Whatsapp's new privacy policy has triggered a debate among masses about its alternatives from Privacy/Security standpoint. Clearly, @telegram & @signalapp are popular candidates leading to Q's on which one being more secure. Lets discuss key security differences in this thread
Secure by default: Both, Signal and Telegram support End to end encryption (E2E), however, the Signal has E2E is enabled by default, where-as in the case of Telegram a secret chat has to be initiated to enable E2E on the conversation to conversation basis
Data Storage: Telegram chats are stored on cloud unless secret chat is enabled. This means the encryption keys are stored on the server and technically telegram can decrypt conversations. Signal stores messages in a local SQLite database.
Metadata collection: Telegram collects info such as IP addresses, device details, history of username changes etc. Signal only collects timestamp of account creation and last-time when the user connected to the signal server that was too limited to the day instead of hrs/sec.
Contact Discovery: To discover Social graph, Telegram uploads the entire address book on it's cloud servers. Signal does not learn about address book by running their contact discovery service under secure enclave on a signal server.
Source Code: Source code for both Signal applications and servers are open-source for anyone to examine, Telegram's client is open source, however it's server side is still closed source till date.
Crypto: Signal protocol is built on well known, tried and tested security standards. The protocol has gone under extensive scrutiny by prominent crypto experts. Telegram's MTproto has been widely criticized for non-standard custom designed using a non-standard crypto protocol.
Clearly, Telegram is less secure than both Signal and Whatsapp, where security and privacy are paramount Signal should be used. Detailed explanation on key differences can be found on my blog post here - rafaybaloch.com/2021/01/signal… CC @Snowden#SignalApp#Telegram
• • •
Missing some Tweet in this thread? You can try to
force a refresh