- If you value features, then Telegram is surely ahead of Whatsapp in almost every aspect.
- If you value the encryption, I would trust Whatsapp more than Telegram. Telegram did some strange stuff with their custom cryptography invented by "rockstar mathematicians".
- If you value not giving metadata to the US / to Facebook, then don't go with Whatsapp.
- On the other hand, if you value having less metadata stored, then Whatsapp is probably ahead of Telegram.
If you value privacy, then both aren't good. They both put usability and features before privacy. Telegram was once branded as "the private messenger", but later rebranded as "the fast messenger". Now it says "a new era of messaging" on their website.
Telegram causes tons of metadata. All conversations and contacts are stored on their servers, which is closed source. Their multidevice system is built in a way that you will get access to all historic conversations if you manage to add a new device to the account (e.g. through SS7). Many of their latest feature (like games, payment, etc) cause a lot of additional metadata, some of which can be retrieved by third parties (e.g. by the game developers).
I'm biased (full disclaimer: I work for Threema), but if you value privacy, then go for a messenger like Threema, where the first priority is always privacy (e.g. no phone number required, no metadata or log storage, decentralized groups, and end-to-end encrypted decentralized profile pictures, the latter being something that no other mobile messenger does as far as I know). It has a clear business model and the protocol can be verified (even though the app is not open source).
Besides that biased suggestion, you might also be well off with something like Signal, although they're based in the US (secret court gag orders possible) and require you to give them your phone number (metadata).
- Is an open protocol
- Has Apache 2.0 licensed server and client implementations for most platforms
- Has server federation, so you can run your own and talk to anyone on any other Riot server
- Has (optional but I believe enabled by default now) full end-to-end encryption
- Has full multi-device support
- Doesn't require nonsense phone number signup
- Has bridges that connect other protocols, like IRC, to Riot
- Supports useful things like voice, video and attachments
It beats Signal hands down in my opinion.
Not affiliated with the project, just run my own server and use it constantly.
Google and Facebook both decided to use the Signal protocol. Why should we trust a small company to do this correctly the first time? Without even being able to check what they are doing?
There is an open source re-implementation of the Threema protocol obtained by reverse engineering: https://github.com/blizzard4591/openMittsu There is also an (incomplete) implementation in Go: https://github.com/o3ma/o3/ Note that Threema does not disallow reverse engineering in their terms of service.
The fact that OpenMittsu can properly encrypt and decrypt messages that are compatible with the Threema apps should be proof that the implementation is correct. Also, since Threema is financed by selling the app with no external investors, there should be more incentive to stick to their promises than to cheat on their privacy-sensitive users.
And even if the apps and the server were open source, unfortunately it would still not be possible to verify that the version on Google Play / iTunes is the same as the published source code. I'm not aware of a way to create reproducible builds on these app stores either.
Multiplatform: You can use native telegram apps in iOS (both iPad and iPhone), Android, macOS, Linux and Windows. That's huge compared to WhatsApp.
Also, Telegram is not as dependant on the phone number as WhatsApp is. Once you have a username it becomes easier to set up new devices.
Apart from that Telegram is fast, reliable and flexible and it treats Linux as a first-class citizen - maybe partly due to its Russian roots?
So, Telegram. Before it came around I used my own XMPP-server with diverse clients but Telegram has the advantage of being much more accessible to those less computer-savvy. I still have this server and can switch back to it any time I want but for now I'm happy with Telegram.
Is this still true now that we have <https://conversations.im/>? Most people use messengers only on their phones, anyway.
The latency and battery problems everyone was blaming are solved now. The missing piece is this:
A way to provide XMPP service for any address, in particular gmail addresses, without both touching any DNS config and without any support from whoever controls the domain (RIP Google Talk).
Basically from UX perspective:
1) User downloads an app (mobile or desktop).
2) User confirms email address via either email confirmation (it’s good enough for SSL, so…) or OAuth flow
3) That’s it.
4) Bonus: For OAuth flow user has prepopulated address book.
Behind the scenes at step 2 a unique ID is associated with the email address. Then other clients resolve this via something, DHT, blockchain, whatever.
This introduces some trusted oracle that assists in discovery, but keeps everything else decentralized.
