Originally published on my blog, and will soon by removed from Medium.
When we think of communicating with someone today, we mostly think of sending them a text message or a voice note on WhatsApp. And some other people who are least bothered about their privacy online, think of Facebook Messenger. But not all these users know what’s happening with the messages they exchange on these platforms. Let’s take a look at that.
Before we start, let me admit, I am by no means an expert on security and privacy online. But I have done enough research for the last couple of years, which made me switch to Firefox and DuckDuckGo (with a lot of customized preferences on both), from Google’s Chrome browser and search. I’ve made a lot of other such switches in my digital life. So not all that I write here is bullshit.
My concern about WhatsApp was first raised when Facebook acquired the messaging platform, for loads and loads of money, the kind of money that was never heard of before in the tech space. A lot of people wondered why would a company such as Facebook pay so much money to acquire a company such as WhatsApp, which had absolutely no way of making money, yet. The (not so and subtly) obviously answer was, WhatsApp had collected a lot of user data, and that’s precious to the Gollum that is Facebook.
I didn’t worry much about this at the time. But then, a few months after this, I met an acquaintance and we exchanged numbers for some reason. She texted me a couple of times to ask me something about the company where I was working at the time, as she was interested in an open position at the company. Two to three days after her first WhatsApp message to me, I got her Facebook profile as a suggestion. This was spooky to me, because Facebook and WhatsApp had stated that Facebook will not be using WhatsApp’s data in any way. That was obviously a lie. And that was the fine day I deactivated my Facebook profile, I haven’t logged in since. It’s been about three years. I still continue to use WhatsApp on a daily basis, only because almost nobody in my contacts list uses any other messaging service, except Facebook Messenger of course.
Today, we know that there’s a separate WhatsApp app for businesses. And now there are also reports that WhatsApp will soon start showing ads in users’ statuses, and in other places within the app ([3 BBC]). What this means is that WhatsApp and Facebook will start tracking everything you do on your phone to tailor ads to you. They will see your contacts list (which they already are, actually). This is a clear betrayal, for many users. But for some of us who are (kind of ) paranoid about security and privacy online, this was an obvious next step after Facebook’s acquisition of WhatsApp.
So what should you do?
I’m glad you asked. There are a few (very good) alternatives to WhatsApp and Facebook Messenger. I actually suggest that you completely ditch Facebook, it brings bliss to your life. Anyway, you should be looking at two alternatives to WhatsApp — Signal and Telegram. You can check out reviews and comparisons of these services, just Google (or DuckDuckGo) it and you’ll get a lot of interesting results. I decided to write this post as a collation of most reviews I’ve read myself, and some information I got from the websites of both Signal and Telegram.
Signal is a completely open source, free, secure, and private instant messaging platform, just like WhatsApp (apart from the fact that it’s open, secure, and private). Signal has apps for Android, iOS, and your desktop as well (an in-browser app). Like any other modern instant messaging service, Signal supports text, images, videos, voice and video calls, and documents. And just like any other messaging platform today, it supports group messaging.
The most important thing to note here is, there’s end-to-end encryption for both text and voice messages. Signal, or anybody else, can’t see what’s in your messages. And Signal promises to keep it that way.
There’s a feature where you can configure certain messages or threads to destroy themselves after a set interval of time. So if you think that a message should be in your recipient’s inbox for only five minutes, you can make that happen, and the message will be automatically deleted after five minutes. There’s nothing the recipient can do about it, or stop it from happening.
One more awesome feature, at least to me, is something called as Screen Security. You can go to your privacy settings and enable Screen Security, which will essentially block other apps on your phone, or yourself, from taking screenshots of your chats on Signal. This way, you can be sure that even if there’s an app which is keeping tabs on your activities on your phone, it can’t capture what’s happening inside your Signal app.
Each time you call somebody on Signal, some really cool magic happens behind the scene. The two phones talk to each other and come up with a secret code that nobody else could know, even if they’re monitoring the internet traffic and intercepting all the messages being exchanged. The apps then convert this secret code into two words. These two words will be shown on the displays of both the phones. You can tell each other these two words and make sure they’re the same. If not, then something is wrong with the encryption. You drop the call, switch to a different internet network, and try again.
