Instant Messengers (IMs) has become a predominant mode of communication. Given the large volume of information exchanged through these IMs, it is essential to ensure that a messaging protocol can effectively protect the confidentiality and integrity of the messages againts pervasive threats. As of 2016, 35 percent of communications sent by mobile devices are unencrypted, posing significant security risks. Additionally, analysis of various mainstream IMs has revealed both deliberate and unintentional flaws, exacerbating concerns over user privacy and potential surveillance.

In this talk, we will look into the multifaceted notion of security in IMs. We will first explore the essential security principles in the context of IMs, followed by introducing a more advanced property, the network-level anonymity. This property aims to address the inherent limitation of E2E encrypted IMs, which, despite securing the message content, often leaves metadata such as IP addresses exposed to potential adversaries, leaking valuable information of the communication parties. Finally, we will dissect two IMs that aims to achieve network-level anonymity through different cryptographic constructions:

• Session - uses onion routing
• xxMessenger - uses mixnet

We will evaluate their design and implementation to provide insights to their effectiveness and resilience to certain attacks.