The apps we install on our phones have access to more data than we’d ideally like them to have. That’s true of almost all of them. Aside from receiving your telephone number, which can easily be linked to your identity, they might also have access to your email address, your contact list, the information contained on your social media profile, and much more.
There’s no such thing as absolute privacy if you own a smartphone, but there is such a thing as relative privacy. Because WhatsApp offers end-to-end message encryption, its millions of users assume that it’s the most secure and private way to speak to their friends. A significant number of them are no longer as sure about that as they used to be.
WhatsApp belongs to Facebook. That fact isn’t immediately obvious as it hasn’t been mentioned anywhere on the app in the past, but those who didn’t know that were suddenly informed of it right at the start of the year when WhatsApp issued new privacy guidelines and informed users in the United States of America that it’s about to start sharing some data with Facebook. That didn’t go down well with a significant chunk of the app’s users, who responded by ditching WhatsApp and moving to alternatives like Signal and Telegram. They believe their private information is safer there, but are they right?
If anyone needs a reminder that the grass isn’t always greener elsewhere, look at what happened to Parler when it was briefly taken offline after January 6th. All of its data was breached – including location data and private messages – and is now in the hands of hackers. This is what hackers do for fun. It’s like playing games provided by the most famous slot game providers, like Netent, Microgaming, Pariplay and Pragmatic to name just a few. Ask anyone who’s ever won any money playing online slots, and they’ll tell you that they’re happy to lose time and money on ten bad bets so long as the eleventh one pays off. That’s how hackers feel about cracking databases. The jackpot they chase might be information rather than the financial rewards that online slots players seek, but the principle is the same. If there’s a weakness, hackers will eventually find it. It’s often the case that these weaknesses are more likely to appear with smaller platforms than they are with larger ones. Is that true of Signal and Telegram, though? Let’s take a look.
The biggest selling point of Signal for privacy-conscious people is that the app promises not to collect or store any of your data at all. It needs your telephone number for obvious reasons, but it doesn’t need your name, your email address, or access to any folders on your phone that it wouldn’t make sense for it to have. It’s also not tied to any commercial interests. The obvious benefit of WhatsApp sharing data with Facebook is that it enhances the accuracy of Facebook’s advert targeting algorithms. There’s no equivalent corporate entity for Signal to feed information to. It doesn’t even allow advertising – it’s open-source software on a platform that’s provided by a non-profit organization called the Signal Foundation.
While the name of the app has only appeared within the mainstream consciousness in recent weeks, the service has been around for a long time. It was once used by Edward Snowden, and it’s thought that Julian Assange may also be a former user. It offers data encryption for text, pictures, and video files and even offers Snapchat-style disappearing messages and other privacy enhancement tools if you so desire. If it has a weakness, though, it’s the fact that it’s small and it’s open source. Giving away so much of the code might not prove to be a smart idea now it’s so popular, and the fact that the service has gone down completely more than once in the past two weeks suggests that it struggles to cope with high demand. That’s a problem that can be solved by building better infrastructure, but the open-source issue will remain. There’s also no encryption or security if you send a message from Signal to a non-Signal user – but that’s true of every platform. Some don’t even allow you that option.
Telegram is also technically open-source, which comes with the same inherent issues as Signal, but it doesn’t give away quite as much of its code as Signal does. However, it does suck up a little more of your information than Signal does. Aside from your phone number, it insists on knowing your name and having access to your full contacts list. For reasons we can’t immediately identify, it also records your IP address.
Creating an alternative to WhatsApp was never really the intention of Telegram’s owners. It’s more like an alternative to Facebook Messenger and looks and feels more like a social media platform than a messaging service. It doesn’t even offer encryption by default. You can turn it on through the privacy options, but you have no way of knowing whether the person you’re exchanging messages with is using the same settings. There’s a GPS feature that tells you when you’re near other Telegram users – which is another obvious security issue – and it’s been hacked before. More than forty million telephone numbers were leaked in a Telegram data breach as recently as March 2020. Telegram has its merits, but we’d humbly suggest that anyone who deletes WhatsApp and installs Telegram in the belief that their data will be more secure is barking up the wrong tree.
If private communication is of the utmost importance to you, Signal appears to be the most sensible choice. You’ll probably have to persuade most of your contacts to download it and use it too, which might not be easy, but it records so little data that you can rest relatively assured that nothing vital will be compromised even in the event of a hack. Alternatively, sticking with WhatsApp might not be the worst thing in the world. Facebook is well aware of the backlash to its latest changes and is already reconsidering its path. We wouldn’t be surprised to see them abandon the idea to build stronger links between WhatsApp and Facebook. Should those changes be abandoned, there’s no reason to move at all.