Secure Instant Messengers

January 19th, 2021 by Olga Koksharova
Category: «General», «Security», «Software»

In today’s world of everyone wanting a slice of one’s personal information, users become more and more concerned about the privacy. The WhatsApp/Facebook integration raised an additional concern, considering that Facebook-owned Messenger requests the largest number of invasive permissions among all commonly used messengers. Data privacy and security concerns are mounting like a snowball. 2020 brought multiple data breach incidents from popular blogging resources from LiveJournal whose users’ data was breached and leaked to the darknet to financial institutions like Postbank with 12M exposed credit cards, hospitality giants as Mariott with 383 million records compromised or even Microsoft customers who also suffered from privacy-related issues.

A few days ago, we conducted a twitter poll asking which instant messenger is trusted the most. We launched the poll after Facebook published a new privacy policy for WhatsApp. According to the new policy, the app was free to share user data with third parties. Almost 800 people took part in the survey, which clearly demonstrates the concern about privacy in communication apps.

Respondents’ answers split in the following way:

  • Signal – 46.6%
  • Telegram – 30.1%
  • WhatsApp – 15%
  • Other – 8.3%

During the two days of the survey, two major messengers fought for leadership, making it obvious that the majority are inclined to entrust their private correspondence to either Signal or Telegram. WhatsApp, which was one of the world’s most popular messengers in 2020 with its two billion monthly active users, lags far behind both.

Telegram and Signal are on the front line of privacy protection when it comes to data collection. Telegram only collects basic information such as the user’s contacts and their phone numbers, while Signal accesses only contact info which is not linked directly to you. Other messengers may collect a gazillion of irrelevant (but very tempting for the advertiser) data types, as many as an average social network.

Some respondents provided additional insight in the comments, suggesting alternative messengers that, in their opinion, ensure the elevated level of privacy. Most often recommended were Threema, Wire, Session, Wickr, Olvid, BiP, and Element. All of these tools advertise secure and private messaging.

We in Elcomsoft look at data privacy and security from a different angle. We evaluate instant messengers in terms of the possibility to gain access to the user’s personal data, and extract available information, regardless of what’s written in the vendor’s privacy policy. We have already completed the research and published the Forensic Guide to iMessage, WhatsApp, Telegram, Signal and Skype data acquisition.

The number of communication tools grows fast, especially at the time of working from home. New platforms emerge offering a different view on privacy and security or entertainment features. Some monetize by showing targeted ads or collecting and reselling personal information. Others are less fun to use, but offer greater privacy and anonymity. Today, privacy is a tradeoff between secrecy and monetization efforts. The choice is always yours.