Are you one of those many users who saw a notice to accept the “new” Privacy Policy and Terms when you opened Whatsapp recently? Thereafter, you saw lots of articles on social media with bold headlines (as usual), discussing the consequences of clicking the “agree” button. This has already become one of the trending topics early in the year and has fueled the discussions on privacy concerns, which desperately needed wider attention. However, did you know that the concern about Whatsapp sharing data with the entire Facebook group was started way back in 2016?! We have even alerted you to this on our article on Whatsapp which you can find here. Also, a recently published Wired Article discusses how users have only become aware about this mass data sharing when they saw the notification a few days back.
Then came Musk with the tweet “Use Signal” (yes, that is all) which shows another trend to #BoycottWhatsapp by switching to other apps, Signal and also Telegram. They are the two leading contenders for the “good-guy messenger”, and hence we thought it will be better to understand what makes these apps better (or worse).
Signal
Probably has one of the shortest privacy policies with just 440 words! However, this is not something your Law professor will recommend at all. The Signal app just requires your phone number for registration and other details such as profile name and picture can be added later if you prefer. And not only the messages, but also all your personal information are encrypted unlike Whatsapp, which only protects messages.
To find out if any of your contacts are using Signal, they use “a service designed to protect the privacy of your contact”, and information of the contacts “may be cryptographically hashed and transmitted to the server”. Additionally, they have features such as “Registration Lock PIN” to enhance the user data privacy.
So, how do they share the Information?
When you use third-party services like YouTube (Owned by Google), Spotify and Giphy (Owned by Facebook, in other words, the company you are trying to escape from) within the Signal app, privacy policies of those particular services will be applicable.
Furthermore, the company will share the following information,
- For Legal reasons
- To enforce applicable terms and conditions
- For user and company security reasons
Believe it or not, this is all Signal has mentioned about their privacy practices, which was last updated on the 25th of May 2018. (long time no see?)
Telegram
This app has two principles when it comes to privacy, which says that they,
- Don’t share user data to show ads.
- Only store the data they need to maintain the features and security of the app.
Compared to the Signal app, Telegram has many features, and hence they have a more complex privacy policy (yes, with many more words).
The app needs your phone number and some basic information such as profile name, picture and about information. Your screen name, profile picture and name will always be public (but doesn’t need to be a human name), but your real name, gender, age and what you like don’t have to be public. This may lead users to “pretend” to be anyone they prefer on their Screen Name. This may raise ethical questions in addition to the privacy concerns. (Telegram is notorious for the use of illegal activities as well.)
Your email address will only be used for 2-factor authorization, to use the Telegram Passport feature, and if you need to reset the password. “That’s right: no marketing or “we miss you” bullshit” as they say. Since they have different chat modes, the operations vary from one to another.
Cloud Chats – store messages, photos, videos and documents from your cloud chats, with encryption (not clear if it is end-to-end) to enable you to view them from anywhere around the world.
Secret Chats – offers end-to-end encryption and requires a secret key that only the participants will know. These chats are not stored in the servers, but only in the user devices, and Telegram also does not keep a log of the chat. Media you send in these secret chats are first encrypted and uploaded to the servers, but requires the secret chat key to open them.
“We (Telegram) don’t know what this random data stands for and we have no idea which particular chat it belongs to”
Public Chats – Also cloud chats that are encrypted but as the name says they are open to the public to see.
Unlike in Signal, the contacts are synced with Telegram to “notify you as soon as one of your contacts signs up” for which they use the phone number and the contact name. But you have the option to stop contacts from syncing with the app through settings.
And of course, it says that they use cookies just to operate and provide the service and not for ad purposes.
How do they use your personal data?
Unlike Whatsapp, Telegram is vulnerable for spamming due to the nature of its privacy policies, hence they need to take actions to prevent any spam attacks. Therefore, they will collect data such as your IP address, devices and Telegram apps you’ve used, history of username changes, and keep them for a maximum of one year.
BOTS BOTS BOTS
Telegram API allows anyone to create bots in the app to perform actions such as finding a gif or a song. Since these bots are made by third-parties, Telegram privacy policies will not be applicable either.
Bots can also get the screen name, username and profile picture when you interact with them. Along with the messages you send to them, IP addresses if you click on links or buttons provided by Bots, queries that you type to use a service from a bot, and group activity and messages if a bot is in a group with access to messages.
If you make payments through the app, Credit Card and other information will not be saved on Telegram servers but the particular payment provider’s servers. But users are able to clear all payment related info that are with both Telegram and service providers by using App settings.
Information will be shared among:
- Other Telegram users
- Telegram’s Group of Companies (reminds of whatsapp?)
- Law Enforcement Authorities
But the company allows you a number of rights such as:
(1) Request a copy of all your personal data that we store and transmit that copy to another data controller.
(2) Delete or amend your personal data.
(3) Restrict, or object to, the processing of your personal data.
(4) Correct any inaccurate or incomplete personal data we hold on you; and
(5) Lodge a complaint with national data protection authorities regarding our processing of your personal data.
How can you Delete Telegram?
If you want to delete the Account, you can do that by going to the Telegram Account Deactivation page.
If you want to delete messages:
- Secret Chats – If you delete a message in your device, it will be deleted from the other recipient’s device as well.
- Cloud Chats – You can “delete for all” within 48 hours after sending.
- Bot Chats – Any party can instruct to delete the entire chat history of both participants.
- Supergroups and Channels – You can “delete for all” but the deleted messages and original version of edited messages will be stored for 48 hours to be shown in the admin log. (almighty admin alert!)
Boom Mode – You can order all the messages in Secret chats to be Self-destructed after viewing, and by default your entire account will be deleted together with all the data if you do not come online for 6 months. You can also go to settings and reduce or increase this account self- destruction “timer”.
If you are seeing this, Congratulations! We hope that you are now ready to take a decision.
Tap the Agree button on Whatsapp or Uninstall it and get on board Signal or Telegram. But there may not be anything like a free lunch in the App world.
Written by: Rtr. Ashen Hirantha
Edited by: Rtr. Kalani Siriwardena
Editor
Editor