Uncategorized

Signal, WhatsApp & Telegram: Why You Should Continue Using Encrypted Messaging Apps

President-elect William Ruto in his meeting with Kenya Kwanza elected leaders said that Kenyans don’t have to use WhatsApp or Signal as his administration will not spy on their communications.

“Every Kenyan can now go back to their phones. You don’t have to use WhatsApp.You don’t have to use Signal. You can go back and use your normal phone because blackmail and intimidation threats have come to a stop,” he said

“I want to promise the people of Kenya that our administration will have nothing to do with the blackmail we have seen, the threats we have seen, and the fear that has been sold around the country that you cannot talk to this or that person because they don’t share your political views. I want to tell the people of Kenya that we are having our democratic country back,” he concluded.


It’s a good reassurance but it is still imperative to continue using encrypted messaging apps including Signal, WhatsApp and Telegram.

Despite what the government says, it’s now more important than ever to ensure your work and personal conversations are encrypted not only for journalists, and government officials but also for regular people.

End-to-end encryption ensures no interception of the contents of your conversations by third-party malicious actors. Messaging apps like WhatsApp, Telegram and Signbal are some of the popular encrypted messaging apps and here’s how to ensure your chats are private and secure.

Here are tips to help you fortify and take advantage of the privacy-focused features these apps boast of:

Popular Meta-owned messaging platform, WhatsApp has added really useful features this past few months. Over 200 billion messages and 7 billion voice messages are sent through the app by its over 3 billion daily active users.

WhatsApp Emoji Message Reactions

For encryption, WhatsApp uses the Signal Protocol that was developed by Open Whisper Systems -an open-source software ran by entrepreneur, security researcher and cryptographer Mathew Rosenfield(he goes by the pseudonym Moxie Marlinspike).

Facebook can’t read your WhatsApp messages thanks to this end-to-end encryption.

How do I protect my privacy and stay secure on WhatsApp

Disable Cloud Backups

Cloud backups are allowed on the app and are helpful when you get a new phone and want to keep your previous chats.

The reason why you’d want to disable cloud backups either on Google Drive on Android or Apple iCloud on iPhones is that these cloud services can hand over your data when law enforcement request it.

It’s unclear if WhatsApp informs a user when their account is being searched – its parent company Facebook lets know their account is being searched unless when they’re ordered not to.

These backups aren’t encrypted very well and thus your messages can easily be read.

“There is no middle ground: if law enforcement is allowed to circumvent encryption, then anybody can,” said Amnesty International in an open letter to Facebook.

It’s worth noting that WhatsApp doesn’t have open law enforcement guidelines like Facebook. WhatsApp can be ordered to install a pen device that provides metadata that WhatsApp’s encryption doesn’t keep private. Other pen registers can collect more information such as device identifiers and IP addresses.

The metadata WhatsApp collects is enough to help federal agencies figure out the behaviour of a person of interest.

Signal doesn’t store any such metadata – however, contact numbers are shared with Signal servers. Signal then uses hash encryption algorithms to brute force these hashes.

“The best practice is to purge this information(metadata),” said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union (ACLU). 

Good thing is that WhatsApp has rolled out encrypted backups to Android and iOS apps across the world. This feature now secures your Google Drive and Apple’s iCloud backups with end-to-end encryption.

How To Turn On Encrypted Backups on WhatsApp

  • Get the latest WhatsApp update via your respective app store.
  • Go to Settings
  • Click on Chats > Chat Bacup > End-to-end Encrypted Backup
  • Tap Continue. You’ll see prompts to set up a password or a 64-digit encryption key.
  • Click Done.

Set up Two-Factor Authentication

Two-factor authentication is a very important feature that you should not only enable on WhatsApp but also on all your online accounts.

WhatsApp Two Step Verification

You can either choose text-based, app-based or hardware-based (physical security key) 2FA methods.

SMS-based is easiest to set up and more adaptable for most users.

Each time you want to verify your phone number on WhatsApp, you’ll be required to create a six-digit pin created with two-step verification on the app.

Simply, open WhatsApp then head to Settings > Account > Two-step verification > Enable.

You can then opt to add your email address so that WhatsApp sends you a link via email to disable two-step verification in case you forget your PIN.

Once set up, WhatsApp will irregularly prompt you to reenter the PIN. These prompts will come in handy especially if another person is trying to add your number to a new device without your knowledge.

