Have you ever been creeped out by an ad appearing in your social media feed for a product that you recently mentioned in a chat?
For example, you have talked to someone on Facebook Messenger about wireless headphones. Did not google, didn’t say it out loud. Just chatted with someone through Messenger. Then an ad for the headphones appeared on Instagram later.
Could it be just your brain searching for patterns in everything, connecting it to a past conversation? Or are they just micro-targeted ads? After all, it’s 2020 and Big Tech is looking for all kinds of creative ways to use all of your data.
Thus, we can all agree that our conversations are not as private as we think they are. If this is true, what is preventing your organization’s confidential information from being leaked through these conversations? The things we say and send to others can be of great value to us as a business, as an organization or as a private citizen.
End to end encrypted messaging
End-to-end encryption protects data from tampering, surveillance, and cybercriminals while it is being transmitted and stored. To enhance protection, encrypted messaging applications even store encryption keys locally. Therefore, the messages cannot be read by anyone else except the people participating in the communication. Not even internet service providers, application publishers, the government, or anyone else!
The best messaging app to use
In this article, I will discuss three apps: WhatsApp (including Business), Telegram, and Signal. I’ll discuss their features, user experience, technology, encryption and privacy, along with a simple introduction.
All three offer encryption, audio and video calling, and also allow you to share files and photos. They all support cross-platform messaging (iOS, macOS, Android, Windows, and Linux), allow group chat, and provide multi-factor authentication.
Keep in mind that unlike the content in your SMS (simple messaging services), all of these apps are safe, cannot be seen by mobile phone companies and government officials, and are not susceptible to hackers.
WhatsApp was founded by 2 former employees of Yahoo! Including Brian Acton, Founder of Signal. The app was acquired by Facebook in February 2014, for approximately $19.3 billion.
WhatsApp has recently updated its terms and policies. All users have until February 8 to agree to these new terms, and WhatsApp has shown that users might not be able to access their WhatsApp accounts if they don’t agree to the new terms and agreements.
Since WhatsApp is a Facebook-owned business, all concerns here relate to Facebook’s poor reputation for user privacy. Facebook has been known notoriously in the past for many data privacy scandals related to obtaining the personal data of millions of Facebook users without their consent.
WhatsApp uses the E2E protocol developed by Open Whisper Systems, which is the name behind the Signal messenger app. WhatsApp closely protects its code, so their is no scrutiny possible from outside.
Privacy and encryption
All messages (not metadata) on WhatsApp are end-to-end encrypted. This means that neither WhatsApp nor any third party can access or read the user’s messages.
The messages are stored on the user’s device and not on the WhatsApp servers. Once the messages are delivered, they are deleted from their servers. Upon message delivery, WhatsApp servers store undelivered messages in encrypted form for up to 30 days, and if the message remains undelivered after 30 days, WhatsApp claims to delete it.
Although WhatsApp is based on the Open Source Signal protocol, experts say there are significant differences between them.
However, WhatsApp does not encrypt the metadata used to transfer the connection between two endpoints.
The metadata includes the address book and other metadata like IP addresses and contact details, and since it is part of the Facebook family, data is shared between the app and the parent company. This makes experts seriously question their security practices, especially since data is linked to Facebook profiles to improve Facebook ads and product experiences.
This is one of the main criticisms on WhatsApp’s security model. While metadata doesn’t let anyone read your messages, it allows authorities to know when and who you’ve written, and for how long.
That being said, WhatsApp has also suffered from major privacy nightmares, especially the recent issue with group chats getting indexed on Google search. This issue has been fixed, yet is not a good look for WhatsApp’s security.
WhatsApp offers almost all the features you might need. It supports group chats with up to 256 members. You can also broadcast messages to multiple contacts at the same time.
Moreover, WhatsApp also provides a status feature (also known as WhatsApp stories) similar to Instagram stories.
For photos, videos, and audio files, the limit is 16MB. However, document size can be up to 100MB.
Telegram was launched in 2013 by 2 brothers: Nikolai and Pavel Dorov. Previously, the two has founded the Russian social network: VK. Nikolai Durov created the MTProto protocol which is the basis of Telegram. The company and app started in Russia in 2013, but its team had to leave Russia due to local IT regulations and tried several locations as a base including Berlin, London, and Singapore, while the team is currently based in Dubai.
