Summary: The PRIVA SCORE for messenger services can reach a maximum of 324 points. Signal and Threema have the highest level of data protection, while Telegram and WhatsApp only score mediocre - because both apps collect a lot of metadata, among other things. Discord has the lowest level of data protection with less than 100 points due to the lack of end-to-end encryption, collection of a lot of metadata and the server location in the USA.
Update 1: Signal is now also – similar to Threema – can be used with an ID, without disclosing the telephone number to the conversation partners.
Update 2: The Business model Telegram is now also “red”. Bond sales worth 330 million US dollars without mentioning the source of investment lead to this devaluation.
Update 3: The graphics have been redesigned and the centralized/decentralized/federal privacy feature has been removed since all verified messengers are centralized.
There is an adjustment at Threema: Here you can now also erasable messages for receiving and sending side.
Signal is – like Threema – not 100% open sourceBoth get a yellow rating here. On the other hand, Business model An error has crept in. Signal is funded purely by donations, so it's green.
Thanks to all informants!
The PRIVA SCORE can be the calculation received a maximum of 324 points when evaluating messengers.
The assessment of the level of data protection is based on the way in which the most important Data protection features be fulfilled by the messengers. Signal and Threema perform best. They have the highest level of data protection (270 and 282 points respectively) of the messengers compared here.
Telegram and WhatsApp score only moderately (both 119 points) and are therefore not recommended. With Telegram, the End-to-end encryption in the chats and is not active by itself. Telegram collects many Metadata, including the IP address of the chat participants and is not complete open source. The Server location is Dubai – which is at least questionable in terms of data protection. There is also no Contact verification and the business model is very non-transparent.
WhatsApp is indeed End-to-end encrypted, but collects a large amount of Metadata of the users, is not open source, cannot be used anonymously, the server are located in the USA (low level of data protection), the Access to contacts of the users is necessary for normal use and the Business model The Meta Corporation's website is, as is well known, largely advertising, which is synonymous with restricting privacy through reckless data collection practices.
The last place here (under 100 points) is Discord. The knockout criterion is the lack of End-to-end encryption. In addition, there are the shortcomings of Telegram and WhatsApp: Many Metadata collected, Discord is not open source and the Server location are the USA.
Explanation of data protection features
(Detailed description in Book)
E2E encryption ensures that only the person the user wants to communicate with can read this message on their device.
Handling metadata: Since metadata contains information such as time or location, conclusions can be drawn about the people involved in the conversation. A messenger that does not collect metadata necessary for transmission and deletes it as soon as possible protects users' data better.
Open source or auditing: For this function, a messenger whose code is openly accessible is the better messenger because it can be independently checked how well the messenger protects users' data.
Anonymous usability: This function refers to whether the exchange of personal data (usually the telephone number) is necessary in order to communicate with each other. Threema and Signal, for example, offer the option of exchanging just one ID.
Location of the servers or company headquarters: Some messenger apps operate servers in countries with weak data protection laws. In these countries, compliance with the high level of data protection of the European General Data Protection Regulation cannot be guaranteed.
The criterion is not entirely clear-cut, as the amount of data stored is more important than the location of the company. Unlike WhatsApp, Signal collects very little user data, even though the servers of both companies are located in the USA.
Optional contact access: This is about protecting the personal data of people stored in the phone's contact list. This issue is often criticized in the case of WhatsApp: The messenger can only be used effectively in a roundabout way without access to the contacts. Most users innocently grant access, whereupon the names and telephone numbers of the contacts are transferred to the Meta Group's US servers and compared daily. The user thereby commits a data protection violation. This is because the user would have to inform all the people on their contact list about this use of their data. personal data and express a right of objection.
Contact verification: This is about whether it can be ensured that the recipient of a message is actually the person addressed. This function protects the privacy of users so that personal messages do not fall into the wrong hands.
Deletion of messages: To protect personal content of messages, it may be useful to automatically or manually delete messages after a certain period of time on your own device and on the devices of other users.
Business model: The last criterion concerns the question of how the company behind the messenger makes its money. Some business models are transparent and not critical for data protection - for example, the Threema app is financed by a one-off fee of 5 euros. WhatsApp may be "free", but it belongs to the Meta Group. And its business model is known to be online advertising, which is why WhatsApp collects significantly more data from users than other messengers.
EN 
DE_DE