Why do we now use Telegram and leave WhatsApp behind?

* Article originally published in DeLeyes.pe: https://www.deleyes.pe/articulos/por-que-ahora-usamos-telegram-y-dejamos-atras-whatsapp

In recent weeks we have been able to read various headlines alerting us to the change or "update" of the privacy policies of the popular instant messaging application WhatsApp.

So far nothing new, one more company that informs its users about the processing of their personal data. In summary, what is new about this update is that (i) WhatsApp will share data (eg phone number, language, time zone, IP) with Facebook and related companies[1], and (ii) the information that you share with WhatsApp Business company accounts may be shared with Facebook or third companies that provide services to these accounts.[2]

However, unfortunately for Mark and company, the news of the change in the privacy policy of WhatsApp has brought an angry reaction from users. Animated by public figures of great global relevance, including Elon Musk (Tesla) and Jack Dorsey (Twitter), millions of users have decided to download Telegram and Signal.

According to Pavel Durov (nicknamed the Russian Zuckerberg), who created the Telegram application together with his brother Nikolai, in the first weeks of January alone, this application would have been downloaded by around 25 million users from around the world. According to his calculations, 21% of new users come from Latin America.

In my case, I have been a Telegram user for a little over a year and I have been able to verify that during the last days many of my contacts have created an account in this application (some even invited me to download it without knowing that had been using). The exact reason: Isn't there?

In fact, for Durov the massive migration of a few days ago is directly due to the fact that WhatsApp users are "outraged" with the latest changes to the Privacy Policy, which would be detrimental to the privacy of users. In short, for him Telegram respects the data processing of its users, WhatsApp does not.

I wonder, did the majority of "ex-users" of WhatsApp (and now Telegram users) know the treatment of their personal data? Did they have at least a clear idea of ​​what was going on with the photos and videos they sent in their group chats? Were you sure that no one could hear your calls or video calls with your friends? And the most important question, why do you now feel safer with Telegram than with WhatsApp?

We know that normally few people read the Terms and Conditions or the Privacy Policies before starting to use a new mobile application. Among several factors, Mapi Segura has highlighted that this is due to an inappropriate use of legal jargon and complicated words that would make reading a privacy policy is as difficult as reading the Critique of Pure Reason by the philosopher Immanuel Kant.

For this reason, I highly doubt that most of my contacts (and I'm sure I'm not the only one who thinks the same) have even read Telegram's Privacy Policy and concluded that it suits them over WhatsApp in terms of quality and security. Let's call it clear, in this case there has been a herd effect or herd behavior; Simply put, "I download Telegram and start using it because now all my friends do."

Okay, the success of an application is mainly due to the number of users who use it, even more so when it is an instant messaging application that involves interaction between them; however, I want to call on us to reflect with whom we really want to share our personal information and be aware that there is nothing “free” on the internet.

This goes beyond WhatsApp and Telegram, it is about the way we interact on the internet and the data that we leave each time we do click in a link. To my contemporaries (the famous millennials), who have grown up with a cell phone in hand during our adolescence, I invoke you to inform yourself and be responsible with your digital activity.

Definitely, this article will be very short for all the topics that can be dealt with around internet privacy and the processing of personal data; However, taking advantage of the scandal that WhatsApp has caused, I want to address -very briefly- a subject that we all must know (at least the basics). I am referring to encryption or encryption.

In simple terms, encryption refers to the process through which we convert a readable text (plaintext) to a ciphertext (cyphertext). What is the relevance of this? That the ciphertext is unintelligible. In other words, anyone who has access to said ciphertext will not understand its content. This could be graphed like this: 

No alt text provided for this image

Without going into much detail, the important thing for now is to know that the idea behind using an encryption method is that the content of the encrypted message is only known by the sender and the recipient. In other words, the only one who should be able to decipher the message and find out that they are going to deposit the money he has won in the lottery is Juan (not the government, not Facebook, not Movistar, etc.).

I pause here and ask the reader, have you ever wondered if your messages are encrypted? If the answer is no, then you should. You could be sharing more information with third parties than you want.

Simply speaking about encryption and how this is important for our privacy and the exercise of our rights is essential today. Would you share information about the work environment at your work or about your health if you knew that anyone could read your messages via chat?

Indeed, encryption is vital to the exercise of our right to freedom of expression in the digital age. We could not communicate freely if people are watching or listening to what we say or share with our contacts.

Returning to the particular topic of this article, what encryption does Telegram and WhatsApp use? According to their privacy policies (they see the importance of reading them), they both use end-to-end encryption, but not in the same way.

When we say that WhatsApp or Telegram use end-to-end encryption, we mean precisely that the content of the message can only be read between users who communicate. In other words, If the Privacy Policy of an instant messaging service indicates that it uses end-to-end encryption, then the company behind this service is guaranteeing that it does not have access to the content of its users' messages. 

Consequently, the messages (photos, videos) will be unintelligible to any third party, including managers of the courier company, government officials, etc. In simple terms, only users know the content of the information they share through chats.

Surely one would think that applying end-to-end encryption is the standard and that by default all applications use it. However, this assumption is very far from the truth.

Now, the truth is that as we said, WhatsApp and Telegram would use end-to-end encryption according to their privacy policies, but in different ways.

On the one hand, WhatsApp - which has implemented end-to-end encryption only in 2016[3] - applies it by default for all communications. That is to say, the user does not have to do anything so that their communications are encrypted end-to-end.

Furthermore, Telegram has end-to-end encryption configured only for its secret cats (secret chats). This is a special kind of chat[2] which has to be activated by the user himself for conversations with one person (not available for group chats).

So is. Telegram does not have end-to-end encryption configured by default. This means that there is no guarantee that the content of the conversations will only be known by users, unless you use secret cats.

So what happens to the information transmitted through chats on Telegram? This is stored and encrypted in the cloud (client-server / server-client). In this sense, in theory Telegram could access the content of your conversations. [4]

Therefore, at first glance for an average WhatsApp user it would be more convenient in terms of the privacy of the content of their messages. Is this really so?

Now, it would be a bit naive in these times (PRISM, WikiLeaks, Cambridge Analytica) to believe that big companies and governments have no intention of accessing the content of our encrypted conversations. The main reasons that they adduce for this are economic and citizen security. Therefore, if we want to be truly diligent about the security of our online communications, we must go further and seek additional information.

In fact, the complaints against Facebook, the company that acquired WhatsApp in 2014, are quite well known. Regarding WhatsApp in particular, it should be noted that the same co-founder of this application Brian Acton, who resigned his position at Facebook in 2017, has pointed out in an interview for Forbes that end-to-end encryption was always an obstacle to Facebook's business model and that ways were sought to monetize WhatsApp with the personal data of its users. Likewise, It has been speculated that the resignation of the other WhatsApp co-founder in 2018 was due to attempts to weaken WhatsApp's encryption for commercial purposes.

On the other hand, Telegram wouldn't be blemish-free either. For example, It was discovered a few years ago that the German Federal Criminal Investigation Office (BKA, for its acronym in German) had been monitoring the communications of Telegram users for years. Likewise, For some crypto experts the reasons why Telegram does not configure end-to-end encryption by default are not at all convincing.

In short, the controversies around the use of our personal data and privacy in online communications are far from over. However, we are - and will remain - vulnerable to malicious third parties if we are not well informed about the true implications of using a certain instant messaging service (and we do not take additional security measures where appropriate).

Some tips to be properly informed:

1. Read the Terms and Conditions (mainly, the Privacy Policy)

2. Research on the internet about topics related to instant messaging services (encryption, encryption backdoors, information on the founders, funding sources, 5-Eyes Alliance, etc.).

3. Read specialized forums or blogs (reddit, medium, etc.).

Be aware that there is a lot of false and wrong information. Therefore, it is important that you form your own criteria from reading various sources. Do not be left alone with the communications issued by the official channels of WhatsApp or Telegram.

Finally, some pages that could be of help:

·       https://www.securemessagingapps.com/

·       https://ssd.eff.org/en/module/what-should-i-know-about-encryption

·       https://www.internetsociety.org/issues/encryption/

[1] Actually this is not entirely new. WhatsApp users have been sharing data with Facebook for a few years. The only difference is that before there was the possibility of rejecting this action, now it would be mandatory since if you do not accept you will have to delete the application. Read the WhatsApp Privacy Policy here: https://www.whatsapp.com/legal/updates/privacy-policy/?lang=en

[2] Although it will not be the subject of this article, here would be the possible danger in case these accounts have inadequate practices in the treatment of personal data. Read here: https://wabetainfo.com/are-our-chats-and-calls-safe-with-new-terms-of-service/

[3] Indeed, before implementing end-to-end encryption, the application had many security problems. For example, it was discovered in 2011 that user sessions could be "hijacked" and that it was possible that one user could change the status of another WhatsApp user.

[4] The characteristics of Telegram's secret chats are: (i) they use end-to-end encryption; (ii) they do not leave a trace on the server; (iii) have message self-destruction; and (iv) prevent forwarding messages.

[5] In this regard, they indicate in their Privacy Policy that the keys to decrypt the content of the messages are distributed in different jurisdictions, which would make any unauthorized access difficult. 

*The opinions expressed in this article are those of the author and do not necessarily reflect the views of the administrators of The Crypto Legal blog or the Lawgic Tec association.

- Advertising Notice-
Adolfo Morán
Adolfo is Founder and Executive Director of Lawgic Tec, a non-profit association dedicated to research on law and new technologies. Lawyer from the Pontificia Universidad Católica del Perú (PUCP); specialized in Financial Law, FinTech, Financial Consumer Protection, Smart Contracts, Blockchain and Crowdfunding. Researcher accredited by the PUCP. Co-organizer of the Ethereum community from Lima, Peru. Email: contacto@lawgictec.org


1,954Happy fans


*All fields are required
es Spanish