Reading time: 9
minutes
Introduction
Many of us need a
secure means of communication for work and socializing. Uses may include making
voice calls, sending text messages, or sharing images. Knowing that content
messages will remain private and not subject to abuse can be important for many
reasons.
Coincidentally,
many of us use social networking services to broadcast to the world or see what
others are doing. We accept that the price for this convenience is the sharing
of data that may profile us for targeted advertising.
The problem comes
when these two separate services overlap. For example, secure messaging
services and social networking services should ideally not share information.
The acquisition of the popular messaging service WhatsApp by the social network
Facebook is an example of this. The data sharing between WhatsApp and its
parent Facebook (now confusingly Meta), announced in early 2021, has WhatsApp
users looking for alternatives.
This article will
take a close look at the two leading alternative secure messaging services,
Signal vs. Telegram. The goal is to allow you to make informed decisions about
the best WhatsApp alternative for you.
Background
Signal
Signal began life
in 2014 as the first free iOS app for end-to-end encrypted voice calls.
US-based non-profit Open Whisper Systems now runs the service created by the
app's original creators. It is a reliable and stable platform with full
transparency thanks to its open source approach.
The only
significant problems occurred in January 2021, after WhatsApp's policy change
announcement, when a wave of new users temporarily overwhelmed the company's
systems. About 7.5 million users joined in one week during this period.
Telegram
Telegram started
life a year earlier in Russia in 2013 when the Telegram messaging service
launched. Since its inception, it has moved several times to Berlin, London,
Singapore and now has a base in Dubai. Each move was in response to changes in
governing regulations in each country. It is officially registered as a US
corporation, but has no official offices.
Telegram has also
recently expanded its user base, reporting that around 25 million new users
joined in three days in January 2021.
Telegram
publishes some of its services as open source, but the server-based centralized
control software is closed source and private. This lack of transparency
hinders independent monitoring of the robustness of the implemented security.
Message options
Review
For simple
messaging, there's not much to choose about Signal vs Telegram. Both can share
audio messages, images, videos, files, contacts and location information with
individuals or groups. The critical difference is that Signal protects all
messages with encryption, while Telegram only protects messages that use a
special "secret chat" option.
Signal stores the
messages on the sender's and recipient's devices. However, there are options to
duplicate messages using a Chrome browser extension to have an alternative
access method from any device that supports the Chrome browser.
Signal also has
the ability to back up messages to a secure cloud service and has a backup
option to keep chat lists manageable.
By default,
Telegram stores its unencrypted messages on a central server managed by the
service provider. Therefore, users with multiple devices can access all their
unencrypted messages from any device, even by accessing a website. However, a
Telegram user must stick to one device to access the secure "secret
chat" messages.
Main differences
Signal allows
voice and video calls to up to five recipients, while Telegram will allow calls
to large groups.
Signal limits
group chats to 1,000 users, while Telegram allows a whopping 200,000 users.
Telegram includes
a channel feature for broadcasting messages to recipients who can receive but
not reply to messages. The audience for this message channel can be open to the
public or limited to invited group members.
Signal limits
file transfers to a maximum size of 100 megabytes, while Telegram allows two
gigabytes.
File storage for
Signal users is dependent on available free memory on their device. For
Telegram users, the service stores files on the central servers, which in mo mints offer
unlimited storage for an indefinite period of time.
Telegram supports
the use of bots to automate conversations, but at the expense of reduced
protection of user privacy. In contrast, Signal does not allow the use of bots.
This is a critical differentiator for businesses looking for a bot-based
messaging service when looking at Telegram versus WhatsApp or Signal.
Users can enable
Signal to be the default app for all text messages, while this feature is not
available for Telegram users. However, it should be noted that if you use
Signal to manage all SMS messages on the device, other messaging apps will no
longer have access.
Protecting the privacy of messages
Review
The main reason
for using apps like WhatsApp, Signal or Telegram is the privacy of messages.
Here, Signal has the upper hand.
Signal implements
full end-to-end encryption and offers the self-destruct option for all
messages. These options apply to both individual messages and groups. In
contrast, Telegram only offers these critical "secret chat" messaging
features with individuals.
But what do these
terms mean? Let's take a closer look.
Encryption
Encryption is a
method of securely encoding (encrypting) data so that anyone who does not have
the key to decode (decrypt) the message cannot understand it. There are various
mathematically based techniques for performing the encryption and decryption
operations. The security of the message depends on several factors:
The strength of
the encryption/decryption algorithm prevents anyone without a key from cracking
the code and reading the message;
The complexity of
the key prevents anyone from guessing the key or using the brute-force method,
trying every possible key to find the right one;
The integrity of
the key sharing mechanism between sender and receivers prevents someone else
from stealing the key.
No encryption is
perfect, and researchers often find loopholes in the algorithms that make it
possible to crack codes. Computers are getting more powerful, allowing them to
try more keys in a reasonable amount of time. However, using one of the latest
algorithms with a long enough key length makes the chances of cracking the code
from the world's best supercomputers remote enough to be safe.
End-to-end encryption
End-to-end
encryption means that the sender's device encrypts the message and the
recipient's device decrypts it. It doesn't matter what route the message takes
between the two devices, or whether the copies are in temporary locations along
the way. Encryption protects the content of messages between the two devices.
In contrast, some
secure messaging systems use encryption, but not end-to-end encryption. For
example, some service providers transmit the message in plain text from the
sender's device to their computer systems. Only then do they encrypt the
message and send it to the recipient. Anyone who hacks the messaging service
provider or a rogue employee can see the original message in this example.
Protocols
Signal uses its
own signaling protocol developed by Open Whisper Systems in 2013. The algorithm
is available as open source code, meaning it is free for anyone to use. More
importantly, anyone can see its performance and check for weaknesses. By the
way, WhatsApp uses this encryption protocol.
The protocol also
hides the identity of the sender from the systems through which the message
passes. In this way, anyone monitoring the flow of encrypted messages can see
where the messages are going, but not where their source is.
Telegram uses its
own MTProto protocol, with the release of this latest version in 2017. The
previous iteration of this protocol contained significant flaws that offered
low levels of security, but this latest version is significantly more stable.
However, it is still less secure than the Signals protocol.
A crucial feature
of the signaling protocol is forward secrecy, which means that even after an
encryption key is compromised, the confidentiality of future messages is still
safe. The most common method for attackers to steal keys is to install malware
on the sender's device. Therefore, anyone who steals a key will have access to
old messages, but not new messages.
Self-destruct messages
Simply put, a
self-destructing message will automatically delete itself from the sender's
device after a configurable period of time after sending the message.
Alternatively, the message may automatically delete from recipients' devices a
configurable period of time after the message has been read.
Personal privacy
A major
consideration with any messaging service is how This information is collected and shared
by the service provider. Unfortunately, this is where WhatsApp fell apart.
Signal collects
and stores the phone number of the device accessing the messages;
Telegram collects
and stores the phone number, along with the contacts and IP address of the
device.
These compare
favorably to WhatsApp's collection of detailed device information and
behavioral data, including location tracking, purchase information, payment
details and other details useful in creating a detailed user profile for
advertisers.
Signal also has
built-in features that help protect user privacy. An incognito keyboard option
prevents the content of the message from ending up in a local dictionary on the
sender's device. The sealed message option hides the sender's device details
from the recipient, such as their IP address.
Signal offers
absolute privacy, while Telegram is more limited. Telegram's privacy is less
strict, as their servers store copies of all unencrypted messages and a copy of
each user's address book. Telegram also c ollects details about the IP address,
recipients and timestamp of each message. In contrast, Signal only collects and
stores the date of the last connection to its service. In comparison between
Signal and WhatsApp, this difference is huge.
This limited
collection of personal data is essential due to the location of the Signal
service in the United States. Here, government and law enforcement agencies may
request user data under rules that prohibit the service from informing users of
the request.
Telegram tries to
make it harder to access information from secret chats by storing the
encryption keys in a different geographic location than the message data. The
result is that accessing these encrypted messages requires the cooperation of
government or law enforcement agencies in the two different jurisdictions.
Device support
Both Signal and
Telegram support the most popular platforms, including Windows, Linux, macOS,
iOS, and Android. Both also use a Chrome browser extension for web-based
access.
Telegram also
supports Windows phones and has a website access portal for universal access to
the unencrypted messages stored on its servers.
It is important
to note that Telegram's "secret chat" option is only available
through the mobile apps and is therefore not available when using the desktop
client or accessing via a web browser.
One major
difference is that the Signal service depends on Google's notification
services. In practice, this only affects devices with custom Android operating
systems.
Usability
Both Signal and
Telegram are easy to install and anonymous account configuration is possible if
needed.
Telegram has more
options for configuring the user experience, such as themes and colors,
although Signal also has similar but more basic options. This simplicity makes
Signal easier to set up and use.
Telegram is more
focused on social media messaging and broadcasting, unlike Signal's secure
messaging.
Telegram supports
sending uncompressed images, a key factor and what makes Telegram better than
WhatsApp and Signal for sharing photos. However, Signal has a useful built-in
face blur feature to use when messaging photos.
An important
consideration is that Signal aims for a global audience, bypassing censorship
controls by using a proxy connection option wherever the service is
geo-blocked.
Both services
operate on a non-commercial basis, so support relies on online help and
volunteers to address specific issues.
It should be
noted that Telegram does not support visually impaired users, while Signal has
the distinction of currently being the only app that offers blind users a
secure messaging service.
Conclusion
The answer to the
Signal vs. Telegram question may come down to whether you value privacy over
functionality. If privacy is the critical factor, then Signal has huge advantages
over Telegram.
Still, the main
influence will be what app your contacts use. It can be difficult to convince
your friends and family to switch to another app if they are using an
alternative. However, the significant differences between the options may be
enough to convince them.
About the Author:
Stephen Mash is a contributor to HP Tech Takes. Stephen is a UK-based freelance
technology writer with expertise in cyber security and risk management.
Няма коментари:
Публикуване на коментар