There are people who state that Telegram are worse than WhatsApp regarding security (at least Nadim Kobeissi in this article) only because the default communication method in Telegram are not end-to-end encrypted (which means that your data "never" leaves your device). In order to enable end-to-end encryption in Telegram, you have to start a secret chat with someone.

All data on Telegram are stored encrypted

But the thing is that the encryption for both cloud chats and secret chats are the same! The only difference is that the data stays on the servers in cloud chats (hence the name). All data from cloud chats are in fact encrypted (source 1, source 2) with Telegram's own home-brewed encryption method called MTProto. And because the source code of MTProto are not open sourced yet (for a (to me) valid reason too), privacy oriented people say that Signal are much safer because Signal uses end-to-end encryption only.

But apparently, Signal has added a feature that offers server-side groups that uses the same technique (the same function, not the same encryption) as cloud chats on Telegram. Signal stores the chat data encrypted on their servers (important fact: in the US) just like what a reddit user stated: "Signal 'has' that information, but it's just gibberish to them." Same shit, different service.

Signal are no good privacy-wise

Signal share your phone number with third-party providers, but they do not tell us with whom (a big no-no in my eyes, especially when it comes to the US). And if the person you talk to are offline, or you are in a group chat that stores the data in the cloud, it will be stored encrypted on a server that Amazon owns. And because Signal are 100% based in the US, that data will only be safe until someone has cracked Signal Protocol's encryption and if that happens... well, everyone knows that USA have big privacy flaws. Telegram logs everything when using cloud chats (plus data via secret chat when someone is offline), but all my data are stored in Europe.

Humongous difference!

When I tried Signal once a more few months ago and added a person from Fosstodon, I immediately reacted negatively when I was forced to add that person with his/hers phone number! You should not add people with their phone number! However, Signal are working on adding usernames, a feature Telegram have had since 2013 or 2014: the option to add your own username, like t.me/edgren (which by the way is my username on Telegram). If no username is specified, you add people with their phone number (this also includes Telegram).

Telegram log metadata about its users and despite they do not tell us where this metadata is located, we can only assume that your metadata are also stored in the same data centers as what your data are stored in. Signal only logs when a user created the account and when the user was last seen.

Signal are based in the USA, Telegram's not

Adding usernames to Signal doesn't change Signal's privacy to the better if they add support for usernames because of user data. All data will be stored in the US and shared to third-parties even if you will be able to add a username to your Signal account. Meanwhile, at Telegram, the chat service have servers all over the world where your data are stored encrypted in different jurisdictions based on where you live. I live in Sweden, so my data are located in the Netherlands, a country known for its strict privacy laws.

Final thoughts

• If you don't want to share your phone number to any company, choose XMPP or Matrix or Jami.
• If you are okay with sharing your phone number with a company, but...
  • ...wants to control how and when people can see your private information, choose Telegram.
  • ...are okay with a company founded in the US and runs in the US and uses servers from Big Brother companies like Google, choose Signal.
• If you don't care about your privacy at all and thinks "I have nothing to hide" despite privacy doesn't apply to it at all, choose WhatsApp, Messenger, Skype, Discord, etc.