FAQ:
You still can use Tor or VPN to connect to known servers, to protect your IP address from them.
Session plans on bringing back PFS in the future.
I’ve seen a few people recommend Cwtch as a SimpleX Chat alternative but I don’t think it has been audited and it isn’t as popular or easy to use as SimpleX Chat. I’d just use Tor with SimpleX Chat for now.
This is a wild claim and should be backed with some evidence or description how to reproduce.
Apparently Session is improving its game wrt forward secrecy Session messenger adds PFS, PQE, and other improvements so making the switch might be harder than waiting.
The new Counter Galois Onion protocol brings forward secrecy to all Tor-connections via CGO protocol: Tor switches to new Counter Galois Onion relay encryption algorithm
Anyway, here’s a simple comparison table
| Program | Group Chats | Forward Secrecy | Anonymity | Post-quantum security | Shines in | Issues |
|---|---|---|---|---|---|---|
| Session | Yes | Planned | Onion Routing over Lokinet | Planned | UX | Lokinet network is worse than Tor for anonymity |
| Cwtch | Experimental | CGO | Tor Onion Services | No | UX, multiple user profiles integrated | |
| Quiet | Yes | CGO | Tor Onion Services | No | UX | |
| OnionShare | No | CGO | Tor Onion Services | No | Adversarial journalist’s Swiss army knife | No group chats |
| Ricochet Refresh | No | CGO | Tor Onion Services | No | Dead simple UX | No group chats |
| Briar | Yes | CGO | No (account leaks bluetooth MAC). Still, relies mainly on Tor Onion Services for ciphertext transfer | No | Overlay services like Forums and Blogs | Bluetooth MAC leaks |
| TFC | Yes | CGO + Hash Ratchet | Tor Onion Services | PSK yes, X448 no | Endpoint security, minimalistic code-base | Clunky UX, difficult to use |
All of these are fine security wise on paper. Full disclosure, TFC is my work.
Of these, Cwtch and Quiet are worth checking out first. They seem to focus on the UX the most. Quiet is a new-comer and looks like a decent slack clone.
I think they might have been saying that SimpleX itself doesn’t use Tor to mask your device IP from the first chat server (which is true), rather than saying that SimpleX leaks your IP when your device is connected to Tor otherwise.
Yeah it can be understood that way too. SimpleX can be configured to run with Tor without too much hassle but you’ll need to start fresh and it’s not that simple to find all config files to remove. Too bad the devs aren’t too keen on making it trivial to force Tor usage during the initial device setup.
Session is bringing Forward Secrecy back in 2026
Could you briefly explain why you’re highlighting forward secrecy at the Tor transport/network level instead of the app-level encryption like Bramble Transport Protocol etc.?
Quiet/Zbay has been around for a little while.
Interesting, it has then just flown under my radar. Lovely to see projects build on solid foundation like Tor.
Nice table, but I think the table is missing a row for SimpleX and a column for asynchronous messaging. Do all listed messaging apps support asynchronous messaging, or do both/all parties need to be online when using some of these apps? AFAIK Cwtch and Ricochet Refresh require both/all parties are online.
Proxy support (Tor, SOCKS etc) has been requested several times to Session but it looks like the devs haven’t implemented it yet.
SimpleX is not anonymous. It leaks your IP-address to server by default. Public servers either use server run by Akamai or Runonflux, so with 50% chance you’re both using servers ran on single VPS hoster that can then do end-to-end correlation attacks on SimpleX users.
I didn’t include SimpleX for the same reason I didn’t include Matrix/Element, or Tox or whatever. More or less anything can be routed through Tor. Defaults matter and preferably, enforced anonymity also matters so that some “power user” who doesn’t care about security won’t strip it from themselves and at the same time from their peers.
Do all listed messaging apps support asynchronous messaging, or do both/all parties need to be online when using some of these apps?
That’s the trade-off. When you self-host the server to have anonymous, P2P comms, you generally don’t get to have offline-messages if you take down your server. Cwtch has offline-messaging for the experimental groups but someone needs to act as the server. The nice part is it doesn’t expose 1:1 metadata as everyone is in the group and can see the metadata anyway.
Briar has mailbox app Download Briar Mailbox - Briar that allows you to have an always-on device at e.g. home, and then fetch messages from that when you log in with your not-always-on device, say dual-boot laptop or work phone you close at the end of the day.
TFC’s main HW isolated endpoints (that are the intended use case) are anything but portable, so I haven’t really given too much energy into figuring it out. The expectation is the devices are on always, but screens of devices are locked when not in use. Implementing a mailbox server wouldn’t be too hard so I might take a look in the future.