Signal, WhatsApp and Telegram: What you need to know about the main differences in security and privacy


Brent Lewin / Bloomberg / Getty Images

If your choice of encrypted messaging app is a mix between Signal, Telegram and WhatsApp, don’t waste your time with anything other than Signal. It’s not about who has the cutest features, the most bells and whistles, or who is the most convenient to use – it’s purely a matter of privacy. And if privacy is what you’re looking for, then nothing beats Signal.

By now you probably already know what happened. On January 7, in a tweet heard “around the world, the tech mogul Elon Musk continued his feud with Facebook by advocating that people ditch their WhatsApp messaging and use Signal instead. Jack Dorsey, then CEO of Twitter, retweeted Musk’s call. Around the same time, Right-wing social network Talking went out after Attacks on the Capitol, while political boycotters fled Facebook and Twitter. It was the perfect storm – the number of new users on Signal and Telegram has since increased by tens of millions.

Read more: Everything about Signal

The shake also revived the control of the security and privacy of messaging apps more broadly. Among the top players who are currently dominating download numbers, there are some commonalities. All are mobile apps available in Play Store and App Store that support cross-platform messaging, have group chat features, offer multi-factor authentication and can be used to share files and multimedia. They also all provide encryption for SMS, voice and video calls.


Now playing:
Check this out:

Why Signal is booming: Elon Musk


5:06

Signal, Telegram, and WhatsApp use end-to-end encryption in parts of their app, which means if an outside party intercepts your texts, they should be scrambled and unreadable. It also means that the exact content of your messages supposedly cannot be viewed by employees of these companies when communicating with another private user. This prevents law enforcement, your mobile operator, and other spy entities from being able to read your messages even when they intercept them (which happens more often than you think).

However, the differences in privacy and security between Signal, Telegram, and WhatsApp couldn’t be more significant. Here’s what you need to know about each of them.

Getty / SOPA Images

  • Does not collect data, only your phone number
  • Free, ad-free, funded by the nonprofit Signal Foundation
  • Fully open source
  • Encryption: signal protocol

Signal is a typical one-click installer app that can be found in your regular markets like the Google Play Store and the Apple App Store and works like the regular text messaging app. It is an open source development provided free of charge by the nonprofit Signal Foundation and has been used for years by leading privacy icons like Edward Snowden.

The main function of Signal is that it can send – to an individual or a group – fully encrypted text, video, audio and picture messages, after verifying your phone number and allowing you to independently verify the identity of the users. other Signal users. For a deeper dive into the pitfalls and potential limitations of encrypted messaging apps, CNET’s Laura Hautala’s Explainer is a lifeline.

When it comes to privacy, it’s hard to beat Signal’s offer. It does not store your user data. And beyond its encryption prowess, it gives you extensive on-screen privacy options, including app-specific locks, blank notification pop-ups, blurry anti-surveillance tools, and messages that disappear.

Occasional bugs have proven that the technology is far from bulletproof, of course, but Signal’s overall reputation and results arc kept it at the top of the list of protection tools in the industry. identity of each person concerned with confidentiality. The Guardian, The Washington Post, The New York Times (which also recommends WhatsApp), and The Wall Street Journal all recommend using Signal to contact journalists safely.

For years, the main privacy challenge for Signal was not in its technology, but in its wider adoption. Sending an encrypted Signal message is great, but if your recipient isn’t using Signal, your privacy may be zero. Think of it like the collective immunity created by vaccines, but for the confidentiality of your messages.

Now that Musk and Dorsey’s approvals have sent a wave of users seeking a privacy reminder, however, that challenge may be a thing of the past.

Getty / NurPhoto

  • Data related to you: name, phone number, contacts, user ID
  • Free and upcoming advertising platform and premium features, funded primarily by the founder
  • Only partially open-source
  • Encryption: MTProto

Telegram sits somewhere in the middle of the privacy scale and stands out from other messaging apps because of its efforts to create a social network-like environment. While it doesn’t collect as much data as WhatsApp, it also doesn’t offer encrypted group calling like WhatsApp, or as much user data privacy and business transparency as Signal. Data collected by Telegram that could be linked to you includes your name, phone number, contact list and username.

