Amidst the recent Telegram news, I'm seeing a lotta different suggestions for "secure" messaging/communications apps. Here's the rundown:
π Use Signal.
Here's why:
#signal #telegram #whatsapp #privacy #security #cybersecurity #infosec #tech #facebook
1. Free to use. No need to pay to use it (though you should donate to it to help keep it running). No ads or unethical business practices.
2. Open source. Anyone can inspect the code to verify that it works as advertised. No need to "trust" that your data is safe, like other platforms say.
3. Non-profit. Can't be bought or sold.
4. Battle-tested. Court documents show Signal knows only 3 things about you: when the account was created, when the account was last active, and which phone number was used to register (which can even be a VoIP number). Not even your contacts are visible to Signal.
5. Usernames. No need to hand out your phone number if you don't want to.
6. Funded by Brian Acton, co-founder of WhatsApp. Acton funded $50 million to Signal to keep the mission of having a private and secure messaging platform after selling WhatsApp to Facebook.
7. Zuckerberg uses it. That's rightβZuckerberg knows better than anybody that Signal is actually secure. Which is actually how most of these platforms operate. The executives don't use their own products because they know how flawed they are (in terms of privacy, security, mental health, etc.).
In short: Signal is the golden standard when it comes to secure communications.
β Why *not* WhatsApp, Telegram, Facebook Messenger, etc.?
π« WhatsApp/Facebook Messenger:
Owned and operated by Facebook. Do we need to say anything else? Okay, here's something:
Despite explicitly claiming that no one can read your conversations because it's end-to-end encrypted (E2EE), this is false. WhatsApp has moderators.
This means that if someone flags a message, the messageβalong with previous messagesβare sent to Facebook's moderation team (in plaintext) regardless of whether flag was warranted or not. This means your communications aren't actually private or secure.
WhatsApp also requires you to upload all of your contacts to Facebook servers, something that Signal doesn't require you to do. And if you do, they're hashed in a way that makes it impossible for Signal to know your contacts at all.
π« Telegram:
Besides the fact that conversations aren't encrypted by default, here's the overarching issue: Telegram rolls its own cryptography.
The golden rule in cryptography is that you *never* roll your own encryption. Since Telegram does this, it means that we're once again left to "trust" that hopefully their encryption methods work. And since it's not open source, there's no way to verify what this looks like.
HiramFromTheChi π¨π½βπ»π