1. 11

In the last few days I have been asked by many non-crypto friends “to recommend a secure messaging app alternative to WhatsApp”. This report contains my answer.

The Contenders. When discussing secure messaging apps, two of them come immediately to mind: Signal and Telegram. Therefore, I decided to lay down as clearly as possible the reasons why one gives higher securityguarantees than the other.

Disclaimer. Both Signal and Telegram care about security. Their teams are a collection of extremely smart people,and they do their best to protect their users. What sets them apart is their approach to security, and this is what I will analyze in this report. Neither protocol has been broken (yet), and as of the writing of this report I have never being in contact with any of the companies mentioned here.

TL;DR: Signal gives stronger security guarantees than Telegram.If you want to prioritize security, use Signal. If you really like cool stickers, ginormous groups (100 000 of users!),and are willing to trust the guys at Telegram (they are not Facebook after all), go for Telegram.Either choice gives you better security guarantees than WhatsApp, If you are looking of a summary of my points, read the Conclusions section.

  1. 7

    WhatsApp end-to-end encrypts all chats, by default, using the Signal protocol; Telegram only supports optional encryption of 1:1 messages with a more questionable protocol.

    Either choice gives you better security guarantees than WhatsApp ,

    It’s totally fine to dislike Facebook or to want an open source client. I may have different priors than the author, and for my part I trust Telegram, as a company, less than I trust Facebook with my data. But I’d have to think WhatsApp is flatly lying about it use of the Signal protocol to consider my conversations on Telegram more private than those on WhatsApp.

    Ultimately, though, I agree with the author that Signal is the best choice out of the three.

    1. 4

      Just IMHO: this is not really well suited for the target audience, I suspect. Usually, when we say “non-crypto” people, we are referring to people not working in actual crypto (algorithms, implementation), but that understand the basics, like how public key encryption works at a high level, etc (most software engs, for instance). This write up has nothing new for them.

      If by “non-crypto” it is meant “non-techie” people, this is also not very useful. The majority of people using WhatsApp that isn’t a “techie” doesn’t even know what a “server” or a “client” is (not a criticism, just a fact).