Groups & communities

Run a private community without exposing its members

How to host a group, club, or support network on tools that encrypt the conversation and do not put every member's identity on display.

Published

Whether you run a neighbourhood group, a support network, a club, or an organising space, the platform you pick decides how much of your members’ lives is exposed. This guide is about choosing tools that encrypt the actual conversation and setting them up so people can take part without broadcasting who they are.

First, decide what “private” needs to mean for your group

Two very different things get called “private”, and mixing them up leads to bad choices.

  • Private content means the messages themselves are readable only by members, not by the company running the service. This is end-to-end encryption (E2EE): messages are scrambled on each person’s device and unscrambled only on the devices of the people in the group.
  • Private membership means the list of who belongs, and the fact that they belong, is not on public display or sitting in a company’s records.

A healthy private community usually wants both. The good news is that a few well-known tools give you both without much effort. The trap is that some of the most popular “group” platforms give you neither, even though they feel casual and friendly.

Tools that encrypt the conversation

Signal groups

For most communities, Signal is the simplest strong choice. Group chats on Signal are end-to-end encrypted, and Signal deliberately keeps almost nothing about them: as Signal describes it, the service has no record of your group memberships, group titles, group avatars, or group attributes. There is very little to hand over or leak because very little is stored.

Two features make Signal comfortable for a real community:

  • Group links let people join by tapping a link or scanning a QR code, so you do not have to add everyone by hand.
  • Admin approval can be switched on so that anyone arriving through the link waits in a pending list until an admin lets them in. Pending requests appear under the group name, in Requests and Invites.

Signal also supports usernames, so members can be added and can chat in the group without revealing their phone number to strangers. We cover that setup in detail in the messaging guide linked at the end.

Matrix and Element rooms

Matrix is an open protocol for chat, and Element is the most common app for it. A Matrix room can be marked end-to-end encrypted, after which the server that carries the messages cannot read them. Matrix suits communities that want more structure than Signal: many rooms, spaces that group rooms together, and the option to run or choose your own server rather than depend on a single company.

One practical note as of July 2026: the Matrix ecosystem is tightening its security so that, from April 2026, Element requires devices to be verified to send and receive encrypted messages. In plain terms, each member confirms their own devices are genuinely theirs. It is a good change for safety, but budget a little time to walk newcomers through verifying their device when they join.

Olvid

Olvid is worth knowing about for groups with a lower tolerance for exposure. It needs no phone number, email, or name to work, and it is unusual in that it encrypts not just message content but also the metadata around it, so the service does not learn who is talking to whom. Olvid has been certified by France’s national cybersecurity agency, ANSSI. The trade-off is a smaller user base, so it works best when a whole group agrees to adopt it together rather than as a default for casual contacts.

Tools that expose your members (and why)

These platforms are popular and can be fine for public, non-sensitive chatter. The point is not that they are evil, it is that they are the wrong tool if you want the conversation kept private.

  • Discord. Text messages in Discord are not end-to-end encrypted, so the platform can read them, and it collects extensive data about how, when, and with whom you use it. Discord did roll out end-to-end encryption for voice and video calls by default in 2026 (a system it calls DAVE), which is a genuine improvement, but it does not cover your written channels. A public Discord server also tends to display every member in a visible list.
  • Telegram. Ordinary Telegram chats and all group chats are not end-to-end encrypted; they sit on Telegram’s servers where the company can read them. Telegram’s only E2EE option, Secret Chats, works between two people and not in groups. Telegram also retains metadata such as IP addresses and phone numbers.
  • Facebook Groups. These are not end-to-end encrypted, are tied to real Facebook identities, and are built to surface members and their activity to Meta and, depending on settings, to each other and the wider platform.

If you are on one of these today, you do not have to panic or leave overnight. Just be honest with your members about what the platform can see, and move anything sensitive to an encrypted tool.

Setting membership rules that protect people

Encryption protects the content. Your rules protect who gets in and how much they can see.

  1. Turn on admin approval for any join link, so membership is a decision rather than an open door.
  2. Keep the admin group small and trusted. Admins can usually see the member list, change settings, and remove people, so give that power to as few people as you actually need.
  3. Let members use usernames, not phone numbers. On Signal, encourage members to set a username so nobody has to share a personal number to take part.
  4. Set a joining norm, not a joining interrogation. Decide the minimum you need to admit someone (for example, a vouch from an existing member) and do not collect more than that. The next guide on moderation covers keeping records light.
  5. Turn on disappearing messages as a group default so the shared history does not pile up on every member’s device forever.
  6. Say the quiet part out loud. Tell members what the platform can and cannot see, so they can judge what to post. A one-line pinned message does the job.

A sensible default setup

If you just want a solid starting point: create a Signal group, enable a group link with admin approval, set a disappearing-messages timer, keep two or three trusted admins, and pin a short note telling members they can use a username instead of their phone number. That covers the great majority of community needs with strong encryption and minimal exposure.

Quick checklist

  • Choose a tool that encrypts group content: Signal, Matrix/Element, or Olvid.
  • Avoid Discord text, Telegram groups, and Facebook Groups for anything sensitive; they are not end-to-end encrypted.
  • Turn on admin approval for any join link.
  • Keep the admin list small and trusted.
  • Encourage members to use usernames instead of phone numbers.
  • Set a disappearing-messages default and pin a note on what the platform can see.

For the underlying messaging setup that these communities sit on top of, see Set up truly private messaging and the Messages hub.

Sources

  1. support.signal.org https://support.signal.org/hc/en-us/articles/360007319331-Group-chats
  2. support.signal.org https://support.signal.org/hc/en-us/articles/360051086971-Group-Link-or-QR-code
  3. element.io https://element.io/en/features/end-to-end-encryption
  4. olvid.io https://olvid.io/technology/en/
  5. discord.com https://discord.com/blog/meet-dave-e2ee-for-audio-video
  6. ssd.eff.org https://ssd.eff.org/module/creating-and-managing-signal-groups

Last reviewed: