As WhatsApp launches its biggest upgrade in years, there’s one setting hidden within the app you should definitely never use—it could have dangerous results…

This year—2024—promises the greatest change to the global messaging landscape we have seen in a decade. Whether it’s iMessage co-opting RCS, WhatsApp’s third-party chat hub, Gemini AI slipping inside Google Messages or the DOJ lawsuit against Apple with iMessage playing a central role.

Many of those changes have one common theme—a misunderstanding of the end-to-end encryption that the likes of iMessage, WhatsApp and Signal have used for years, and which Google Messages and Facebook Messenger have just made default.

This level of full encryption is important enough that it prompted WhatsApp to warn that third-party chats would not be as secure as WhatsApp-to-WhatsApp chats, it was key to the DOJ warning that Apple makes iPhone users less secure by denying full iMessage security on Android, and it prompted Facebook Messenger to adopt it by default, despite heavy pressure from many governments and security agencies.

And so it’s surprising to see some media reports this week appearing to encourage users to transfer their existing chats and chat history from WhatsApp to Telegram. WhatsApp provides an export setting from within the chat menu, and you can select Telegram as the recipient. Back in 2021, Telegram announced that “starting today, everyone can bring their chat history—including videos and documents—to Telegram from apps like WhatsApp… This works for individual chats and groups.”

Why alarming? Well, despite its apparent security focus, Telegram is an outlier in that it does not provide end-to-end encryption by default. Its “secret chat” option needs to be selected for each 1:1 chat. “Telegram isn’t as secure as its developers boast,” Kaspersky warned last year. “By default, Telegram chats do not use end-to-end encryption, and nor does the messenger inform users about the secure chat option. Who could have thought that a user who just installed a messenger precisely because it was advertised as secure wanted to keep correspondence private?”

So, moving chats from WhatsApp, which is end-to-end encrypted by default, over to Telegram, which isn’t, is a major security no-no, I’m afraid. Especially group chats comprising otherwise secure content from multiple users.

Kaspersky again: “Even the notorious WhatsApp—part of Mark Zuckerberg’s data-hungry empire—uses end-to-end encryption by default. The user doesn’t need to do anything at all, there are no special checkboxes or anything: messages are protected from all outsiders (including the service owners) right out of the box.”

I warned when Telegram first promoted WhatsApp chat migration that this was a dangerous missteps for users, despite it coming in the midsts of a backlash against WhatsApp after Meta (then Facebook) threatened to change user terms and conditions. A plan that was quickly shelved.

As ESET’s Jake Moore advises, “pulling content out of E2EE messaging platforms removes the barriers designed to protect the messages. Accessibility may be vital in today’s online world, but it is not worth it if security and privacy are lost in the transition.” His point on accessibility is that Telegram advertises that it’s remarkably easy to use cross-platform. That’s true—because any client can tap into the content on Telegram’s central servers—if it was end-to-end encrypted, that wouldn’t work.

Telegram also advertises the reduction in smartphone storage, with everything stored in its cloud. Again, it has an architecture designed for access and simplicity, not for full encryption. The full lockdown of your data is based on policy not technology.

And so, on this one, I would strongly suggest that you don’t follow any of this advice to switch from WhatsApp to Telegram. It’s a backward step—whatever the marketing might suggest. And there are other issues you need to understand, of course.

Telegram plays polar opposite roles in the messaging world. On the one hand, it shoots for an easy-to-use, feature-filled alternative to WhatsApp—thus the migration option. But on the other, it is the wild west—or perhaps east, given its roots in Russia.

This week, Spain’s High Court suspended Telegram for lack of content controls. While earlier in the month, the Financial Times reported on Telegram’s similarities to the dark web, with the CEO of LexisNexis Risk Solutions’ government division describing the platform as “social media for organized criminals.”

Not just criminals of course, but campaigners and activists of all persuasions. “The explosion of Telegram’s criminal underworld,” The FT says, “is just one facet of the platform’s broader, dizzying rise in recent years, from a niche messaging app to an indispensable news source and resource for organizing, including in geopolitical and humanitarian crises such as the Russia-Ukraine war or Israel-Hamas conflict.”

This is not just another WhatsApp.

As I reported last month, new research from Guardio also warned that Telegram “has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and well-oiled supply chain of tools and victims’ data. Free samples, tutorials, kits, even hackers-for-hire—everything needed to construct a complete end-to-end malicious campaign.”

At that time, Telegram told me that “since its creation, Telegram has actively moderated harmful content on our platform including malicious tools. Moderators use a combination of proactive monitoring of public parts of the platform and user reports in order to remove content that breaches our terms of service.”

But the reports into the darker side of the platform continue to come. I have approached Telegram for any further comments on these widely reported issues, and whether it has any plans to match WhatsApp’s end-to-end encryption.

Meanwhile, it’s worth remembering the lesson we all learnt in childhood—just because something is easy doesn’t make it right or safe. The chat migration tool certainly makes it easy, but in reality it’s best left well alone…

Share.
Exit mobile version