Brent Lewin / Bloomberg / Getty Images
If your choice of encrypted messaging application is a dispute between Signal, Telegram and WhatsApp, don’t waste your time with anything but Signal. It’s not about which one has more beautiful features, more bells and whistles or is more convenient to use – it’s about pure privacy. If that’s what you want, nothing beats Signal.
You probably already know what happened. On January 7, in a tweet heard ‘around the world, tech mogul Elon Musk continued his rivalry with Facebook, advocating that people abandon their WhatsApp messenger and use Signal. Twitter CEO Jack Dorsey retweeted his call. At about the same time, Right social network parler darkened following the Capitol Attacks, while political boycotts fled Facebook and Twitter. It was the perfect storm – the number of new users on Signal and Telegram increased tens of millions Since.
Read More: Everything you need to know about Signal
The shake-up also rekindled the scrutiny of security and privacy in messaging apps more broadly. Among the three download numbers that currently dominate, there are some points in common. All three are mobile apps available on the Play Store and App Store, which support cross-platform messaging, have group chat features, offer multifactor authentication, and can be used to share files and photos. They all provide encryption for text messages, voice and video calls.
See this:
Why the signal is increasing: Elon Musk
5:06
Signal, Telegram and WhatsApp use end-to-end encryption in some part of their application, which means that if an outside party intercepts your texts, they must be encrypted and unreadable. It also means that the exact content of your messages is not supposed to be visible to people working for any of these applications when you are communicating with another private user. This prevents the police, your cell phone operator and other spy agencies from being able to read the content of your messages, even when they intercept them (which happens more often than you think)
The privacy and security differences between Signal, Telegram and WhatsApp could not be greater. Here’s what you need to know about each one.
Getty Images / SOPA
- Does not collect data, just your phone number
- Free, no ads, funded by the nonprofit Signal Foundation
- Fully open-source
- Cryptography: Signal Protocol
Signal is a typical one-touch installation app that can be found in your regular markets, like Google’s Play Store and Apple’s App Store, and it works just like the normal texting app. It is an open source development provided free by the nonprofit Signal Foundation, and has been used for many years by high-profile privacy icons like Edward Snowden.
The main function of Signal is that it can send – to an individual or a group – fully encrypted text, video, audio and image messages, after verifying your phone number and allowing you to independently verify the identity of other users of the Signal. For a deeper dive into the pitfalls and potential limitations of encrypted messaging applications, CNET’s Laura Hautala explainer is a lifesaver.
When it comes to privacy, it’s hard to beat Signal’s offer. It does not store your user data. And in addition to its encryption capabilities, it offers extended on-screen privacy options, including application-specific locks, blank notification pop-ups, anti-surveillance tools to blur the face and messages that disappear.
Occasional bugs have proven that the technology is far from bulletproof, of course, but the overall arc of Signal’s reputation and results has kept it at the top of the list of identity protection tools for every person with privacy experience. The Guardian, The Washington Post, The New York Times (which also recommends WhatsApp) and The Wall Street Journal recommend using Signal to contact your reporters safely.
For years, Signal’s main privacy challenge was not in its technology, but in its wider adoption. Sending an encrypted Signal message is great, but if the recipient is not using Signal, your privacy may be null. Think of it as the collective immunity created by vaccines, but for your messaging privacy.
Now that Musk and Dorsey’s endorsement has sent a wave of users to get a chance to increase privacy, however, that challenge may be a thing of the past.
Getty / NurPhoto
- Data linked to you: name, phone number, contacts, user ID
- Free and future ad platform and premium features, funded primarily by the founder
- Only partially open source
- Cryptography: MTProto
Telegram falls somewhere in the middle of the privacy scale and stands out from other messaging apps because of its efforts to create a social networking environment. Although it doesn’t collect as much data as WhatsApp, it also doesn’t offer encrypted group calls like WhatsApp, nor as much privacy of user data and company transparency as Signal. The data collected by Telegram that can be linked to you includes your name, phone number, contact list and user ID.
