Advice Request The Secure Messaging App Conundrum: Signal vs. Telegram

[Gandalf_The_Grey]

In the last few days I have been asked by many non-crypto friends “to recommend a secure messaging app alternative to WhatsApp”. This report contains my answer ,

The Contenders

When discussing secure messaging apps, two of them come immediately to mind: Signal [5] and Telegram [11] 1 . Therefore, I decided to lay down as clearly as possible the reasons why one gives higher security guarantees than the other.

Disclaimer. Both Signal and Telegram care about security. Their teams are a collection of extremely smart people, and they do their best to protect their users. What sets them apart is their approach to security, and this is what I will analyze in this report. Neither protocol has been broken (yet), and as of the writing of this report I have never being in contact with any of the companies mentioned here.

TL;DR: Signal gives stronger security guarantees than Telegram. If you want to prioritize security, use Signal. If you really like cool stickers, ginormous groups (100 000 of users!), and are willing to trust the guys at Telegram (they are not Facebook after all), go for Telegram. Either choice gives you better security guarantees than WhatsApp , If you are looking of a summary of my points, read the Conclusions section.

Conclusions

Signal has a better security infrastructure than Telegram for three reasons:
1. Signal does not ask users to trust Signal, Telegram does (and this has strong implications on security).
2. Every communication in Signal is E2E encrypted, in Telegram groups cannot be. Even assuming that encryption does not make sense for public groups with thousands of members, the lack of E2E encryption for small groups seems unnecessarily problematic.
3. E2E encryption is on by default on Signal, and in fact it cannot be turned off. This is not the case for Telegram, and it is bad practice in security. The choice of the security settings should NOT be left to users: that is what experts are for.

Still, from a security standpoint either of them is a better choice than WhatsApp, because they are open source (with some caveats in the case of Telegram, see the previous section for a more detailed explanation).

Read the full research in this pdf by Cecilia Boschini:

https://cqi.inf.usi.ch/publications/telegram_vs_signal.pdf

 

[ForgottenSeer 85179]

Both have also the same problem: using telephone number.

Telegram has an advantage against Signal: a non-Electron based desktop client.
So, both have disadvantages and advantages. I personally prefer Telegram.

 

[enaph]

I use both and I don't care which one my friends prefer as long as they willing to ditch WhatsApp

 

[silversurfer]

Another alternative: "Wire" there it's possible to create an user account only with any of your email, no phone numbers are required being in contact to other users of Wire, of course it's available for both Android & iOS

Wire - Simply the most Secure Messenger

Always-on end-to-end encrypted instant messaging, voice- and videoconferencing with up to 100 participants - future proof with MLS integration

wire.com

Wire - simply the most secure messenger!

The most secure instant messenger for demanding organizations around the globe. Each message, voice or video message is end-to-end encrypted.

wire.com