In other words, just removing the incentive for providers to log messages is already a huge privacy bonus, even if the encryption sucks.
Private Messages App Comparison: Telegram vs. Sky ECC
A secure private messages app has many different facets to it. While both Telegram and Sky ECC have end-to-end encryption, this is where the similarities between the two largely stop. Telegram has a number of missing features which can only be found in a comprehensive solution like Sky ECC.
This comparison of the two apps is going to show what they do for encryption, how they do it, how messages are transported, and summarize how your choice between the two will ultimately impact how secure you messaging experience is. See a quick comparison table at the end to see how it stacks up directly with Sky ECC, or visit our composite review of many apps!
Telegram vs. Sky ECC: encryption standards
When it comes to private message apps, the first consideration is always on the encryption standard used. Something being encrypted doesn’t mean it’s always secure as encryption standards are raised regularly as needs rise with them.
Telegram uses MTProto encryption, which was developed by the founder and based heavily on AES 256 as its encryption primitive. Many security experts are critical of the fact that they developed their own encryption standard rather than use an established one. This has lead to MTProto to being IND-CCA insecure.
This is made more frustrating by the fact that AES 256 is the standard used across the internet, and is widely accepted right now, but they didn’t just use it. Many different encryption needs are met by AES 256 online, and there’s nothing inherently wrong with it, but you could consider it the ‘bare minimum’ at this point in time.
Yes, as the video states, end-to-end encryption is not the default on Telegram. For the final summary of Telegram’s encryption standard, don’t listen to me: listen to Matthew Green…he teaches cryptography at John Hopkins:
Sky ECC’s encryption
Sky ECC uses 521-bit elliptic-curve encryption. This form of encryption is magnitudes more secure than AES 256 while also maintaining a shorter key length. This short key length leads to faster computation times than AES 256 even if they had the same level of protection. Both Sky ECC and Telegram are mobile apps, so speed and lower computational power are prime considerations.
Important things to know about ECC without getting into the math:
- The NSA’s Top Secret messages are sent using 384 bit ECC, which is magnitudes less secure than 521 bit ECC.
- The only ECC to be brute-force decrypted is 112 bit. It took 200 Playstation 3s over 3.5 months to do this. 521 bit is estimated to be broken by the world’s most powerful supercomputer in a matter of quadrillions (1 with 24 zeros) of years.
Elliptic curve cryptography is incredibly secure and appropriate for mobile devices running a secure chat app and, again, you don’t have to take my word for it as the Internet Engineering Task Force (IETF) had this to say:
“Elliptic Curve Cryptography (ECC) is emerging as an attractive public-key cryptosystem, in particular for mobile (i.e., wireless) environments. Compared to currently prevalent cryptosystems such as RSA, ECC offers equivalent security with smaller key sizes…Smaller key sizes result in savings for power, memory, bandwidth, and computational cost that make ECC especially attractive for constrained environments.”
ECC is the right tool for the job of a private messages app. Sky ECC uses it and Telegram does not. The stark contrast should be enough to motivate those who most need proper private messaging away from Telegram and towards Sky ECC.
Hardware: a private messages app weakness
One of the biggest weaknesses for private message apps is the hardware it’s installed on. Think about all of the apps which you have on your phone. Each one is a vulnerability point which could potentially have a backdoor, or have malware installed on it, but there is also the possibility of a hacker performing a kernel rollback. This is when they ‘roll back’ your operating system from the most current one to an older one which has a vulnerability to exploit.
Telegram is just as vulnerable to this as any other app which is not installed on a phone without:
- Kernel rollback protection
- Multiple layers of passwords
- Assurance is that the phone was not tampered with during manufacturing
- An encrypted container which protects the app from the rest of the operating system
These are all issues which the average phone has problems with, and installing Telegram on hardware like this means that it is not as secure as it could be.
Hardware used by Sky ECC
There are three phones which we have identified as being the most secure hardware available. At this time, they are manufactured by:
Not only are we using these very secure phones, but we phase out old phones once they are no longer as secure due to them not getting updates.
The iPhone 4 was great when it came out, but it is no longer supported and cannot be considered secure hardware. Anyone using older phones is putting their security at risk.
Sky ECC also offers kernel rollback protection, multiple layers of passwords, tamper-resistant chips, and our innovative encrypted container that protects the app from the rest of the operating system.
Company philosophies impact private message apps
The fundamental principles of how a company chooses to operate, including how it protects information, and how it is funded, are important considerations. A very secure app is great, Facebook Messenger is secure, but their company philosophy does not have privacy at its core as they love to harvest your data.
