https://tim.kicker.dev Tim's Blog 2023-07-18T13:08:40.000Z https://tim.kicker.dev/2023/07/18/telegram/ Should it really be Telegram? <img src="/2023/07/18/telegram/telegram.jpg" class="" title="Stock image by Daniel Weibel"> <p>In recent years, WhatsApp has become one of the most popular messaging apps worldwide, connecting billions of people across the globe. However, beneath its seemingly user-friendly interface, there are growing concerns about privacy, security, and the impact of its corporate parent, Facebook. As a result, many users are seeking alternatives to WhatsApp that prioritize their digital well-being. However, it seems like most people are switching to another messenger that I’m pretty unsure about.</p> <h3 id="It’s-open-source-Right"><a href="#It’s-open-source-Right" class="headerlink" title="It’s open source. Right?"></a>It’s open source. Right?</h3><p>Telegram states the following on their website:</p> <blockquote><p>Telegram apps are open source and support reproducible builds. Anyone can independently verify that Telegram apps you download from App Store or Google Play were built using the exact same code that we publish.</p> <footer><strong>Telegram</strong><cite><a href="https://telegram.org/apps">telegram.org/apps</a></cite></footer></blockquote> <p>While those two sentences are not wrong, they are dangerously misleading consumers. See, what they are stating here is that their <strong>clients</strong> are open source. Their server code however still remains <strong>closed</strong> and therefore we do not know what Telegram actually does with our data. </p> <h3 id="No-encryption-no-peace-of-mind"><a href="#No-encryption-no-peace-of-mind" class="headerlink" title="No encryption, no peace of mind"></a>No encryption, no peace of mind</h3><p>While Telegram offers end-to-end encryption in its “Secret Chats,” this feature is <a href="https://www.howtogeek.com/709484/how-to-start-an-encrypted-secret-chat-in-telegram/"><strong>not enabled by default</strong></a> for regular chats. This means that the content of your conversations may not be fully secure unless you specifically <strong>opt in</strong> for Secret Chats. Telegram has also faced criticism regarding the lack of independent audits of its encryption protocols, unlike Signal, which has undergone extensive third-party security audits. Without such audits, it is rather hard to prove that their E2EE is powerfull enough.</p> <h3 id="But-what-should-we-use-instead"><a href="#But-what-should-we-use-instead" class="headerlink" title="But what should we use instead"></a>But what should we use instead</h3><p>There are many other great privacy respecting messenging apps which i’d rather use than telegram. I’ve listed my favorite ones below:</p> <p><a href="https://www.signal.org/de/">Signal</a>: Known for its strong encryption, Signal offers end-to-end encryption by default for all conversations and has a focus on user privacy. Like I already said, it has undergone independent security audits and is widely regarded as one of the most secure messaging apps available.</p> <p><a href="https://wire.com/de/">Wire</a>: Has a more modern looking user interface than Signal but also has ungergone security audits</p> <p><a href="https://threema.ch/de">Threema</a>: Probably the OG because it’s the oldest one. Also requires no phone number to sign up (!!!)</p> <p><a href="https://element.io/">Element</a> (Matrix): Element is an open-source, decentralized messaging platform that uses the <a href="https://matrix.org/">Matrix protocol</a>. </p> 2023-07-18T13:08:40.000Z https://tim.kicker.dev/2023/05/18/whatsapp-analyze/ Data about data <p>I am a huge fan of gathering, analyzing and evaluating data. Creating statistics and colorful graphs just has something to it. But the interesting part is not necessarily the data itself, it’s the data about the data. How often does something occur, at which time and by whom are very important characteristics when it comes to creating patterns.</p> <p>For example, let’s look at the two weekday-graphs of two different WhatsApp chats of mine.</p> <p><strong>Weekdays Chat A</strong></p> <img src="/2023/05/18/whatsapp-analyze/hourchartA.png" class=""> <p><strong>Weekdays Chat B</strong></p> <img src="/2023/05/18/whatsapp-analyze/hourchartB.png" class=""> <p>It is not that hard to figure out the difference between those two graphs. The number of daily messages in A is pretty stable except for Friday and Monday, which are two extremes. Maybe this could be about a friend group planning what they’re going to do on the weekend? The general quantity of messages is also lower as in figure B. The second chat also has a huge gap between Sunday and Saturday. Could this be a group chat related to work? Or is it someone close who happens to live in the same house?</p> <p>You can see that it is possible to gather connections and create assumptions about certain topics without even looking at the data itself. Now let’s take a deeper look.</p> <p><strong>Days-Heatmap Chat A</strong></p> <img src="/2023/05/18/whatsapp-analyze/heatmapA.png" class="" title="This is an example image"> <p>How interesting. We can see that the group is most active between the end of January till May and spikes again in October. If you happen to live in Austria, you probably know what that means. See, in most areas, the Austrian summer break for students lasts from June till the beginning of September while Christmas lasts from December to January. There is also one small break during November. You can clearly see that this could be a chat between friends who happen to be students but don’t have the same classes together. They probably spend a lot of their free time together, which explains the lack of data during the breaks. No one texts another person while they’re sitting next to them… right?</p> <p><strong>Days-Heatmap Chat B</strong></p> <img src="/2023/05/18/whatsapp-analyze/heatmapB.png" class="" title="This is an example image"> <p>We can see that the amount of messages remains pretty stable. This could prove our theory of two people in the same household as true. Maybe the gap in August could be a planned vacation?</p> <p>It would be pretty frighting if I told you all our assumptions were correct. Right? You may now probably recognize that metadata is a lot more valuable than you originally thought. But what conclusions can we draw from this newly gained awareness? </p> <p>Most people rely on the encryption of their messaging apps. If no one can read my data then I am safe, right? No. As we can see, an attacker does not need access to your communication in order to gather valuable information.</p> <p>If you want to look more into this topic, I’d recommend watching <a href="https://www.youtube.com/watch?v=-YpwsdRKt8Q">Daniel Kriesel’s 33c3 presentation</a>.</p> 2023-05-18T14:26:18.000Z