Skip to content
Published on

Secure Messaging in 2026 — Signal / Matrix Element X / SimpleX / Session / Briar / MLS RFC 9420 Deep Dive

🇰🇷KO🇺🇸EN🇯🇵JA
Split View필사 모드
Authors

Prologue — Why Messaging Again in 2026

In the late 2010s, secure messaging could be summed up in two words: "Signal or WhatsApp." After WhatsApp adopted the Signal protocol in April 2016, end-to-end encryption (E2EE) was no longer optional for ordinary users — it was the default. iMessage, Telegram secret chats, Wire, Threema were all variations on the theme.

Spring 2026 is different. Three events reshaped the landscape.

First, in July 2023 the IETF formally standardized MLS (Messaging Layer Security) as RFC 9420. By defining tree-based key agreement for end-to-end group messaging, MLS cut the cost of key rotation in large groups to logarithmic time. Since 2024, WhatsApp, Webex, and X Premium have all adopted MLS in turn.

Second, in September 2023 Signal published PQXDH. A successor to X3DH (extended triple Diffie-Hellman), it added a CRYSTALS-Kyber-based key encapsulation mechanism to defend against quantum computers in advance. It was the industry's first production answer to the "hold now, decrypt later" attack.

Third, in September 2024 the chair of trust at Signal Foundation stepped down. Trust Acker resigned, and president Meredith Whittaker took on a louder voice. Signal is still the gold standard. That has not changed.

Around all of this, smaller camps held their ground. SimpleX set a new bar for metadata resistance with its "no user ID at all" design. Session anonymized the Signal protocol over the Loki/Oxen distributed network. Briar proved peer-to-peer that works over Bluetooth and Wi-Fi Direct even without internet. Cwtch put anonymous group chat over Tor. Wire took the European enterprise market, Threema the Swiss paid market, Olvid was acquired by the French government, and AWS retired Wickr's consumer side.

In the spring of 2026 we can no longer just say "use Signal." Who is using it, what threat model they face, and how far they want to hide metadata — all of these shape the choice. This article organizes the full landscape across 14 chapters.

Chapter 1 · The 2026 Secure Messaging Map — Centralized / Federated / P2P

If we draw secure messaging in 2026 as a single map, three architectures appear.

1. Centralized. A single company operates the server infrastructure. Signal, Threema, Wire, WhatsApp, iMessage, and Telegram all fall here. Sign-up is tied to a phone number, email, or ID, and all messages flow through the same server cluster. The upside is simplicity and a consistent user experience. The downside is that if the company disappears or shifts policy, users go with it.

2. Federated. Multiple servers communicate with each other. The Matrix.org ecosystem is the prime example. A user on one server can freely chat with a user on another, and users can run their own server. XMPP plus OMEMO still holds this model. The upside is autonomy and censorship resistance. The downside is that running a server is a burden, and the experience varies by client.

3. P2P / distributed. Models that remove servers entirely or layer them on top of an anonymous distributed network. SimpleX (messages route through servers but no user ID is stored), Session (Loki/Oxen node network), Briar (Bluetooth/Wi-Fi Direct/Tor), and Cwtch (Tor-based) fit here. The upside is metadata resistance at the extreme. The downside is rougher UX and limitations in group chat or media transfer.

The three models presuppose different threat models. Centralized assumes "we can trust the company" — Signal Foundation's nonprofit structure exists to strengthen that trust. Federated assumes "we trust our own server or one we chose." P2P assumes "we trust no single entity at all."

Chapters 2 to 4 cover centralized (Signal), federated (Matrix), and P2P (SimpleX). Chapters 5 to 7 take on smaller distributed camps (Session, Briar, Cwtch). Chapter 8 covers enterprise, paid, and government markets. Chapters 9 to 12 cover the protocol layer and post-quantum (MLS, sealed sender, PQXDH). Chapter 13 covers WhatsApp's MLS adoption. Chapters 14 and 15 cover Korea and Japan. The final chapter 16 sums up who should pick what.

Chapter 2 · Signal — The Standard, PQXDH, and the Meredith Whittaker Era

Signal is still the gold standard in 2026. It remains the first messenger that security researchers recommend to ordinary users, and the most widely used by activists, journalists, lawyers, and security professionals in the US and Europe. Three things created that position.

First, the Signal protocol. The combination of the Double Ratchet and X3DH (extended triple Diffie-Hellman). The Double Ratchet rotates a key per message so that, even if one message key leaks, past and future messages stay safe. X3DH lets two users perform asymmetric key agreement securely when they first meet. The combination was built around 2014 by Moxie Marlinspike and Trevor Perrin, and was later adopted by WhatsApp, Facebook Messenger, Skype Private Conversations, Google Allo, and Wire.

Second, PQXDH in September 2023. Announced on the Signal blog (signal.org/blog/pqxdh), PQXDH adds a CRYSTALS-Kyber-based key encapsulation mechanism (KEM) to X3DH. Classic X3DH (elliptic curves) and a post-quantum KEM run in parallel, and the session key is derived from both outputs combined. As long as one of the two is safe, the session is safe. It was the first industry answer to the "hold now, decrypt later" attack — capturing today's traffic to crack with a quantum computer years later. Apple iMessage followed a similar path with PQ3 in February 2024.

Third, the nonprofit foundation and Meredith Whittaker. Signal Foundation was founded in 2018 by Moxie Marlinspike and Brian Acton, the WhatsApp co-founder. Acton seeded the foundation with a USD 50 million interest-free loan. Marlinspike stepped down as CEO in 2022. From 2024, Meredith Whittaker (formerly Google, co-founder of the AI Now Institute) consolidated her role as president. Whittaker is publicly outspoken. In May 2024 she stated that "Signal will leave the EU market" in response to the EU Chat Control proposal, and held a similar position on the UK Online Safety Bill that June.

The September 2024 trust chair resignation. Internal details are not public, but parts of the Signal Foundation's governance board changed and Whittaker's voice grew stronger. To outside observers, this signaled that Signal moved one more step from "technical standard" toward "political stance." Against backdoor laws like the US EARN IT Act, EU Chat Control, and UK Online Safety Bill, Signal is one of the very few messengers that clearly says "we will leave."

Signal's weakness is metadata. Message contents are perfectly encrypted, but the metadata of who talked to whom and when is partly visible to the server operator. Signal has added sealed sender (2018), private contact discovery (SGX-based), and usernames (beta in 2024) to reduce it. Still, registration by phone number remains the basic model, and this is exactly what SimpleX and Session criticize.

Where Signal stands today: roughly 70 million to 100 million users (official figures are not disclosed), Android/iOS/desktop (Windows, macOS, Linux), groups of up to 1,000, group calls up to 50, video calls, stickers, stories (2022), usernames (2024), PQXDH (Sept 2023), locked chats (2024). The next steps reportedly are integrating PQXDH into the Double Ratchet (currently only the initial agreement is post-quantum) and redesigning group chat to shrink metadata further.

Chapter 3 · Matrix.org + Element X — Rewritten in Rust

Matrix is a federated messaging protocol from a nonprofit foundation (now the Matrix.org Foundation) that spun out of Amdocs in 2014. Born from the ambition to do what XMPP did not, after the 1.0 release in 2017 it became the largest federated messaging ecosystem.

Core concept. Matrix is designed around "rooms" rather than "messages." A room is one distributed state — an eventually consistent graph of JSON events — that exists simultaneously across multiple servers. Even if one server goes down, as long as events sent by another server's users are replicated elsewhere, the room stays alive.

Homeservers and IDs. A user has an ID like @alice:matrix.org — username plus homeserver. Synapse (the Python reference implementation), Dendrite (Go), and Conduit (Rust) are the main homeserver implementations. Running your own server means owning your data. If running one is too much, hosted services like matrix.org, beeper.com, and Element work just as well.

E2EE (Olm and Megolm). Matrix's end-to-end encryption is two-layered. One-to-one chats use Olm, a library inspired by Signal's Double Ratchet. Group chats use Megolm, a group ratchet that encrypts each message only once even in large groups. Olm and Megolm are part of the Matrix spec, and every compatible client uses the same algorithms.

Element X — the Rust rewrite. In 2022 and 2023, Element abandoned the existing React Native based Element mobile client and built a new client, Element X, on top of matrix-rust-sdk, a Rust rewrite of the core SDK. Released formally in 2024, Element X (1) made the formerly slow initial sync fast using sliding sync, (2) made message search instant via client-side indexing, and (3) simplified the UI to lower the barrier for new users. The same Rust SDK is going into desktop (the next generation of Element Desktop).

