Lumes vs.everything else.
Honest, row-by-row. Where a competitor objectively beats us, the row says so. Where the data is contested, we link the source. Last verified against each vendor's public spec as of the date above.
- ● shipped · in production
- ◐ partial · ships in some flavour
- ○ not implemented
- pending · scoped, not shipped
Score · features shipped.
Partial credit counts as 0.5; methodology is the same for all 7 columns. Click any row in the table below to read our sourcing.
Capability | Lumes | Signal | Threema | Wire | WhatsApp | Telegram | Wickr |
|---|---|---|---|---|---|---|---|
| A · Cryptography | |||||||
E2EE on by default 1:1 + groups + calls | ● | ● | ● | ● | ● | ○secret chats only | ● |
Post-quantum dual signing ml-kem-768 + ml-dsa-65 | ● | ◐pqxdh kem only | ○ | ○ | ○ | ○ | ○ |
Double Ratchet — full 3-step dh + chain + mk | ● | ● | ○ecc, no dr | ●proteus | ●signal core | ○mtproto 2.0 | ● |
AEAD authenticated encryption | ●chacha20-poly1305 | ●aes-256-gcm | ●xsalsa20-poly1305 | ●aes-256-gcm | ●aes-256-gcm | ◐aes-256-ige (custom) | ● |
| B · Anti-forensic / device | |||||||
Anti-UFED PIN envelopes argon2id m=64MiB · t=3 | ● | ○ | ○ | ○ | ○ | ○ | ○ |
SecureString in RAM heap-zeroing on use | ● | ◐partial coverage | ○ | ○ | ○ | ○ | ◐ |
Duress PIN · silent wipe bypass usb/custody | ● | ○ | ○ | ○ | ○ | ○ | ◐self-destruct timer |
Disappearing — FS key wipe mk + spk + gsk zeroed | ● | ◐plaintext only | ◐ | ◐ | ◐plaintext only | ○ | ● |
| C · Network privacy | |||||||
Sealed sender relay sees no sender | ● | ● | ○ | ○ | ○ | ○ | ● |
No phone number required | ● | ◐username opt-in | ● | ● | ○ | ○ | ● |
Tor / SOCKS5 transport built-in | ● | ◐os routing only | ● | ○ | ○ | ○ | ○ |
| D · Trust posture | |||||||
External cryptographic audit | pending q3 2026 | ●multiple | ●iso 27001 | ● | ◐whitepaper audited | ○ | ●via aws |
No telemetry / analytics | ● | ● | ● | ● | ○meta metadata | ○ | ● |
Where they still win.
A comparison is useless if we never lose a row. Here is where each competitor honestly outperforms Lumes today, and the line we will not cross to close the gap.
Trust history. The Signal protocol has been peer-reviewed for over a decade and audited multiple times. Lumes is in pre-audit. Until our external audit closes, Signal is the safer assumption for users whose threat model does not specifically need our additional layers.
Jurisdiction. Switzerland's FADP, combined with Threema's no-data-collection posture and ISO 27001 certification, is currently the strongest defence-of-data-at-rest answer on the market for users whose adversary is a single nation-state's legal apparatus.
Federation & multi-device. Wire's federation model and proper multi-device key handling are more mature than ours. Lumes is single-device today; federation is planned for the v1.1 roadmap, not the launch build.
Ubiquity. An encrypted messenger is only as useful as the people you can reach on it. For low-stakes consumer messaging where everyone is already on WhatsApp, the network effect outweighs the metadata trade-off. Lumes is not built for that market.
Enterprise procurement. Wickr's AWS integration, FedRAMP authorisation, and government certifications give it a procurement story Lumes cannot match. If you need a check-box that says “approved by GSA”, that is Wickr's lane.
Public channels & bots. Telegram's broadcast model and bot ecosystem are unmatched. But this is a separate product category — Telegram's default chats are not end-to-end encrypted, and its protocol has been repeatedly criticised by cryptographers. The use cases barely overlap.
Read the methodology.
Every row above links to a specific clause in each vendor's published whitepaper, source-code commit, or independent audit report. If you find a row we got wrong, tell us — we update this page within 48 hours.