Telegram also collects your IP address, which Signal does not do. And unlike Signal and WhatsApp, Telegram’s one-to-one messages are not encrypted by default. Instead, you must enable them in the application’s settings. Telegram group messages are also not encrypted. The researchers found that while part of Telegram’s MTProto encryption scheme was open source, some parts were not, so it is not completely clear what happens to their texts once they are on Telegram’s servers.
Telegram saw several violations. About 42 million Telegram user IDs and phone numbers were exposed in March 2020, probably the work of Iranian government officials. It would be the second massive violation linked to Iran, after 15 million Iranian users were exposed in 2016. A Telegram bug was exploited by Chinese authorities in 2019 during the Hong Kong protests. Then there was the deep-fake robot on Telegram that was allowed to create forged nudes from women from normal photos. More recently, its GPS-enabled feature, allowing you to find others near you, has created obvious privacy issues.
I contacted Telegram to find out if there were any important security plans in place for the application and what their security priorities were after this latest increase in users. I will update this story when I have an answer.
Angela Lang / CNET
- Data linked to you: too much to list (see below)
- Free; commercial versions available for free, funded by Facebook
- It is not open source, except for encryption
- Cryptography: Signal Protocol
Let’s be clear: there is a difference between security and privacy. Security means protecting your data from unauthorized access, and privacy means protecting your identity, regardless of who has access to that data.
As for security, WhatsApp encryption is the same as Signal, and this encryption is secure. But this encryption protocol is one of the few open source parts of WhatsApp, so we are being asked to trust WhatsApp more than Signal. The real WhatsApp application and other infrastructures also faced hacks, as did Telegram.
Jeff Bezos’s phone was hacked in January 2020 via a WhatsApp video message. In December of the same year, the Texas attorney general claimed – although he has not proved – that Facebook and Google struck a deal to reveal the content of the WhatsApp message. A spyware vendor targeted a vulnerability in WhatsApp with its software to hack 1,400 devices, resulting in a Facebook lawsuit. WhatsApp’s unencrypted cloud-based backup feature has long been considered a security risk by privacy experts and was one of the ways in which the FBI obtained evidence about the famous political fixer Paul Manafort. To top it off, WhatsApp has also become known as a haven for scammers and malware vendors over the years (just as Telegram has attracted its own share of platform abuse, detailed above).
Despite hacks, it is not the security aspect that concerns me more on WhatsApp than privacy. I’m not looking forward to Facebook having more software installed on my phone from which I can collect even more behavioral data through an easy-to-use app with a beautiful interface and more security than your normal messenger.
When WhatsApp says it cannot see the content of the encrypted messages you send to another WhatsApp user, what it doesn’t mean is that there is a list of other data it collects that may be linked to your identity: Your unique device ID , usage and advertising data, purchase history and financial information, physical location, phone number, your contact and contact list information, which products you interacted with, how often you use the app and how it works when You does. The list goes on. This is much more than Signal or Telegram.
When I asked the company why users should be content with less data privacy, a WhatsApp spokesman pointed out that this limits what it does with that user data and that data collection only applies to a few users. For example, collecting financial transaction data would only be relevant for WhatsApp users in Brazil, where the service is available.
“We do not share your contacts with Facebook and we cannot see your shared location,” the WhatsApp spokesman told CNET.
“While most people use WhatsApp just to chat with friends and family, we’ve also started offering the possibility for people to talk to companies for help or make a purchase, with health officials to get information about COVID, with support for domestic violence agencies and fact verifiers to provide people with the ability to obtain accurate information, “said the spokesman. “As we expand our services, we continue to protect people’s messages and limit the information we collect.”
Is WhatsApp more convenient than Signal and Telegram? Yes. Is it more beautiful? Right. Is it so safe? We won’t know unless we see more of your source code. But is it more private? Not when it comes to how much data he collects comparatively. For real privacy, I stay with Signal and recommend that you do the same.