WhatsApp Backlash; Are Signal or Telegram More Secure? You may be wrong!
As the self-inflicted WhatsApp backlash continues, millions have turned to Signal and Telegram instead. But how much do you know about those other text messaging services? Due to the way the media has been talking about it, you may think they are more secure than WhatsApp, right? But you are wrong.
Here is what you need to know
What happened with WhatsApp?
Fact 1, Facebook bought WhatsApp in February 2014 for approximately US$19.3 billion. It became the world's most popular messaging application by 2015 and has over 2.2 billion users worldwide as of Jan 2021 in 180 countries.
Fact 2, Your messages are backed up on Google Cloud or Apple, not on Facebook servers. The back up is done by the OS of your phone.
Fact 3, WhatsApp encryption guarantees that not even WhatsApp can read your messages. Is that true? Technically yes.
Fact 4, The UK and European jurisdiction have no need to worry because this update will only affect the US and some other countries in the world but not European Union countries or the UK. Their data will not be harvested by social media giant Facebook.
Fact 5, The new update is only applied to how people communicate with companies and as WhatApp post in a blog, “We want to be clear that the policy update does not affect the privacy of your messages with friends or family in any way. Instead, this update includes changes related to messaging a business on WhatsApp, which is optional and provides further transparency about how we collect and use data."
So following the first fact, how can people not know who owns WhatsApp? It even says Facebook nowadays at the bottom of the main screen on WhatsApp, so I am not sure why so many people didn't even know WhatsApp is owned by Facebook.
But what about all those stories on how they are going to share information with Facebook? They have been sharing information with Facebook all along. You can see what information is shared, before you download it, in the privacy label shown in the app store.
Source: Wired.com
Some media outlets and confused WhatsApp users understandably assumed that this meant WhatsApp had finally crossed a line, requiring data-sharing with no alternative. But in fact, the company says that the privacy policy deletion simply reflects how WhatsApp has shared data with Facebook since 2016 for the vast majority of its now 2 billion-plus users.
WhatsApp emphasized to WIRED that this week's privacy policy changes do not actually impact WhatsApp's existing practices or behaviour around sharing data with Facebook.
Another story is about how they are now going to charge you to use it. Yes, there is a paid version in some countries, but if you look closely you can actually use it for free with the same functions and nothing less, it is just not as obvious as the paid option, but it is there.
You have no reason to pay for WhatsApp by the way, if you didn't know and no, they are not planning to start charging. There is an obvious option to pay for it when you install it, but as I said, there is a free option too. WhatsApp is free! Everywhere!
Other stories going around; "Whatsapp now is going to have ads" - well they planned that even before they were bought by Facebook, it is the business model of most free apps because they need some kind of income to run the business, there are ads in pretty much every free app. Remember these changes do not affect Europe or the UK.
So, what actually happened?
First, Apple’s privacy labels highlighted the extensive metadata collected by WhatsApp from its 2 billion users. WhatsApp complained, saying it was unfair that Apple’s own iMessage didn’t have a privacy label—Apple then published exactly that, which made WhatsApp look worse.
There were no real security or privacy issues. WhatsApp has always shown their privacy label and before you install it you knew what you are sharing. But the change was clumsily worded, which led to it being misreported as WhatsApp sharing private user data with Facebook.
WhatsApp tried to clarify first the purpose of its metadata collection and then the reasons for its changed terms of service. But we wonder who wrote it, we are sure somebody has lost their job after that. The way they explained it cause serious damage to WhatsApp while Signal and Telegram have been the main beneficiaries of WhatsApp’s mishaps.
So, should you move to another App? Think twice!
Source: Forbes.com
1. Are you really more secure if you switch to Signal or Telegram?
While the WhatsApp denies sharing anything private or sensitive with Facebook, it still collects too much. But what hasn’t been questioned, though, is the security it applies to your messages themselves, which is as important or the most important part depending on what type messages you sent. For example what about WhatsApp business which is used by millions of businesses.