Build this and it can certainly compete with Telegrams of this world.
Unfortunately, I don’t think Keybase can be compatible by itself with email or phone № proofs. Perhaps if they explicitly add support for oracles, that would be cool.
To my mind Telegram is a nice example of how to do things right. It's fast (in all senses), it's reliable and generally pleasant to use. It can be secure if you want it to :)
Not that WhatsApp is slow or not reliable. I can't formulate it but still I do like Telegram more. All the above is just my overall impression.
Speaking of security I'd like to admit that I'm not a terrorist or a serial killer so maybe I'm a bit out of this problem. I agree that it's generally bad to spy on regular citizens but at the same time it's obviously even worse to have negotiations regarding terroristic acts or other ways to commit a crime.
Personally I'm almost O.K. with government spying on me unless it tries to sell me goods and services =)
I'm not sure I would call that "obvious".
With Telegram your data ends up in Germany.
They are Berlin based and against the current Russian government AFAIK.
I actually trust whatsapp way less, simply because it has NO problems with russian special forces, which became very high-tech last years. This alone is a big red flag today.
Do you have a source for this?
As for goverment intentions, I have no direct link, but those who simply ignored their demands were blocked. We wait and see what happens.
In terms of data, I imagine the US to be just as bad if not much worse (my prejudice) than Russia.
Someone can school me on this if I'm wrong but I prefer Telegram as a platform and I'm ambivalent as to which country my data ends up in (given this choice).
(Editing this comment based on above: "Small correction.
With Telegram your data ends up in Germany.
They are Berlin based and against the current Russian government")
For example, please see https://freedomhouse.org
I agree with you to a certain extent but, please, this is a broken "proof".
The UK sucks just as bad. The current PM has just announced plans to regulate the web if they win the next election.
Please don't be so naive as to equate the UK and USA with Putin's Russia.
But given the light and dark elements to data operations within many countries, I'd imagine you might be the one possibly being naive.
Faster load time?
Less data leakage to Facebook?
This practice of defining "better" is a great habbit to cultivate not only in your conversation but in your thinking too.
SMS is the only other message platform where a few of my social circle bleeds out of my preferred messaging platform (iMessage).
The best IMHO is where the people you want to talk to are.
Another interchangeable from user experience is Signal. I'm seeing more growth in Signal, which is great - and I trust it more than Telegram and Whatsapp combined.
I've read the discussion and I find moxie's arguments pretty weak in this matter.
... then write server software that isn't vulnerable.
I have to agree... mandating what client software is used is a bit disappointing from moxie... I thought the world learned this lesson from Pidgin etc.
Next he'll say he only wants to support Chrome for their website.
Have the option of secret chats, which I believe is proper E2EE. But to be honest, this isn't my biggest worry anyway.
Can join plenty of communities for lots of discussion.
Great searching features for old conversations.
Desktop client is great and available for Linux. Also supports voice calling now from desktop.
But most importantly, you can have more than one device per phone number! Crazy, right?!
BTW that's not the main reason why I use Telegram for several years as my primary messenger.
I use both of them consistently.
Telegram is full of nice features and their desktop client is well done.
Whatsapp doesn't have as many features but I feel far more secure and private in there.
But if the author is especially concerned about collection of metadata they should consider Signal itself, which also has a very well thought-out UX.
What about Wire?
And remember: You liking or not, WhatsApp is a Facebook developed software.
RING is the only real secure chat software, with DHT, peer-to-peer discovery and encryption.
I know that Whatsapp encrypts everything on the device so that's a really good start.
But I have no clue what security holes, backdoors, etc are in neither of them and we are leaving in dangerous times.
So basically the only thing I really trust is GPG-encoded emails which noone uses.
That said, there are other quantifiable measures. In terms of security, Telegram has two main drawbacks:
1) it supports insecure chats - which means that for many (especially non-technical) users, they won't use the end-to-end encrypted messaging at all
2) whilst the encryption algorithms they use are standardised, the protocol they uses to transfer the messages is not well understood by the cryptographic community - and when it has been analysed, well-known flaws have been found .