The common practice here is, when you answer the call, you say the first word out to the caller. Then the caller verifies that it’s the same word on their phone, if not, drop the call. If it’s the same word, the caller will speak out the second word. Now you verify if it’s the same on your phone. If it is, nothing to worry, carry on with the conversation. If not, as already said, drop the call, switch networks, and try again.
Signal also promises that there won’t be any ads, at least for now. WhatsApp had similar promises in the beginning, but that changed after Facebook acquired it. For the foreseeable future, that might not happen with Signal, because it is an open source project. It’s very difficult to monetize an open source project with ads.
So, in a nutshell, Signal is an awesome option for an instance messaging service if you’re concerned about your security and privacy, which you should be. Now, let’s take a look at Telegram.
Telegram is similar to Signal in a lot of ways. It’s APIs and protocol are open sourced, but the core part of Telegram, the server-side services, aren’t. This could potentially be a privacy concern. We’ll talk about this later.
Telegram has apps for almost all your devices, Android, iOS, web, Windows Phone, Mac, PC, and even Linux. So no matter what device or desktop environment you use, you’re covered. Similar to Signal, messages on Telegram are encrypted end-to-end. And the service also claims that:
Telegram delivers messages faster than any other application.
The service’s servers are spread across the globe, which means that the messages could, in theory, be delivered to the recipients faster, as the actual physical distance from the mobile device to the server could be less compared to other services.
One feature which sets Telegram apart from other instant messaging services is that Telegram has no limit for the size of file you can share on the service (edit: according to one comment to this post, there is actually a limit for the file size, and it’s 1.5GB, which is a lot if you ask me). So, for instance, you could share a file which is several GBs in size with your peers on the service. WhatsApp and Signal (as far as I know) don’t have this feature, they both set a limit on the file size.
Telegram will be attractive for another genre of users as well, those who want to have loads of people in a single group. This is because Telegram allows for up to 100000 people in a single group, and that’s a huge number.
Similar to Signal, telegram also features messages that self-destruct after a set amount of time. This means you can easily send messages to people that wouldn’t be available after a certain amount of time.
Now, earlier, I mentioned that Telegram also features end-to-end encryption. While this is true, it should be mentioned that this isn’t available by default and for all messages. There’s something called a Secret Chat, and unless you start your conversation in this mode, your messages aren’t actually completely encrypted. So you should keep this in mind.
One more thing to keep in mind is, as I already mentioned, the back-end services of Telegram aren’t open sourced. So we can’t really tell what’s happening to our messages once they reach Telegram’s servers. Its also true that we can’t assume the messages are stored in plain text on their servers, but there is a possibility that Telegram, if need be, can actually go through our messages.
I’m not saying that you shouldn’t trust Telegram. For now, there’s no issue with Telegram and there’s no reason to believe that they’re lying to us. They are a non-profit after all, and I don’t see why they have to lie to us, for now. So let me reiterate, I don’t mean that you shouldn’t trust Telegram, you sure can do. But facts are facts, and their back-end is closed.
To be frank, there’s nothing you can trust on the internet. To be a 100% sure that nobody’s going through your data and that it’s 100% secure, you’ll have to go through each line of source code in all the clients and services of these instant messaging services, download the source code, compile and build it yourself, and use those executable files on your devices. Almost nobody does that (a few people do). So, the only thing we can actually do is go through the terms and conditions, FAQs, and other literature we have of these services, and make an informed decision as to which service we should be using. I urge all you guys to have a look at Signal and Telegram as alternatives to WhatsApp and especially Facebook Messenger.
I’m no security expert, and I might have gotten some facts wrong here. If you find any such issues with this post, please enlighten me in the comments and I shall correct my knowledge and this post.
Follow me on Twitter for more Data Science, Machine Learning, and general tech updates. Also, you can follow my personal blog as I post a lot of my tutorials, how-to posts, and machine learning goodness there before Medium.