Here in the US, most people I know use iPhones and therefore, they use iMessage. I have mostly migrated to Signal, but I can’t convince everyone to use it. I still have to communicate with them. Even though Apple touts the privacy and security of its products, would you trust iMessage for your texting and voice calls? It’s supposed to use E2EE. I just don’t know if it collects as much metadata as WhatsApp or as minimal as Signal or even in between. What do you guys think?
2 Likes
Yeah iMessage is a huge step up from SMS. It has several features that I use as well like check in. Unfortunately the E2EE by default is undercut a bit because it backs up to iCloud without ADP by default, which is not E2EE, although if you enable ADP or disable iCloud backups it solves the issue. That’s the main kicker though I reckon.
For calls, FaceTime is always E2EE although it lacks the contact key verification that iMessage has so you won’t be able to verify the keys.
6 Likes
No, never.
4 Likes
Oh, I didn’t know about that. It’s good to know that security-wise, ADP can be used with iMessage.
Furthermore, is there a hardening guide out there? I’m thinking about disabling the option to send as an SMS. Should I send it with the phone number or Apple ID?
I’m still curious about the metadata, but I do realize that information isn’t public.
1 Like
Why not?
1 Like
iMessage can collect your data by definition. As per this article, getting it requires a 2703d court order. And yes they do hand it: Apple acknowledges tracking iMessage metadata and sharing it with law enforcement (Apple Insider)
Signal only stores when you last connected to the server, and when you registered the server. So always Signal. You’ll also get the nice benefit of more transparent security with the open source client.
If you want your client to actively protect your metadata like E2EE protects your message content, use Tor Onion Service based messengers like https://docs.cwtch.im/.
3 Likes
I have a minimum baseline for communication platforms:
- Entirely open-source software.
- Self-hostable (assuming client-server model).
2 Likes
Given what was said in the articles, I wonder if less metadata is collected if I add someone to iMessage with something other than a phone number?
1 Like
You can always use your Apple ID as your contact to send and receive messages. You don’t need a phone number to start iMessage or Facetime chats.
2 Likes
Right, and I wonder if that is a good mitigation against the concerns raised by the articles? How do I ensure that SMS is never sent and only an iMessage is sent?
1 Like
I believe iOS has a settings where you can disable send via SMS option should a message not go through iMessage. That’s the only way I know.
2 Likes
I remember seeing that option. If I don’t add the contact via a phone number, can an SMS still be accidentally sent?
1 Like
As long as you disable that option in the settings, the OS should not send it via SMS. At this point, you need to trust the OS with this setting. In my experience, it does work. But I stopped using iOS a while ago having moved to GrapheneOS now so not sure how good iOS 26 is.
1 Like
I would not. Any service that requires me to KYC myself I do not consider private.
2 Likes
Are you sure you are not conflating privacy with anonymity here? Just because something requires KYC doesn’t by default make it non private. It may not be as private as you want it to be, but it private or has enough privacy that most people would need or want.
But on principle alone, I do not disagree but you seem to be taking a more absolutist route in your thinking that I don’t know where it is coming from or how you mean it.
It is never black or white unless you’re deciding between Windows and Linux for example or such similar obviously stark pieces of OS.
4 Likes
Your battle of moving US people to Signal is probably a lost cause already because of how defaults in society are done.
Unless Apple screws up BIG time, nobody will ever migrate.
Isn’t it 85% of iPhone owners in the 18-35 yo age range?
It’s long time lost to break an in-house Big tech default “just works” solution.
If your friends do use Signal for you, they do care a lot about you and are fine with the friction it induces.
Otherwise, they are just normal and use the least resistance tool for the given job and that one is impossible to beat unless something forces you to move forward. 
4 Likes
The big tech offerings are caught on most of because they are the default that comes with the OS and people don’t make the effort to choose better for themselves - for several reasons.
That’s why we discuss privacy and cybersecurity to spread awareness about superior products and services to use.
The effort to convert more people to apps like Signal should never stop.
2 Likes
Yes.
Yet, in US it’s already a lost cause.
In EU, it’s a no-brainer (yet some people still do fallback to WhatsApp/Telegram). 
1 Like
You saying it’s a lost cause in both your comments is what prompted me to comment - it’s not a healthy to think about it in defeatist ways.
Being pragmatic is what we should be and how we should approach it.
Yes, it may appear to be a lost cause but doesn’t mean we should minimize the effort we put into converting more to Signal. This also means not saying it’s a lost cause it leads people to believe it to be true.
3 Likes
Just being pragmatic here.
Ask a room of 100 people who wants to migrate.
There is no huge enough benefit to move away from iMessage.
Am I happy about that? No.
Can I change that? No.
Do I live and EU and do not care about US big-tech mindset? Yes!
I use it with my people and happy about that.
If people want to talk to me, they can publicly or on Signal.
If they don’t, eh not a huge loss. 
I won’t be fighting constantly for that battle, plenty of other ones more interesting to win tbh.
2 Likes