Signal vs Telegram: A Detailed Comparison of Security and Privacy
Tldr; Telegram is less secure than both Signal and Whatsapp, where security and privacy is paramount Signal application should be used in all cases.
Facebook had long aspired to integrate WhatsApp data with Facebook, Instagram and Messenger's back ends for better ad targeting and data monetization. As a trade-off, WhatsApp has decided to lose several million users in pursuit of its lucrative commercial prospects. Clearly, this seems to be the new direction for Whatsapp contrary to the early claims of keeping it ad free.
1. Secure by Default
First and foremost, in security, we rely upon technologies that are secure by default. Both, Signal and Telegram support End to end encryption (E2E), however, the Signal has E2E is enabled by default, where-as in the case of Telegram a secret chat has to be initiated to enable E2E on the conversation to conversation basis. This makes Telegram's default conversations even less secure than WhatsApp as E2E is applied by default on WhatsApp for all conversations. Telegram describes the reason being "convenience" as Telegram normal conversations are stored encrypted in the cloud and can be synced across multiple devices, where-as a secret has to be backed up manually.
Group chats for Signal are encrypted with end to end encryption by using Multi-party Off-the-Record Messaging (mpOTR). Where-as group chats for telegram are not encrypted.
2. Data Storage
By default, Telegram chats are stored on cloud unless secret chat is enabled. Telegram claims to have data stored across distributed infrastructure with, it’s cloud data heavily encrypted. The security key is distributed across different jurisdiction to prevent information disclosure from one country or small group of allies to request for data or key.
There are still a couple of problems with this approach, first and foremost, since the encryption keys are stored on the server, technically Telegram can decrypt conversations stored on its cloud. Secondly, in event of of compromise of Telegram’s infrastructure, an adversary can obtain security keys to decrypt conversations. The amount of popularity of Telegram especially in Authoritarian regimes makes Telegram a lucrative target for nation states. Therefore, the entire security model of Telegram cloud relies upon trust in a centralized authority which from security standpoint is a flawed approach.
Signal on the other hand stores messages in a local SQLite database once they are decrypted. The local database is encrypted with SQLCipher.
3. Collection of metadata
Telegram’s privacy policy states that as a part of their spam and abuse prevention procedure they collect information such as IP addresses, device details, history of username changes, and more. This data if collected is stored for a span of 12 months before being deleted. , if collected, is stored for a maximum of 12 months before being deleted. may collect metadata such as your IP address, devices and Telegram apps you've used, history of username changes, etc.
On the flip side, due to lack of aspirations for data monetization, Signal collects minimal meta data which is only required to effectively deliver its service. This is evident from the subponea received by Signal from Eastern District of Virginia to provide details about two signal numbers. The data provided in response was the timestamp of account creation and last-time when the user connected to the signal server that was too limited to the day instead of an hour and a second.
4. Contact Discovery
For all messaging applications to build a social graph, user’s contacts must be present on the same messaging application. For this purpose, they use the device address book to query numbers in the contact registered under the same service.
In Telegram, the entire address book is uploaded to the telegram cloud where it's stored to notify if anyone from the contact list signs up for telegram service. This way telegram learns about your social graph including people who don't use their service. The very same method is deployed by Whatsapp.
Signal does not learn about your social graph as it using Intel's SGX (Software Guard Extensions) for contact discovery. SGX allows storing of application software in a protected software container referred as an enclave. SGX enclave is ideal for scenario's where the client or server does not need to learn about the contents of the execution of the program. To make sure that application running under SGX enclave is not tampered, SGX supports a method known as remote attestation to verify integrity.
Signal client runs their contact discovery service under secure enclave on a signal server, where-by secure enclave learns about the contacts as a part of their discovery and transmits it back to client as encrypted. Since, enclave uses hardware based memory encryption, the operating system is unable to read the contents of the memory. This means that even if an adversary manages to compromise signal servers, they would be unable to retrieve contents of address book by attempting to read contents of memory as they would be encrypted. Signal has gone a step further to prevent OS from learning about memory access patterns. Signal has written a detailed article about it here. It is pertinent to mention, Matthew Green a prominent cryptography expert has criticized reliance on SGX and specifically SGX remote attestation process.
5. Source Code
Open-source offers a wide variety of advantages in terms of security, however most importantly being greater transparency and transparency is the very basis of trust. Signal's entire source code for all its client side applications as well as servers are open-source for anyone to examine for presence of backdoors and security vulnerabilities alike.
Telegram is partially open-source, the client side applications of Telegram are open-source, where-as the server side of Telegram is closed source till date.
6. Encryption Protocol
Signal application uses Signal protocol for delivery of end to end encryption. Signal protocol has been adapted by Whatsapp, Facebook messenger, Skype and many others. Signal protocol is built on well known, tried and tested security standards. The protocol has gone under extensive review, audits and scrutiny by security community and cryptography experts. In the paper "A Formal Security Analysis of the Signal Messaging Protocol", the researchers after performing in-depth security analysis of signal protocol concluded signal protocol being sound from cryptographic standpoint. The research involved analysis of signal's core security properties against researcher's propriety security model which researchers describe as 'comprehensive'.
Similarly, a prominent cryptography expert Matthew Green has endorsed Signal's novel implementation of future secrecy, Signal does this by using a novel technique known as ratcheting which uses a new session key for every new message. This means that in case of a compromise of the session key, an eavesdropper will not be able to decrypt future communications.
Telegram on the other hand, has been criticized by cryptography experts for using a non-standard cryptographic protocol known as MTProto. Surely, all algorithms were designed by someone at a certain point, however trust cannot be achieved unless the scheme has gone through years of indepth-analysis, rigorous testing and extensive scrutiny, which is not the case with MTProto.
Several security flaws have been discovered in MTProto, however most of them have been theoretical in nature. It is pertinent to mention that despite of the criticism, Electronic Frontier Foundation's secure messaging score card has rated telegram's secret chat as 7/7. Similarly, in a whitepaper "Automated Symbolic Verification of Telegram's MTProto 2.0" researchers have confirmed protocol being sound, to quote them, "In the light of these results, we can affirm that MTProto 2.0 does not present any logical flaw", however they have discussed the possibility of implementation flaws and side channel attacks.
7. Compliance with Legal Requests
Telegram, unlike Signal, has public channels that can be used to broadcast messages to a wide number of subscribers. Like any other social platform, these public channels have been subject to misuse and have been used to spread disinformation/propaganda, coordinate protests, etc, and therefore have faced increased pressure. Telegram has a history of compliance with Iran and the Russian government. For instance, In 2017, Telegram had shutdown channel of Iranian opposition for inciting violence at government request, similarly telegram agreed to restrict certain bots and stickers in Iran.
Similarly, Telegram was banned in Russia from April 2020 due to non-compliance with FSB to grant encryption key. The ban was lifted in June 2020 upon an agreement by Telegram to assist in the investigation where required. Although, Telegram has confirmed in it's privacy policy that it is yet to record a single case of data disclosure at the request of the government. Clearly, given the history of compliance requests certainly raises skepticism.
Moreover, as discussed earlier since telegram collect and stores a wealth of metadata for its service delivery, therefore the data could be of great interest to a government and Telegram would be compelled to give details under court order. Regardless of the claims about keys being in a different jurisdiction and hence requiring court orders from multiple jurisdictions to comply with the request, the underlying problem here is trust in service to keep your secrets. The following tweet by "Edward Snowden" summarizes the argument.