Shall I migrate to Signal, Threema or Telegram? No, because they all have — WhatsApp included — the same problem: They are walled gardens. Imagine a world where for each mail recipient using a separate domain, I would need separate mail client? Or in other words: Gmail users can only communicate with Gmail users. Let’s […]

New feature lets Signal users control who can text or voice call, add them to groups.

Both Signal and WhatsApp are encrypted, but Signal takes extra steps to keep your chats private.

Earlier this year, Open Whisper Systems was served with a federal subpoena for records on its users, according to documents published today. Prosecutors were seeking data on two suspects who used...

Bruxelles recommande à son personnel d'utiliser la messagerie Signal pour discuter avec des personnes extérieures à l'institution, afin de relever le niveau de sécurité des communications. Les échanges très sensibles en revanche continuent de passer par des canaux dédiés.

WebRTC DNS lookups exploited in clever hack

We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.

Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with.

All message contents are end-to-end encrypted, so we don’t have that information either.

Signal decouples its secure messaging service from your phone number – a bit.

Could this smart new Signal feature be enough to make you ditch WhatsApp?

The privacy-first messaging app recently rolled out an opt-out feature that was criticized by security experts and panned by users.

Last update: May 22, 2020
Español - Italiano
Introduction
This article analyses the security and confidentiality features of the most commonly used communication services or applications.
Note: the comparison is made between WhatsApp (the most widespread 1.6 billion users), Telegram (the most secure and widespread 400 million users), Signal and Wire (the most secure and confidential) according to world statistics. A comparison in terms of functionality is available at this address.
Remark: for any communication…

WhatsApp, Signal e Telegram promettono tutte la stessa cosa: comunicazioni sicure. Ma ci possiamo fidare?

Open Whispers System, qui édite Signal, teste une nouvelle approche qui permet d'étendre encore plus la confidentialité de sa communauté. Comment ? En intervenant au niveau des métadonnées.

If you need top level privacy protection do some or all of the following

Signal is calling on its users to oppose the EARN IT Act, which it fears will be used to undermine end-to-end encryption, forcing it to leave the US market.

The move is part of EU’s efforts to beef up cybersecurity, after several high-profile incidents shocked diplomats and officials.

A reminder, because this sometimes surprises people, and feel free to correct me if the facts have changed recently:

Telegram supports end-to-end encryption only in 1:1 private chats.

End-to-end encryption is disabled by default.

Telegram does not support end-to-end encryption, at all for group chats, its most popular use case.

Instead, Telegram claims that those group chats are "encrypted" by dint of the TLS connection between Telegram clients and the Telegram servers, which can, in this model, read all group traffic.

People like to dunk on the weirdness of the limited E2E crypto Telegram does have; it's archaic and idiosyncratic and people have published research results about it, though none to my understanding are of real practical impact. I support people dunking on bad crypto. But that has nothing to do with why Telegram is an inferior secure messenger.

By comparison, Signal, which Durov has repeatedly talked down:

• has modern, ratchet-based forward secure end-to-end crypto, always, in both group and private messaging;

• won the Levchin Prize, refereed by some of best-known names in academic cryptography, for the design and implementation of that cryptosystem, as well as for its implementation at WhatsApp;

• ha repeatedly foregone basic messaging app features simply to avoid collecting user metadata; Signal didn't even have user profiles until they could figure out a way to implement it in a privacy-preserving manner, and even their GIF sharing feature has a purpose-built anonymity system; we'll only this year potentially get usernames instead of phone numbers because it took that long to design a trustworthy social graph that didn't leave Signal with a giant pile of subpoenable metadata.

Use whatever messaging app you want.