Here’s everything else you need to know

  • Encrypting your backups means that neither WhatsApp or Google or Apple will be able to read your backups.
  • You won’t be able to restore your backup if you forget your encryption key or password and if you lose your WhatsApp chats. WhatsApp can’t reset your password or restore your backup for you.
  • You can turn off encrypted backups too by clicking on Chats > Chat Bacup > End-to-end Encrypted Backup and then tap Turn Off. We don’t recommend it.

Manage how people can interact with your account

One of the first steps is to disable read receipts. Here’s a handy guide on how to do that for WhatsApp and other social media apps.

Control who adds you to Groups by heading to Settings > Account & Privacy > Groups and then opt out of the “Everyone” option which has been enabled by default to either “All of your Contacts” or “All of your contacts except the people you’ve blocked.

This ensures that people who want to add you to groups randomly will have to send you a text message for your consent.

You can also limit who sees your profile photo, about section, last seen, live location and the about section too.

WhatsApp added new Last Seen controls with a new option –  – My Contacts Except. This feature comes in handy when you only want your close friends or family members to only know when last you were on the app. 

WhatsApp Updated Last Seen Controls

This feature now extends to other privacy settings as well, such as “profile picture” and “about”.

Another step you can take is to disable notifications for both that appear on the lock screen or the notification shade so nobody reads the message preview without having to open the phone or the app itself.

Here’s a step-by-step guide on how to do that.

You should do this on a per app basis and not just WhatsApp only.

Now Read WhatsApp in 2022: All the Features You Should Be Taking Advantage Of

Telegram is another popular messaging app that puts privacy first. You can use this guide to migrate your WhatsApp chats to Telegram.

Plus Messenger vs Telegram app
Plus Messenger vs Telegram app

Here are a few things you need to change to protect your privacy and stay secure on the app:

Add a Passcode/Fingerprint

Set up a passcode or fingerprint to prevent people from snooping on your Telegram chats by opening the app, tap on the hamburger menu icon on the top left corner of the screen, then scroll to Settings[gear icon], head to Privacy and Security, scroll to the Passcode Lock, toggle on the Passcode lock and add a passcode.

You can also toggle on the unlock with the fingerprint option too. While you’re here set a time limit for the Auto-lock option too.

Enable Two-Step Verification

2FA also known as 2-factor authentication fortifies passwords with a second piece of information which involves a one-time passcode being sent at the time of login.

You should enable 2FA on Telegram especially if you use multiple devices. Do this by opening the app, tap on the hamburger menu icon on the top left corner of the screen, then scroll to Settings[gear icon], head to Privacy and Security, scroll to Two-Step Verification and then turn this feature on. Telegram will ask you to add a password that you can save.

Change What People Can See

You’ll have to change what personal information is visible to your Telegram contacts. Do this by opening the app, tap on the hamburger menu icon on the top left corner of the screen, then scroll to Settings[gear icon], head to Privacy and Security.

Telegram offers different options including blocking users, choosing who can see your phone number, profile photo, when you were last seen online, forwarded messages, calls and groups.

We recommend you set them to either My Contacts or Nobody.

Check Your Active Sessions

If you use Telegram on multiple devices, this step is important.

Open the app, tap on the hamburger menu icon on the top left corner of the screen, then scroll to Settings[gear icon], head to Privacy and Security, then scroll to active sessions.

This part lets you know which devices are connected to your account. You can terminate sessions on unknown devices – this will let you log out of all devices except for your current one.

Enable Secret Chat

A lot of users don’t know this but Telegram implements end-to-end encryption in a different way when compared to other apps like Signal or WhatsApp.

Telegram only encrypts user-to-server connections, unlike WhatsApp and Signal which encrypts user-to-user connections. This means Telegram is able to see the contents of the messages sent through the app – its servers store the messages for cloud sync.

If malicious actors got access to Telegrams’ servers, they would see all your conversations. Signal doesn’t store messages on the cloud but rather on your device, so malicious actors won’t see any of your conversations.

There’s some encryption on Telegram as internet service providers, network operators, and any third parties snooping on your internet activity can’t see the contents of your messages.

To have user-to-user encrypted chats, you’ll have to enable secret chats which are ephemeral as they aren’t saved on Telegram’s servers.

To enable this feature, click on a contact’s profile, tap the three-button drop-down menu on the top right corner and select Start secret chat.

You’ll see a padlock icon when secret chat is enabled. Click the three-button drop-down menu on the top right corner to set the self-destruct timer.

One downside of using Telegram for group chats is that they aren’t encrypted – the secret chat feature isn’t available for group chats. However, Signal already offers encrypted group chats by default.