What sliding sync is. The existing /sync API requested the state of every room every time, so the first login for a user with hundreds of rooms could take tens of seconds. Sliding sync prioritizes only the rooms needed for the current view. On mobile, the most recent conversations appear immediately as the app opens, and the rest load progressively as the user scrolls.

The politics of federation. Since 2020, Matrix has been adopted by the French government's official messenger (Tchap), Germany's BwMessenger for the military, and parts of US military communication infrastructure. The ability to run one's own server, the open source, and a fully public spec were the key reasons for government adoption. In 2024 it also reached some NATO channels.

Matrix's weakness is metadata. Federation prevents any single operator from seeing every message, but a server operator can still see which rooms their users join and which other users they chat with often. The Matrix foundation is advancing specs like MSC1228 (decentralized user IDs) alongside sliding sync to reduce metadata.

Where Matrix stands today: roughly 80 million users (homeserver active accounts, per official numbers), with clients including Element X (iOS/Android), Element Desktop, Cinny, and FluffyChat. In the enterprise and government market, Element Server Suite — bundling Synapse and Element — leads. Video calling is via Element Call (formal in 2024, based on a WebRTC SFU).

Chapter 4 · SimpleX — Distributed Messaging Without User IDs

SimpleX (simplex.chat) is a relatively new messenger that started around 2021. The starting point was a simple question: "Why does a messenger need user IDs?"

Phone numbers (Signal, WhatsApp), email (some of Wire), Matrix IDs, and usernames (Telegram, Threema, Session) are all single identifiers that let the server identify users. As long as that single identifier exists, the server can build a graph of "who talked to whom."

SimpleX's answer. Remove user IDs. SimpleX identifies "queues" rather than users. When two users first connect, one side creates a one-time SMP (Simplex Messaging Protocol) queue and delivers the address directly to the other via a QR code or link. The other side sends a first message to that queue, and the two users exchange keys inside it. After that, all messages route through queues only the two of them know. The server holds "a queue," not "a user."

Many SMP servers. SimpleX operates its own SMP servers, but anyone can run one, and users can use multiple servers simultaneously. The send queue and receive queue of one conversation can sit on different servers. That way no single server operator sees both sides of the message flow.

E2EE. SimpleX uses its own Double Ratchet implementation. From 2024 it also offers a PQXDH-style post-quantum KEM as an option.

Group chat. Groups are implemented as a mesh between users. To send one message to all members, the sender sends it once per member queue. The structure is inefficient at scale (hundreds of members or more), but that is the price of maximum metadata resistance. After 2025, SimpleX has been adding super-peer-based group routing to reduce this cost.

Weaknesses. (1) UI/UX is rough. (2) Multi-device sync is limited (by design each device is a separate user). (3) Without phone numbers, the only way to find contacts is QR code or link sharing. (4) Push notifications are slower than in other messengers.

Who uses it. High-risk activists, journalists, and security researchers form the main user base. It is hard to recommend to ordinary users, but for those who want to hide not just message contents but the very fact of who they talked to, it is nearly the only option.

Chapter 5 · Session — Signal Protocol on Loki/Oxen

Session (getsession.org) is a messenger from Australia's Loki Foundation (now Oxen Foundation), launched in 2019. It started as a fork of Signal Android. It kept Signal's well-vetted end-to-end encryption while removing the server dependency and running over an anonymous network.

Loki/Oxen network. Session runs on top of the service node network of the Loki (now Oxen) blockchain. When a user sends a message, it travels via an onion route to the recipient's "swarm" — a cluster of message storage nodes. The recipient polls their swarm to fetch messages. The structure provides Tor-like anonymity but, unlike Tor, also supports store-and-forward.

User ID. Session uses neither phone numbers nor emails nor usernames. Each user has a randomly generated 66-character Session ID, based on a public key. Exchanging this ID directly with another user starts a conversation.

E2EE. Initially it used the full Signal protocol (Double Ratchet plus X3DH), but in 2021 it switched 1:1 chats to Session Protocol, a simplified in-house variant. For groups there are Closed Groups (end-to-end encrypted small groups, up to 100 members) and Open Groups (large groups stored in plaintext on the server). Since 2024 there has been a migration to a new MLS-based group protocol.

Weaknesses. (1) It depends on the Loki/Oxen blockchain, so trouble in that ecosystem affects Session. (2) Message delivery latency is higher than other messengers (due to the swarm polling model). (3) Closed Group key rotation is inefficient.

Who uses it. Users who value anonymity and want stronger metadata resistance than Signal. Darknet market users and activists make up a sizable share.

Chapter 6 · Briar — P2P That Works Without the Internet

Briar (briarproject.org) is an Android-only messenger that started around 2014 in the UK. The starting point was another question: "Can a messenger work where the internet is cut off or a government blocks it?"

Three transports. Briar can deliver the same message in three ways.

  1. Tor over internet — when the internet is available, two devices connect directly via Tor hidden services. There is no central server.
  2. Wi-Fi Direct — when on the same Wi-Fi network, or by Wi-Fi Direct directly.
  3. Bluetooth — when there is neither internet nor Wi-Fi, messages are exchanged directly within Bluetooth range (about 10 meters).

These three switch automatically inside the same app. If the first fails it tries the second, then the third.

Why it matters. Egypt's internet shutdown during the 2011 Arab Spring, the monitoring of data traffic during the 2019 Hong Kong protests, and the censorship of communications during the 2022 Iran protests — in all of these, the central problem was "how to communicate when the internet is cut off." Briar was designed for that scenario.

E2EE. Briar uses its own protocol, the Bramble Transport Protocol (BTP). The structure resembles the Double Ratchet but prioritizes delivery reliability above all, especially in intermittent-internet environments.

Weaknesses. (1) Android only. iOS has been planned for a long time (beta as of spring 2026). (2) Group chats are small (a few dozen members at most). (3) P2P mode requires the other device to be in Wi-Fi or Bluetooth range, limiting everyday utility. (4) No push notifications — without a server, this is impossible in principle.

Who uses it. Activists at protests, in censored environments, or in regions with unreliable internet infrastructure. It is also often cited as a reference implementation in security research.

Chapter 7 · Cwtch — Anonymous Group Chat on Tor

Cwtch (cwtch.im — Welsh for "a hug") is a messenger built by Canada's Open Privacy Research Society. It began around 2018 and reached 1.0 in 2022.

Core design. Cwtch routes every message through Tor hidden services. The user ID is a Tor v3 onion address (56 characters). Messages flow directly between the onion addresses of the two users (or group). There is no central server.

Metadata resistance. Cwtch goes one step beyond Briar. (1) The only user identifier is an onion address. (2) All traffic passes through Tor. (3) Group messages are encrypted with a group key and stored on an arbitrary untrusted server (anyone can run one), decryptable only by group members. That is, the server operator does not even know who is in a group.

Weaknesses. (1) Slow due to Tor dependence. (2) No push notifications. (3) Operating a group requires choosing an untrusted server. (4) UI/UX is technically inclined.

Who uses it. Security researchers, journalists, and high-risk activists who prioritize metadata resistance above all.

Chapter 8 · Wire / Threema / Olvid / Wickr — Enterprise / Paid / Government / Vanished

This section covers four variations within the centralized camp.

Wire (wire.com). Started in Switzerland in 2014 (later headquartered in Berlin, with US capital acquisition). It began as a consumer messenger but since 2019 has focused on the enterprise market (Wire for Business, Wire Red). It uses a variant of the Signal protocol called Proteus, and migrated to MLS-based group messaging in 2022. The German federal government and some EU institutions have adopted it. The consumer version is still free, but the company's core revenue comes from enterprise.

Threema (threema.ch). Started in Switzerland in 2012. A paid messenger (about CHF 4.99 one-time as of spring 2026), it operates on randomly generated 8-character Threema IDs without phone numbers. It is protected by strong Swiss data protection law and open-sourced its code in 2017 (threema-android and threema-ios on GitHub). It is used by the Swiss military and government, some European enterprises, and ordinary users with strong privacy preferences. The user base is roughly 11 million as of 2024 official.

Olvid — French government acquisition (2023). Olvid is a messenger launched in France in 2019. Its main feature is the principle of "trusting no directory service at all." When two users first connect they must exchange keys in person or through a secure channel. In November 2023 the French government announced Olvid as the official messenger for all ministers and civil servants, and around the same time acquired a significant share of the company. Detailed acquisition terms are not public. The free consumer version is still offered, but governance has shifted.

Wickr — AWS's consumer shutdown (2023). Wickr started in the US in 2012. AWS acquired it in 2021, and it became AWS Wickr in 2022. In January 2023 AWS shut down the free consumer version (Wickr Me), and since then Wickr has been a tool for governments, enterprises, and AWS customers only. The end of Wickr Me, once popular on the darknet, scattered that user base toward Session, SimpleX, and Signal.

Chapter 9 · XMPP + OMEMO — Why an Old Protocol Is Still Alive

XMPP (Extensible Messaging and Presence Protocol) began as Jabber in 1999 and was standardized by the IETF in 2002 — the oldest federated messaging protocol. Once, Google Talk, Facebook Chat, and early versions of WhatsApp all used XMPP variants.

OMEMO (OMEMO Multi-End Message and Object Encryption). An XMPP end-to-end encryption extension standardized as XEP-0384 in 2015. It puts essentially the same algorithm as Signal's Double Ratchet on top of XMPP's message flow. Clients like Conversations (Android), Dino (desktop), Gajim, Beagle IM, and Siskin (iOS) support OMEMO.

Why it is still alive. (1) The spec is fully public with a low barrier to entry. (2) Self-hosting is easy (lightweight servers like Prosody and ejabberd exist). (3) Compatible clients are diverse. (4) It appeals to technical users who want to keep their own data on their own server.

Who uses it. Small organizations running their own infrastructure, individuals who want an ID at their own domain, and some NGOs. Compared to Matrix the user experience is rougher, but the infrastructure burden is lighter.

Chapter 10 · MLS (RFC 9420, July 2023) — A New Standard for Group Messaging

In July 2023 the IETF formally standardized MLS (Messaging Layer Security) as RFC 9420. MLS is the new base protocol for end-to-end group messaging.

Why a new standard was needed. Signal's Double Ratchet is efficient in 1:1 and small groups, but in large groups (hundreds to thousands) the key rotation cost scales linearly with group size. Every time a member leaves or joins, keys between all members must be renegotiated.

TreeKEM. The core of MLS is TreeKEM, a tree-based key agreement algorithm. Group members are placed at the leaves of a binary tree, and each internal node holds a shared key for the leaves below it. When adding or removing a member, only the keys on the path from that member's leaf to the root need updating. The length of that path is logarithmic in the group size, and so is the key rotation cost.

Forward secrecy and post-compromise security. MLS guarantees both. Forward secrecy means "even if a key is compromised, past messages stay safe." Post-compromise security means "even if a key is compromised, messages after the next key update are safe again." The properties Double Ratchet guarantees for 1:1 are now guaranteed by MLS for large groups.

Key RFCs.

  • RFC 9420: The Messaging Layer Security (MLS) Protocol (July 2023)
  • RFC 9421: MLS Architecture (around the same time)
  • Other MLS extensions (metadata protection, federation, etc.) are in progress at the IETF.

Implementations. OpenMLS (Rust), mls-rs (AWS Rust), MLSpp (C++), and js-mls. All target RFC 9420 compatibility.

Limits. MLS resolved the efficiency of key agreement, but the membership metadata of "who is in this group" is still visible to the service provider. Metadata protection is in progress as a next-generation MLS extension.

Chapter 11 · Sealed Sender / Metadata Resistance Techniques

E2EE hides message contents but leaves the metadata of who sent to whom and when. Metadata resistance is a set of techniques that reduces this exposure.

Sealed Sender (Signal, 2018). Signal's first metadata protection feature. The sender's ID is encrypted in a separate envelope that only the recipient can open. The server knows "a message arrived for X" but does not directly see "who sent it." The recipient's ID, however, is still visible.

Private Contact Discovery (Signal). When a user checks which numbers in their address book are Signal users, the match runs in a trusted execution environment like Intel SGX. The server does not learn which entries of its own database were matched by which external request.

Usernames (Signal, 2024). Lets users start conversations without exposing a phone number. Closer to identifier separation than metadata itself, but in the same direction.

Onion routing (Session, Cwtch, Briar). Through Tor or Tor-like onion routing, the origin and destination of a message are kept hidden from any single server.

No persistent user ID (SimpleX). Removes the user ID itself and identifies only at the queue level. The biggest graph a server can build is "this queue is active."

Mixnets (Loopix, Nym). Add random delay and route messages through multiple nodes, so even timing correlation becomes hard to use for tracking. Some experimental messengers (Katzenpost, tools layered on top of Nym) use them.

The reality limit. Systems that hide metadata perfectly almost always sacrifice user experience — slower push notifications, harder sync, group chat inefficiency, media transfer constraints. So ordinary users get along with Signal's sealed sender, and only high-risk users go all the way to SimpleX or Cwtch.

Chapter 12 · Post-Quantum Cryptography — Signal's PQXDH (September 2023)

When quantum computers grow large enough, today's asymmetric algorithms — RSA, ECDH, ECDSA — break under Shor's algorithm. Symmetric ciphers (AES, ChaCha20) and hashes (SHA-256, SHA-3) lose half their key length to Grover's algorithm but remain safe if the length is doubled.

Hold now, decrypt later. You cannot relax just because quantum computers do not exist yet. An attacker who stores today's encrypted traffic and decrypts it with a quantum computer five or ten years later is a realistic threat. So message security needs to migrate to post-quantum sooner than the pre-quantum schedule suggests.

Signal's PQXDH (September 2023). A successor to X3DH. CRYSTALS-Kyber (the precursor to ML-KEM standardized by NIST in 2024) based KEM and classic X3DH run in parallel, and the session key is hashed from both. As long as one is safe, the session is safe. The Signal blog post "Quantum Resistance and the Signal Protocol" (signal.org/blog/pqxdh) published the full spec.

Apple iMessage PQ3 (February 2024). Apple introduced post-quantum key agreement in PQ3 around the same time. It goes further with "ongoing post-quantum rekeying" so that even long-lived sessions retain post-quantum security. Apple's security blog (security.apple.com) published the spec.

Limits. (1) The per-message key agreement inside Double Ratchet is still ECDH-based as of spring 2026. PQXDH protects only the initial agreement. (2) Post-quantum algorithms have large keys and signatures (Kyber-768 public keys are about 1.2 KB). (3) Standards are still stabilizing (NIST formally published ML-KEM, ML-DSA, SLH-DSA in 2024).

Chapter 13 · WhatsApp Adopted MLS — What Will Change

Meta has publicly stated since 2024 that it is transitioning WhatsApp group messaging to MLS. The Engineering at Meta blog (engineering.fb.com) published a detailed design.

Why the switch. WhatsApp's existing group messaging used a sender keys model. Each member pre-distributed their sender key to all group members and encrypted messages with it. Every time a member joined or left, all members needed new keys. In large groups (1,024 members and above) this cost grew sharply.

After the MLS switch. Thanks to TreeKEM, key rotation drops to logarithmic time. Even in community channels of 5,000 members or more, key rotation becomes near instant. MLS standardization also opens the door to interoperability with other messengers in the future.

EU Digital Markets Act (DMA) and interoperability. Since March 2024, with DMA in force, gatekeeper messengers (currently only WhatsApp is designated) must offer interoperability with others. WhatsApp offers this through its own bridge API, and MLS is mentioned as a candidate for standardized interchange going forward. As of spring 2026, however, Signal and other messengers have refused interoperability with WhatsApp (Signal cited concerns about privacy degradation).

WhatsApp's metadata. Separately from the MLS transition, the metadata WhatsApp shares with Meta's parent company (contacts, group membership, usage patterns) is still rich. That remains the decisive difference between Signal and WhatsApp.

Other MLS adopters. Cisco Webex (2024), encrypted DMs in X (formerly Twitter) Premium (2024), and Wire which already moved to MLS-based groups in 2022. Matrix keeps its own Megolm but an MLS integration spec (MSC2883) is in progress.

Chapter 14 · Korea — KakaoTalk Secret Chat, Telegram Use

In Korea KakaoTalk dominates spring 2026 — roughly 48 million monthly active users (MAU), effectively every Korean resident. But KakaoTalk's default chat is not end-to-end encrypted.

KakaoTalk Secret Chat. Introduced in September 2014. It reportedly uses a Signal protocol variant and works in 1:1 and groups (up to 100). It must be started from a separate menu, multi-device sync is limited, and ordinary users rarely use it. Since late 2024 Kakao has announced phased rollout of E2EE in general chats, but as of spring 2026 default chat is still server-stored.

Telegram use in Korea. After the "cyber surveillance" controversy of September 2014, there was a large migration to Telegram, and politicians, journalists, and some activists still use it as a secondary channel. But Telegram's default chat is not end-to-end encrypted; only secret chats are. Secret chats also cannot be shared between devices. After the "Nth Room" case in 2020, in which Telegram secret groups were used for criminal activity, Korean society has been critical of Telegram's willingness to cooperate with policy.

LINE in Korea. Apart from KakaoTalk, LINE is still used by some Korean users, especially those communicating with Japanese residents. LINE's end-to-end encryption, branded Letter Sealing, was introduced in 2015. As of 2026 it applies to 1:1, groups, and voice/video calls.

Secure messenger uptake. For ordinary Korean users Signal, Matrix, and SimpleX are barely used. Only security-conscious occupations (journalism, infosec, parts of the legal profession) use them as secondary channels.

Legislation. Since the mid-2020s Korea has repeatedly debated government access to messengers in the name of fighting digital sex crimes. Some bills were introduced in 2024 and 2025, but as of spring 2026 none have passed due to civil society and industry pushback.

Chapter 15 · Japan — LINE Letter Sealing, PlusMessage

In Japan LINE holds a position comparable to KakaoTalk — about 97 million MAU, effectively every Japanese resident.

LINE Letter Sealing. Introduced in October 2015 as LINE's end-to-end encryption. ECDH key exchange and AES-CBC message encryption form the base. It extended to group chats after 2018 and to voice/video calls in the 2020s. LINE is perceived as different companies in Korea and Japan, but the parent LY Corporation is jointly owned by Naver (Korea) and SoftBank (Japan).

The Korea-Japan data dispute (2023-2024). After the LINE Yahoo personal data breach in 2023, Japan's Ministry of Internal Affairs and Communications issued administrative guidance to "reduce dependence on Naver Cloud." It became a diplomatic friction between Korea and Japan. In 2024 and 2025 LINE Yahoo announced gradual migration of data infrastructure into Japan.

PlusMessage. A messaging service jointly operated by Japan's three major carriers (NTT Docomo, KDDI au, SoftBank) based on RCS (Rich Communication Services). Launched in 2018. It runs on phone numbers, supports photos, stickers, and group chat, and has offered optional end-to-end encryption since 2021. Some ordinary users use it instead of or alongside LINE.

Signal and Telegram in Japan. Both are used even less than in Korea. Some technologists and foreign residents use them; ordinary users barely know them.

Legislation. In 2024 Japan debated the balance between protection of communication secrecy and cybercrime investigation, but no strong legislation like mandatory messenger backdoors exists as of spring 2026.

Chapter 16 · Who Should Pick What — General / Activist / Enterprise / Metadata-Avoidant

The final chapter is recommendations by user type.

Ordinary users (family, friends, daily life). Recommend Signal as the default messenger. Free, ad-free, well-vetted end-to-end encryption, post-quantum PQXDH. Using KakaoTalk or LINE for daily life and moving sensitive conversations to Signal is also realistic. WhatsApp also uses the Signal protocol, but trust in Meta's metadata collection model is the deciding factor.

Journalists, lawyers, civil society organizations. Signal primarily, Matrix (Element X) for internal collaboration. Running your own Matrix homeserver keeps all organizational data on your own infrastructure. The Signal username feature is useful for first contact with sources.

High-risk activists (censorship environments, surveillance targets). SimpleX or Session primarily, Briar as a backup. Using a general messenger can itself be a risk signal, so be cautious. Combine with OS-level protection (Tails, Qubes OS, GrapheneOS) and Tor Browser.

SMB enterprise. Wire for Business or Threema Work. Start as SaaS and migrate to self-hosting as needed. Keep Slack or Teams as a side channel, and use only an end-to-end tool for sensitive conversations.

Large enterprise / compliance. Element Server Suite (Matrix hosting plus consulting) or Wickr (AWS GovCloud). For cases requiring data governance, audit logs, and directory integration.

Government / military. Olvid (France), Tchap (France, Matrix-based), BwMessenger (Germany), and self-hosted Matrix are the main options. Adoption of standardized RFC 9420 MLS is the key for future standardization.

Users who want to avoid metadata too. Use SimpleX and Cwtch in combination. Use multiple messengers with the same person to disperse the metadata graph. Also separate the device from the phone number and use anonymous SIMs or data-only SIMs.

For ordinary Korean and Japanese users. Leaving KakaoTalk or LINE is realistically hard. The alternative is a dual usage model — "daily on KakaoTalk or LINE, sensitive on Signal." Moving family and friends to Signal is hard, but having it as a secondary channel is the first step.

