[mrbiber]

At the moment, Signal and Wire seem to be the best options. They have open-source clients, end-to-end encryption, are easy enough to use that even less-computer savy people can be realistically convinced to use them and they seem to offer decent protection for metadata (not technical, but policy-wise).

There are, however, some upcoming developments which will change the situation in the next couple of months:

1) The main matrix.org client, Riot (https://riot.im) has end-to-end encryption now in beta. This will offer Signal-strength encryption, but in a decentralized, e-mail-like system with federated servers. This will create an ecosystem where people are no longer dependent on the goodwill (and solvency) of a single entity to use a good, encrypted messaging app.

2) Briar (https://briarproject.org) is a new (Android-only) app, designed for people with an especially high need for privacy. It works without central servers (through Tor hidden services, but hides the complexity of that), even works when the internet is down (e.g. when mobile networks are shut down during a protest) via Bluetooth and direct Wi-Fi connections, and it offers extra features, like a panic button that deletes all your data. It's in beta at the moment, with a planned release early next year.

TL;DR: Use Signal or Wire for now, but be ready to switch to a better system when available.

[nickik]

This is a great answer. I was about to recommend the same, Signal for now, Matrix eventually.

I did not know about Briar, that seems useful, even for cases where you are just of the grid with your friends.

[int_19h]

Is there any particular reason why you wouldn't recommend Matrix/Riot today, for someone who is technically proficient?

[sprafa]

I've heard Signal has US Government backing, which makes me scared for an NSA backdoor. Any idea about this?

[lorenzhs]

Where have you heard this? I wouldn't question Moxie's integrity lightly, his track record is impressive.

[geofft]

Wikipedia says that Open Whisper Systems has received a significant amount of funding [1] from the Open Technology Fund, run by Radio Free Asia [2], a US-government-run propaganda organization.

Of course, this is the arm of the US government that very actively doesn't want back doors, because they operate in territories controlled by other not-necessarily-friendly governments. They need communications to be reliably secret, and they have no need to tap those communications. It's the same reason that government funding for Tor isn't inherently a problem for Tor's security, and you see other parts of the US government, like the FBI, trying to hack it.

It's definitely worth worrying that the government could decide that this part of its mission is no longer worth funding. But it isn't likely to be a risk of back doors. (Especially compared to all the other usual risks, notably simple bugs like Heartbleed and Weak DH.)

[1] https://en.wikipedia.org/wiki/Open_Whisper_Systems#Funding

[2] https://en.wikipedia.org/wiki/Radio_Free_Asia

[mickaldo]

It is indeed backed by the US government, see https://news.ycombinator.com/item?id=8106721.

The best way to go is Threema, IMO. Can be used completely anonymously. Servers are located in Switzerland. Uses NaCl. Recommended by Steve Gibson. Not free, though.

[dylz]

- "requires payment" and "completely anonymously" seem at odds; especially when the person you're communicating with will likely have purchased it from an app store. i understand that there is a way to purchase it with btc at their own site, but that doesn't really help with licencing and GCM

- proper implementation of e2e means where the servers are shouldn't matter

- threema uses GCM too -> whole google play services framework

- this steve gibson? http://attrition.org/errata/charlatan/steve_gibson/