Telegram also collects your IP address, which Signal does not. And unlike Signal and WhatsApp, individual Telegram messages are not encrypted by default. Rather, you need to enable them in the app settings. Telegram group messages are also not encrypted. The researchers found that while some of Telegram’s MTProto encryption schemes were open source, some parts were not, so it’s not entirely clear what happens to your texts once they’re in. Telegram servers.

Telegram has experienced several breaches. Some 42 million Telegram user IDs and phone numbers were exposed in March 2020, believed to be the work of Iranian government officials. This would be the second massive Iran-related breach, after 15 million Iranian users exposed in 2016. A Telegram bug was exploited by Chinese authorities in 2019 during the Hong Kong protests. Then there was the deep bot on Telegram that was allowed to create fake nudes of women from regular images. More recently, its GPS feature allowing you to find other people near you has created obvious privacy concerns.

I reached out to Telegram to find out if there were any major security plans in the works for the app and what their security priorities were after this latest wave of users. I will update this story when I hear back.

Angela Lang / CNET

  • Data related to you: too much data to list (see below)
  • To free; professional versions available for free, funded by Facebook
  • Not open-source, except for encryption
  • Encryption: signal protocol

Let’s be clear: there is a difference between security and privacy. Security is about protecting your data from unauthorized access, and privacy is about protecting your identity, no matter who has access to that data.

From a security perspective, WhatsApp’s encryption is the same as Signal’s, and that encryption is secure. But this encryption protocol is one of the few open source parts of WhatsApp, so we’re being asked to trust WhatsApp more than Signal. The actual application of WhatsApp and other infrastructure has also faced hacks, as has Telegram.

Jeff Bezos’ phone was hacked in January 2020 via a WhatsApp video message. In December of that year, the Texas attorney general alleged – but failed to prove – that Facebook and Google had struck a behind-the-scenes deal to reveal the contents of WhatsApp messages. A spyware vendor targeted a WhatsApp vulnerability with its software to hack 1,400 devices, resulting in legal action against Facebook. WhatsApp’s cloud-based unencrypted backup feature has long been viewed as a security risk by privacy experts and was one of the ways the FBI obtained evidence on notorious political fixer Paul. Manafort. To top it off, WhatsApp has also become a haven for crooks and malware vendors over the years (just as Telegram has attracted its own share of platform abuse, detailed above).

Despite the hacks, it’s not the security aspect that concerns me as much on WhatsApp as it is about privacy. I can’t wait for Facebook to have another software installed on my phone from which it can retrieve even more behavioral data through an easy-to-use app with a nice interface and more security than your usual messaging.

When WhatsApp says that it cannot display the content of encrypted messages that you send to another WhatsApp user, what is not said is that there is an exhaustive list of other data that it collects. that could be linked to your identity: your unique device Identifier, usage and advertising data, purchase history and financial information, physical location, phone number, your contact details and those of your contact list, what products you have interacted with , how often you use the app and how it works when you do. The list goes on. It’s much more than Signal or Telegram.

When I asked the company why users should settle for less data privacy, a spokesperson for WhatsApp pointed out that this limits what it does with that user data and that data collection is not going to happen. ‘applied only to some users. For example, the collection of financial transaction data would only concern WhatsApp users in Brazil, where the service is available.

“We don’t share your contacts with Facebook and we can’t see your shared location,” the WhatsApp spokesperson told CNET.

“While most people only use WhatsApp to chat with friends and family, we have also started offering people the option of chatting with businesses for help or making a purchase, with health officials to get information on COVID, with support for domestic violence agencies and with fact-checkers to provide people with the ability to get accurate information, ”the spokesperson said. “As we have expanded our services, we continue to protect people’s messages and limit the information we collect. ”

Is WhatsApp more convenient than Signal and Telegram? Yes. Is it prettier? Sure. Is it just as secure? We won’t know unless we see more of its source code. But is it more private? Not when it comes to the amount of data it collects comparatively. For true privacy, I stick with Signal and recommend you do the same.