WhatsApp popularized end-to-end encryption, where only the sender and recipients of a message can read its contents, and it deserves great credit for this and for defending the use of such security despite the efforts of lawmakers to mandate backdoors. Yes, there have been examples of WhatsApp’s security being compromised, most famously by alleged Israeli spyware in 2019, but these are attacks on phones, not weaknesses in WhatsApp’s own infrastructure.
Signal’s security is better than WhatsApp’s. Both use Signal’s encryption protocol, but whereas Signal’s is fully opensource, meaning As far as security is concerned, the big win in using open source software is supposed to be transparency. Any security research can be done on it., WhatsApp uses its own proprietary source. But both are end-to-end encrypted—your content is safe. WhatsApp’s main security weakness is its cloud backup option, which stores your chat history, absent end-to-end encryption in Google’s or Apple’s cloud. Signal does not offer any such option, for security reasons.
The situation with Telegram is very different. Ironically, users moving from WhatsApp to Telegram are making a regressive move from a security standpoint. Telegram does not offer end-to-end encryption by default. There is a “secret chat” option, where one user can message another using end-to-end encryption between the two devices and bypassing Telegram’s cloud, but this does not extend to groups.
The encryption issue makes it difficult to recommend Telegram from a pure security point of view. The lack of default end-to-end encryption “gives users a false sense of privacy,” warns security analyst John Opdenakker. Technically, Telegram can access your messages, which are stored on its servers, backed up to its cloud, and to which it holds the key. MTProto, the encryption protocol used by Telegram, is proprietary and only partly opensource. In reality, you can trust Telegram with your content and there are no serious claims to the contrary, but that’s different from a provider technically unable to access your content, even if they want to.
If security is your concern, then Signal is the best step-up from WhatsApp. Signal has been criticized for its use of phone numbers as its primary ID, albeit it says it doesn’t collect any data linked to the number. Signal has also been criticized for alerting users when one of their phone’s contacts joins up, intended to drive viral growth. Again, it says this is done without compromising security, and the matching of new users to a phone’s contacts is anonymized. You could turn to an even more secure alternative like Threema, which doesn’t require a phone number and so is entirely anonymous, but you’ll find almost none of your contacts on the platform.
Tommy Mysk, one of the researchers who outed the iOS clipboard vulnerability that caused TikTok such bad press, warns that even Telegram’s end-to-end encryption might have weaknesses compared to the others. “In our research about link previews,” he says, “we found that Telegram generates link previews on its remote servers for both normal and secret chats. Secret chats are end-to-end encrypted and sending links shared in such a private chat to a remote server defies the purpose of end-to-end encryption. Telegram remote servers download up to 20 MB of any link shared in the chat. A message is shown in secret chats when the user types a link for the first time warning that links will be sent to remote servers. This can be disabled in the settings, but only for secret chats.”
2. Who is behind Signal and Telegram?
We all know the pros and cons of engaging with a Facebook platform, the world’s most data-hungry company, but what’s the situation with Telegram and Signal?
Telegram is managed and funded by Russian social media billionaire Pavel Durov, and operates from undisclosed locations. In its early years, the messenger became famous as the platform of choice for dissidents and protesters and, unfortunately, for criminals and extremists, all looking to keep their communications out of the reach of the authorities. Despite its lack of end-to-end encryption by default and the fact it holds decryption keys, Telegram says that to access messages it needs keys from different jurisdictions to frustrate any attempts by law enforcement to access the content. This gives a good insight into the original philosophy behind Telegram.
Signal was founded by a security researcher who uses the name Moxie Marlinspike for his public profile. Until 2018, the platform was fairly niche and unless you worked in some form of security field, it was unlikely to be found on your phone. But then Brian Acton, one of WhatsApp’s founders, left Facebook and ploughed $50 million into Signal to help take it mainstream. Prior to Acton’s involvement, Signal was fairly clunky to use, you really needed to want its enhanced security. But that has all now changed, as my colleague Kate O’Flaherty explains, its user interface and features rival WhatsApp, all the way to group calls and stickers. It is now the nearest thing to the original spirit of WhatsApp before Facebook flexed its ownership muscles.
