Why is the messenger app Signal widely considered by experts to be more secure than Telegram?

The messenger app Signal received the highest rating on the Electronic Frontier Foundation's ' Most Secure Messenger List ,' and is officially used as a communication tool between U.S. senators due to its safety. However, Elon Musk and others are skeptical of the safety of Signal, and together with the messenger app Telegram , they are running a campaign to deny the safety of Signal.

This incident began on May 7, 2024, when the foreign media outlet City Journal pointed out that 'Signal's chairman of the board, Catherine Maher, was a former U.S. government- backed subversion agent and is opposed to a free and open Internet, which may put Signal at risk.'

In response to this criticism, Musk criticized, 'Signal has known vulnerabilities that have not been addressed. In addition, Musk's post is accompanied by a community note that says, 'Signal is appropriately addressing known vulnerabilities and has indicated its status of response .'

In addition, Twitter (now X) founder Jack Dorsey also commented on the article, saying he 'didn't know' about it.

Furthermore, Telegram, with the cooperation of Musk and others, is running a campaign to denounce Signal as insecure. In fact, Telegram CEO Pavel Durov is promoting 'Telegram is more secure than Signal,' and Matthew Green of Johns Hopkins University said the purpose is 'to get activists to switch from encrypted Signal to Telegram, which has little encryption.'

According to Green, the open source Signal protocol has been thoroughly reviewed by cryptographers and is the gold standard in the industry.

On the other hand, Telegram does not encrypt conversations end-to-end by default unless you manually initiate an encrypted 'secret chat', meaning all data is visible on Telegram servers and is often subject to investigation by intelligence agencies.

However, Durov criticized that 'Telegram has a reproducible build, whereas Signal does not.'

In response to this criticism, Green said, 'Because Signal is developed as an open source app, it is difficult to review the source code for the iOS version, which uses FairPlay encryption.' He also pointed out, 'Telegram has introduced a way to forcibly reproduce the iOS build, but this requires a jailbroken iPhone, and the app cannot be verified in its entirety, and some files remain encrypted and cannot be viewed, which is terrible.'

'Because of the nature of Telegram, I don't think it's actually secret, even in secret chat mode,' Green said.

Signal CEO Meredith Whitaker countered Musk's claims by pointing out that Signal uses encryption to keep data from falling into the hands of anyone other than those intended, that the protocols used by Signal are the gold standard in the industry, that Signal regularly undergoes professional audits, and that every update is scrutinized by a large community of information security researchers, so any malicious changes that could affect the security of the binaries are immediately detected.

'Because we're a nonprofit, we have no incentive to advertise bullshit in order to be acquired at a high price. Even if someone were to acquire Signal, we would reinvest the money in mission-aligned purposes under Section 501(C)(3) of the Internal Revenue Code ,' Whitaker said.

in Mobile,   Software,   Web Application,   Security, Posted by log1r_ut