Signal vs SimpleX vs Session: Which Encrypted Messenger Should You Pick?

Three encrypted messengers, three different bets on what "privacy" means. Pick wrong and you optimize for the wrong threat model — getting onion routing when you needed mainstream contacts to switch over, or maximizing convenience when you needed minimum metadata.

What each tool actually protects

Signal protects message content with the Signal Protocol — the gold standard. It keeps minimum metadata (Sealed Sender hides sender from the server). What Signal does *not* protect is the existence of an account: you sign up with a phone number, the server knows that number, and a court order can request "did this number contact this number" timestamps.

SimpleX removes the concept of a user identifier entirely. There is no account number. There is no random ID stored anywhere. Connections happen via one-time invitation links; the server moves messages between queues but cannot tell you which queues belong to the same person. This is the strongest metadata protection in any mainstream messenger.

Session runs every message through three onion routers (Service Nodes) before delivery, the way Tor routes web traffic. Your IP address is never visible to the recipient or to the network. The trade-off is latency and a 66-character account ID you must keep safe.

When to pick which

Pick Signal if: you want your friends to actually use the thing. Mainstream UX, group calls that work, file sharing that doesn't time out, an iMessage-class experience. Strong default for journalists, activists, and anyone whose threat model is "I would rather Meta not store my conversations." Phone number requirement is the only soft spot, partially fixed by usernames in 2024.

Pick SimpleX if: the *contact graph* is what you want to hide, not just message content. SimpleX's no-identifier protocol means even a fully compromised server cannot reveal who talked to whom. UX is rougher than Signal but improving fast. Self-host the relays if you want belt-and-braces.

Pick Session if: you need IP-level anonymity from the recipient as well as from the network. Useful when you do not trust the *recipient* to keep your phone number safe — for example, a source talking to a journalist they have not met. The onion latency is annoying for chat but acceptable for low-frequency contact.

Briar deserves a mention

If your threat model is "the internet itself is hostile" — protests, censorship, infrastructure shutdowns — Briar is in a category of one. Pure peer-to-peer, works over Bluetooth and local Wi-Fi mesh, no servers anywhere. Android and Linux only, but it is the right tool when nothing else functions.

What none of these protect

Endpoint compromise. If your phone has spyware, no protocol on the wire saves you. The other half of the work is on-device: full-disk encryption (default on iOS, opt-in on Android), strong PIN, and an audited mobile OS when the threat model is serious.

Quick recipe

• Default daily messenger: Signal. Get usernames, hide your number.
• High-stakes single thread: SimpleX or Session.
• Off-grid / mesh: Briar.
• Group chat with people who refuse to install anything: this is what Telegram is for, but use secret chats explicitly when content is sensitive.

If you are choosing your first encrypted messenger today, install Signal, get your friends on it, and revisit the metadata question only if your threat model demands it.