In today’s online world, messaging is often regarded as the brains of personal and business communications. Here, there are two big rivals in the messaging market – WhatsApp and Telegram. And each messaging platform has its own unique privacy and security features to address concerns about security. But most people, even very knowledgeable users, take their own messages forward on their computers through web clients, which opens some difficult questions about security, privacy and data protection. In this article, we explore the security details to login to the web version of WhatsApp, as well as exploring the specific privacy plans of Telegram Chinese operations.
Understanding the WhatsApp Web Version Login Mechanism
The WhatsApp web version login is a convenient feature that lets you mirror your phone’s WhatsApp account to a computer. The security of this system revolves entirely around your mobile device. When you do the Whatsapp网页版登入, your browser connects directly to the servers of WhatsApp. Instead, it initiates a connection with your phone. (The phone acts as the primary transport for all encryption and decryption activities. ) This means that if the phone you use is compromised or offline, the WhatsApp web version login will not work. All of this, including the very critical WhatsApp web version login, depends on your phone being secure and having an active internet connection.
This dependency creates a security model: The initial login to WhatsApp web version uses a QR code that acts as a secure and one-time token. This is generally considered secure because it does not send passwords over the internet. The problem is the persistent session. If someone gets physical access to your unlocked machine (like my brother did), they can access all your messages without a re-authentication prompt, so the security of your local machine is critical after the initial WhatsApp web version login.
See also: Dressing with Intention: How Clothing Shapes Our Everyday Life
End-to-End Encryption: WhatsApp’s Forte
I’ll say only one thing good about WhatsApp is that it implements end-to-end encryption (E2EE). The security protocol, based on the Signal protocol, is applied by default to all your private chats and calls. And crucially, it is encrypted also at the WhatsApp web version login – the messages are encrypted on your phone, but are only decrypted when transmitted to the recipient’s device; not even WhatsApp’s servers can read the contents of your messages. So, whether you’re chatting from your phone or through a desktop after logging in to the WhatsApp Web version (it’s encrypted when transmitted to the recipient too), it’s all encrypted and remains secret between you and the recipient.
Obviously this level of encryption has its limits. The message itself will be encrypted but all the metadata ( who you ‘re talking to, when and how many times ) will not be.
The Complex World of Telegram Chinese and Its Security Model
So, we turn to Telegram and there’s a different mindset, a much more complex geopolitical scenario namely for Telegram users in China. AdvertisementTelegram has a cloud-based architecture. Your chats, groups and videos are stored on the Telegram中文. Hence, they’ll be synchronized automatically across multiple devices without any sort of “mirroring” that’s like logging in via WhatsApp (online version). This is tremendously convenient, but it means security concerns as well.
Telegram does not have end-to-end encryption. Only “Secret Chats” are end-to-end encrypted (they don’t sync to the cloud or anywhere else), however. Your normal cloud chats, which most people use, are encrypted between your device and Telegram’s servers (client-server encryption) but Telegram does have the keys for it, which is why they can theoretically access your cloud chat data, compared with what WhatsApp does (and what’s relevant here): This point is particularly controversial in the case of Telegram Chinese users’ data (and what they could be handed over to the police).
Data Sovereignty and the Telegram Chinese User Dilemma
The issue of jurisdiction of data is arguably more important. IM-based messaging service WhatsApp (owned by Meta) operates under a global data privacy framework, but has to respect legal requests by countries where it operates. Telegram, however, is hardly governed by the same rules. Telegram is officially banned in China, so many Chinese users use Virtual Private Networks (VPNs).
So, there is a risk profile, different from WhatsApp: For the Telegram Chinese user at least, the threat might not be a remote hacker, but a state actor. The convenience of cloud storage becomes a liability if, for instance, the platform is forced to divulge the information. Therefore, for Telegram Chinese users concerned about state surveillance, you only have to rely on Telegram’s “Secret Chats” function which has some limitations regarding multiple devices use.
Conclusion
So, how secure is your data? The answer is complex and depends on which threat model you are using. login to the web version of whatsapp is a way into a platform with very good, default end-to-end encryption which will protect your message contents from anyone (even WhatsApp) so your biggest vulnerabilities are the physical security of your own devices and unencrypted backups.
For Telegram users (Chinese) or anyone else the other way around is that Telegram provides much better convenience and powerful features, it just doesn’t have that much security promise on it as Telegram’s cloud-based model is more vulnerable to attack from servers, so does not cater well to people trying to protect themselves from sophisticated state trolls. To get the most security on Telegram one has to “Secret Chats” but that means losing out on the cloud functionality.