In comparison, WhatsApp also makes use of standardised encryption algorithms, but also uses the Signal protocol - which has been studied by multiple groups, with better outcomes (such as ). One drawback to WhatsApp is they will generally make security decisions that are primarily based around avoiding sacrificing usability - if that is a problem, then perhaps Signal or Wire is a better choice.
On the encryption debate, using Russian algorithms vs US (Belgian) algorithms is somewhat academic - I believe that both are considered by the wider academic community to be strong when correctly used. I don't believe there is any evidence that Telegram or WhatsApp are incorrectly using them (beyond the attack found against Telegram, which may have been fixed by now?). This is the mostly the same for considerations about data storage location - if end-to-end encryption is enabled in Telegram, they are roughly equivalent.
meanwhile whatsapp have this:
I mean that's enough for my social messaging. If I'd need to transfer some top secret information, I would use neither of them.
I am sure there are better apps there that can fulfill better your needs. There are apps with better encryption and so on. It depends for what you want it. It is hard so say what is better, it depends on the person and its needs, but at the end if your need is to talk with your firends and your friends are in Whastapp. Then whatsapp is the best for you.
Why not use, say, Ricochet? Or any other secure messenger (https://prism-break.org/en/all/#instant-messaging)
Last year I lost access to my WhatsApp profile simply because I changed country and reset my phone without transferring the number to a local number first. Support couldn't help.
This kind of situation wouldn't happen with telegram. Just login with username / password online.
As others have said it's not as theoretically secure as WhatsApp or (especially) Signal. But I think it benefits from being the main product of a company that is totally focused on messaging, not on advertising (see all of Facebook and Google's messengers). The experience is great and even as they add features, they manage to keep things clean and stay out of your way, so you can ignore all the new features and just use it for simple stuff that it does really well.
That said, I haven't used WhatsApp much because I don't know many people who do. It comes down to where the people you want to talk to are, and if you can influence them to go elsewhere.
- End to end encrypted secret chats
- Awesome bots and the bot platform
- Open protocol so we can implement third party clients. So is available on any new platform (Ubuntu phone, FirefoxOS, Linux, Command line, web,...).
- Recent improvements like end-to-end encrypted audio
calling (Not sure if Whatsapp calls are encrypted)
- Many small features that make me happy like we can lock the app with password, customize interface, etc.
- Not many users (On the contrary I like it as there is not much noise)
- No video calling
- There are some reports doubting their encryption
As an option, not by default.
Another feature I missed is ephemeral messages in secret chats: We can have messages automatically deleted after certain time (Although I wish the time settings are more fine grained).
In terms of message storage (ignoring government requests here), Telegram servers need to store them so that they can be provided to different clients/devices. For WhatsApp, OTOH, there are primary communication devices (phones) with end-to-end encryption and secondary clients that connect to the primary device to access the messages (rather than getting them from WhatsApp's servers). End-to-end encryption is available on Telegram as well but AFAIK you lose the ability to use secondary clients.
And yes, Telegram has an option (a default state actually) to store the messages on their servers, WhatsApp doesn't have that. Beyond "E2E should be on by default", I don't see how this point is for WhatsApp.
As I wrote, I think (I might be wrong though) that if you enable E2E encryption on Telegram you can no longer use additional/desktop client.
Distributed open-source clients that use end-2-end encryption over third party messaging channels is the future of secure messaging.
The weakness of the chain is still defined by its weakest link. This is the case where it is maybe better to put all eggs in one basket and choose/validate entire baskets, not particular eggs.
I'm not a security expert, but that sounds reasonable imo.
Personally, I'm sad.
* What is the difference between WhatsApp and Telegram?
* Which of both do you prefer for your personal use?
* For whom are those messengers suited?
I also use it for most of my communications.
Telegram has Russian roots and their encryption system is closed sourced.
Am I missing something?
Your points still stand true though.
* How does your history get synced when you send a message?
* What if some of your devices are offline?
* What if you have two devices that are never online at the same time?
* What if a device is offline for a very long time? (No possibility of holding the message on a server for eventual transmission.)
* What if there's only one device currently on that receives a message and then is destroyed?
Marking a single device as the master and forcing all other clients to proxy through it removes a huge amount of complexity.