Telegram, WhatsApp and Signal: which is the best for security and privacy?
Spoiler Alert: it’s Signal!
I try to summarize them both.
Facebook, owner of WhatsApp, can not read the content of messages and other communications that pass from the app (due of e2e encryption), but it records information associated with successfully delivered messages and the mobile phone numbers involved in the messages, and could pass them to the governments and to investigators.
In short, if you have ever exchanged messages with someone who gets into trouble with the law, you can not pretend not to know him relying on the privacy of WhatsApp communications: a copy of messages is stored on devices of senders and recipients, and in some case (if the user activates it) stored on Google or iCloud.
This app is often cited as safe, but by default, messages are stored unencrypted on Telegram servers.
In the private mode you can activate the encryption, but is considered definitely weak:
“Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger.
In short, for better protection, use anything else.”
And the winner is…Signal!
It’s open source and available for iOS and Android, free of commercial partnerships or advertising (it is supported by user donations).
It provides full encryption (end-to-end), does not collect metadata (only the datetime of the last connection to the server).
The address book is read locally by the app, but is encrypted before sending it to the Signal server and the data are not collectible.
The conversations data are not stored on the cloud.
A problem? Very few users!