Why you should switch from WhatsApp to Signal or Telegram
Signal offers a lot more when it comes to privacy.
1. WhatsApp Doesn’t Encrypt Metadata
Similarly, in the context of messaging, metadata means the data about the actual text message which may include the sender’s phone number, recipient’s phone number, date, and time of the message. At first glance, it’s easy to discard messages metadata as it might seem trivial. But make no mistake. Using metadata, researchers can create a network that describes with whom and when the individual communicates. For instance, back in 2013, Microsoft’s research team published a paper, which described a system to discern your age, gender, sexuality solely on the basis of things you liked on Facebook. Pretty creepy, right?
Similarly, while WhatsApp cannot read your actual message, it can hand over the metadata of the message to comply with the laws. The law authorities may analyze this data to find out the date, time, and all the people you’ve been in contact with. Signal, the good-guy takes pride in acknowledging that it encrypts this metadata, so when the time comes, it virtually has nothing substantial to hand over.
2. WhatsApp Lacks In-app Encryption
WhatsApp enabled end-to-end encryption for the messages that go through the internet but missed a basic functionality — no encryption for the messages stored on your phone. So what good is encryption for messages over the network if somebody happens to steal your device without a passcode? They can obviously go through all your messages.
To combat this, Signal encourages you to set-up a passphrase of your own. Then, all text messages in Signal are encrypted with your passphrase before being stored locally. You can also choose to lock Signal automatically after a certain amount of time.
3. WhatsApp’s Online Backups Are Unencrypted
Backing up your WhatsApp messages to your Google Drive can come very handy. After all, there’s no telling when your phone could fail you or even worse, get stolen. Restoring messages from Google Drive could prove as a lifesaver in those situations. Unfortunately, storing your data in the cloud poses an even bigger risk when it comes to security. As backup data is stored in Google Drive, your Google credentials are the single layer of security here. Don’t trust me? See this screenshot from WhatsApp settings, which clearly says that messages you backup are not protected by end-to-end encryption while in Google Drive:
If God forbid, your Gmail gets hacked, or if Google has to comply with a warrant, remember all your conversations are going to be exposed. But that is not all. Even if you have online backups disabled, but the other party you’re conversing with has it enabled, you’re going down, too. You know the time when you’ve to suffer for other’s faults? Yes, this is one such moment.
Signal solves this problem well, not providing a fully-featured backup option. It only includes a simple manual backup/restore to the plain text option if you need it.
This may not be the most convenient option, but in the end, it all boils down to one single thing: features vs security. And Signal does what it does best — focusing on security.
4. WhatsApp is Proprietary (And Owned by Facebook!)
End-to-end encryption provides only one side of the story. For the complete picture, it’s necessary to understand how the encryption has been integrated. With closed source apps like WhatsApp, it’s next to impossible to review the code and see how well the encryption has been integrated. On the other hand, Signal’s codebase is open source and can be analyzed by researchers to find if security measures are enforced properly.
Furthermore, Facebook owns WhatsApp, and Facebook’s business model is based on advertising. Remember, how in August WhatsApp declared that they’ll be sharing some of your data with their parent company Facebook. Primarily, it shared your phone number to offer better friend suggestions and of course, more relevant ads! Even if you opted out during the 30 day period it still shared some data with Facebook.
In contrast, Open Whisper Systems is a non-profit community of volunteers, as well as a small team of dedicated grant-funded developer
5. Signal has Better Security-focused Settings
I’d also like to point out two little security-focused settings that Signal has. The first one is “Disappearing messages“, which stays true to its name and lets you send self-destructing messages. You have the option to send messages, which self-destruct after 5 seconds to all the way up to a week.
The second one is “Screen security“, which prevents anyone from taking a screenshot of your conversation. Obviously, it is not fool-proof as someone could always take a picture from another phone.
Also, your conversation does not show a preview in the Signal window, when you hit the recent/multitask button on Android. Refer the below picture for a better understanding.
Although these two are not headline-grabbing features, little details like these are why I’m inclined towards Signal.
Exactly How Secure is Signal?
Signal provides top-grade encryption, the reason why even NSA whistleblower Edward Snowden recommends using it. If you really want to know what data Signal can share about you, if the time comes, it’s this: the time of your Signal account creation and the date of last connection to Signal’s servers, that too with reduced precision to a day. That’s pretty much it. No, really. Not even metadata, let alone actual message content. For reference, Signal was subpoenaed recently, and here’s the information they disclosed.