Comparison table — Instant messaging & WebRTC calls
| Criterion | Signal | Threema | Matrix | Telegram | CryptPeer® |
|---|---|---|---|---|---|
| E2E encryption | ✅ | ✅ | ✅ | ⚠️ (optional) | ✅ |
| Self-hosting / sovereignty | ❌ | ❌ | ⚠️ | ❌ | ✅ |
| “Real” self-hosting / vendor & third-party dependency | ⚠️ Vendor servers (US cloud), no supported self-hosting | ⚠️ Vendor servers in Switzerland, no fully sovereign dome | ⚠️ Self-hostable nodes but strong dependencies and complexity | ❌ No official self-hosting (proprietary cloud) | ✅ 100% self-hosted server, zero cloud, zero telemetry, no callbacks to the vendor |
| 60+ browser interoperability | ❌ | ❌ | ⚠️ | ❌ | ✅ |
| P2P architecture (no single point of failure) | ❌ | ❌ | ❌ | ❌ | ✅ |
| Stealth mode (network undetectability) | ❌ | ❌ | ❌ | ❌ | ✅ |
| Multiple autonomous sovereign bubbles | ❌ | ❌ | ⚠️ | ❌ | ✅ |
| EviEngine (licence without server/DB) | ❌ | ❌ | ❌ | ❌ | ✅ |
| Integrated HSM (PassCypher/EviKey) | ❌ | ❌ | ❌ | ❌ | ✅ |
| Sovereign 2FA TOTP (PassCypher HSM) | ❌ | ❌ | ❌ | ❌ | ✅ |
| Admin without cleartext access / super admin for deletion | ❌ | ❌ | ❌ | ❌ | ✅ |
| Large file transfer + signature/integrity | ⚠️ (limited) | ⚠️ | ⚠️ | ⚠️ | ✅ |
| Local-only / closed-network mode | ❌ | ❌ | ⚠️ | ❌ | ✅ |
| Same deployment on isolated LAN / VPN / Internet (no separate “closed” vs “cloud” edition) | ❌ | ❌ | ⚠️ | ❌ | ✅ Topology neutrality |
| Server-hopping / extreme resilience | ❌ | ❌ | ❌ | ❌ | ✅ |
| Zero installation (web only) | ❌ | ❌ | ⚠️ | ❌ | ✅ |
| Integrated collaborative office suite (LibreOffice) | ❌ | ❌ | ❌ | ❌ | ✅ |
| Embedded local AI (LLME, no cloud) — hardware adaptable (legacy → advanced) | ❌ | ❌ | ❌ | ❌ | ✅ |
| Secure webinars — external participants without accounts | ❌ | ❌ | ⚠️ | ⚠️ | ✅ |
| Private hub mode — segmented contacts (unilateral visibility) | ❌ | ❌ | ❌ | ❌ | ✅ |
| Translator tool 50+ languages (voice, file OCR, self-hosted, offline) | ❌ | ❌ | ❌ | ❌ | ✅ |
| OpenPGP compatibility (ASC) | ⚠️ external | ⚠️ external | ⚠️ variable | ❌ | ✅ native (key pair generation, protected private key, automatic management of contacts’ public keys) |
Collaboration & videoconferencing — CryptPeer® vs Zoom / Teams / Webex / Google Meet
Cloud collaboration tools such as Zoom, Microsoft Teams, Cisco Webex and Google Meet offer meetings, video calls, guest links, passwords and waiting rooms. CryptPeer® covers the same use cases within a sovereign self-hosted infrastructure, with segmented PKI, HSM/TPM anchoring, cryptographic quorum and anti-replay controls.