Let’s start by taking a look at the funding models for both apps:
- Telegram: Currently funded by Pavel Durov. This Russian has lead a rather… Eccentric life. He is currently in exile from Russia as they want to arrest him, and they want to do so because of his resistance to the Russian government trying to own everything he has done. Users of Telegram are at risk as the funder of their company could disappear in a Russian minute.
- Sky ECC: The app is funded by its users as it is not a free app. This is why users are given complete control of their data. We have no interest in user data, we don’t even collect basic user information and we encrypt metadata for even more security. We fund the app through the app itself, not harvesting your data and selling it to advertisers which puts you at risk.
There is also the consideration of the country which the company is located in:
- Telegram: At this time, Telegram is under the jurisdiction of the US, the UK, and Belize. The US and the UK are two of the most highly surveilled countries on Earth. The inclusion of Belize is not by accident, they currently have no data privacy protection laws in place. The laws in Belize are confusing, to say the least, as they do have a privacy act from 2000 which does not state whether or not it applies to digital privacy. This has led to issues in the past, and will lead to more until they clarify it.
- Sky ECC: Currently located in Vancouver, Canada where digital privacy laws and protections are well-established. While there is some surveillance, just as much as in any other nation, it is not anywhere near as prevalent as the US or the UK. Sky ECC’s end-to-end encryption ensures that attempted surveillance will lead to nothing but scrambled cipher-text.
The last consideration should be on how the company actually protects customers data through their policies:
- Telegram: The app collects both customer (no anonymous sign up options) and app data. This is because if the product is free, you are the product. Another big problem is that they do not have customer information. This means that your mobile number and name are clearly visible, which is a major issue for those of us with serious privacy and security needs.
- Sky ECC: This can be summarized very quickly as the app collects absolutely no data. You can sign up anonymously, we collect no customer information, and our app does not collect information as it is not part of our funding model. Not only is your mobile number and name kept as private as you want it, your phone number isn’t even involved as you are given a randomized Sky ECC identification number. This number is not associated with any identifying information. This app is all about security, and privacy, and nothing more.
This needed to be stated separately: Telegram does not turn end-to-end encryption on by default. Sky ECC does, and that is a huge difference between the fundamental functions of the apps.
Both of these apps call themselves private message apps, but only one of them is completely private. Read over the points above and I’m sure that you will come to the correct conclusion on which is truly a private messaging app.
The features of a truly private messaging app
An app has to build proper features into its core if it is to be truly private and secure. Here are the major points to consider:
- Contact approval: Absolutely anyone can get your mobile number, including people you don’t know who get it through someone you hardly know, and message you on Telegram. There is nothing stopping them from sending whatever they want in that first message. Sky ECC requires contacts to be approved before they can send you a message. The difference here is pretty clear.
- Photo storage: All photos on Telegram automatically go to your completely unprotected photo folder. There is an option to not send them there, but you have no assurances that photos you send will not be stored like this. Sky ECC has a secure vault which in not only encrypted, but also separate from the main photos on your phone and under a separate password. Your photos are protected by your phone password as the first layer, the app password and its secure container as the second layer, and a third layer with the Vault having another password. The only thing more secure is not taking the photo at all.
- Metadata: Telegram is not clear on whether they store metadata, and we know for sure that they do not encrypt it by default. Sky ECC stores no metadata at all which can be attached to any personally identifiable information, and encrypts it during transport using AES-256 encryption…which many of our competitors use to encrypt messages themselves.
- Self-destructing messages: Telegram does indeed have self-destructing messages which work to a point. The ‘point’ is that they haven’t disabled the screenshot feature, meaning that message you wanted to destruct in 30 seconds could live on forever. Sky ECC has foreseen this issue and disabled screenshots. We have also made it so all chat will expire in 7 days at most, or 2 hours at the least. Need it to disappear sooner? Our Flash Messaging feature deletes messages 30 seconds after they are viewed.
Private and secure features are the things which are built which make your life easier. Telegram has nice features, for certain, but they are not features which make you private or secure.
Private message apps comparison: Telegram & Sky ECC
Telegram is a good messaging app. It works perfectly well, has good design features, and is stable. As a secure and private messages app it absolutely pales in comparison to Sky ECC and should probably be deleted if that’s what you want it for.
The two are as different as a rotary landline phone is from the newest iPhone: they do the same basic thing, but one does it much better, and much more, than the other. You know which is which after reading this article, and can see it quickly in this comparison table:
You need to carefully weigh how secure you need to be, especially with your most valuable data. It would also be wise to consider support. Telegram has none. Lose a document? Tough. Look through their FAQ until you give up. Have a problem with Sky ECC? See for yourself using the button below that we have 24/7support!
Original article posted on: