Introduction to Privacy-Enhancing Messaging tools

The area of messaging — instant chat as well as email — is today marked by massive centralization of power in the hands of a few operators. Even email, though designed as a federated system, often offers little privacy in practice: protection is not always on by default, nor easy to turn on. Metadata about who talks to whom, when, and often from where, usually remains exposed on the tools most people use every day.

This dossier presents NGI-funded messenger projects alongside widely used FLOSS alternatives — from federated XMPP and Matrix clients to peer-to-peer and mesh messengers.

How NGI0 Projects Address These Risks

The projects in this dossier each target specific harms of centralized messaging. None replaces every proprietary app overnight, but together they show how inspectable messenger code, federation, peer-to-peer sync, and end-to-end encryption can reduce dependence on a single operator:

Dino Dino offers a polished desktop client for XMPP instant messaging with end-to-end encryption options. Federation lets communities choose their own server or run one locally, rather than routing every contact through one company's identity graph — though trust and metadata still depend on the homeserver operator you pick.
Briar Desktop Briar Desktop synchronises encrypted messages directly between devices without a central server. When the internet is unavailable it can sync over Bluetooth, Wi-Fi, or removable media; when online it can use the Tor network — reducing exposure to server-side metadata collection and outages that silence centralized apps.
Qaul Qaul is a delay-tolerant mesh messenger for off-the-grid and emergency use. Configurable, verifiable P2P channels support open discussions, trusted information feeds, and distributed spam protection without requiring always-on cloud relays.
Conversations Conversations is a mature Android messenger for federated XMPP with end-to-end encrypted text, media, and voice messages — plus standards-based audio and video calls. Users can pick or run their own server instead of locking contacts into one company's app.
NeoChat NeoChat is a cross-platform Matrix messenger from KDE. NGI funding brought end-to-end encryption to the client via libQuotient, so private and professional chats on open federation need not stay plaintext or tied to a single vendor's closed app.

NGI-funded messengers in this dossier

Browse the NGI-funded projects in this dossier below.

Associated NGI0 Projects

Popular FLOSS messaging projects

Beyond NGI-funded work, several widely used FLOSS tools shape everyday messaging — from mobile chat apps to Matrix clients and self-hostable team platforms. They are a common step away from purely proprietary services, but each still comes with structural limits.

Signal ships open clients and strong end-to-end encryption. As of 2026, sign-up still requires a phone number, but usernames and default number privacy mean you need not share that number with contacts; discovery by number can be restricted. The service nonetheless depends on centrally operated Signal servers — availability and much metadata remain tied to that infrastructure.

Session routes messages over onion-style networks without a phone number, which improves anonymity compared with mainstream apps. Users still rely on the project's network design and release cycle rather than direct peer-to-peer delivery between contacts.

FluffyChat is a Matrix client: open federation can reduce single-vendor lock-in, but most people depend on a homeserver they do not run — often a large public instance — so trust and metadata exposure shift to that operator.

Mattermost can be self-hosted for teams, which helps organisations keep data under their own control. In practice many deployments sit behind central IT, target workplace collaboration, and do not offer end-to-end encrypted private chat by default.

These projects show what “FLOSS messaging” often means in the field: inspectable code with remaining reliance on central or hosted infrastructure — useful, but not a full substitute for decentralised, metadata-resistant designs.

Popular closed-source messaging apps

Most people still chat on proprietary messengers whose clients and servers are not fully inspectable or self-hostable. They are included here as reference points — not recommendations — because their defaults illustrate the centralization and metadata exposure this dossier tries to reduce.

WhatsApp markets end-to-end encryption, but Meta still collects extensive metadata, ties accounts to phone numbers, and operates the sole authoritative server infrastructure.

Telegram is widely used for groups and channels, yet default chats are not end-to-end encrypted, server code is closed, and users depend on Telegram's centralized service for availability and account recovery.