Telegram, WhatsApp and Signal: who is the best for security and privacy?

Spoiler Alert: it’s Signal!

The Intercept and Gizmodo have published a comparison of the major messaging apps , focusing in particular on issues of privacy and security.

I try to summarize them both.


WhatsApp

Facebook, owner of WhatsApp, can not read the content of messages and other communications that pass from the app (due of e2e encryption), but it records information associated with successfully delivered messages and the mobile phone numbers involved in the messages, and could pass them to the governments and to investigators.

In short, if you have ever exchanged messages with someone who gets into trouble with the law, you can not pretend not to know him relying on the privacy of WhatsApp communications: a copy of messages is stored on devices of senders and recipients, and in some case (if the user activates it) stored on Google or iCloud.

https://www.whatsapp.com


Telegram

This app is often cited as safe, but by default, messages are stored unencrypted on Telegram servers.
In the private mode you can activate the encryption, but is considered definitely weak:

Cryptography expert casts doubt on encryption in ISIS’ favorite messaging app

“Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger.
In short, for better protection, use anything else.”

https://telegram.org/


And the winner is…Signal!

It’s open source and available for iOS and Android, free of commercial partnerships or advertising (it is supported by user donations).

It provides full encryption (end-to-end), does not collect metadata (only the datetime of the last connection to the server).

The address book is read locally by the app, but is encrypted before sending it to the Signal server and the data are not collectible.
The conversations data are not stored on the cloud.

A problem? Very few users!

https://whispersystems.org/


Related posts

1 Comment

  1. My friend you should recant this article. Currently looking for a replacement messenger and I see a lot of statements being made by ppl on Telegram. Which on the surface is blatantly untrue.

    If the content was stored unencrypted on their servers the Russian authorities would not be complaining and would have given up their efforts to force Telegram to give up it’s keys; needed to decrypt the content.

    The communication between client/server is obviously E2E encrypted otherwise officials would be snooping.

    Why believe security experts who make comments that through the years have remained untrue? The spec is clearly defined, you can build your own Telegram client. After all these years thieves/crooks/drug runners/terrorists are still using Telegram so you tell me who is right? Security “experts”? Or the fact that to this day governments still consider Telegram a hindrance to their efforts at monitoring comms within it?

    As for Signal meta data versus Telegram what does it matter? It’s “technically” the same, Telegram may have a little more but the end result is the same. In a court you cannot deny that you did not know the person at the other end on both platforms.

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.