Signal vs ProtonMail vs Wire. Which one for sources in 2026?

Most guides to secure communication treat this as a ranking exercise. Best, second best, avoid. The reality is more precise. Each of these tools protects against a specific set of threats and fails against others. The question is which threats you are actually facing.

What Signal protects

Signal encrypts message content end-to-end. The Signal servers do not read your messages, do not store your message history, and cannot hand over readable content under legal process because they do not have it. Multiple law enforcement requests to Signal have produced almost nothing. The company publishes its responses, and the pattern is consistent.

Sealed Sender obscures the sender’s identity from Signal’s own infrastructure. Disappearing messages mean the history does not accumulate. A seized device running Signal with disappearing messages enabled contains significantly less recoverable communication history than any other messaging app.

What Signal does not protect: the phone number associated with the account. Signal now supports usernames as an alternative to sharing phone numbers directly. Worth setting up for any high-risk source relationship. (See: how to communicate with confidential sources safely.)

What ProtonMail protects

ProtonMail with end-to-end encryption between two Proton addresses protects message content. The provider cannot hand over readable content because the encryption happens on the user’s device. This has been tested under real legal conditions in Switzerland: Proton has received requests and provided what it legally could, which was account metadata, not message content.

What ProtonMail does not protect: the metadata of the correspondence itself. Who sent to whom, when, how often, from what IP address. These records exist at the provider level and are accessible under legal process even when content is encrypted.

ProtonMail’s practical advantage over Signal: it is email. A source who does not know how to install Signal does know how to send an email. For the first communication in a source relationship, a Proton Mail address published on a journalist’s contact page is a realistic starting point.

What Wire does

Wire offers end-to-end encrypted messaging, voice, and video, with the option to create an account using only an email address rather than a phone number. The concern that has reduced Wire’s use in serious professional environments is ownership. Wire was acquired by a US-based private equity group in 2019, then changed hands again. For source communications in genuinely hostile environments, most serious digital security trainers have moved to Signal as the default.

The decision framework

Initial contact from an unknown source: Proton Mail, from a dedicated address never linked to your public identity. The contact is logged as metadata, but the content is protected.

Ongoing communication with an established source at moderate risk: Signal, with disappearing messages enabled and a username configured to avoid sharing your phone number. This is the standard recommendation from every serious digital security organisation working with journalists.

Communication with a source at high risk, where even the existence of contact is sensitive: Signal with additional operational measures. A device used only for this source. A number not linked to your identity. Disappearing messages. (See: how one journalist was arrested because of an email.)

Frequently asked questions

Is Signal safe for journalists?

Signal is the most operationally robust messaging tool available for source communications. It protects content, limits metadata, and has a documented track record of providing almost nothing in response to legal requests. It is not a substitute for decisions about devices, identities, and operational practices.

Is ProtonMail end-to-end encrypted?

Yes, between two Proton addresses. Content is encrypted before leaving the sender’s device and can only be decrypted by the recipient. The metadata of who communicated with whom and when is not protected by content encryption.

Why is Wire not recommended for source communications?

Wire is audited and functional. The concern is ownership stability and jurisdictional clarity. For the threat profiles Predaxia covers, those questions matter more than they do for general professional use, and Signal provides stronger practical protection with a clearer track record.

There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.