We will compare both Signal and Telegram on the parameters of privacy, cyber security, and their features and utility. Before we begin, a big thanks to Bhagyashree Swami for all her help in writing this article.
Information Gathering and storage
The personal data that you provide to Telegram will only be stored for as long as it is necessary for it to fulfill their obligations with respect to the provision of the services. Telegram states that its payment mechanism is facilitated by third party service providers and they will have access to user data. Telegram assertively states that it does not have access to user payment details or credit card information and no such user data is stored. However, Telegram can collect your shipping information but provides the option of deleting it upon request by the user. Signal on the other hand remains silent on these point as of now, including the data retention period.
Deleting the account removes all messages, media, contacts and everything stored on the cloud in Telegram. In relation to secret chats, the data will be deleted maximum within 48 hours and a minimum time limit can be set by the user. By default, if a user stops using Telegram for six months, their account will be deleted along with all messages, media, contacts and every piece of data. It also gives the user an option to determine the time period after which an account would self –destruct, once the user stops using it. Signal has no provisions to this effect.
Accessing a copy of your data
Telegram explicitly provides users the right to access a copy of all their personal data, the right to delete or amend personal data, to object and restrict and lodge complaint with the DPA. However, the same rights are not available with users of Signal.
Although Telegram claims to store user messages in its servers, heavily encrypting them and ensuring the encryption keys are not available locally, the end to end encryption of messages and calls are only available for ‘secret chats’- a way to interact with another Telegram user. This option has to be specifically chosen before initiating a chat. Once a user selects to start ‘secret chat’ with another user, a request is sent to such user and only upon the user’s acceptance, the feature is enabled. To the users who are used to the default end-to-end encryption feature of WhatsApp, this is inconvenience. Not to mention the fact that if one wants to have a professional/ business conversation with a contact, the action of initiating a ‘secret chat’ sounds very outlandish.
Signal on the other hand safeguards all calls and messages, including photos and status of the users with end-to-end encryption. Nonetheless, Telegram’s secret chat’s security is well tried and tested. Apparently, a few years back (2015) the Telegram team announced a $300,000 reward to anyone who breaks in. There were no winners- even if the contestants could act as the Telegram server passing information between users.
When it comes to data storage, Telegram’s encryption keys are stored in several data centers in different jurisdictions. Data generated in public channels and public groups is stored on cloud and remains encrypted while in transit and also at rest. Moreover, information is stored on servers using randomly generated authentication tokens, keys, push tokens, and other material. Contacts are stored on servers after cryptographically hashing. In case of Signal, messages/ message history is stored on the user device rather than servers (which also means no chat backup). It does not store your contacts While this ensures that a user’s data does not leave her device, it also means that there is no true cross platform availability of messages. E.g. If you text ‘John Doe’ using your Signal app on mobile, and then you wish to continue the conversation on the Signal desktop application, the message history won’t be available. You will have to start a new chat with John Doe.
Coming to the code itself, Signal uses the Open Whisper System which is an open source end-to-end encryption solution. However, although Telegram’s applications and some APIs are open sourced, the backend is not open source. (Telegram says it will eventually open-source everything- in phases)
Telegram scores quite high when it comes to easy accessibility to users. Users can use the app across many devices simultaneously. The app, when used on multiple devices, auto updates and works across devices and platforms independently. Both Telegram and Signal have enabled the calling feature through their desktop app- a feature which WhatsApp lacked.
Now let’s talk about some common features that a WhatsApp user would search for. In Telegram, you can delete any sent message at any point of time, without leaving a ‘this message has been deleted’ mark. It also supports self-destructing messages with an option to set the timer from 1 second to 1 week. Signal offers disappearing messages, with a time range of 5 seconds to 1 week. However, sent messages can be deleted only within the past 3 hours.
One area where Telegram hugely outshines Signal is in providing a platform to share large files. Telegram enables sharing of files up to 1.5 GB efficiently- an area in which WhatsApp and Signal fall short. Further, Telegram groups support 200,000 members; Signal only allows for 150 users to be part of a group at a given time. (Telegram channels can have unlimited subscribers) A major concern when it comes to Telegram is the issue of widespread spamming, or groups sharing extremist/ child pornographic material, which Telegram has not been able to tackle effectively. However, given that there is a drastic limitation on the number of members that can be added in the group and the file size that can be shared, this problem to a large extent is avoided in Signal.
With regard to the UI, although Telegram too was designed to resemble WhatsApp, Signal takes the front seat when it comes to giving users a similar experience of using WhatsApp. (*coughs* remember Jio chat?) Nevertheless, the author feels this to be a matter of personal choice.
Telegram also has a plethora of features like setting display pictures and bio, sharing files/ images without compression, etc., two-step verification, sync contacts, greater control over storage and downloads. Signal lacks most of them. It only has one additional feature- ability to be used as the default messaging app for sending SMS. However, not many people require that, at least in the sense that it offers no additional utility compared to the default messaging application (which cannot be deleted anyway).
Telegram has a unique advantage. It has been in popular use for quite some time, primarily because of its groups and channels. Switching to Signal is one additional step for most of the people. Plus, probably not many of your contacts are available on the platform. (Telegram lets you know when a contact joins speaking of which) If you are already using Telegram- you should probably continue with it without any worry.
Even from a security point of view, its active participation in bug bounties and hacking contests instills a greater level of confidence in the users. Plus, it has not been breached, not at least yet- even though it does not use Signal’s widely acclaimed Signal protocol. (Only if you remember Pegasus; WhatsApp too used Signal protocol)
Bhavana is a Technology Law and Policy fellow at Daksha Fellowship’ 2021. She was a merit scholar and graduated top of her class with a degree in law. Her areas of interest include Technology Law, IPR, and Criminal law. She is also actively involved in public interest litigation and RTI advocacy.