| Criterion | SaaS solutions (Zoom / Teams / Webex / Meet) | CryptPeer® |
|---|---|---|
| Audio / video calls | ✅ | ✅ |
| Guest link access | ✅ | ✅ |
| External participants without accounts | ⚠️ guest link; security depends on the provider | ⚠️ guest link secured by segmented PKI + A/B/C quorum + HSM/TPM anchoring |
| Cryptographic proof of access | ❌ | ✅ segmented PKI signature + HSM/TPM verification |
| Anti-replay / unauthorised sharing | ❌ | ✅ nonce + time window + machine binding |
| Self-hosting | ❌ SaaS | ✅ operator |
| Infrastructure control (full on-prem) | ❌ | ✅ total |
| Vendor cloud dependency | ✅ strong | ❌ none by default |
| Integration messaging + MFT + email + office | ⚠️ via cloud ecosystem | ✅ unified self-hosted suite |
| AI integrated with collaboration | ⚠️ cloud (Copilot / Gemini) | ✅ local self-hosted |
Reading note: CryptPeer® also uses guest links, but turns them into verifiable cryptographic evidence via segmented PKI infrastructure, HSM/TPM or segmented software anchoring, and anti-replay controls. This model aligns with HSM/PKI evolution, A/B/C quorum, machine binding and TPM/fallback modes documented in the CryptPeer-EviSKMS history.
Comparison — sovereign AI vs cloud AI
| Criterion | Cloud AI | CryptPeer® |
|---|---|---|
| Execution | Cloud | Local |
| Confidentiality | ⚠️ | ✅ |
| Data exfiltration risk | Risk | ❌ |
| Vendor dependency | ✅ | ❌ |
Cybersecurity, office suite, backup and updates — integrated capabilities
CryptPeer® is evolving toward a defence-grade platform combining communication, collaboration, active security and operational resilience, without separate paid modules.
| Capability | CryptPeer® |
|---|---|
| Real-time cyber defence | Detection, traceability and issuance of signed forensic certificates for critical events. |
| Collaborative office suite | Collaborative editing for text documents, spreadsheets, presentations and PDF, with dedicated suite chat. |
| Embedded local AI | Assistant connected to messaging, notes, documents and collaboration, with no external cloud AI dependency by default. |
| Encrypted 3-2-1 backup | Incremental, immutable backups of encrypted data and databases; frequency and external media defined by the super administrator. |
| Recovery after failure | Full data recovery while preserving encrypted state, including after host hardware failure. |
| Secure differential updates | In local, LAN or VPN mode, temporary Internet connection only to download changed files, then return to an isolated environment. |
| All-inclusive fixed subscription | Technical evolution and new services integrated into CryptPeer® are included in the subscription, with no surprise per-module pricing. |
Secure file exchange (communication-oriented internal MFT) — CryptPeer® vs dedicated MFT solutions
Managed File Transfer (MFT) solutions such as MOVEit, GoAnywhere or OpenTrust are primarily designed for inter-system flow orchestration (SFTP, ERP, batch). CryptPeer® targets a different scope: secure exchanges between users, natively integrated into communication.
CryptPeer® natively integrates large file transfer with timestamping, signature, integrity and authenticity verification in a unified sovereign platform,
without an additional MFT module.
Positioning: CryptPeer® implements communication-oriented MFT (user ↔ user), not inter-system orchestration MFT.
Learn more about secure transfer
| Criterion | Dedicated MFT solutions | CryptPeer® |
|---|---|---|
| Secure file exchange (internal MFT) | ✅ Dedicated MFT platform | ✅ Integrated |
| Timestamping | ✅ | ✅ |
| Integrity / authenticity | ✅ | ✅ |
| Encrypted / decrypted choice | ❌ | ✅ Exclusive |
| System type | Dedicated MFT (separate tool) | ✅ Native internal MFT integrated with chat (secure user exchanges, no inter-IS orchestration) |
| Inter-system orchestration (ERP, SFTP, batch) | ✅ | ❌ |
| Usage model | Secure file exchange (MFT) | ✅ Internal exchanges between CryptPeer® accounts, integrated with chat |
| Granular transfer policy (admin) | ⚠️ limited / module-dependent | ✅ Max size, file types, per-user/group rules, forced encryption |
| Backup & transfer traceability | ⚠️ logs / partial audit | ✅ Differential encrypted, immutable, timestamped backup (evidence) |
| Deployment | On-prem / SaaS / hybrid | 100% self-hosted |
| Integration messaging + calls + email | ❌ | ✅ Unified suite |
| Cost | Dedicated licence + integration + maintenance | Included in subscription |
Secure exchange (internal MFT): exchanges between users with a CryptPeer® account. Closed system, controlled by the organisation.
