Okay, so I here’s what I think for the main question. (Sorry for my English, I’m not the native speaker - if something is hard to understand let me know, please)

On the internet we have a lot of discussion about this topic. And we have a lot of different views on it. And a lot of apps. We need to be sure what we’re talking about and how precise we are. These are my main thoughts, listed. There is no such thing as “most secure chat app”, especially if we’re not asking precisely what we mean by that term.

I think of three main factors of the case. And I want to put it clear: I don’t want to go on full-geeky or start a discussion about “normal user will not understand”. Every user is different. The “most secure app” should be “most secure” both for an undercover agents and our grandmothers.

1. Software and it’s environment. So, the app - but this is just the surface. But mainly it’s something that everyone can agree - the app and it’s environment should be open-source, and actively maintained. Also there should be a quite interest around it - because there should be some people who actually can really say that they looked up to the source and “approve” it’s reliability. The communication with the company/foundation/creator should be good and smooth. The community around the app should be treated well and should feel listened. Should be well documented. Should think about “typical users”, so to obtain that - app should be easy to manage and have well designed UX (not for geeks only). The app and information in it should be encrypted out-of-the-box. The communication should be decentralised and not depending on the main server (because that’s the future of the internet, damn). E2EE have one big problem - it’s hard to have control of messages you’ve already sent. App should have some ideas inside for solve this problem. The app should have possibility to register the account without giving your credentials. No e-mail address, no phone number.
2. User and it’s environment. Every secure app can be used in unsecure way. You cannot jump over it. If you cannot think creatively about your tools, security model, things you want to achieve - none of apps from the toplist will help you. You don’t need to be a specialist, really. It’s about few articles and some hours of research. Educate yourself, think. If you’re using secure app on unsecure system - huh, nothing will help you then. Encrypt the phone. Use password manager. Don’t give away your contact information easily. Take control of what you want to share before you will share it. Educate yourself.
3. Geopolitics and awareness It’s easy to forget about it. When I see discussions about different apps - people are talking from their perspective - what means - perspective of the country they live in. “Most secure” app should be “most secure” in USA and in Iran. In Poland you need to register every phone number on your credentials. In Czech Republic you don’t need to. There are places where government can easily gain access to data of your internet provider without even asking the court. Think global, try to gain knowledge about specifics of your country. I can use Signal - but I need to register it on Czech SIM card with phone that I bought second hand, on which I never used my own, private SIM card. Then I can really feel safe - not only for government (that’s not the deal for many of users though) but also from stalking/doxing by private users/trolls. Remember that nobody of us is “typical user”. If your country is fucking up the abortion law and you cannot legally use the “day after” pill - which could be an issue for 50% of human beings - you need to be sure that your credentials are safe. We had these situations in Poland when - hear me out - right wing “catholic” foundation ran a fake “safe number” for woman with this problem, and afterwards they doxxed their private information. The same with human rights activists or LGBTQ+ people, especially young people. They are not special agents - they need just to feel safe. This is ALL OF US. There is NO SHUCH THING AS “TYPICAL/NORMAL USER”.

So, when it comes to this I need to say that I cannot tell which app is really “most secure”. I’m not an tech expert, so I cannot pentest the app by myself. But I can tell you which app looks the most reliable to me.

For me it’s Session app. It has some cons, like everything. But I will tell you why I believe in it. Yeah, “believe” it’s a good word for it. Because it’s always about trust. If the devs are sincere with us and everything is working as they say - that’s the way it should work for every secure app. First - let’s look at the main concerns. First one is Australia, which the app is from. It has very fucked up law - court can easily access the data of users (please correct me if I’m wrong). But the app is designed in a way that even if the government would get this access - they will find nothing or almost nothing, just scraps of metadata which would be hard to use against you.

Next thing is reliability. There should be more third-audits done for the app, that’s true. But the foundation behind the app is showing very good attitude for it. They are communicating, they are active and I think it’s just a matter of time that it will be full-acceptable on the paper.

Design - it’s up to date. It has something that Signal doesn’t have if we’re talking about that E2EE problem - the capability of your chat inbox. You can make your inbox delete the messages after specific number (not only after specific time - but that is possible too). You cannot force the person which you are talking to do the same, but app is anonymous so It would be really hard to connect these messages to you. On Signal in other hand - all messages are linked to you because of phone number and you need to depend on security of other people - not cool. The next good thing - it’s using a decentralised network based on nodes (onion routing). That should be a standard, I will not comment on that.

But the biggest thing is that I can see on my own eyes that the developers running this project has really A LOT TO LOSE. Yeah, that’s a thing for me. I can see how they’re communicating, how they’re developing as a foundation/company. They are really into the privacy stuff. If they would make a mistake… oh, shit, that would be a total disaster for them. They just cannot screw it up - they have own coin, they have own node-network, they have the bright future in front of them. When you have a lot to lose - you are more reliable. But that’s my private opinion which cannot be measured scientificaly. I’m just watching closely and I can see that they are growing. If they are capable of doing what they annouced this year - encrypted voip call by the onion network - it would be a really huge step forward. Crossing fingers.

Wickr has that great system for ephemeral messages - ‘burn after read’ option. I really liked it. But Wickr is now part of Amazon. So using it is like you would give your money to ISIS - you’re just funding terrorism. Briar is great, of course. It’s the top for sure. But there is a problem with Briar. It will never be a standard - because is not “cool”. Why that matters? If the app is not used by a lot of people and is not popular - there is a possibility that it will die soon. That’s how it works for now, too bad - but true.

I would say that XMPP is also a good direction to look, I’m not sure about Matrix on not-self-hosted servers. Yup, that’s all I think. If someone will disagree - I’m cool with that and please don’t take my words as something what I will fight for. I’m not here for force-changing someones point of view. Thanks.