Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Editorial » Here’s why you should leave WhatsApp for Signal, not Telegram

Here’s why you should leave WhatsApp for Signal, not Telegram

by Bernard Meyer
13 January 2021
in Editorial
9
Here’s why you should leave WhatsApp for Signal, not Telegram
1.8k
SHARES

When WhatsApp updated its privacy policy to allow it to share its users’ data with Facebook, which bought WhatsApp in 2014, users began abandoning the platform for Telegram and Signal. 

While this update doesn’t affect EU and UK users, those in the US, Australia, Asia, etc. will be forced to agree to this new data sharing or lose access to WhatsApp on February 8.

Telegram reported that 25 million people joined its service in just 72 hours, bringing its total active users to half a billion. 

Signal has also seen a huge boost in numbers. After Elon Musk tweeted “Use Signal” – which Edward Snowden retweeted – the app has seen a huge boost in new users as well,  becoming the number one downloaded app on iOS.

Edward Snowden tweet screenshot 1

Snowden went further, claiming “I use it every day and I’m not dead yet.”

Edward Snowden tweet screenshot 2

But for those who are considering leaving WhatsApp, what is the better choice: Signal or Telegram? Our recent research into secure messaging apps is conclusive: Signal has better privacy and security features out of the box than Telegram does. 

  • Read more: Research – nearly all of your messaging apps are secure

Signal vs. Telegram

In order to assess the privacy and security aspects of Signal and Telegram, we looked at the various technical aspects of these secure messaging apps.

Here are the results:

SignalTelegram
PlatformsWindows, Android, iOS, macOS, LinuxWindows, Android, iOS, macOS, Linux
Default security?Secure by defaultNot secure by default
Transfer protocolsHttps/SIP over WebSocketsHttps/SIP over WebSockets
Encryption usedSignal protocol (X3DH + Double ratchet + AES-256)MTProto 2.0 (AES-256, AES IGE IV 256)
Keys-Exchange & Cryptographic primitivesPre-keys + Curve25519, HMAC-SHA256Persistent shared key generated via DH, KDF, Double SHA-256

As you can see, both platforms are matched in most aspects, with the biggest variety in the encryption they use and their keys exchange and cryptographic primitives. These platforms used variations of RSA and AES for encryption and key hashes – which are some of the most secure encryption algorithms available today.

But the biggest reason that Signal beats Telegram is that Telegram is not secure by default.

To be fair: this is not to say that Telegram as a product lacks security in any major way, but rather that Telegram doesn’t provide its important features out of the box.

This feature is the crucial end-to-end encryption that, bizarrely, WhatsApp uses by default.  In end-to-end encryption, only the sender and the receiver is able to view the messages. Without end-to-end encryption, the messaging app server that sits between the sender and receiver might be able to read the messages.

Another important note: Telegram’s Secret Chat (end-to-end encryption) feature only works for direct messages between two people. There’s no end-to-end encryption for group chats, which means that an attacker (or law enforcement) would be able to read your group messages. Because Signal is secure by default, all of their chats — direct and group — are end-to-end encrypted.

This means that, if the user is using the app out of the box, without changing the settings, they’d still have more protections on WhatsApp than they would on Telegram. This is bad, of course, since one study showed that roughly 5% of people changed their settings in a given app, while the other 95% kept the default settings.

While we can’t be sure how that number looks for Telegram specifically, we also have to assume that most people are not as privacy- and security-minded as we’d all like. Telegram has at least 500 million active users now, and its end-to-end encrypted messages feature, called Secret Chat, is most likely glossed over by most of its users. 

Signal and Telegram’s history of vulnerabilities

There are of course many good reasons why people should be abandoning WhatsApp for more secure messaging apps. One of those reasons is that WhatsApp has had many more critical vulnerabilities than either Signal or Telegram. 

For example, there’s the time when attackers were able to install Israeli spyware on a target’s phone by simply calling them through WhatsApp. 

While not as bad, Signal has had its fair share of problems too: it was victim to a rather complex attack where someone could listen in on your surroundings by making a sort of ghost call – calling you through Signal and then pressing mute without the call being seen, to eavesdrop on your conversations.

Telegram for its part had a vulnerability where attackers could replace audio and image files sent on its platform.

And that’s not to mention access to these apps for the government which, depending on where you are in the world, could be a problem. In Hong Kong, a Telegram bug was reportedly exploited by the Chinese government to leak users’ phone numbers. German researchers also discovered that WhatsApp, Signal and Telegram were exposing users’ personal data via contact discovery.

But let’s be level-headed here: every single app or program or website you’re using will have its vulnerabilities or bugs, and that’s an inescapable fact. 

However, the major takeaway here is this:

  1. Signal and Telegram, as alternatives to WhatsApp, will both have various vulnerabilities
  2. If you have end-to-end encryption, those vulnerabilities can be mitigated
  3. All else being equal, because most people are likely to keep the default settings, most people will be better off with Signal
  4. Signal has secure (end-to-end encrypted) group chats, and Telegram doesn’t

Of course, if you’re more of a Telegram person than a Signal person, this is easily fixable: use only Secret Chats on Telegram (but give up on having secure group chats).

On iOS, simply open the profile of the user you want to contact. Tap on ‘…’, then “Start Secret Chat.” For Android, you should tap on the pencil icon on the bottom right, then select “Secret chat.” Unfortunately, you’ll have to do this on a conversation-by-conversation basis. 

Share1837TweetShareShare
Comments 9
  1. Barbara N. says:
    3 months ago

    I believe Telegram is the most restrictive speech app against conservatives I have ever seen. I watched 3 conservative channels disappear before my very eyes. Yet, people posted lists of antifa’s. I’m staying away.

    Reply
    • ASX says:
      2 months ago

      Another good reason to only use messengers with end-to-end encryption, and no one monitoring you. If Iwanted to be censored, I’d use Facebook….

      Reply
  2. Danny says:
    3 months ago

    As an user in China where internet is controlled strictly, I am very satisfied with Telegram because you can add friends by username instead of phone number, and the Proxy feature is really useful which can help you to use it instead of using VPN.
    (My opinion is not very relevant to your article, but I just want to share it. If in the West, Signal App is indeed better. You can evade the information collection of Big Tech.)

    Reply
  3. Kieran Lee says:
    3 months ago

    I’d only bother with secret chats if it was something that I could get in big trouble for being caught sending. Arrested trouble rather than angry wife trouble. So just use secret chats for those conversations you have with your drug dealer or terrorist network.

    Reply
    • Thomas N says:
      3 months ago

      With that argument you’re back at “why change anything, let’s just use Facebook Messenger”

      Reply
    • Gabriel says:
      3 months ago

      You don’t know how seemingly harmless chatter could be used against you.

      Reply
    • ASX says:
      2 months ago

      You may not be target to law, but you are to criminals. And since Telegram stores your chat history, when (not IF, but WHEN) they servers were compromised, they will have lots of information to use against you. Not to mention Telegram don’t come with PIN and 2 factor authentication turned on by default, so a compromised device can grant access to your account very easily, and then again, the attacker can retrieve all your stored info and history (happpend several times before, and still happen everyday). None of these are issues with Signal. Finally, the default privacy settings of Telegram are a (bad taste) joke, showing everything to everyone.

      Reply
  4. DR KIERAN JASON LEE says:
    3 months ago

    What makes you say Telegram is not end-to-end secure by default? Are you talking about secret vs non secret messages? Both are end to end secure, just the latter is also stored in the cloud.

    Reply
    • Thomas N says:
      3 months ago

      I’m sorry to say, but you’ve been misled. Telegram chats are not end-to-end encrypted by default and is no more secure than Facebook messenger, Slack or Discord. Telegram is of course convenient due to having messages logged on the server, which is why people like it. Combined with the really large group support, it’s easy to see why people like it.

      Telegram has always been super misleading about encryption and security, but once you find the right FAQ they admit it https://core.telegram.org/techfaq#q-how-does-end-to-end-encryption-work-in-mtproto

      This unfortunate, sleazy tendency to miscommunicate core functionality is reason enough not to trust Telegram.

      Telegram secret chats are nonsense compared to what Signal (or WhatsApp) offer by default. Telegram secret chats are one-to-one only, and have no support for desktop. Everything Signal does is Secret https://tsf.telegram.org/manuals/e2ee-simple

      Anyone who understands software usability gets that Secret Chats will go unused when they matter the most. This is hostility towards users, since vulnerable populations, like Iranian opposition that relies on Telegram.

      Reply
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
5

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.