The super administrator defines: maximum size, allowed file types, per-user/group rules, and may allow proprietary formats.
Exchanges are integrated directly in chat, without a separate user workflow.
External sharing (secure link): one-off delivery to recipients without an account. This mode is open sharing, without internal governance logic (see dedicated section).
Economic impact
Dedicated MFT solutions are often priced as an enterprise platform on quotation, plus integration, maintenance, operations and monitoring.
- €10,000 to €50,000+ per year possible depending on enterprise scope
- additional integration and maintenance costs
- separate architecture to administer
With CryptPeer®, secure transfer is included in the all-inclusive fixed subscription: no separate MFT licence, no add-on module, no external dependency.
Quick read: CryptPeer® does not replace inter-system orchestration MFT; it integrates secure transfer inside a complete sovereign bubble of communication, collaboration and governance.
Public sources: MOVEit, GoAnywhere, OpenTrust (enterprise quote-based pricing)
Focused comparison — External file sharing (secure link)
For ad-hoc external sharing, representative services are usually WeTransfer, SwissTransfer, TransferNow and Smash. CryptPeer® addresses the same need with sovereign hosting and full lifecycle governance.
| Criterion | WeTransfer / SwissTransfer / TransferNow / Smash | CryptPeer® |
|---|---|---|
| Delivery to third parties without account | ✅ | ✅ |
| Random generated password | ⚠️ depends on offer and configuration | ✅ |
| Configurable retention + automatic destruction | ⚠️ often bounded by service rules | ✅ operator-controlled |
| Blind server / metadata compartmentalisation | ⚠️ variable, SaaS-model dependent | ✅ |
| Native integration with messaging + calls + governance | ❌ (specialised transfer service) | ✅ unified suite |
| Hosting sovereignty | ⚠️ mostly SaaS model | ✅ self-hosted |
Competitive reading: specialised transfer platforms remain efficient for one-off use; CryptPeer® covers the same need without breaking architecture inside a full sovereign communication stack.
Competitor summary — Instant messaging
For a platform-oriented read, see also sovereign communication and collaboration infrastructure.
Signal
Strong E2E encryption (Signal Protocol), open source, free. Limitations: cloud servers (AWS), metadata collection, phone number required, no self-hosting, no stealth mode, no HSM. Exposure to CLOUD Act (USA).
Threema
Swiss messaging, E2E, no phone number. Limitations: mobile-first; centralised servers in Switzerland (on-prem possible for 500+ users); no stealth mode; no 60+ browser interoperability.
Olvid
French messaging, E2E, ANSSI-certified (CSPN), cryptographic sovereignty (server cannot decrypt). Limitations: hosted on AWS (no self-hosting), mobile/desktop app model, no 60+ browser access without app, no integrated MFT or local-only deployment on a closed perimeter. Sovereignty is cryptographic, not full infrastructure.
Matrix
Federated protocol, decentralised, open source. Limitations: complex deployment, no stealth mode, no HSM, variable interoperability by client, no integrated signed large file transfer.
Telegram
Popular messaging, cloud-based. Limitations: E2E optional only (secret chats), centralised servers, metadata not E2E-encrypted, no sovereignty, no self-hosting.
Verdict
CryptPeer® is not a standalone alternative to a messenger, MFT, office suite or videoconferencing tool: it is a unified sovereign platform that brings together encrypted communication, collaboration, segmented PKI, real-time cybersecurity, signed forensic certificates, immutable 3-2-1 backup, local AI and secure differential updates.
If your priority is infrastructure control, no cloud dependency, cryptographic evidence, resilience after incident and an all-inclusive fixed subscription, CryptPeer® changes the comparison scope: it does not replace a single tool—it consolidates a full stack.