Conclusion — Messaging in 2026 Is No Longer One Line

The 2010s answer was simple. "Use Signal." The 2026 answer is longer.

  • For ordinary users, still Signal. The gold standard, now reinforced with post-quantum PQXDH.
  • For organizations, Matrix plus Element X. End-to-end collaboration on your own infrastructure.
  • To hide metadata too, SimpleX or Cwtch. Sacrifice usability to break the tracking graph.
  • For censorship environments, Briar. True P2P that works even over Bluetooth.
  • For large groups and future standardization, MLS RFC 9420. Adopted by WhatsApp, followed by others.
  • To prepare for quantum computers, PQXDH (Signal) and PQ3 (Apple iMessage). The first production answers to hold-now-decrypt-later attacks.

In the spring of 2026, secure messaging is being redefined again at the intersection of political events and technical progress. Meredith Whittaker's Signal is one of the very few messengers that clearly says "we will leave" in response to EU and UK backdoor legislation, and MLS has become the new base for group messaging. Around them SimpleX, Session, Briar, and Cwtch set a new baseline for metadata resistance, while the French government's acquisition of Olvid and AWS's shutdown of Wickr's consumer side showed that messengers have become geopolitical assets.

The answer depends on the threat model you live inside. But at least after reading this article, you know that "use Signal" is not the same right answer for everyone. That is secure messaging in the spring of 2026.

References

  • Signal Foundation — signal.org
  • Signal Blog, "Quantum Resistance and the Signal Protocol" (Sept 2023) — signal.org/blog/pqxdh
  • Signal Blog, "Phone numbers are no longer required" (Feb 2024) — signal.org/blog/phone-number-privacy-usernames
  • Meredith Whittaker, Signal president — signal.org/blog/author/meredith
  • Matrix.org Foundation — matrix.org
  • Matrix Spec — spec.matrix.org
  • Element X (Rust SDK) — element.io/blog/element-x-ios-everything-you-need-to-know
  • matrix-rust-sdk — github.com/matrix-org/matrix-rust-sdk
  • MSC3575 Sliding Sync — github.com/matrix-org/matrix-spec-proposals/blob/main/proposals/3575-sliding-sync.md
  • SimpleX Chat — simplex.chat
  • SimpleX Whitepaper — github.com/simplex-chat/simplexmq/blob/master/protocol/overview-tjr.md
  • Session — getsession.org
  • Oxen Foundation — oxen.io
  • Briar — briarproject.org
  • Cwtch — cwtch.im
  • Open Privacy Research Society — openprivacy.ca
  • Wire — wire.com
  • Threema — threema.ch
  • Threema GitHub — github.com/threema-ch
  • Olvid — olvid.io
  • French government Olvid adoption (Nov 2023) — gouvernement.fr coverage
  • Wickr / AWS — aws.amazon.com/wickr
  • AWS Wickr Me sunset (Jan 2023)
  • XMPP Standards Foundation — xmpp.org
  • XEP-0384 OMEMO — xmpp.org/extensions/xep-0384.html
  • Conversations (Android XMPP client) — conversations.im
  • RFC 9420 The Messaging Layer Security (MLS) Protocol (July 2023) — datatracker.ietf.org/doc/rfc9420/
  • RFC 9421 MLS Architecture
  • OpenMLS — github.com/openmls/openmls
  • mls-rs (AWS Rust MLS implementation) — github.com/awslabs/mls-rs
  • Engineering at Meta, "WhatsApp + MLS" — engineering.fb.com
  • Cisco Webex MLS adoption — webex.com
  • X Premium encrypted DMs — help.x.com
  • Apple iMessage PQ3 (Feb 2024) — security.apple.com/blog/imessage-pq3
  • NIST PQC Standards (ML-KEM, ML-DSA, SLH-DSA, Aug 2024) — csrc.nist.gov/projects/post-quantum-cryptography
  • EU Chat Control proposal — edri.org analysis
  • UK Online Safety Bill — gov.uk
  • EU Digital Markets Act (DMA) — digital-markets-act.ec.europa.eu
  • KakaoTalk Secret Chat — kakao.com security policy
  • LINE Letter Sealing — engineering.linecorp.com
  • PlusMessage — plus-msg.com
  • Tchap (French government Matrix) — tchap.gouv.fr
  • BwMessenger (German Bundeswehr Matrix) — bundeswehr.de coverage
Discuss on TwitterView on GitHub