encrypted messaging after Chat Control: which apps actually protect you

Chat Control requires platforms to scan your messages. the question isn't whether scanning will happen — it's whether the platform you use can be compelled to scan.

the technical distinction matters: if a platform has the technical ability to read your messages (or scan them on your device), it will be forced to do so. if the platform cannot read your messages by design — because of end-to-end encryption with no key escrow — then the EU can order scanning all they want and the platform can truthfully say "we can't."

that's the apps you want.


the apps that actually protect you

Signal — the gold standard

what it is: open source, non-profit encrypted messenger. created by Moxie Marlinspike, now run by Meredith Whittaker.

why it works against Chat Control:

  • E2EE by default for everything — text, calls, video, group chats
  • Signal Protocol is the industry standard (used by WhatsApp, Google Messages)
  • open source — anyone can audit the code
  • sealed sender — Signal doesn't know who's messaging whom
  • no ads, no trackers, no data collection
  • disappearing messages with custom timers

the Chat Control defense: Signal has publicly stated they will leave the EU rather than implement client-side scanning. this is credible because Signal has left markets before (they stopped SMS support, they don't operate in China). their entire brand identity is privacy — complying would destroy them.

what Signal can see: nothing. they don't know who you're talking to, when, or what you're saying. the sealed sender protocol means even metadata is hidden from Signal.

setup (10 minutes):

  1. download from signal.org — not from links in messages
  2. register with your phone number
  3. settings → privacy → disappearing messages → 1 week (my default)
  4. settings → privacy → registration lock → on
  5. settings → privacy → screen lock → on
  6. settings → privacy → always relay calls → on (hides your IP from call recipients)
  7. verify safety numbers with your most important contacts (tap their name → view safety number)

trade-offs:

  • requires a phone number for registration
  • if Signal leaves the EU, you'll need to sideload the APK or use a non-EU Apple ID
  • group chats are limited to 1000 members

who should use it: everyone. this is the default recommendation.

Session — the anonymous option

what it is: decentralized, onion-routed messenger. no phone number required. built by the Loki Foundation, based in Australia.

why it works against Chat Control:

  • no phone number needed — just a Session ID (randomly generated)
  • decentralized — no central server to compel
  • onion-routed — messages go through multiple nodes, hiding your IP
  • based in Australia — outside EU jurisdiction
  • open source

the Chat Control advantage: Session has no central authority. the EU can't order "Session Inc." to implement scanning because there's no company to order. the network runs on community-operated nodes distributed globally. even if the EU blocks Session traffic, onion routing makes it hard to detect.

what Session can see: nothing. no phone number, no email, no IP (thanks to onion routing), no message content.

setup (15 minutes):

  1. download from getsession.org
  2. create an account — it generates a Session ID (no phone, no email)
  3. write down your recovery phrase — lose it and you lose your account permanently
  4. create a display name that isn't your real name
  5. share your Session ID with contacts who need to reach you

trade-offs:

  • slower than Signal — messages route through multiple nodes
  • smaller user base — harder to get friends to switch
  • no voice/video calls (as of june 2026)
  • message delivery can be delayed
  • less polished UI than Signal

who should use it: journalists, activists, anyone needing maximum anonymity. also good if you don't want to give out your phone number. i use it for my most sensitive conversations.

my comparison: i wrote a detailed Signal vs Session comparison if you're choosing between them.

Element (Matrix) — the self-host option

what it is: decentralized messaging built on the Matrix protocol. think of it like email but encrypted — you can run your own server or use someone else's.

why it works against Chat Control:

  • E2EE by default (Olm/Megolm protocol)
  • decentralized — anyone can run a server
  • self-hostable — ultimate control
  • federated — servers talk to each other, like email
  • bridges to other platforms (Slack, Discord, IRC)

the Chat Control defense: if you self-host your Matrix server, there's no platform to compel. the EU can order element.io to implement scanning, but they can't order your server that you run in your apartment. this is the nuclear option.

setup (30 minutes for hosted, 2+ hours for self-hosted):

  1. go to element.io or app.element.io
  2. create an account on the matrix.org homeserver (or a different one)
  3. enable cross-signing for seamless device verification
  4. set up key backup — losing your encryption keys means losing your messages
  5. for self-hosting: install Synapse or Dendrite on a VPS (i recommend joinmatrix.org/servers/ for server list)

trade-offs:

  • more complex to set up and use
  • self-hosting requires technical knowledge and a VPS
  • the default matrix.org homeserver could be compelled to comply
  • UI is clunkier than Signal
  • metadata is more visible (server knows who's in which rooms)

who should use it: technical users, developers, teams that need a Slack/Discord alternative with real privacy.


apps that DON'T protect you

WhatsApp

the lie: "but it uses the Signal Protocol for E2EE!"

the reality:

  • Meta owns WhatsApp. Meta will comply with Chat Control. they've already implemented content scanning for business messages.
  • Meta has the metadata — who you talk to, when, how often, your contact graph, your location, your device info
  • client-side scanning would bypass the E2EE entirely
  • WhatsApp shares data with Facebook/Meta for advertising purposes
  • WhatsApp backups to iCloud/Google Drive are not E2EE by default

verdict: stop using WhatsApp for anything sensitive. i know "but everyone uses it." that's the network effect trap. at minimum, use Signal for sensitive conversations.

Telegram

the lie: "Telegram is encrypted!"

the reality:

  • default chats are NOT E2EE. they're client-to-server encrypted — Telegram holds the keys.
  • only "Secret Chats" use E2EE, and those are 1-on-1 only
  • group chats are NEVER E2EE
  • channels are NEVER E2EE
  • Secret Chats use MTProto (proprietary protocol, less vetted than Signal's)
  • Telegram's track record on cooperating with authorities is inconsistent
  • Telegram has been banned and unbanned in Russia multiple times — make of that what you will

verdict: Telegram is a social media platform masquerading as a messenger. fine for public channels and communities. terrible for private conversations.

iMessage

the lie: "Apple is the privacy company!"

the reality:

  • Apple implemented client-side scanning features (NeuralHash) in 2021 — paused after backlash but the infrastructure remains
  • iCloud backups of iMessages are not E2EE (Apple holds the keys)
  • Apple stores iMessage metadata (who you contacted, when)
  • Apple will comply with Chat Control eventually — they're a company, not a privacy organization

verdict: if you disable iCloud backup and use only iMessage (not SMS), it's okay. but don't count on it long-term.


protecting AI conversations too

here's the connection most people miss: AI chat is also messaging. every prompt you send to ChatGPT, Claude, or any AI tool is a message processed by a platform. under Chat Control, those conversations can be scanned.

switch to privacy-focused AI tools:

  • NanoGPT — no conversation storage, crypto payments, 50+ models. my full review.
  • local models — run AI on your own hardware with Ollama or LM Studio. nothing leaves your machine.
  • Venice AI — anonymous AI chat, no account needed.

i wrote a full AI privacy & Chat Control guide explaining why this matters.


my recommendation

for 90% of people: use Signal. it's the easiest to set up, has the largest user base, and provides excellent privacy.

for the other 10% who need maximum anonymity: use Session for your most sensitive conversations.

for technical users who want full control: self-host Matrix/Element.

don't use WhatsApp, Telegram, or iMessage for anything you wouldn't want an algorithm to read.


last updated: july 2026