WhatsApp, Signal or Telegram; do I need to change messenger?

The debate is old and musty and, over the years, WhatsApp, Signal and Telegram gained new features, changed usage rules and privacy policies several times. Far from being the only option for sending secure messages, the trio is easily among the most popular mobile messaging apps.

Follow the comparison between WhatsApp, Signal and Telegram below – and choose your fighter. Remember, too, why we are talking about this – again, again and again.

Choosing a courier

I usually say that “messenger is not chosen alone”. There is no point in liking, for example, application “A”, if all my contacts and friends are in application “B”.

🤷🏽‍♀️

To work, everyone needs to be on the same platform. It’s the basics. And, perhaps, you choose (when analyzing the features) a specific application, which is not the most popular. I understand that it is natural that users are rethinking the use of certain platforms, especially with regard to security and not just resources.

Why rethink?

WhatsApp is in the eye of a hurricane of criticism about data usage for advertising purposes after announcing a change in its privacy policies. The application already shares a series of data with the parent company that acquired it, Facebook – and with the change in the text, it makes it clear that it will share more and more data.

Meanwhile, Signal and Telegram record record peaks for new users (considerably increasing the costs of operating both), but not everyone, yet, is there. The revolt also agitates small businesses that saw WhatsApp as a channel to sell their products / services and fear a stampede.

1.Who are they?

WhatsApp was launched in February 2009 in California (USA) by two former Yahoo! employees, Jan Koum and Brian Acton. Created at the time to work “with plain text only”, it was sold for almost $ 20 billion to Facebook in 2014 – and has incorporated many new features since then. Koum continued as CEO of WhatsApp after the acquisition by Facebook. Acton became chairman of the board of the Signal Foundation, founded by him and Moxie Marlinspike, in 2018, after his departure.

The pair followed not-so-different paths; while Acton balanced the plates within the Facebook group for the future of WhatsApp, Acton became one of the biggest critics of creation itself. But Koum also left Facebook, months later.

Endorsed by names like Edward Snowden and Jack Dorsey (Twitter CEO), Signal is the result of the work of an independent group of software developers called Open Whisper Systems, whose leader is Marlinspike. The relationship with Acton, in addition to the dissatisfaction with WhatsApp, is more financial. He invested $ 50 million out of his own pocket to kick-start the Signal Technology Foundation, entirely nonprofit.

Telegram was founded in 2013 by two brothers: Nikolai and Pavel Durov, both also founders of VKontakte, Russia’s largest social network, and a competitor to Facebook – popularly known as VK, the Russian Orkut. Still, Telegram is an independent company, since the social network was sold in 2014 to Russian Mail.ru.

That said, Telegram is technically, ideologically and financially dependent on the Durov brothers. However, they are already thinking about a strategy to make the platform sustainable, even if without profits. Let’s talk about this below, when the conversation is a business model.

2. Business model

Much of the discussion about the use (or not) of messaging applications is about the business model. Not that WhatsApp was born under a totally different thinking than Telegram and Signal, but the intentions clearly adapted.

In 2019, Mark Zuckerberg, Facebook CEO, wrote an article distributed to several press outlets such as the Wall Street Journal, Le Monde and Folha de S.Paulo.

According to Meio e Mensagem, the text was entitled “A look at the business model”. In the executive’s view, for Facebook to remain free, it is necessary to work with advertisers and this is only possible due to the investment they make.

“People always tell us that if they are going to see ads, they want them to be relevant to them. This means that we need to understand what they are interested in ”, he said.

The interesting thing about this excerpt is that understanding what people want is about collecting, processing and using user data to fine-tune the delivery of relevant ads.

Zuckerberg admits that the ads are based on user behavior data and reveals his concern for the company’s reputation. “We don’t sell people’s data,” he said, in a context of not selling packages of that data to third parties.

WhatsApp & Facebook integration

The 2016 terms of use already provided for the use of WhatsApp data on Facebook – and in 2021, with a wider scope. The more data the social network is able to collect and process, the more certain are the ads it displays in the applications, generating more sales for advertisers and greater financial return for the advertising division.

And it is because of this change (and a little misinformation) that there has been a lot of outrage among users, with people wanting to leave the application.

Meanwhile, Signal and Telegram offer applications based on open source – subject to expert scrutiny – and are institutions maintained by donations from the founders themselves and groups interested in keeping them without aggressive monetization.

Other ways to pay slips

Signal makes it clear that it works “without ads and without trackers”. From the beginning, the group promised not to monetize user data and not to display ads. But Acton’s investment helped Signal in its inaugural phase and the foundation today also depends on donations to finance itself – which, in an optimistic view, can grow.

At TechCrunch, Acton was confident. “If Signal reaches a billion users, it is a billion users [possíveis] donors. All we need to do is make them so excited about Signal that they want to donate us a dollar or 50 rupees, ”he said.

“The idea is that we want to deserve this donation. The only way to earn this donation is to build an innovative and charming product. This is a better relationship [entre plataforma e usuário] in my opinion ”, concluded the executive.

Telegram has a very similar approach, supported by the harsh criticisms made by Pavel Durov, publicly, to big techs like Google and Facebook. Durov has already mentioned that he plans a way to make it sustainable – it does not mean the same as profitable.

“For most of Telegram’s history, I paid the company’s expenses out of my personal savings. However, with its growth, Telegram is on track to reach billions of users and demand adequate funding, ”he explained.

For 2021, Durov plans to launch his own advertising platform for public channels (friendly, respectful of privacy and allowing to cover the costs of servers and traffic) and perhaps premium stickers sharing profits with artists and creators.

3. Cryptography & Privacy

Let’s be fair, all WhatsApp chats have end-to-end encryption (just like Signal’s), unlike Telegram which only offers it in secret chats.

But, if we go a little deeper in the discussion, to understand the encryption processes of each one – including backup encryption – we can shed more light.

Whatsapp

WhatsApp’s end-to-end encryption works as follows: messages exchanged between sender and recipient are encrypted in a way that makes them unreadable for everyone except the two parties involved in the conversation.

This lock exists to ensure that no one is able to spy on the content of your conversations. The update, however, affects communications between individuals and companies.

Here is a point of interest:

“WhatsApp considers conversations with companies that use the WhatsApp Business app or that manage and store conversations with customers independently protected by end-to-end encryption. Once received, messages will be subject to company privacy practices, which may require some employees or service providers to process and respond to those messages.

Some companies will be able to choose Facebook, the parent company of WhatsApp, to store and respond to customer messages securely. Facebook will not automatically use your messages to display targeted ads, but companies will be able to use conversations with you for marketing purposes, including ads. ”

As long as you are chatting with friends, nothing changes. But when the conversation involves companies using WhatsApp Business, the decision is no longer yours.

A Twitter thread by WhatsApp CEO Will Cathcart tried to clarify a few points. According to Cathcart, end-to-end encryption remains.

In the privacy policies, WhatsApp also states that it can collect, use, retain and share data when it believes that this is legally necessary, including investigations into possible violations. And what data would that be? The message metadata, which is not encrypted (data about who you talked to and when, the message header), and used against spam and misuse.

Telegram

Telegram works with two layers of encryption: ordinary chats (private or group) go through the cloud and offer what we call “server to client” encryption; secret chats use what we call “client to client” encryption (end to end). Telegram has its own protocol: MTProto.

But if all of the common chats are in the cloud, how does Telegram ensure that they are still safe? According to the FAQ, in secret chats, it is not possible to obtain data that can be leaked or shared with governments or anyone else because they do not exist. And, to protect data that is not covered by end-to-end encryption, Telegram uses what it calls “distributed infrastructure”.

“Cloud chat data is stored in several data centers around the world, controlled by different legal entities across different jurisdictions. The relevant decryption keys are divided into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are needed to compel us to give up any data ”, they detail.

It is thanks to this structure that Telegram guarantees, among other terms, that no government or block of countries with similar ideals can access the messages.

“Telegram can only be forced to deliver data if an issue is serious and universal enough to go through the scrutiny of several different legal systems around the world. To date, we have disclosed 0 bytes of user data to third parties, including governments, ”they explain.

Telegram also challenges anyone – curious, hacker or nonconformist – who claims that the app’s cloud messages (ordinary chats) can be deciphered or intercepted to prove this in a real challenge in which they can win $ 300,000.

Signal

Signal uses end-to-end encryption on everything from its own Signal protocol. WhatsApp also uses the same protocol in the code, but did not create it.

The messenger guarantees that it was developed to never collect or store “any type of sensitive information”, including your contact list that is not read by the app.

“The only Signal user data we have, and the only data that the U.S. government has obtained as a result [de um processo em 2016, na Virgínia], were the date of creation of the account and the date of last use – (not messages from users, groups, contacts, profile information or anything else) ”, account.

Signal explains the process in detail in a post on privacy. The fact that Signal keeps little (or almost nothing) about what is on its network represents a fundamental difference in how the institution thinks about concepts such as privacy.

“We don’t believe that security and privacy are about responsible management of your data under our control, but about keeping your data out of the reach of others – including ours. [mãos]”, They preach.

Please note that text messages, images, files and any other content exchanged through Signal are stored locally on your device; there is no cloud. Security is there: if I don’t keep this data, I can’t be breached.

Types of Cryptography (Image: Vitor Pádua / Tecnoblog)

That said, we have reached another important point in this long journey: backup.

But what about the backup?

Everyone who has ever needed to recover WhatsApp messages knows: it has cloud backup! It’s great news, if you need to change your phone, (including changing your cell phone number). For this to happen, this recovery file needs to be stored somewhere. In this case, it’s on iCloud (iPhone) and Google Drive (Android).

That’s where end-to-end encryption goes down the drain; the protection of these files is under the responsibility of the cloud itself and can be read by those who manage it (Apple and Google). WhatsApp has been testing ways to password protect this backup on both Android and iOS. However, this feature has not yet reached everyone.

Telegram sends everything to its own cloud. This allows you, for example, to start writing a message on one device (smartphone) and end on the other (tablet or computer). But this only works in ordinary chats. In secret chat messages are stored locally and can self-destruct if requested.

The protection of what goes to the cloud is in charge of Telegram and the user needs to trust the Durov brothers in the same way that he trusts WhatsApp, Google and also Apple. However, Telegram does not have as troubled a history as Facebook.

Signal remains, which does not leave much. The messenger has no cloud backup, and that’s it. Everything is locally stored on your cell phone. When you reinstall the application, it even tries to recover messages that are already on the device.

When this is not possible, the user resumes from zero. If you have your old cell phone, you can still transfer messages locally (as a package). Account transfer does not happen if: you don’t have your old device; wiped your phone data, lost your phone or was stolen and / or changed your number.

4. Expert opinion

Fabio Assolini, senior security analyst at Kaspersky, makes some important considerations when choosing a messenger “as safe as possible” when necessary.

The first is to use the mobile phone number as an ID. The information is practically public today, as it is available to all members of groups on WhatsApp, social networks, business cards and on the agenda of several people. It is very easy to find the user.

Another observation is to understand the form of authentication in new devices. In the case of WhatsApp, it is by SMS. This allows the theft of accounts through social engineering or SIM Swap (when without double authentication, a bad habit that is still very common).

“An application that prioritizes security needs authentication via a unique ID – without relying on the phone number -, password, implementation of the second authentication factor, end-to-end encryption, and verification of contact veracity. A good comparison for choosing a secure communication app is the Secure Messaging Apps Comparison website. In this sense, we can say that apps like Signal and Threema offer more security features than WhatsApp itself ”, summarizes Assolini.

Speaking of which, we have already explained how Threema works in another opportunity.

A brief summary, below:

Whatsapp Telegram Signal Threema
Financing / Maintainer Facebook Pavel Durov Signal Foundation and donors User-paid application
Collects data from users ✔️ ✔️
User data types Purchasing / Financial information / Location / Contact information / Contacts / User content / Identifiers / Usage data / Diagnostic data Contact information / Contacts / Identifiers Contact Information Contact data / Identifiers / Diagnostic data (Contact information is not sent when using anonymously)
It also encrypts metadata ✔️ ✔️
End-to-end encryption enabled by default ✔️ ✔️ ✔️
Messages can be read by the application company ✔️
Anonymous in-app account creation ✔️
Allows to use secondary authentication factor ✔️ ✔️ ✔️
Has messages that can self-destruct ✔️ ✔️ ✔️
Code audit and independent security analysis ✔️ ✔️ ✔️

Not the end of the world

Brian Acton, one of the founders of WhatsApp (now at Signal) recognizes that there is no panic or reason to uninstall the Facebook application at this time. In an interview with TechCrunch, he did not suggest that people should stop using WhatsApp. On the contrary, imagine people relying on Signal for conversations with family and close friends and using WhatsApp for other types of chat.

“My desire is to give people a choice. Otherwise, you are stuck in something where you have no choice, ”he said.

5. Conclusion

You can rethink the use of these applications; ever.

WhatsApp offers end-to-end encryption for the content of conversations, but it presents questionable points regarding backup and metadata encryption. With the new privacy policy, the application will collect a lot of information and this will be shared with Facebook, which has a history populated by several controversies.

Telegram does not use data for advertising purposes and has several features that you search for on WhatsApp; but it doesn’t have end-to-end encryption by default in all conversations, and you always need to remember to enable it using secret chat.

Signal is the safest alternative, as it combines end-to-end encryption in all chats with not using data for advertising, but you can lose fun features or not find a lot of your friends in the app.

Nobody will get rid of WhatsApp anytime soon…

I find it difficult to be 100% free of WhatsApp. At some point, a store, a service provider or even a friend or family member will have just it, the most popular application, installed on the phone, and it can be useful to keep it on your smartphone. What you can do, as a suggestion, is to use Telegram or Signal for sensitive topics.

It is worth remembering, however, that no application is entirely free from cybercrime or snooping from those who have physical access to the smartphone. The largest number of scams involving WhatsApp have a direct connection to its popularity; the occasion makes the thief. It is not (nor will it be) surprising that, with a possible migration of users to other messaging applications, the scams also start to appear there.

Ufa! What a text. 🤦🏽‍♀️

Leave a Comment