Today, most messaging apps have true end-to-end-encryption (Telegram’s must be activated per contact for Secret Chat), but what really differs now is how many can tie your communications back to you through metadata. Obviously those which require a phone number or an e-mail address, do have your activity tied to you potentially.
WhatsApp, Signal, Telegram and similar do require this for registration. Partly it is for authentication, finding friends, and also for resetting access if access is lost. What data you can see after a reset, gives an indication of what the provider has access to. For Signal, you won’t be able to read any of your older messages. Signal indicates in this linked article, though, that they only keep the very minimum of information (tested by a legal subpoena). Telegram has more access as that is how all your chats get restored, but they have been banned in various countries because they don’t hand over the information. WhatsApp, of course, we all know about their passing of detailed metadata upstream to Facebook (it’s in their terms and conditions). I’ve done a post before about the risks and the monetary rewards around harvesting metadata. Just by registering on WhatsApp, you have also shared all your friends’ phone numbers to Facebook, along with how often and how long you contact them, where you are when you contact them, etc.
We’ve also seen lots of secure messengers emerging that require no phone number and also no e-mail address, eg. Briar, XMPP, Jami, Threema, SimpleX, Nostr, and many more. Many mainstream users don’t adopt them because the common problem is, you can’t find your own friends easily (who do you chat with then?).
So this is one of the reasons why Signal has been pretty popular as a secure messenger. It requires a phone number, but retains virtually no information about you to sell or leak, and you can very easily find all your friends using it. So no, it is not THE most secure messenger, but it is certainly the most secure of those requiring a phone number or e-mail address for registration.
But the main takeaway is, unlike with an SMS app where only one app may be the active SMS app, your phone can have 10 or more instant messengers installed, so there is no reason not to also have Signal installed. It helps your friends, who are more privacy conscious, to stay in contact with you via Signal. Whether a message notification pops up via WhatsApp or Telegram, It’s still going to pop up, unless you have a friend that insists on contacting you through two apps at the same time. Most modern messenger apps use push notifications, so they are not constantly polling, which uses data and battery all the time.
Go ahead, try more than one messenger, and you may be amazed that there are often better and more interesting features to try. Many of your friends will thank you.
#technology #privacy #messengers #chat #Signal
I say that purely because there is the link still to the phone number. Law enforcement, or anyone posing as then, have a phone number and can at least identify your Signal account and login times. I agree they can’t read the messages and there is not a lot of metadata.
Messengers like XMPP, SimpleX, Briar, etc require zero personal info to register, and still have full E2EE. There is NO link at all to your identity apart from maybe your IP address if you don’t that have a VPN. But take Nostr - zero information asked for registration and some clients have Tor enabled.
So I really can’t say Signal is yet the most secure and private, until they remove that link. But then discoverability of all one’s friends is also removed, and you have to connect separately to each one. I agree though that they are good enough to pass the bar, but I’m just saying they are not at the top of my list.