Hey Folks! Someone in my family (Person A), has talked to a guy, who is working in the tech world, about if it make sense to use Signal, over Messenger, Snap, WhatsApp, with privacy in mind. The tech guy said, there is no difference, and that its not making sense to use it and that its almost the same. I know Signal is discussed alot here, but im now looking for some arguments, and facts to tell the one from my family, that the tech guy is wrong. What arguments can i use, why is Signal better in privacy, then the other alternatives? Person A, has always been sceptical about me beeing so privacy minded, and A thinks that there is nothing to do to protect, and is one of thoese saying : I have nothing to hide.
Edit: thank you for the help
Variants of this exact question seem to be asked at the rate of about 3 per week.
I don’t think there’s much of a point unless person A actually wants to make a change in their habits. It’s like trying to convince someone to switch to Linux.
A don’t wanna change mind, A always wanna be right, so I have to have the best arguments, not to make person a to switch, but to “win” the discussion 🙂
Both easy, backdoor them with the idea.
I managed to convince my family to switch by pointing out that the FBI and CISA both recommended switching to E2EE apps due to ongoing telecom hacks.
Sometimes, reality is enough to scare people into change.
I convinced my family to switch by giving them my Signal contact info and letting them know that that’s where they could contact me. I ditched my WhatsApp account when Facebook bought them, and never had any of the other accounts because I knew too much about the people behind the companies.
Signal is the only app on that list whose app is open source. That means it can be audited to see if they are telling the truth.
You cannot say the same for the others and you just have to take them at their word. Should we take Facebook at their word?
It’s also the only app on the list managed by a 501©3 non-profit, so you can additionally check where their money goes.
That’s true! I can’t wait to “shoot” back with arguments :-)
Also the FBI took signal to court and the only data they could provide was the date of signup and last login timestamp
This is an important extra point: being open source, a government can’t secretly mandate a back door, because everyone would be able to see it. For the other options listed, there are no guarantees.
They can put the backdoor in themselves though, see the recent xz backdoor. But the question is whether it would be found out or not.
For me it is not so much about personal privacy, as against concentration of power.
Insane money combined with capacity of invisible, precise manipulation of mass information is really hurting democracies. Big tech is already richer than most countries, and their negative influence is more visible than ever. So now we, who believe in democratic principles, have to vote not only with ballots, but also with our choices and our conscious attention. The least we can do is resist this concentration of power on personal level. Ideally - do it together.
This is how I see it too. It’s why I use Telegram (which I know is dodgy) but not Whatsapp.
Snapchat does not use end-to-end encryption for messages, so it doesn’t even belong in the conversation.
WhatsApp and FB Messenger are somewhat defensible choices since they at least use E2EE by default (Messenger did not until recently). However, there are a few good reasons to favor Signal:
- It is open source. Interested parties can actually verify that Signal’s encryption claims are true. Interested parties can also audit new versions as they released.
- Facebook/Meta, as a company, has a long history of tracking users, leaking user data, and even conducting psychological experiments on users without consent and in secret.
- WhatsApp and Messenger only allow 6-digit PINs to secure your messages. With that PIN, you can decrypt those messages. Signal allows for longer alphanumeric passcodes.
- Facebook makes no promises not to track your usage of Messenger or WhatsApp, only that the messages themselves are encrypted.
Here are 28 arguments for you to use.
that’s a lot of arguments
These are not designed to penetrate disinformation.
Practically speaking, there’s a huge difference.
RCS/iMessage are great. They’re a huge upgrade over SMS, however, the E2E statements they make aren’t really verifiable to the degree necessary to call them secure. They also require hardware compatibility, software compatibility, environment compatibility (root breaks RCS) as well as network compatibility so the pool of devices that work both ways with RCS is still pretty small. It’s frankly a mess. Default settings for most RCS/iMessage applications will attempt to send via E2E protocols and if it fails, it defaults back to sending SMS. So now your super secret content was just sent basically over cleartext if the protocol send fails. lol
Realistically speaking, he’s right. There’s no difference. People don’t casually message information which is important enough to require perfect forward secrecy. So at the end of the day choose which works best for you and if you do dumb shit like sending credit card and social security numbers over clearnet, then prepare to have your anus widened.
I personally prefer running an MTProto proxy on top of Telegram. I control the proxy, so I can view where the network traffic is going in transit for the most part. Is MTProto perfect? No. But it’s vastly improved since previous independent audits and it’s “good enough.”
If critically sensitive information has to touch a device with internet access then you need a mature security protocol like PGP or some other shared key cryptography so you can verifiably ensure you’re talking to whom you’re supposed to be talking to. If that’s something you’re interested in, give Keybase a try. It’s a really great platform built around a really great technology (PGP). The mobile application comes with a chat option that uses your PGP key to symmetrically encrypt your chat messages using Scrypt (with PBKDF2) making it significantly more secure than any other option mentioned here.
WhatsApp fails to include a libre software licence text file. We do not control it, anti-libre software.
And here I am waiting for Sup to be released by an adrenaline-filled code-junkie from Grand Prairie, Alberta…
If we can’t self host Signal, it isn’t much better than WhatsApp.
Send them both a bunch of videos from Naomi Brockwell (NBTV). Or buy them each a copy of her book
Signal is the best alternative to Meta messaging apps and to Snapchat for normies.
Signal is not the answer. Signal’s backend is essentially closed-source, and to my knowledge none of their binaries are reproducible with the code available. If you really want privacy and security in E2EE, you want somethjng that’s completely open-source (front and backend), and can be self-hosted entirely. Matrix is this.
Show them this: https://techcrunch.com/2025/01/22/whatsapp-wins-reprieve-in-india-over-user-data-sharing/
The dispute began when WhatsApp required users to accept expanded data sharing with Meta’s platforms or risk losing access to the messaging service. While European users can opt out of such sharing, Indian users cannot — a distinction that regulators found problematic.
Meta doesn’t know what you’re talking about, because WhatsApp is e2ee. But they know:
- who are you talking to
- when
- how often
- what else were you doing before/during/after the talk
- links that are shared (the preview fetch is not e2ee afaik)
These are all valuable metadata and given enough of it, they can even infer what you were talking about. Target you with ads on their other platforms (but rumors are that WhatsApp will have ads inside eventually)
(the preview fetch is not e2ee afaik)
Technically, it is, but end to end encryption only covers the data between the ends, and not what one of the ends chooses to do with it. If one end of the conversation chooses to log the conversation in an insecure way, the conversation itself might technically be encrypted, but the contents of the conversation can be learned by another. Or if one end simply chooses to forward a message to a new party not part of the original conversation.
The link previews are happening outside of the conversation, and that action can be seen by people like the owner of the website, your ISP, and maybe WhatsApp itself (if configured in that way, not sure if it does).
So end to end isn’t a panacea. You have to understand how it fits into the broader context of security and threat models.
I think that this is a pretty good reason.
If the billionaires are using it for privacy, then it is likely the best one.
I mean, how much do you wanna bet that they all had a private dinner with the other billionaires that own other apps and had a private conversation about whether their messages are actually private and able to be hid from the government?
