Mindful Messaging
Why it is important to consciously choose your messaging platform, and what to consider
personal ideas privacyOur decisions compound over time, and choosing the systems we use to communicate is a direct expression of whether we preserve control over our data or gradually give it away.
The case for Signal
Signal hits the sweet spot between easy-of-use, features, and privacy. No self-hosting required, account setup is minimal, and all platforms are supported
Signal gives you protection from casual data harvesting, corporate data aggregation, legal access / subpoenas, and network-level surveillance
The proof is in the legal requests where only registration date and last connection time could be provided. Further evidence comes from regular third-party audits and constant peer-reviewed academic scrutiny. It has also been tested in real-world high-risk environments for usage by journalists, activists, and security professionals globally. It also continues to function under censorship attempts and is reported by wide media outlets to continuously operate in restricted environments like Iran, Egypt, and UAE
The key piece here is privacy.
- Minimal data collection
Signal strives to know as little about its users as possible. There is no way to access the contents of messages being sent over signal without control of the end pieces (e.x. recipient’s laptop)
- Metadata protection
Metadata is often more valuable than content!
Encryption protects content, but metadata must also be protected. Metadata includes who you talk to, when, and how often. Signal uses a “Sealed Sender” system to hide this, so you can’t see who is messaging whom. Signal is the only mainstream messenger which can do this
- Open-source transparency
Claims are verifiable. Long-term resilience
Both client and server are open sourced on GitHub. Even if a server is owned by a malicious actor, the claim that everything being sent to and from it is encrypted and not stored can be verified. The Sealed Sender protocol protects anyone except your recipient from knowing where the message originated. This is enforced client-sided, so you can be confident the server isn’t pretending to mask your metadata
External audits can be done without NDA constraints. Large pools of contributors increases chances of finding subtle bugs. Academics and industry experts can continuously analyze the system
If the original code takes a wrong direction, it can be forked
- Non-profit structure
Incentive. Independence.
Signal has no pressure to monetize your data. Decisions to make encryption stronger even if it complicates features can be made. Refusal to weaken protocols under external pressure. Reduced risk of “business model drift” or objectives changing. No acquisition or exit strategy and governance is mission-driven, not investor-driven. Independent from government, corporate partners, and advertising ecosystems
- Encrypted backups
Backups create a whole new level of risk. Signal encourages a local-first design, and backups are done encrypted. Other messaging platforms typically fall short on one or both of these
- Secure by default
Nothing to configure. No strange user-experience checkboxes. All conversations are “secret”. No gotchas or behind-the-scenes deals happening. No reliance on users “doing the right thing”
The common pushback against Signal
My contact is not on Signal
Every network grows through incremental migration, not mass switching. Individual adoption is the mechanism that resolves the problem
Dual use is frictionless. No loss of reach. No lock-in. No downside of partial adoption
Privacy benefits scale per conversation
It’s just another US company-owned messaging app
Signal Foundation is non-profit, and the software is open-sourced. This means it operates largely independent of government or national influence
I don’t need that level of privacy
Don’t assume that your data isn’t valuable, or that you are not a target of surveillance. In general, security benefits are undervalued in comparison to convenience. This is a misunderstanding. Privacy is in your control.
The case against alternatives
Whatsapp shares data with the Meta ecosystem
There are multiple major cases where Meta allowed, shared, or monetized access to user data in ways users did not consent to. One example is Cambridge Analytica (2013–2018) where data was used for political profiling and campaign targeting. Facebooks API (pre 2015) allowed apps to access user data + friends’ data by default. This created an ecosystem where user data flowed to external parties often beyond user awareness. Many other nefarious business practices are well documented on Wikipedia
Backups of Whatsapp data to Google Drive / iCloud (iOS). These backups are NOT encrypted. You can manually enable “End-to-end encrypted backups” in the settings, but many users do not know this
Brian Acton co-founded Whatsapp, but after it was sold to Facebook in 2014 he decided to target his efforts towards non-profit like Signal to address concerns with use around customer data and targeted advertising
| Key area of concern | Signal | Implication | |
|---|---|---|---|
| Business model | non-profit, focused solely on privacy | Owned by Meta, part of an advertising ecosystem | Whatsapp is incentivised to collect and monetize data. Signal incentivised to minimise data collection |
| Source code | Fully open source client and server; publicly auditable | Proprietary; cannot be independently verified | Signal’s claims are verifiable, Whatsapp’s claims are trust in Meta |
| Legal | Cannot provide meaninful data under subpoena. Stores almost nothing | Can provide contacts and usage patterns | Metadata can reconstruct your social relationships and patterns even without message content |
Telegram
Misleading “secure” positioning: End-to-end encryption not enabled by default. This contradictory positioning is suspicious as hell.
Telegram is solely owned by Pavel Durov. There is limited transparency around corporate structure, jurisdictional influence, and their internal decision making
Chats are stored server-side and accessible to Telegram
| Key area of concern | Signal | Telegram | Implication |
|---|---|---|---|
| Encryption default | Always on, E2EE everywhere | Off by default (only in Secret Chats) | Most users are not actually protected on Telegram |
| Server transparency | Open source (client + server) | Server closed source | Cannot verify Telegram’s claims |
| Metadata protection | Sealed Sender | No equivalent | Telegram can map your network |
| Storage model | Minimal server storage | Cloud message storage | Increased exposure and subpoena surface |
RCS
RCS is the next-generation form of SMS/MMS. It’s a nice addition, but ultimately falls short when it comes to security
| Key area of concern | Signal | RCS | Implication |
|---|---|---|---|
| Encryption | Always E2EE | Inconsistent / often absent | Messages may be readable in transit |
| Infrastructure | Independent non-profit | Telecom carriers | Subject to surveillance and interception |
| Standardisation | Single protocol implementation | Fragmented | Security varies unpredictably |
| Metadata exposure | Minimized | Fully exposed | Complete visibility into communication patterns |
Palantir
Palantir is an amplifier. If messaging platforms provide rich accessible metadata then it becomes analyzable at scale.