Comment by maqp

I know a bit about this topic.

For metadata you first want to remove the obvious identifiers, phone numbers, names. You'd want to use something like anonymous@jabbim.pl for your IM account.

Next, you'd want to eliminate the IP-addresses from server, so you'd want to connect exclusively through Tor. So you'd set the IM client proxy settings to SOCKS5 localhost:9150 and run Tor client to force your client to connect that way. This is error-prone and stupid but let's roll with it for a second.

Now jabbim.pl won't be able to know who you are, but unless you registered your XMPP account without Tor Browser, you're SoL, they already know your IP.

A better strategy is to use a Tor Onion Service based XMPP server, say 4sci35xrhp2d45gbm3qpta7ogfedonuw2mucmc36jxemucd7fmgzj3ad.onion (not a real one), and you'd register to it via IM client. Now you can't connect to the domain without Tor, so misconfiguring can't really hurt.

So that covers name and IP. We'll assume the content was already end-to-end encypted so that leaks no data.

Next, we want to hide the social graph, and that requires getting rid of the server. After all, a server requires you to always route your messages through it and the service can see this account talks to this account, then to these ten accounts, and ten minutes later, those ten accounts talk to ten accounts. That sounds like a command structure.

So for that you want to get rid of the server entirely, which means going peer-to-peer. Stuff like Tox isn't Tor-only so you shouldn't use them.

For Tor-only p2p messaging, there's a few options

https://cwtch.im/ by Sarah Jamie Lewis (great, really usable, beautiful)

https://briarproject.org/ (almost as great, lots of interesting features like forums and blogs inside Tor)

https://onionshare.org/ by Micah Lee. Also has chats between user and hoster

https://github.com/maqp/tfc by yours truly, crude UX but the security is unparalleled.

>On a side note, I was just recommending Telegram as alternative to WhatsApp

Don't. Telegram and WhatsApp both leak meatadata, but WhatsApp is always end-to-end encrypted. Telegram is practically never end-to-end encrypted. I'd use WhatsApp over Telegram any day. But given that unlike WhatsApp, Signal is open source so you know the encryption works as advertised, it's the best everyday platform. The metadata free ones I listed above are for people in more precarious situations, but I'm sure a whistleblower is mostly safe when contacting journalists over Signal. Dissidents and activists might find Cwtch the best option however.