Delete Messages by the Sender

Telegram offers users the ability to delete messages on both ends of the chat. To do so, select the message, hit the delete button[trash icon] and then a pop up will appear asking you if you want to delete the message for the sender too.

Ticking off this box will ensure the message is deleted on the other person’s chat too.

HIDE Telegram Notifications from appearing on your lock screen.

You should definitely do this on all your messaging apps.

Anyway, your Telegram message notifications shouldn’t be visible to anyone on your lock screen.

If you’re on Android, simply go to Settings > Notifications and Status Bar > Manage Notifications > Lock screen notifications > select “Do Not Display” or ” Display Title Only”

It is different on different Android smartphones, you can simply search Lock screen notifications on the search bar in the Settings page.

If you’re using an iPhone, open Telegram > click the three-dot menu icon to open Settings > scroll to Notifications > tap on “Background Notifications” and then click “show”

The best option is to pick “No name or message” You’ll be notified on the lock screen that you’ve received a Signal message but you’ll have to unlock the phone, and then unlock the app to see the message.

Secure your phone with a lock screen password and more

Set up a lock screen password, pattern or PIN to prevent people from snooping on your Telegram notifications.

Another thing is to frequently update the Telegram app to fix any security bugs.

While you’re here, update all the apps you have downloaded on your phone too.

You should also keep updating your phone’s system. Manufacturers usually send monthly security updates and you can check by going to Settings, scroll down to About Phone and check for System Updates.

Signal is a privacy-focused messaging app operated by the nonprofit Signal Foundation.

Signal

The app is free and available for Android, iOS, on the web. Signal has also been endorsed by the poster child for encrypted messaging, Edward Snowden, Twitter CEO Jack Dorsey and Elon Musk.

Here’s a privacy setting you need to enable right now if you use Signal. Go to settings, your account and change your PIN and turn on registration lock.

Key Signal Features

You can use the app to send end-to-end encrypted messages which include voice, text, photos, videos, contacts, GIFs, stickers, location and files.

You can also take audio and video calls and start a group chat with other Signal contacts.

In terms of messaging features, you are allowed to turn on or off typing indicators and read receipts.

Here are some handy tips to fortify Signal’s privacy features and help you stay secure

You’ll have to register Signal with a NEW NUMBER

It’s much better to have a new and private number for Signal and only use it for this purpose.

Signal uses your phone number to identify and using a private number that you haven’t connected with your other online accounts for privacy reason in case you ever publish/share your Signal number with strangers.

You’ll need to use Signal with ANOTHER device

Signal doesn’t allow multi-account support on the same app like Telegram and soon WhatsApp.

The good thing with Android is that it supports multiple user accounts on the same device.

Head to Settings and click Add user/profile. On the other “guest” user account, download Signal and then register it with the private number.

For iOS users, you’ll need to get another device – either an iOS device or an Android.

You can also choose to setup a different signal account on the desktop using the private number.

It’s worth noting that using Signal on the desktop as a Chrome extension is less secure as it is easier to hack your laptop/desktop.

You can read more here on the Cryptographic Engineering blog.

In short, the Signal app for mobile devices stores your data more securely on your phone since the app encloses your messages and encryption key within the app – other apps have no access to your data.

On the desktop(Linux, Windows and macOS), your Signal data is stored on the hard drive that almost all apps have access to.

Encourage your Friends and Family to switch to Signal.

People moving from WhatsApp or other unencrypted messaging apps to Signal is a good thing.

Encourage your friends and family members to switch to Signal if they haven’t already to ensure the privacy of your messages.

You can do what Nataliia did:

I told my close family that I’ll share pictures of my kid with them only by Signal. It worked!

— Nataliia Bielova (@nataliabielova) January 11, 2021

Something like this also worked for me. I simply said that if they wanted to contact me, it’s going to be via Signal or nothing. But that’s not an argument, it’s more like blackmail 🙂

— Stephan Neuhaus (@[email protected]) (@stephanneuhaus1) January 11, 2021

Secure your phone with a lockscreen password and more

Set up a lock screen password, pattern or PIN to prevent people from snooping on your Signal notifications.

You can also lock the app with a passphrase. Head to the three-dot menu icon, click on Privacy and then click on Enable Passphrase.

Sadly this can only be done with the Android app.

Another thing is to frequently update the Signal app to fix any security bugs.

While you’re here, update all the apps you have downloaded on your phone too.

You should also keep updating your phone’s system. Manufactures usually send monthly security updates and you can check by going to Settings, scroll down to About Phone and check for System Updates.

