The Best (Secure) Alternatives to WhatsApp
(Technical writer, ex-robot manual creator gone privacy enthusiast/VPN expert)
WhatsApp, even with its so called "end-to-end" encryption, is not as secure a messaging app as they would have you believe. There are two alternatives that are much safer (and just as easy!) to use. Share
Love them or hate them messaging apps remain the main form of contact for an increasing number of people. However, there have been ongoing concerns over the security of such apps. Such concerns were brought to a head when one of the most popular apps – WhatsApp, became the property of one of least trusted social media purveyors – Facebook. Yet recently WhatsApp has been given numerous pats on the back for its latest encryption updates. But, do they deserve the credit they are receiving?
End-to-end Encryption That's Not What It Seems
The short answer is no. The long answer is still no, but with an indication of why this is the case. Let’s start by looking at the encryption updates. The big news from WhatsApp was that it was introducing end-to-endencryption. The purpose of this move was to restrict access to anyone that the message was not intended for and in turn stop outside interference. Sounds great, yes, well no actually, because there is a great gaping hole in the security, and that is WhatsApp themselves.
I’m guessing that you can already see where this is going. WhatsApp are retaining the right to keep hold of a proportion of the data related to each, and every message that is sent and received. This does not ‘at least officially’ include the content of the messages themselves rather:
“WhatsApp may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which WhatsApp is legally compelled to collect.”
Two important phrases should jump straight out at anyone reading the quote. Firstly ‘may retain’ by which they mean ‘will retain’. Secondly, ‘legally compelled’, which, ok, they may be, but it is a very wide statement that allows them enough rope to hang users out to dry. But, even if you are of a less cynical nature, it still means they are happy to collect data on your messages and to pass it on as they see fit to the relevant authorities.
Then there is the information that they ‘may’ collect. This includes the name of the sender and of the receiver, the time stamp of the message and the mobile numbers of both parties. A rogue hacker could have great fun with those little snippets of information. It is just the starting blocks they need to find out the juicier or more lucrative information about the message participants.
Is There Anything Good To Say About The Encryption?
Well, they are trying; I suppose that’s a positive. The team at WhatsApp worked with Open Whisper Systems to create the system. However, is that enough to make people overlook the fact that WhatsApp is run by Facebook, who are known to have a rather chummy relationship with those in power?
So, that still leaves questions regarding the role of Facebook in all of this. WhatsApp have defended the move, with its founder stating at the time of the buyout that “If partnering with Facebook meant that we had to change our values, we wouldn’t have done it. Instead, we are forming a partnership that would allow us to continue operating independently and autonomously…Our fundamental values and beliefs will not change. Our principles will not change. Everything that has made WhatsApp the leader in personal messaging will still be in place.”
However, WhatsApp’s place as a leader in personal messenger services is under attack, and the latest news on its end-to-endencryption with loopholes, has done nothing to quiet the discontent. For those wondering where to go now, there are options.
What Is Telegram and Why Is It a Viable Alternative?
To the untrained eye of the average user, there is little difference between Telegram and WhatsApp. However, only a little digging is needed to see that, under the veneer, the two apps are a world apart. Telegram first came to the wider public’s attention in 2014, after server issues caused WhatsApp to crash. In less than 24hours the Berlin based newbie gained in the region of five million new users.
Using the app is simple, you can chat using the number of your contact. You can create individual chats or group chats, and it is cloud based, so it works across multiple platforms. Like WhatsApp it uses the single / double tick system to show that messages have been received and read.
However, Telegram takes its users security seriously, very seriously, and offers users the ability to send messages with a self-destruct timer. Users do need to be aware though that it is possible to take and store screenshots of the text or images before the self-destruct timeout.
Secret chat uses end-to-end encryption, which means that outside of the sender and receiver, no one can see the contents of the messages – including Telegram staff. The contents of these chats cannot even be forwarded outside of the conversation and no trace is left on the servers. Telegram is already starting to make WhatsApp’s encryption look as secure as a lace curtain.
So sure were the people behind Telegram that they offered $200,000 worth of Bitcoin to the first hacker who could break the encryption protocol. The closing date was given as March 1st, 2014 and, as you may have guessed, there were no winners. From time to time Telegram start new competitions, all with the same aim – test the encryption and fix any vulnerabilities. To date, I have been unable to find any sign of contents that have been won.
What Is Signal and Why Is It a Viable Alternative?
Signal is another potential option for those looking for a more secure instant messenger app. A product of Open Whisper Systems (the same Open Whisper Systems that WhatsApp turned to for help), it is reportedly the app of choice of Edward Snowden. This in itself, given the conversations he must have, gives it some credence as a secure messaging app.
The app is available through Google Play for Android and iOS Apple Store, and is the result of the merger of TextSecure and RedPhone. If you want the desktop version, and don’t run Apple, then you need to download it through Google Chrome, which means having Google Chrome on your Laptop or PC. While it isn’t the biggest issue in the world, it does limit your freedom of choice somewhat. A quick flick through the Review section of the download page however, leads to more questions than answers regarding use with Windows 10, integration with contacts lists and the Chrome app in general. There are also several concerns raised about how easy it is to open the app as a Chrome extension without needing to sign in.
While Open Whispers does not run competitions, or offer prizes for breaking its end-to-end encryption, Signal is open source, thus allowing developers to find irregularities in the system – and hopefully report them to be fixed.
Telegram Versus Signal
Both apps take privacy seriously and neither listen in, check messages or store your private information. Both use end-to-end encryption and have their own ways of encouraging people to check their encryption levels and security protocols.
While Signal gets bonus points for impressing Edward Snowden, it loses on the issues with Chrome that have been identified by its current users. In terms of access across different devices and systems Telegram is a clear winner. It also has the added self-destruct level of security, which gives greater control to the user, something that seems to be lacking with at least the Chrome extension version of Signal.