In the modern digital world where knowledge is power and data is more valuable than gold, maintaining privacy is a complex but important task. As organisations ranging from governments to corporations (and, of course, nefarious cybercriminals) seek to capitalise on the enormous amounts of information generated by our online activity, we all need to be wary of how much information we share and the way in which we do so.
While the focus of data sharing is often on the cookies that track our movements across the web, or hackers breaching website security to access sensitive information, many of us don’t pay enough attention to the security of the applications and platforms that we are using on a daily basis. We send instant messages containing sensitive or confidential information on the basis that we trust those who we are messaging – but how many of us give a thought to the security of the platforms being used to send that information?
Our communications, whether for business or social purposes, contain some of the most sensitive material we share online. As a result, they are a very real target for those seeking to exploit that information. The security of popular messaging services such as Twitter, Instagram and Facebook Messenger has come under scrutiny in recent years, as concerns about online privacy have increased. Other messaging services, such as Telegram and Signal, are putting security front and centre of their offering, and marketing their apps based on their advanced encryption capabilities.
Encryption is key: messaging services and privacy
End-to-end encryption is key to ensuring your messages won’t be read by anyone other than their intended recipient. It works by encrypting (or scrambling) the data on the sender’s system or device so that it can only be decrypted by the recipient. As a result, the message or media cannot be read or tampered with – for example, by an internet service provider, application provider, or hacker – as it travels to its destination. This also makes it much harder for a messaging service provider to comply with requests for information from governments or third parties, as any information stored on their servers (such as cloud backups of your conversations) is encrypted.
WhatsApp, the world’s most popular messaging service with over two billion users worldwide, updated its security features in 2016 to include end-to-end encryption. The company doesn’t store messages on its servers, so if the service is ever breached, the perpetrators would be unable to read your messages. Nevertheless, the app still has its security flaws, and its parent company Meta has received criticism of its privacy policies and been subject to security breaches in the past.
The new generation of messaging services
To counter such concerns, a new generation of messaging services has emerged, with security and privacy at the core of their operations and marketing. One such service, Signal, was born from two systems dedicated to encrypting both text and voice calls. Boasting default end-to-end encryption, Signal is the platform of choice of renowned cybersecurity experts including Bruce Schneier and Edward Snowden.
Rival service Telegram has garnered a reputation as being one of the most secure messaging platforms available, and is among the best services for sending and receiving sensitive information. Although Telegram doesn’t have end-to-end encryption enabled by default, turning on its secret chats function adds end-to-end encryption as well as a host of features that make it almost completely airtight. With this setting activated, Telegram messages work on a device-to-device delivery system, rather than the device-to-server-to-device system used by most other apps. This means they leave no trace on the company’s server, nor the system of any third party you are in contact with, so if Telegram were to be approached by a government entity or third party with a request for information, they would have no data available to share with them: the information is only accessible from the device that sent the messages.
Even without the secret chats function activated, Telegram uses a distributed infrastructure that stores the encrypted data in multiple data centres around the globe, controlled by different legal entities in different jurisdictions. This means that several court orders from several different jurisdictions are required for them to hand over any data. The company claims to have shared 0 bytes of data with any third party, including governments, since its launch in 2013.
Further features of Telegram’s secret chats function include the automatic deletion from the recipient’s device of any messages as soon as the sender deletes them from their own device, as well as a self-destruct timer that deletes a message from both devices after an allotted time period. The service also notifies you if your conversation partner tries to take a screenshot of a chat, and it comes with the option to password-protect access to the app itself.
To start a secret chat in Telegram, simply open the profile of the person that you want to message, click on ‘…’, then select ‘start secret chat’, but be aware that if you log out of the app or change your device the conversation will disappear, as all data is stored on the device of origin rather than Telegram’s server.
Privacy and the future of messaging services
Until recently, messaging services were primarily chosen for ease of use, combined with their shared adoption by others in an individual’s social or work circles. However, as data privacy moves to the forefront of people’s minds in relation to their digital activity, and the frequency with which we use messaging apps increases, security is considered more and more important.
Messaging services that are considered more secure and offer higher levels of encryption are becoming more widely-used, with Telegram now boasting more than 500 million users worldwide – a number that is growing exponentially. For messaging service providers, a household name and a slick user interface are no longer enough to secure growth: as the public becomes more privacy-conscious, end-to-end encryption and enhanced privacy features are key.