HIDE Signal Notifications from appearing on your lockscreen.

You should definitely do this on all your messaging apps.

Anyway, your signal message notifications shouldn’t be visible to anyone on your lockscreen.

If you’re on Android, simply go to Settings > Notifications and Status Bar > Manage Notifications > Lock screen notifications > select “Do Not Display” or ” Display Title Only”

It is different on different Android smartphones, you can simply search Lock screen notifications on the search bar in the Settings page.

If you’re using an iPhone, open Signal > click three-dot menu icon to open Settings > scroll to Notifications > tap on “Background Notifications” and then click “show”

The best option is to pick “No name or message” You’ll be notified on the lock screen that you’ve received a Signal message but you’ll have to unlock the phone, and then unlock the app to see the message.

DELETE your old messages

Signal supports disappearing messages[between 5 seconds and 1 week]. You may want to start using this feature, especially for sensitive conversations.

This will delete your messages from your phones. Signal doesn’t have access to your plaintext messages. The encrypted messages stay online for a very short period of time.

If your phone ever gets searched, your conversations don’t become compromised – because they don’t get exist.

On Android, open Signal > click three-dot menu icon a chat > select Disappearing messages > Choose between “off”, “5 seconds”, “30 seconds”, “I minute”, “5 minutes” all the way to 1 week.

On an iPhone, open Signal > open a chat > click on the person you’re talking to get Conversation Settings > Turn on Disappearing Messages > Select the time period you prefer.

You can delete them manually. However, they will be accessible on your recipients end.

Group chats also support disappearing messages.

Take Photos and Videos ONLY on the Signal App

You should stick to only using the Signal camera functionality when sending media to other people for them to remain encrypted. These won’t save directly to Google Photos, iCloud or OneDrive.

Also, the recipient can’t save them automatically to their phones. They’ll have to long-press the photo and choose to save it on their galleries.

YOU DON’T NEED TO SAVE THE contacts of people you’re sending messages to

This is a neat feature you should know if you are using Signal. You can have conversations with people not in your contact list.

This avoids them being backed up with your phone’s contact list to cloud services.

To do this, open Signal, tap the pen icon to start a new conversation, click the dial icon, input the number and then send them a message if that number has a Signal account.

TURN ON Always Relay Calls for Secure Voice and Video Calls

Your IP address can reveal your location when making voice or video calls.

Signal has a handy feature that allows users to relay their video calls through Signal’s servers. This ensures that your recipient only sees the server IP address and not yours.

If you’re on Android/iPhone, open Signal > click three-dot menu icon to open Settings > scroll to Privacy >scroll to Always Relay Calls and turn on that toggle.

It’s worth noting that enabling this feature will slow down your connection a little bit thus slightly reducing the call quality.

You should VERIFY safety numbers

This is to avoid “man-in-the-middle attack.”

Safety numbers are shared with Signal contacts such that your safety number with contact x is different than the safety number you share with contact y or z.

You should always verify that the safety number you share with contact x is similar to what they are seeing.

If the safety numbers are the same, then you have a secure encryption and can go on having a conversation with them.

If they are different, then a malicious actor is in the middle spying on everything being communicated as it’s an unsecure encryption line.

If you’re both communicating on Signal for the very first time, the app will automatically trust the first safety number it sees for both contacts.

You’ll however need to verify safety numbers for further communication between you and your contact on Signal so you aren’t compromised.

To do this, simply head open a Signal conversation, click on the contact’s name on the top of the screen and then tap “Verify Safety Number”

If you’re both in the same place, just quickly scan the safety numbers with the QR code offered.

If the scan is successful, you are on a secure encryption.

But if you’re far away, you’ll have to share the safety numbers on other channels like email, phone call[Highly recommended] or other messaging apps.

When you’re on the verification screen, tap the share icon to send it to them.

Your contact will then have to verify digit by digit with the numbers on their safety numbers.

Signal will alert you if a safety number has been changed and will ask you to verify especially on conversations. This will mean either your conversation is insecure as a malicious actor is trying to get access or your contact has a new device.

You’ll have to due the verification process explained to above to make sure its the latter rather the former.

Read Now: Moving From WhatsApp? Signal Is a Far Better Option Than Telegram For Your Privacy

Tech Habits to Adopt in 2022

Articles in this stream

Here’s how to protect your privacy and stay secure on:


Related Articles

Leave a Reply

Your email address will not be published.

Back to top button
WP Twitter Auto Publish Powered By : XYZScripts.com