How Private are “Private” Messenger Clients: iMessage, WhatsApp, Telegram, Signal & Session

in #privacy2 years ago (edited)

[Originally Published November 9, 2022]

iMessage

All the time, we see advertisements for so-called “private messengers.” iMessage is one of the most widely-used clients, exclusively on Apple-branded devices, and only usable with other Apple device users. iMessage markets itself as a P2P, E2EE (End-to-End Encrypted) messenger application. There’s just one problem with that, it takes places exclusively under the surveillance of the Apple Walled Garden, which means that the FBI can request any user communications it deems necessary, from Apple, and Apple must comply, or else. Since Apple’s operating systems are the ecosystem within which iMessage works, it is subject to all the exploits that exist in the code.

Last year, an FBI document obtained through an FOIA request, revealed that WhatsApp and iMessage are vulnerable to law-enforcement real-time searches. That makes both messenger clients not private and not to be trusted with any sensitive information.

WhatsApp

WhatsApp, as mentioned above is in the same boat as iMessage. WhatsApp is owned by Meta, formerly Facebook, and therefore by definition, is not private and should not be trusted under any circumstances for sensitive information. WhatsApp claims to be E2EE, however, since it is owned by the company that has made data harvesting and surveillance central to its business model, should be avoided at all costs, without exception, if you care about communications privacy.

Telegram

Telegram, where to even begin. First and foremost, Telegram was created by a pair of brothers who are Russian tech entrepreneurs named Nikolai and Pavel Durov. A quick internet search of the WEF will turn up Pavel’s profile. If that’s not enough of a redflag for you, let’s examine how Telegram actually works. Much like WhatsApp, Telegram requires a phone number to be used for access. All conversations made through Telegram are connected to your phone number. Since the telecom companies have your personal information, they can request your user data from Telegram.

As of the current day, Telegram is controlled and operated by the Russian government. Everything you do on there is documented and stored on Russian servers located on Russian soil. You have zero control over any of the data. All messages made through Telegram are not encrypted, and you cannot verify whether or not the conversations are secured. Think of Telegram like a public message board, where nothing you do is private, and anything you say can and will be used against you as evidence of supposed wrongdoing. Telegram also enables the banning of users based on zero verifiable evidence.

As a personal example, someone, whom was never made known to me, reported my account for “spam.” I had no way to contest that claim, I could not verify that the user who reported me was even a participant in any conversation or group chat that I was a part of, and could not communicate with several of my friends on Telegram for 24 hours. Not only was this an inconvenience, but Telegram did not allow for any appeal of the ban. Telegram is not a platform for free speech in any way, and should be kept away from, if you value privacy.

Signal

As a long-term user of Signal over the last several years, you can say I may have an implicit bias where they’re involved. While they do offer full E2EE messages, they still require a phone number, which is personally-identifiable information that the telco providers have access to, which can then be sold off the the governments of the world. While Signal claims to never have access to the content of your messages, they still control the metadata, showing who you send messages to and call, and at what times, since they’re still using their network to operate their application.

As a privacy enthusiast, Signal checks many of the boxes, but, because all messages are ultimately tied to your unique phone number, Signal is not actually an anonymous messenger, even if it may be among the more private options available in the market today.

Good news is that Signal is completely eliminating support for all SMS messages. SMS, inherently, is not encrypted, nor is the metadata kept private, so, supporting SMS went in the face of Signal’s MO (hence when they’re dropping support within the next 2 months).

Session

Session is a fork of the Signal Protocol, which is open-source. Session prides itself on being a completely anonymous and private messenger, which I think is justified by their communications platform. First and most importantly, there is no e-mail, phone number, identification verification, or personally-identifiable information required to sign up for an account with Session. All messages are encrypted via the Oxen Blockchain, which Session is built on. Session claims to not have any access to the contents of any of your personal messages, and even if they did, there would be no personally-identifiable information tying any of it to you.

Next in Session’s favor, is that the application (and integrated communication network) is completely free to use and does not require a credit card or bank account as some other applications do. Session is based in Australia, however, it runs on a network of over 1600 nodes (that secure the Oxen blockchain). Session utilizes The Onion Router (TOR) to scramble your origin and the destination of your intended messages. This is a nifty feature that no other messenger seems to have picked up on, and in my opinion, sets Session apart from its main competitor, Signal.

Session also has some similar features to Telegram, such as Public and Private group chat rooms. At the moment, Session users are beta-testing a voice-calling & video-calling feature, that, when completed, will be the world’s only TOR-configured video-calling service currently on the market.

If you appreciate my work and would like to follow along or contribute,

👉Visit My Official Website

👉Subscribe to My Substack

👉Buy Me a Cup of Coffee

👉Become a Patron

👉Donate Bitcoin via Lightning

👉Send a few Bucks My Way

👉Subscribe to My YouTube Channel

👉Follow Along on Rumble

👉Join My Discord Server

👉Join My Private Chatroom on ALTER

Sort:  

Nice to have it clarified. There was a lot of myths around these. Personally, when I need the highest level of privacy I fo for privnote and just send a link via any communicator, but yeah, there still are logs of dates and times available. Didn't know about Session before though. I'll remember the name.

Session is a cool DApp, and is free-to-access, unlike Alter, which requires staking a very small amount of $SCRT to a validator

Congratulations @mercadomaestro! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)

You received more than 1000 upvotes.
Your next target is to reach 1250 upvotes.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Check out our last posts:

Feedback from the February Hive Power Up Day
Hive Power Up Month Challenge - January 2023 Winners List
Be ready for the February edition of the Hive Power Up Month!
The Hive Gamification Proposal
Support the HiveBuzz project. Vote for our proposal!