[dbrgn]

It depends on what you value.

- If you value features, then Telegram is surely ahead of Whatsapp in almost every aspect.

- If you value the encryption, I would trust Whatsapp more than Telegram. Telegram did some strange stuff with their custom cryptography invented by "rockstar mathematicians".

- If you value not giving metadata to the US / to Facebook, then don't go with Whatsapp.

- On the other hand, if you value having less metadata stored, then Whatsapp is probably ahead of Telegram.

If you value privacy, then both aren't good. They both put usability and features before privacy. Telegram was once branded as "the private messenger", but later rebranded as "the fast messenger". Now it says "a new era of messaging" on their website.

Telegram causes tons of metadata. All conversations and contacts are stored on their servers, which is closed source. Their multidevice system is built in a way that you will get access to all historic conversations if you manage to add a new device to the account (e.g. through SS7). Many of their latest feature (like games, payment, etc) cause a lot of additional metadata, some of which can be retrieved by third parties (e.g. by the game developers).

I'm biased (full disclaimer: I work for Threema), but if you value privacy, then go for a messenger like Threema, where the first priority is always privacy (e.g. no phone number required, no metadata or log storage, decentralized groups, and end-to-end encrypted decentralized profile pictures, the latter being something that no other mobile messenger does as far as I know). It has a clear business model and the protocol can be verified (even though the app is not open source).

Besides that biased suggestion, you might also be well off with something like Signal, although they're based in the US (secret court gag orders possible) and require you to give them your phone number (metadata).

(Edit: Formatting)

[Veratyr]

Since we're talking alternatives, there's also Matrix (https://matrix.org/) which:

- Is an open protocol

- Has Apache 2.0 licensed server and client implementations for most platforms

- Has server federation, so you can run your own and talk to anyone on any other Riot server

- Has (optional but I believe enabled by default now) full end-to-end encryption

- Has full multi-device support

- Doesn't require nonsense phone number signup

- Has bridges that connect other protocols, like IRC, to Riot

- Supports useful things like voice, video and attachments

It beats Signal hands down in my opinion.

Not affiliated with the project, just run my own server and use it constantly.

[Arathorn]

:) E2E isn't on by default yet in Matrix, although we're getting towards it...

[canes123456]

Why does Threema not use the Signal Protocol? Lack of an open source protocol makes it a non start for most uses of this. The protocol can not really be "verified" in any real sense. You can check that you can decrypt the message with nacl. All this doesn't show anything about a lack of bugs or backdoors.

Google and Facebook both decided to use the Signal protocol. Why should we trust a small company to do this correctly the first time? Without even being able to check what they are doing?

[dbrgn]

Threema predates the Signal protocol.

There is an open source re-implementation of the Threema protocol obtained by reverse engineering: https://github.com/blizzard4591/openMittsu There is also an (incomplete) implementation in Go: https://github.com/o3ma/o3/ Note that Threema does not disallow reverse engineering in their terms of service.

The fact that OpenMittsu can properly encrypt and decrypt messages that are compatible with the Threema apps should be proof that the implementation is correct. Also, since Threema is financed by selling the app with no external investors, there should be more incentive to stick to their promises than to cheat on their privacy-sensitive users.

And even if the apps and the server were open source, unfortunately it would still not be possible to verify that the version on Google Play / iTunes is the same as the published source code. I'm not aware of a way to create reproducible builds on these app stores either.

[nickik]

Threema is pretty old, before the Signal Protocol was well known. There was a talk about the security at 33C3 here:

https://media.ccc.de/v/33c3-8062-a_look_into_the_mobile_mess...

[webjac]

There's also a big thing where WhatsApp is way ahead of WhatsApp:

Multiplatform: You can use native telegram apps in iOS (both iPad and iPhone), Android, macOS, Linux and Windows. That's huge compared to WhatsApp.

Also, Telegram is not as dependant on the phone number as WhatsApp is. Once you have a username it becomes easier to set up new devices.

[FabHK]

May I know what you think of Wire?

[dbrgn]

My personal opinion: They had a good start, but it's still a bit unclear how they will make money since the app is free. There are multiple investors that will want to see a return on investment someday. Also, there are again some privacy tradeoffs to improve usability, e.g. the fact that a list of all your conversation partners is stored on the server until you delete your account. Finally, the servers run on Amazon (Ireland) and all development happens in the EU, so I doubt that Swiss jurisdiction is really applicable. But I'm biased :)