If you’ve been living under a rock recently, you may have missed that WhatsApp are forcing their users to agree to sharing data with Facebook. This has led to droves of people leaving the platform, myself included. But what now?
To say that I’m not a fan of Facebook would be an understatement. In my opinion, Facebook is a cancer on the internet and since Facebook bought WhatsApp a few years ago, I really haven’t been comfortable with using it. But I felt compelled to continue using WhatsApp as it’s so widely used over here in the UK. The FOMO was real, folks!
Receiving the fateful popup a week or so ago telling me I had to agree to share my data with Facebook, or stop using WhatsApp was the kick I needed to get off the platform. I deleted my account the same day.
But Kev, you idiot, WhatsApp has always shared data with Facebook.— Internet peeps everywhere
While the above statement is true, it was previously optional and way back when, I declined to share my data with Facebook (go young version of me!) so I hoped that my data wasn’t shared – lets’ be honest though, it probably was.
Anyway, at this point I knew my data would definitely be shared with Zuck the crook, so I dropped WhatsApp quicker than a student running to the toilet after a dodgy curry.
So what now?
Prior to deleting my WhatsApp account, I blasted all of the people I felt worthy to be graced with a message from me, to inform them that I would be leaving the platform following this abhorrent invasion of privacy.
Two people replied. TWO!
That just shows how much most people care about their privacy. Either that or people just don’t like me. Nooo, can’t be that. Impossible!
Anyway, I already used Signal for messaging most of the time, so ditching WhatsApp wouldn’t be too much of a problem, I thought. And it wasn’t. Since my initial exit from WhatsApp, I’ve seen the familiar is now on Signal! Appear on my phone numerous times, which is nice to see. And I’m happy to report that my Mum joined Signal too! That just shows how easy Signal is to get going with.
Hell yeah! GO MUM!
…and then there was Telegram
The mass exodus from WhatsApp seemed to be split between Signal and Telegram, so I decided to join Telegram too. I’ve had a Telegram account in the past, but never really used it. To me it seems that Telegram is more of a group chat/social platform than a personal messaging app. That’s probably just me though.
Anyway, I signed up and chatted to a few friends on there, and life was oh so good. But then, dear reader, then there was a revelation in casa Quirk. I started hearing reports that Telegram isn’t actually that private, since there is no end to end encryption (E2EE) by default in 1:1 chats and group chats don’t support E2EE at all.
I had to go do some digging to find out if this was true. Off I went, out into the Internet wilderness on a fact finding mission; I quickly found this post on Wired, which in turned linked to this most excellent post on Hacker Noon by Raphael Mimoun. It’s bloody true!
The fact is that by default Telegram has E2EE turned off on 1:1 to chats, but E2EE can be turned on. However, the same is not true for group chats. If you want an end to end encrypted group chat, forget about Telegram.
Now, to be clear here, Telegram chats are encrypted, but they’re not end to end encrypted. Which means all non-E2EE communications can be parsed by Telegram. WhatsApp and Signal are both E2EE for all chats, so to me this means that WhatsApp is actually more private than Telegram.
💩💩 Double shit!
Here are a couple of
rubbish expertly crafted diagrams to show you the differences between Telegram’s default (non-E2EE ❌) communications, and Signal’s default (E2EE ✅) communications:
What should you use?
Needless to say, I dropped Telegram pretty darn quickly too. All this begs the question of what to use now? Well, the short answer is whatever makes sense to you.
This is all a personal choice – some people are happy to use WhatsApp because the benefits they get from it outweigh the privacy implications…or they just don’t give a toss about the privacy implications.
Same thing for Telegram – all your messages are encrypted up to the point that they hit the Telegram servers. If you’re comfortable either trusting Telegram with this data, or enabling E2EE for all 1:1 chats manually, then have at it – use Telegram.
Side note: I think Telegram is good for larger community chat rooms, but I’d consider this public information anyway, so wouldn’t be concerned about a lack of E2EE here. This is not the case for smaller, private group chats, however.
For me personally, the only messenger app I now use is Signal. It’s as easy to get going with as WhatApp, and is truly private. The only data Signal holds about its users are the date the account was created and the date the user was last active. That’s literally it.
Signal published a subpoena they were issued, along with their response. That really is the only data they have on their users, which gives me the warm and fuzzies. 🤗
Top job, Signal. 👍
If you’re at all interested in protecting your personal privacy, I’d recommend doing some research into this stuff and making your own decision. There’s no right or wrong answer here (in my opinion), it’s about what you’re prepared to put up with as an individual.
If you do want to read some more, here are some links I found useful:
- Thinking About What You Need In A Secure Messenger (the EFF)
- Insecure by Design: As Millions Flock to Telegram, 7 Reasons to Question the App’s Privacy Claims (Hacker Noon)
- Fleeing WhatsApp for Better Privacy? Don’t Turn to Telegram (Wired)
- Operation Telegram (GrugQ)
- Signal’s website
- Telegram’s website
There are tonnes of messenger services out there in the wilds of tech land, all of which have varying levels of privacy, security and ease of use baked in.
There are self-hosted solutions, peer-to-peer solutions and everything in between. Personally I want something that’s as simple to use as WhatsApp, is stable, secure and private. That’s why I would recommend Signal as a privacy respecting, secure messenger service.
But Kev, you idiot, Signal’s network is hosted with the big tech giants. THEY CAN’T BE TRUSTED!— Nerds everywhere
While this is true, I’m happy with that compromise. Remember, this is all about personal choice and what your limit is for protecting your privacy. Since Signal is E2EE — remember those incredible diagrams above (how can you forget them) — it doesn’t matter that the traffic traverses Amazon, Google, or any other big tech company. They can’t do anything with the data as it’s just encrypted blobs. It’s no different than visiting a public website that’s hosted with these services.
Therefore, this is a risk I’m willing to take; as, in my opinion, it’s very low risk.
Whatever you think – Signal, Telegram, WhatsApp, plain old SMS or bloody carrier pigeon; you have to admit, this is all very interesting and I think we’re right at the start of a much bigger beast in terms of online services like these, and our privacy/security.
This is post number 11 in my 2021 100 Days To Offload challenge.