The fact that Telegram regularly changes headquarters (Berlin, London, Dubai) makes me a little nervous, as it is difficult to assign it to a specific jurisdiction.
Telegram Messenger states that its end goal is not to make profit, but it is currently not incorporated as a non-profit organization.
It uses MTProto and is open-source. But because the code is not well documented and difficult to read, it lacks careful review by outside coding experts.
In fact, Telegram’s security model has come under heavy criticism from crypto experts over the years. Some of the major issues, mentioned by Wiki, include not making E2E encryption the default for all chats, as well as storing media, messages, and contacts in the same place as the decryption keys.
Privacy and encryption
Although Telegram does not offer E2E encryption by default, it does offer “secret chats”.
All messages in Secret Conversations use end-to-end encryption. This means that only you and the recipient can read those messages – no one else can decipher them, including Telegram.
In addition, messages from secret chats cannot be forwarded. Secret chats also provide screen security to block chat screenshots. Secret Telegram chats are not backed up and the company does not keep any keys.
All audio and video calls are also protected with end-to-end encryption. To confirm your connection, compare the four emoticons on the screen for you and your caller, if they match, your call is 100% secure with the proven encryption also used in secret Telegram chats.
Group chats and channels are basically cloud chats and don’t offer any security features like self-destruct messages or screen security.
The Telegram desktop client also does not support E2E encryption on any platform other than macOS.
Unlike WhatsApp’s maximum number of 256, Telegram is able to support upto 200,000 members each in group chats and unlimited channel audience. It also provides a lot of group specific cool features like bots, polls, quizzes, hashtags and much more which makes group experiences more fun.
The app also offers a unique feature, self-destructing messages (like Snapchat), which is great if you’re sending messages that you don’t want to stay on the recipient’s device indefinitely.
The maximum file share size on Telegram is 1.5 GB. Infact, what made Telegram popular among other features is the Telegram channels and large file size, as they help in pirating the latest paid content (movies and shows) for non-tech users. These users may not have used the torrent app or network, or are more comfortable with chat apps. For these users, Telegram has become the go-to app for content pirating.
WhatsApp founder Brian Acton is the main person behind Signal. When WhatsApp was sold to Facebook for around US $ 19 billion in 2013, he had more than 20% stake in the company, bringing his net share to around US $ 3.8 billion.
In September 2017, Acton quit WhatsApp due to a dispute with Facebook over the monetization of WhatsApp. He also reported that Facebook executives had asked him to mislead European regulators over Facebook’s intention to merge data from Facebook and WhatsApp users.
He created the Signal Foundation, which is dedicated to helping people access private communications with a completely encrypted messaging app. Thus, Signal is widely used by journalists and human rights activists.
It is based on Open Whisper’s E2E encryption system. A completely open source (and therefore open to audit) encryption algorithm, but also recommended by the cryptographer and author of the reference standard “Applied Cipher”, Bruce Schneier.
Privacy and encryption
Signal is an app and company for which Edward Snowden and Elon Musk has provided valuable endorsements. In another approval, the European Commission asked its staff to switch to Signal for communications with people.
The service is designed to reduce data retained about Signal users. Signal collects as little metadata as possible and does not store any metadata, logs, or information about its users. It does not store any record of user contacts, social graph, discussion list, location, user avatar, profile name, group memberships or group addresses.
Signal verification method is superior to all other messaging apps. Users can verify anyone’s profile by verifying security numbers or scanning QR codes that contain this unique combination of numbers and marking the profile as verified.
Users can also subscribe to discover contacts in their address book. In this case, the contacts are fragmented and sent to the server.
By default, Signal encrypts all local files with a 4-digit pass-phrase. Also, the backup method they use is not only more secure but also simpler, as chats are not backed up to the cloud by default. However, you can enable backups to external storage via Settings> Chats & Media.
Under Settings> Privacy> Sealed sender, you can enable “Allow anyone” to receive “sealed sender” messages other than contacts and people with whom you have not shared your profile or delivery code. Basically, with Sealed Sender, no one will be able to know, not even Signal, who is sending a message and to whom, ensuring absolute privacy.
Apart from that, Signal allows you to relay calls. The functionality is somewhat similar to what a VPN does. Under Settings> Privacy> Calls, you can enable “Always on call relay” so that all calls go through the Signal server and your IP address is not revealed to your contacts.
Signal provides screen security to block screenshots in your recent chat list and inside the app which also block other apps on your phone (or even the user’s) from taking screenshots of your Signal chats.
Signal also has a face blur feature to help users stay anonymous. It can be used not only to blur faces, but also to blur any other sensitive information in the image. This is just one example of how they take user security and privacy seriously.
Signal only requires you to provide your phone number to the company when creating an account. The only thing that could seem unappealing was that you could be prevented from accessing your account simply by losing the right to your phone number. But Signal has also introduced Signal PINs to restore backups, so your government or mobile operator also can’t lock your account.
In Signal, you can create groups, but you don’t have the option to broadcast messages to multiple contacts simultaneously.
It has similar functionality to Telegram’s self-destruct messages as well. The great feature of Signal is “Note to Self”: you can write down your thoughts and ideas while chatting with your friends and family using this feature.
In terms of performance, no app compares to WhatsApp’s flawless speed and experience. Since WhatsApp is the industry leader and has the highest user base with the most powerful servers, it will take time for other services to outperform them.
Everyone has different needs and demands. Choosing the right encrypted messaging app depends on who you are, what your job is, and who you talk to.
Here are my thoughts on the three encrypted messaging apps – WhatsApp Security vs Signal vs Telegram:
WhatsApp is easy to use and popular with the broadest user base, but their security isn’t that trustworthy, especially given their history. Using WhatsApp for personal communication with family and friends is fine and always better than no encryption at all. However, I never recommend using it in conversations that you might consider confidential or private. When Facebook is the parent company (notorious for always trying to sell user data), it seems like a bad choice . (Even though Facebook claims not to monitor WhatsApp.)
Telegram is capable of some really cool stuff, especially “channels”. It is flexible and arguably easy to use. The highest level of security is not available by default (unlike Signal) and it takes a little extra work to achieve maximum security, which might not be everyone’s cup of tea. Although, it’s definitely pretty safe – after all, it’s the messenger of choice for ISIS activists and Hong Kong protesters.
Signal might be the favorite choice for people who really mean privacy. If you’re serious about security, Signal definitely throws the dial on the security side, making it ideal for even high-risk confidential communications.
Common Features of all three apps
- Chat (Of course)
- GIFs & Stickers
- Voice + Video Calls
- Share files
- Photos & videos sharing
- Map location sharing
- Cross-platform messaging (iOS, macOS, Android, Windows, Linux)
- Cross-platform MFA (Multi-Factor Authentication)
In-built Privacy Features Comparision
|End to end (e2e) Encryption||Chat metadata & Backups are not encrypted||Servers have access to keys||Truly E2E chats, metadata & secure backups|
|Source code||Not open source except Signal framework||Not completely open source||Open source|
|Chat Backups||Third-party cloud backup||In-built cloud backup Secret chats not backed up||Local backups secured by pin can be enabled; off by default|
|Screenshot Security||No||Only for secret chats||Yes|
|Chat security||Yes, but without metadata||No, except secret chats||Yes|
|Self Destructing Messages||No, just announced to be added by WhatsApp||Only for secret chats||Yes|
|Face blurring feature in photos||No||No||Yes, shows they are all about privacy|
|Relaying calls through the server to hide your IP address||No||No||Yes, unique feature of Signal|
User experience (UX)
|Audio forward and backward||N, major improvement required||Yes||Yes|
|Beep sound before next audio||Yes||No||Yes|
|Audio playback speed change||No||Yes||No|
|Delivery tick sign and seen tick sign||Yes||Yes, recently added||Yes|
|Group chat maximum members||256 members||200,000 members||150 members|
|Current users||2 billion monthly active users||Telegram says 25M joined in last 72 hours; crosses 500 million monthly active users||Over 525 million monthly active users|
What data does each app collect?
|Device ID||Contact Info||Only phone number|
|Advertising Data||User ID|
|Coarse Location (network provider’s location)|
|Other Diagnostic Data|
|Other User Content|