Wanna Shift, I advised Facebook Messenger users to switch to its stablemate WhatsApp. The security differences between the two are night and day
Wanna Shift, You really don’t want to be using anything but a fully secured messenger these days. For the same reason, I have also advised users of any SMS messengers—including iMessage and Google Messages—to avoid SMS wherever possible.
The obvious alternative, again, is WhatsApp. The world’s leading messenger is end-to-end encrypted with many new features on the way. I readily recommended it as an alternative to messengers that are not end-to-end encrypted by default. But WhatsApp is owned by Facebook—that’s its downside. Many WhatsApp users do not trust Facebook to secure their data and keep this platform ad-free and non-monetised.
If you’re among WhatsApp’s 2 billion users but want to change, to move away from Facebook, you’re in luck. The last few months have levelled the playing field as regards usability, and some other platforms are securing new users so quickly as to make it less unusual to make a switch. There are many, many options, but, in my view, only two you should choose from. They have their differences, but both hit the mark.
Wanna Shift, The first alternative—and in my opinion the best, is Signal. WhatsApp’s security is actually built around the Signal Protocol. Yes, that’s right, WhatsApp implemented an open-source version of a competitor’s technology. Signal used to be a somewhat painful compromise between security and usability. At every step, the app ensured it never risked the security of your messages to make the user experience more rewarding. Signal was a bit clunky—the UI was not quite right, and until recently iPhone users could not transfer their history when buying a new device.
There are still compromises. A raft of security settings that make the app seem far more complex for an everyday user than WhatsApp. These, though, are hidden away. You can work with the defaults. There are also no cloud backups. This isn’t guaranteed to be secure and so isn’t an option. When you change to a new Android or iPhone device, Signal has different methods to restore your messages. At no point does it let your data slip into the clutches of Apple or Google’s cloud.
That means two things—first, there is no way for your data to be compromised anywhere but on your phone. A little known weakness in WhatsApp’s security is that the default backup option is to the cloud (Apple’s or Google’s), without the protection of WhatsApp’s end-to-end encryption. According to Cyjax CISO Ian Thornton-Trump, whatever messenger you use, “security wise, do not store anything in iCloud.”
But that also means that if you lose your iPhone, you lose your messages. Android users will need to have copied a local backup file to offline storage and kept the 30-digit passphrase someplace safe to restore a new install. This isn’t the seamless WhatsApp experience. As I said, no security compromises.
All that said, Signal’s usability is now brilliant. Its multiple linked devices work like a charm—WhatsApp can learn from the Signal user experience here. You can find desktop (Windows, Mac and Linux) as well as iPad apps. No Android tablets or multiple smartphones as yet, though. You won’t get message history when you enable a new linked device, but as soon as you open the link, it receives all new messages. It’s seamless and significantly better than WhatsApp’s clunky desktop app.
If you do switch, you won’t be alone. Signal installs are soaring right now. It makes a point of not capturing metadata, it has no way of responding to law enforcement requests for data, and this came to prominence during the recent protests. Despite lawmaker crackdowns on encrypted messaging, EU Commission staff were told earlier this year to shift from WhatsApp to Signal, precisely because it’s seen as more secure and doesn’t risk any corporate compromises. Enough said.
Wanna Shift, Signal offers a WhatsApp-like experience without the spectre of Facebook lurking behind it. But—and it’s a big but, user numbers remain small. A few tens of millions, not hundreds of millions or even billions. And so you’ll need to use WhatsApp in parallel as you convince your contacts to make the switch.
The other WhatsApp alternative is the much more popular Telegram, with a fast-growing install base of around 400 million users. Telegram is the pirate of the messaging world. Established in Russia, it is now reportedly head-quartered in Dubai, albeit it remains tight-lipped on the whereabouts of its engineers and management.
Telegram’s big downside is that it’s not end-to-end encrypted by default, albeit it has a “secret” person-to-person chat option. Telegram has a server-based architecture, encrypting between end-devices and servers using its own security protocol. It says it’s different to WhatsApp, because this enables multiple-platform and device access.
Secret chats, which are end-to-end encrypted are limited to a single device on each side. Telegram has even better multi-platform options than Signal, but these have not been built to work with end-to-end encryption in the same way Signal has managed.
ESET cybersecurity guru Jake Moore warns users to take note of this difference. “All Signal chats are naturally end-to-end encrypted,” he says, “which to me is a must. I wouldn’t use a communication platform if it wasn’t set to promote privacy. Secret chats are available on Telegram on request, but I feel any messaging should default to end-to-end encryption these days without question.”
Wanna Shift, Telegram does not have the same transparent security as Signal, its server-based architecture and lack of end-to-end encryption introduces the potential for data compromise. But the platform prides itself on keeping content from the authorities, and until Signal’s recent growth, was the messenger choice of protesters worldwide.
Where Telegram is different to other messengers is its options for groups and channels. Groups can have as many as 200,000 members, while channels can have an unlimited number of subscribers. If you immediately assume this presents options for broadcasting to protest and dissident groups, or perhaps secretly pushing out radical or malicious messaging, then that’s exactly the claims that are made.
Telegram has its roots in Russia, and was designed to facilitate protected communications between citizens without fear of compromise from the authorities. Even so, there have been issues with the potential for vulnerabilities to enable security agencies to monitor such groups, to capture content or even identify members, but Telegram works quickly to patch these.
Two very different options. If you’re an everyday WhatsApp user and want a non-Facebook solution, then my advice would be to opt for Signal. But Telegram has a hugely loyal and fast-growing user base. It is independent and has built its platform around the security of its users. It remains the most popular choice for messaging inside authoritarian regimes. It’s a viable, albeit very different alternative.
Wanna Shift, According to Moore, “commonly used messaging apps like WhatsApp are popular because users can usually assume that their contact will also use it as their number one choice—Signal and Telegram are underrated because people still don’t tend to value their privacy and data security as high as convenience.”
The irony with WhatsApp is that Facebook has become the world’s biggest advocate for secure messaging, defending it against U.S. lawmakers who want to introduce backdoors to allow investigators access to user content. At the same time, Facebook has spent the last two years defending its own track record on user privacy and data security. It’s not surprising that when I recommend WhatsApp, a Facebook platform, it prompts plenty of reader responses telling me why that doesn’t work for them.
“WhatsApp is fine, as long as you’re not discussing sensitive information,” security adviser Sean Wright warns, echoed by his colleague Mike Thompson, who says that “if your risk profile is small, it doesn’t really matter. If you’re sharing state secrets, you don’t use WhatsApp.”
“The only way these security conscious apps would beat their competitors,” Moore says, “would be if the general public started to get behind the data security movement and create a tipping point. Only when you can assume all your contacts have the app will it become the norm for everyday users. Before this occurs, I fear Signal and Telegram will remain an underground messaging platform used only by security professionals and those who care about their data.”
Whichever way you go Signal, Telegram or sticking with WhatsApp, you can be confident that your messaging is safe and secure. The key advice here is to steer clear of unencrypted messengers. It doesn’t matter how trivial you think you chat might be, it’s always best to ensure you know who might be reading them.
This news was originally published at forbes.com