Overview

Activist communication faces unique threats: state surveillance, device seizure, network monitoring. This guide covers four secure messaging platforms, Signal, Briar, Session, and Cwtch, each designed for different threat models. No messaging app is perfect; this guide helps you choose based on your specific risks.

Threat Model Spectrum

Before choosing a tool, understand your risks:

Low Risk (Domestic journalist, researcher):

• Threat: Corporate data harvesting, IP tracking
• Requirement: Encryption in transit, no logging
• Tool: Signal (sufficient)

Medium Risk (Activist in semi-authoritarian country):

• Threat: Network-level surveillance, metadata collection
• Requirement: No phone number requirement, metadata hiding
• Tool: Signal or Session

High Risk (Dissident in authoritarian state):

• Threat: Device seizure, network interdiction, state-backed attacks
• Requirement: Encrypted storage at rest, offline capability, deniability
• Tool: Briar (offline mesh) or Cwtch (mixnet routing)

Extreme Risk (Journalist covering dangerous protests):

• Threat: Physical capture, torture, forced decryption
• Requirement: Hardware encryption, burner device, data destruction protocol
• Tool: Signal + Ricochet IM (decentralized) + hardware wallet setup

Prerequisites

Table of Contents

• Prerequisites
• Comparison Table
• Threat Model Decision Tree
• Troubleshooting
• Related Reading

Before you begin, make sure you have the following ready:

• A computer running macOS, Linux, or Windows
• Terminal or command-line access
• Administrator or sudo privileges (for system-level changes)
• A stable internet connection for downloading tools

Step 1 - Signal

Signal is the most-used secure messenger. It’s backed by Signal Foundation (non-profit), uses Double Ratchet encryption, and has been audited multiple times.

How It Works:

1. Download Signal app (iOS, Android, Desktop)
2. Verify phone number (SMS or voice call)
3. Contact list auto-loads (checks Signal users)
4. Messages encrypted end-to-end (Double Ratchet protocol)
5. All contacts see if you’re “online” (metadata leak)

Encryption Strength:

• Messaging: Signal Protocol (Double Ratchet, post-quantum resistant design concept)
• File sharing: AES-256-GCM
• Group messaging: Sender keys (per-group, not per-message)
• No forward secrecy in groups (historical messages can be decrypted if group key is compromised)

Metadata Leakage:

• Server sees: Your phone number, contact list hashes, IP address (can hide with VPN)
• Server doesn’t see: Message content, read receipts
• Device stores: All message history (unencrypted at rest unless device encryption enabled)
• Network observer sees: Timing (when you message), frequency, message size

Strengths:

• Easiest to use (just a phone number)
• Largest user base (easiest for organizing)
• Official client is well-audited
• Desktop app synchronized with phone (convenient)
• Group messaging (up to 1000 members)
• Voice/video calls (encrypted end-to-end)
• Open-source code (inspectable)

Weaknesses:

• Requires phone number (ties to identity)
• Server logs IP addresses (mitigated with VPN)
• Metadata visible to Signal servers (timing, frequency, group membership)
• All contacts see when you’re “active” (if not disabled)
• Android backup to Google Drive (breaks encryption)
• Doesn’t work offline
• Groups lack forward secrecy

Best For - Journalists, civil rights organizations, organized activism (not clandestine)

Phone Number Alternative: Use a Google Voice number (USA) or Twilio number (BYOD), but Signal may suspend accounts it suspects are burner numbers.

Step 2 - Briar

Briar is a decentralized peer-to-peer messenger. It works over Tor and offline (via Bluetooth/WiFi direct). No server required.

How It Works:

1. Download Briar (Android only, unfortunately)
2. Create username + password (no phone number needed)
3. Share unique QR code to add contacts
4. Messages encrypted and stored locally
5. Transmit over Tor, Bluetooth, or WiFi mesh
6. Works completely offline with local contacts

Encryption Strength:

• Per-message encryption (recipient-specific key)
• Stored encrypted on device (SQLCipher database)
• Tor transport encryption (triple-layer anonymity)
• Forward secrecy by default

Metadata Hiding:

• Tor onion routing hides IP
• Offline mode leaves no network trace
• No server knows your contacts or message frequency
• Bluetooth/WiFi direct is local-only (zero network exposure)

Strengths:

• No phone number (complete anonymity)
• No central server (no metadata collection point)
• Works offline via Bluetooth (doomsday scenario capable)
• Full message history encrypted at rest
• Open-source and peer-audited
• Group messaging (via private groups)
• Tor built-in (no VPN needed)
• Blog feature (decentralized publishing)

Weaknesses:

• Android only (no iOS or desktop)
• Smaller user base (harder to convince people to use)
• Slower than centralized apps (decentralized routing)
• Requires Tor to be running (extra step)
• If device is seized, password can be brute-forced (given enough time)
• Bluetooth range limited (~30 meters)
• WiFi mesh requires multiple Briar users nearby

Best For - Dissidents, journalists in authoritarian countries, high-risk activists, decentralization advocates

Device Seizure Scenario: If arrested with Briar:

1. Use weak password (so “I forgot it” is plausible)
2. Or have separate Briar account for public discussions (deniable)
3. Or use biometric unlock that can’t be forced (in some jurisdictions)

Step 3 - Session

Session is a fork of Signal that removes the phone number requirement. It uses Tor-based onion routing (Session Open Group Server network) instead of a central server.

How It Works:

1. Download Session (iOS, Android, Desktop)
2. Create Session ID (cryptographic, no phone number)
3. Download Tor (automatic, built-in)
4. Contact others via Session ID (QR code or username)
5. Messages routed through decentralized Loki network (Session’s backbone)
6. Open groups (public, non-encrypted) or closed groups (encrypted)

Encryption Strength:

• One-to-one: Signal Protocol (via Loki network)
• Closed groups: Session group encryption (similar to Signal)
• Open groups: No encryption (public, like IRC)
• Message history: Encrypted on device (local SQLite)

Metadata Hiding:

• IP hidden by default (Tor routing through Loki)
• No phone number (Session ID is cryptographic)
• Timing/frequency visible on network (less than Signal)
• Loki network sees message size, not content
• Public open groups are visible to anyone

Strengths:

• No phone number requirement (complete anonymity)
• Tor-based routing (built-in, not optional)
• Decentralized (no single server)
• Fork of Signal (familiar UX)
• Works on iOS, Android, Desktop (mobile-first)
• Larger user base than Briar (easier adoption)
• Deniable groups (can claim you didn’t start a group)

Weaknesses:

• Loki network is centralized (Session Foundation runs nodes)
• Less audited than Signal (smaller security team)
• Metadata timing attacks possible (message size + timing)
• No offline mode (requires Tor connection)
• Closed groups don’t scale (group key management is complex)
• JavaScript desktop client (less secure than native)
• Session ID could theoretically be logged (if Loki node is malicious)

Best For - Privacy advocates, activists in high-surveillance regions, those avoiding phone number requirement, intermediate-risk scenarios

Loki Dependency Risk: If Session Foundation is compromised or forced to log metadata, Session users are at risk. This is a centralization weakness compared to Briar (fully decentralized).

Step 4 - Cwtch

Cwtch (Welsh for “hug”) is a decentralized messenger built on Tor. It uses mixnets (sender ambiguity) and onion routing for extreme privacy.

How It Works:

1. Download Cwtch (currently beta, limited mobile support)
2. Create profile (no identity needed)
3. Connect to Tor (automatic)
4. Add contacts via unique address (Cwtch identity)
5. Send messages (routed through Tor + Ricochet-IM infrastructure)
6. Complete anonymity (even server doesn’t know sender)

Encryption Strength:

• Per-message encryption (recipient-specific)
• Mixnet routing (sender anonymity, even to receiver)
• Stored encrypted (local database)
• Forward secrecy (new key per message)

Metadata Hiding:

• Tor + mixnet (no IP, no sender identity visible)
• Server never sees plaintext sender
• Message timing is obscured (batched)
• No contact list stored on server
• Even receiver can’t prove who sent message (deniability)

Strengths:

• Maximum anonymity (mixnet sender obscurity)
• No identity required (completely pseudonymous)
• No metadata visible to anyone (Tor + mixnet)
• Deniable messages (receiver can’t prove origin)
• Open-source and academic (published research)
• Works on Tor-only (no clearnet mode)

Weaknesses:

• Beta software (not production-ready)
• Extremely slow (mixnet delays messages 5, 30 seconds)
• Very small user base (nearly unknown)
• Limited mobile support (desktop-first)
• Not suitable for real-time conversation
• Learning curve (requires Tor knowledge)
• No official funding (volunteer project)
• Group messaging not ready yet

Best For - Academics researching privacy, extreme-risk dissidents, theoretical privacy exercises, long-form asynchronous communication

Use Case - Whistleblowing (slow, anonymous, deniable messages), not organizing (requires real-time)

Comparison Table

Threat Model Decision Tree

Q: Do you need to use a phone number?

• NO → Briar, Session, Cwtch
• YES (e.g., within organization) → Signal

Q: Do you need offline capability?

• YES (anticipate network shutdown) → Briar
• NO → Signal, Session, Cwtch

Q: How important is user base size?

• CRITICAL (need others to use it) → Signal
• IMPORTANT (growing community) → Session
• SECONDARY → Briar, Cwtch

Q: What’s your device seizure risk?

• HIGH (likely to be arrested) → Briar (offline, local encryption)
• MEDIUM → Signal + biometric unlock
• LOW → Any tool

Q: Do you need anonymity even from receiver?

• YES → Cwtch
• NO → Briar, Session, Signal

Step 5 - Device Seizure Preparation

Before Arrest (Signal):

1. Disable “Send Read Receipts” (Settings → Privacy)
2. Disable location sharing
3. Disable message previews on lock screen
4. Enable biometric lock on Signal
5. Disable backup to cloud (Settings → Chats → Backups)
6. Pre-arrange with team: “If I’m arrested, delete our group chat” (if possible)
7. Use trusted contacts only (mutual OG relationships)

Before Arrest (Briar):

1. Use strong password (but memorizable)
2. Create separate “public” account (for plausible deniability)
3. Store contacts locally (don’t email them)
4. Document Briar ID on paper (hidden location)
5. Test Bluetooth mesh with trusted people
6. Have offline conversation plan (Bluetooth as fallback)

Before Arrest (Session):

1. Use strong Session ID password
2. Turn OFF cloud backups
3. Store Session ID on paper (hidden)
4. Pre-arrange group key with trusted contacts
5. Create deniable open group (claim you didn’t start it)
6. Disable message notifications

During Arrest:

• Do NOT unlock phone voluntarily
• Do NOT provide passwords
• Request lawyer (your rights vary by country)
• Biometric unlock cannot be forced (in some jurisdictions)
• Know your local laws (some countries can compel passwords, others cannot)

Post-Arrest (if released):

• Do NOT use old phone (device trust compromised)
• Do NOT reuse passwords
• Assume contacts are burned (law enforcement knows them)
• Contact trusted people via new number/device

Step 6 - Real-World Scenarios

Journalist Covering Protests:

• Primary: Signal (easy, wide user base)
• Backup: Briar (for offline scenarios, offline mesh with photojournalist)
• Threat model: Police surveillance, device seizure
• Setup: Signal on burner phone, biometric lock, no cloud backup

Human Rights Documenter (Authoritarian Country):

• Primary: Briar (offline, no phone number, Tor)
• Secondary: Session (if Briar users unavailable)
• Threat model: State surveillance, network shutdown, forced unlocking
• Setup: Briar with strong password, separate Briar account for decoys, Bluetooth mesh with trusted network

Whistleblower Communicating with Journalist:

• Primary: Cwtch (extreme anonymity, deniability)
• Secondary: Signal (faster, journalist already uses)
• Threat model: Forensic phone analysis, message sender attribution
• Setup: Cwtch for documents, Signal for real-time coordination

Labor Organizer (Democratic Country):

• Primary: Signal (large group chat, video calls)
• Security: Encrypted backups, biometric lock, no cloud sync
• Threat model: Employer surveillance, police metadata collection
• Setup: Organization-wide Signal, clear communication about what’s and isn’t encrypted

Step 7 - Operational Security (OPSEC) Tips

1. Don’t mix identities. Don’t use Signal with your real phone number + Briar anonymously on same device. Use separate devices or virtualized profiles.

2. Assume group chats are compromise points. If one member is infiltrated, assume all messages are read. Share only what’s necessary.

3. Use code words. Instead of “protest at main square,” use “Tuesday meeting at usual place.” Understand that message timing is visible (even if content is encrypted).

4. Verify contacts in person. For high-risk organizing, verify Session/Briar IDs face-to-face. QR codes can be spoofed.

5. Delete often. Set message auto-delete (if available). Manual deletion is not secure against forensics.

6. Use disappearing messages. Signal supports disappearing messages (24 hours default). Turn it ON for sensitive groups.

7. Assume network-level surveillance. Even with encrypted messaging, law enforcement can see: who talks to whom, when, frequency, message size. Use randomized patterns (don’t always message at 9 AM).

8. Have offline plans. If Signal fails, how do you communicate? Pre-arrange dead drop locations, Briar mesh fallback, burner phone protocols.

Step 8 - Backup and Recovery

Signal:

• DON’T backup to Google Drive (breaks encryption)
• Manual backup to encrypted external drive only
• Screenshots are unencrypted in phone storage (be careful)

Briar:

• Automatic encrypted backup to device storage
• Export contacts as encrypted backup file
• Password is your only recovery method (no “forgot password” recovery)

Session:

• Export Session ID recovery code (save offline, not cloud)
• Seed phrase written down (not in phone storage)
• No cloud backup (intentional for privacy)

Cwtch:

• Export identity file (encrypted)
• Paper backup of identity code (not recommended; too complex)
• No recovery if lost (very strong forward secrecy)

Step 9 - Integration with Other Tools

Signal + Dead Drops:

• Use Signal for real-time coordination
• Use dead drops (physical locations) for documents
• Reduces risk of full communication compromise

Briar + Tor Browser:

• Use Briar for messaging
• Use Tor Browser for web research
• No single point of failure

Session + ProtonMail:

• Use Session for ephemeral coordination
• Use ProtonMail for formal communications (retention requirement)
• Separate tools for different threat levels

Step 10 - When NOT to Use These Tools

Don’t use any encrypted messenger if:

• You’re being actively monitored by military-grade adversaries (assume compromise)
• You’re in a jurisdiction with mandatory decryption laws and you can’t refuse (e.g., UK)
• Your threat model is rubber-hose cryptography (torture to reveal password)

In those cases:

• Use in-person communication only
• Verbal agreements (no records)
• Short dead drop windows (minimize forensic evidence)
• Legal counsel advising all communication

Step 11 - Bottom Line

For general activism/organizing - Signal. Easiest to use, largest user base, sufficient security for most scenarios.

For high-risk/offline scenarios - Briar. No phone number, offline mesh capability, maximum decentralization.

For privacy advocates avoiding phone numbers: Session. Good balance of privacy, ease-of-use, and user base.

For extreme anonymity/whistleblowing: Cwtch. Theoretical maximum privacy, but slow and not production-ready.

No messaging app protects you from physical torture, legal pressure, or state-backed surveillance. Use encrypted messaging as one tool in a broader OPSEC strategy. Combine with dead drops, offline planning, legal support, and, most importantly, community networks you trust.

Verify Signal Setup via CLI

Signal CLI (signal-cli). send messages programmatically or verify setup
Install - https://github.com/AsamK/signal-cli

Register a number (requires SMS verification)
signal-cli -u +1234567890 register

signal-cli -u +1234567890 verify 123456

Send a test message to verify end-to-end delivery
signal-cli -u +1234567890 send -m "Test secure message" +0987654321

Check safety numbers (verify contact identity)
signal-cli -u +1234567890 listIdentities

For maximum operational security: run Signal on a dedicated device
with no other apps, a burner number, and Wi-Fi only (no SIM)

Troubleshooting

Configuration changes not taking effect

Restart the relevant service or application after making changes. Some settings require a full system reboot. Verify the configuration file path is correct and the syntax is valid.

Permission denied errors

Run the command with sudo for system-level operations, or check that your user account has the necessary permissions. On macOS, you may need to grant terminal access in System Settings > Privacy & Security.

Connection or network-related failures

Check your internet connection and firewall settings. If using a VPN, try disconnecting temporarily to isolate the issue. Verify that the target server or service is accessible from your network.

Related Articles

• Signal vs Session vs Briar: Secure Messaging (2026)
• Signal vs Session vs SimpleX
• Signal Alternatives That Offer End To End Encryption
• Encrypted Messaging for Journalists Guide
• Best Encrypted Communication For Activists
• AI Coding Assistant Session Data Lifecycle Built by theluckystrike. More at zovo.one

Frequently Asked Questions

Can I use Signal and the second tool together?

Yes, many users run both tools simultaneously. Signal and the second tool serve different strengths, so combining them can cover more use cases than relying on either one alone. Start with whichever matches your most frequent task, then add the other when you hit its limits.

Which is better for beginners, Signal or the second tool?

It depends on your background. Signal tends to work well if you prefer a guided experience, while the second tool gives more control for users comfortable with configuration. Try the free tier or trial of each before committing to a paid plan.

Is Signal or the second tool more expensive?

Pricing varies by tier and usage patterns. Both offer free or trial options to start. Check their current pricing pages for the latest plans, since AI tool pricing changes frequently. Factor in your actual usage volume when comparing costs.

How often do Signal and the second tool update their features?

Both tools release updates regularly, often monthly or more frequently. Feature sets and capabilities change fast in this space. Check each tool’s changelog or blog for the latest additions before making a decision based on any specific feature.

What happens to my data when using Signal or the second tool?

Review each tool’s privacy policy and terms of service carefully. Most AI tools process your input on their servers, and policies on data retention and training usage vary. If you work with sensitive or proprietary content, look for options to opt out of data collection or use enterprise tiers with stronger privacy guarantees.