Research & Opinion
WhatsApp vs Signal vs Telegram: Fact Behind Encryption, Security And Privacy
Ever since WhatsApp sent a notification on its policy change, it stirred a storm and created panic around the safety and privacy of messaging apps. The move has opened flood gates for rumours, misinformation and fake news.
Many on the internet are migrating to other encrypted messaging apps. Services like Signal and Telegram have now become buzz words. On one side, while social media is full of jokes and memes around the subject, there is a large volume of people who are scared about the latest security features and their privacy. Amid this chaos of misinformation, here is a step by step explainer and myth buster:
1. WhatsApp has never agreed to share the content of chats and calls.
2. WhatsApp has always shared users metadata to Facebook ever since Facebook has acquired it.
3. WhatsApp shares following data with Facebook:-
- Phone Number id.
- IP addresses
- operating system details
- browsing analytics/browser details
- battery health information
- App version
- Mobile network details
- language and timezone
- Transaction and payment data (not the passwords and confidential passwords).
- Location information.
4. Signal’s encryption algorithm is made by same organization which has made the algorithm for WhatsApp.
5. Signal’s/WhatsApp’s/Facebook’s/Instagram’s call protocol leaks user’s real IP address on all calls that are exchanged. So anonymity is not maintained. I can call you on signal and tell you where you are right now.
6. Signal captures: device ID, handset type, contacts, groups metadata, profile pictures, call metadata, etc on their servers.
7. When these metadata information is captured and not updated on privacy policy that doesn’t mean it may not sell/share the data. Such huge voluminous servers, employee salaries, infrastructure cost and many other factors just for free of cost? App makers are not bound to present the entire truth in their policy updates.
8. Many jihadi based groups are automatically removed from Telegram on suspicion of spreading terrorism and national threats. When they are not storing or accessing any chats on server, how come these groups are automatically removed from Telegram?
9. Apps having access to keys can automatically pick the same from your device and decrypt the communication whenever required. However till date it has not been caught red handed but you are always on the mercy of the app maker.
10. You are always vulnerable on third party applications and on their mercy that they will not share the contents. Only solution is make your own application or be in panic. For this I have made my own secured chat messenger accessible for law enforcement for private security where server is owned by the security forces themselves. So no chance of snooping.
11. Signal and Telegram data is also decrypted and forensics have been successful by many applications. So one can never claim he is on Telegram or Signal, he is totally secure.
12. What they project is what they want you to see! A bigger conspiracy underneath. Beware!
The writer–Ishaan Sinha is Advisor Cyber Crimes and Ops