3. Are Signal and Telegram really better for you than WhatsApp?
Yes and no. Facebook’s long-term plans call for the eventual integration of WhatsApp’s underlying platform with Facebook Messenger and Instagram—this is not good news for WhatsApp users.
WhatsApp also has ongoing functionality weaknesses. The continued lack of genuine multi-device options that don't use a telephone company sim card, being the main one. Both Telegram and Signal offer significantly better options that WhatsApp, with full iPad and desktop apps that are not dependent on an active telephone number.
But a messaging platform is only as useful as its userbase.
I can't see a reason for a user to switch from WhatsApp to Telegram. That lack of end-to-end encryption is a deal-breaker, Moore is right, that level of protection is a must.
Almost everyone working in cybersecurity or information security has now been inundated for a week with messages from people asking if WhatsApp is still safe to use, if they need to move to Signal or Telegram—many of those people will have only moved from SMS to WhatsApp in the last few years.
This is worrying. If the headlines and the social media buzz undermines confidence in WhatsApp’s security, then we enter dangerous territory. Moving to Telegram or Signal is fine, but what about the likes of Android Messages or generic SMS, or any of the other non-encrypted apps that offer messaging capabilities.
It is critical to emphasize that WhatsApp’s security is fine, you don’t need to move away from the platform. Don’t stop using it until you’re very sure you want to move and where. There’s no reason to rush to #DeleteWhatsApp.
“Signal seems to be smashing growth numbers due to the self-inflicted WhatsApp/ Facebook marketing problem,” says Cyjax CISO Ian Thornton-Trump. “Telegram has a brand reputation problem as it’s been singled out—rightly or wrongly—by law enforcement as being favoured by criminals. This brings us to the crux of the secure messaging issue—you can have privacy or you can have control over then messaging apps content, but you can’t have both.”
To keep it simple let's answer your question
Are Signal or Telegram More Secure?
No, they are not necessarily more secure or better. In general, you are likely more secure using WhatsApp than the others, you should take your time before moving to another text messaging services.
If we put it simply for non-tech-savvy;
WhatsApp is owned by Facebook 7 years ago and all the messages are end to end encrypted, which means only the person that send it and the person that receive it can read them and it is not open source. Have a user base of 2.2 billion people until Jan 2021.
Signal is part-owned by one of the WhatsApp founders, all messages are end to end encrypted, it is open-source (which means that all the code can be investigated and is transparent) and has a user base of 500 million people.
Telegram is owned by a Russian Millionaire, and the location of the company is registered in London with their operations done in Dubai but their specific location is undisclosed. It does not have by default end to end encryption, you have to chose it and groups are non-encrypted.
So now the question is, who offers the best level of security?
Do we know enough about the servers of Signal and their level of security? Is the company big enough to invest the same amount of money on security and on security experts for their systems, to be as secure as Facebook or even better? Yes, Facebook has had some issues but point at a company its size that has not had security issues.
I think there is no point on discussing Telegram for obvious reasons explained above, but what about Signal, what makes you believe it is more secure than Facebook?
Mili Ponce
Former Computer Engineer, Entrepreneur, Keynote Speaker on Digital Marketing and Entrepreneurship, Social Media Strategist, eCommerce Business Mentor, Trainer, Writer, Blogger, Mother, Daughter, Dreamer.
Follow her on:
Instagram: @MiliPonceOfficial
Facebook: /MiliPonceOliver
Pinterest: /MiliPonce
LinkedIn: /in/MiliPonce
WhatsApp Backlash; Are Signal or Telegram More Secure? You may be wrong!
Reviewed by Mili Ponce
on
Friday, January 22, 2021
Rating: