- Data linked to you: Too much to list (see below)
- Free; business versions available for free, funded by Facebook
- Not open-source, except for encryption
- Encryption: Signal Protocol
Let's be clear: There's a difference between security and privacy. Security is about safeguarding your data against unauthorized access, and privacy is about safeguarding your identity regardless of who has access to that data.
On the security front, WhatsApp's encryption is the same as Signal's, and that encryption is secure. But that encryption protocol is one of the few open-source parts of WhatsApp, so we're being asked to trust WhatsApp more than we are Signal. WhatsApp's actual app and other infrastructure have also faced hacks, just as Telegram has.
Jeff Bezos' phone was famously hacked in January of 2020 through a WhatsApp video message. In December of the same year, Texas' attorney general alleged -- though has not proven -- that Facebook and Google struck a back-room deal to reveal WhatsApp message content. A spyware vendor targeted a WhatsApp vulnerability with its software to hack 1,400 devices, resulting in a lawsuit from Facebook. WhatsApp's unencrypted cloud-based backup feature has long been considered a security risk by privacy experts and was one way the FBI got evidence on notorious political fixer Paul Manafort. To top it off, WhatsApp has also become known as a haven for scam artists and malware purveyors over the years (just as Telegram has attracted its own share of platform abuse, detailed above).
Despite the hacks, it's not the security aspect that concerns me about WhatsApp as much as the privacy. I'm not eager for Facebook to have yet another piece of software installed on my phone from which it can cull still more behavioral data via an easy-to-use app with a pretty interface and more security than your regular messenger.
When WhatsApp says it can't view the content of the encrypted messages you send to another WhatsApp user, what is doesn't say is that there's a laundry list of other data that it collects that could be linked to your identity: Your unique device ID, usage and advertising data, purchase history and financial information, physical location, phone number, your contact information and that of your list of contacts, what products you've interacted with, how often you use the app, and how it performs when you do. The list goes on. This is way more than Signal or Telegram.
When I asked the company why users should settle for less data privacy, a WhatsApp spokesperson pointed out that it limits what it does with this user data, and that the data collection only applies to some users. For instance, financial transaction data collection would be relevant only to those WhatsApp users in Brazil, where the service is available.
"We do not share your contacts with Facebook, and we cannot see your shared location," the WhatsApp spokesperson told CNET.
"While most people use WhatsApp just to chat with friends and family, we've also begun to offer the ability for people to chat with businesses to get help or make a purchase, with health authorities to get information about COVID, with domestic violence support agencies, and with fact checkers to provide people with the ability to get accurate information," the spokesperson said. "As we've expanded our services, we continue to protect people's messages and limit the information we collect."
Is WhatsApp more convenient than Signal and Telegram? Yes. Is it prettier? Sure. Is it just as secure? We won't know unless we see more of its source code. But is it more private? Not when it comes to how much data it collects comparatively. For real privacy, I'm sticking with Signal and I recommend you do the same.