← Back to Library

How to choose the most secure messaging app

The Hated One · The Hated One · ·10 min read
Commentary by Hex Index staff

In an era where data breaches are routine and corporate surveillance is baked into the business model, The Hated One cuts through the noise with a rigorous "purity test" for digital security. This isn't just a list of app recommendations; it is a philosophical framework that argues true privacy requires more than good intentions—it demands open code, transparent funding, and a radical rethinking of how we trust technology.

The Trust Deficit

The piece opens with a stark assessment of the modern digital landscape, where the incentive structures of major tech companies are fundamentally misaligned with user safety. The Hated One writes, "companies care more about their bottom line than about fixing bugs in their software or poorly under security dissenters and they definitely don't care if they expose your digital life to harassment scammers fraud and data mining advertisers." This framing is crucial because it shifts the burden of security from the individual user to the structural integrity of the software itself. The argument suggests that relying on a company's promise of safety is a fool's errand when their revenue depends on harvesting user data.

How to choose the most secure messaging app

The author anchors their entire methodology in the legacy of the National Security Agency leaks, noting that "ever since the Snowden leaks on NSA mass surveillance we now have more options than ever before." This historical context provides the necessary urgency. It reminds the reader that the tools for privacy exist, but they require a specific set of criteria to be effective. The Hated One proposes a "purity test" driven by security researchers, a community described as being "on the front lines in the war against data mining and surveillance."

"The best app for security is the one that only sends encrypted messages and doesn't fall back to plain text mode under any circumstances."

This emphasis on default encryption is a vital distinction. The commentary highlights that many apps offer encryption as an optional toggle, a design flaw that leaves users vulnerable to their own mistakes. The Hated One correctly identifies that security must be the baseline, not a feature users have to hunt for in settings menus.

The Open Source Imperative

Moving beyond the surface level of encryption, the piece dives into the mechanics of trust. The central thesis here is that you cannot verify security if you cannot see the code. The Hated One argues, "when developers of secure systems hide their source code we can't verify whether they didn't build a backdoor into their implementation and they cannot prove that their messaging app is truly secure." This is the core of the argument: security through obscurity is not security at all.

However, the author adds a necessary layer of nuance, warning readers not to be fooled by partial transparency. "Just because an app uses open-source cryptography doesn't mean it's fully open source," they note, pointing out that many commercial apps keep the implementation details proprietary. This distinction is often lost in mainstream tech coverage, where the mere mention of "encryption" is treated as a silver bullet. The Hated One insists that the entire codebase must be open to the "eyes" of the community to ensure it is free of vulnerabilities.

Critics might note that requiring full open-source status could limit the pool of usable apps for the average person, potentially sacrificing user-friendliness for theoretical security. Yet, the author counters this by suggesting that the complexity of closed systems often leads to more bugs, stating, "the more eyes and the code the more secure it becomes."

Money, Jurisdiction, and Metadata

The commentary then tackles the often-overlooked question of sustainability: how is the app funded? The Hated One posits that financial models are a leading indicator of privacy practices. "Usually the saying goes if it's free you're the product but in the world of open source that is not necessarily the case," they explain, highlighting that many secure apps are run by nonprofits or funded through donations and sponsorships. The logic is sound: if a company's revenue comes from advertising, they have an inherent conflict of interest when it comes to user privacy.

This financial scrutiny extends to the legal jurisdiction of the organization. The author advises avoiding providers within the "five eyes surveillance Alliance," a group of nations that share intelligence data. But the piece goes further, focusing on the organization's data retention policies. The ideal scenario, according to The Hated One, is an app where the privacy policy is incredibly short because "we do not collect and user data and we delete all the data once no longer necessary to deliver the message."

"Your communication can only be as secure as its weakest link and if you can't verify your contacts identity someone can hack into your contacts account and read your conversations."

This point about contact verification is a critical addition to the security checklist. It moves the conversation from the app itself to the human element of the network. The author explains that features like comparing fingerprint codes or scanning QR codes are essential to prevent man-in-the-middle attacks, where a hacker intercepts the conversation by pretending to be one of the participants.

The Future of Decentralization

Finally, the piece looks toward the architectural future of the internet. The Hated One argues that centralized servers create a "single point of failure," whether that failure is a hack, a government subpoena, or a corporate policy change. The solution proposed is decentralization and federation. "Federation allows you to take the most secure encryption protocol and use it to securely communicate with users of other apps so that none of you has to rely on any single provider," they write.

This vision of a federated internet is presented as the antidote to the current "tech dystopian nightmare." By allowing users to host their own instances or choose different servers, the power dynamic shifts away from the platform and toward the user. The author concludes that while most people's threat models might be satisfied with a simple open-source app, those facing serious threats need "an anonymous peer to peer app that doesn't have any central weakness."

Bottom Line

The Hated One's "purity test" offers a robust, albeit demanding, framework for navigating the digital privacy landscape. Its greatest strength is the insistence that security is a structural property of the software and its business model, not just a feature set. The argument's vulnerability lies in its high bar for entry; the most secure apps are often the least convenient, creating a friction that many users cannot overcome. Ultimately, the piece serves as a necessary reminder that in a world of mass surveillance, privacy is not a default setting—it is a deliberate choice requiring technical literacy and vigilance.

Sources

How to choose the most secure messaging app

by The Hated One · The Hated One · Watch video

securing your digital communications should be your highest priority when going online there are just way too many threats to trust any company with your private data companies care more about their bottom line than about fixing bugs in their software or poorly under security dissenters and they definitely don't care if they expose your digital life to harassment scammers fraud and data mining advertisers can you actually find a secure messaging app you can trust and how can you make sure that an app that promises encryption won't turn evil well ever since the Snowden leaks on NSA mass surveillance we now have more options than ever before you can thank the broad community of security researchers and developers on the front lines in the war against data mining and surveillance we can actually create our own purity test where they set up features to choose from for all of our specific threat models so after watching this video you will know how to choose the most secure messaging app to defeat your conversations against any form of attack you might be likely to encounter but there is something I needs to bring to your attention I believe that through some mechanism YouTube is trying to disincentivize my channel from existing despite your awesome engagement my views are still much lower than they should be and my revenue has been sliced in half let's see if we can fight this together if you can try watching the video till the end or at least let it play in the background as far as possible engage with likes comments and shares like there is no tomorrow if you can become a member of the channel or support my work in patreon we can access up to eight podcast style videos a month thank you so much for any and Oliver support and for spreading the message to the world to build our purity test there is a set of questions that can help us filter which apps provide reasonable security and which ones don't the first question is an absolute standard below which you shouldn't go desert app support and turns encryption in today's day and age when data breaches are business as usual and where Facebook and Google at third parties read your private messages or target their content with ads it's absolutely necessary that no one but your ...