Security and privacy, while interconnected, serve different purposes in the context of digital communication. Security addresses the “how” of data protection. It encompasses the methods and mechanisms that prevent unauthorized access, such as encryption protocols, authentication systems, and access controls. When we discuss security in messaging apps such as Signal, we’re talking about features like end-to-end encryption, which ensures that only intended recipients can read messages. Privacy, on the other hand, addresses the “what”—the policy and design choices that determine which data is collected and how it’s handled. Privacy concerns include data minimization principles, purpose limitation, user consent, and data retention policies. In messaging apps, privacy manifests in decisions about metadata collection, user profiling, data storage and most importantly, data sharing practices.
When it comes to data collection, sharing, and retention, informed consent is a core ethical principle that is often overlooked. Often, individuals are not made aware of the extent to which their data is collected and handled, nor are they given the opportunity to opt-out. This lack of transparency, which occurs by hiding details in fine print or completely omitting them, violates the ethical norm of informed consent, which is fundamental to privacy.
For many civil society organisations and human rights defenders, the right to privacy is perhaps the most infringed upon digital rights. Surveillance activities carried out under the guise of national security or public safety, often infringe on their rights with little to no recourse. This means that at-risk CSOs and HRDs are always looking for ways to navigate the internet while leaving as little information that can be tracked behind especially when handling sensitive information.
The 2013 Snowden leak revolutionized security and privacy designs for web apps as it exposed not only the extensive capabilities of government surveillance but also the degree to which tech companies cooperated with intelligence agencies. The leak catalyzed the development of privacy-focused technologies including the mainstream acceptance of end-to-end encryption. During major protests, such as the 2020 Black Lives Matter movement, Signal has always stood out as a tool for mobilization and organization. Given that many messaging apps boast strong security features and that WhatsApp employs the same end-to-end encryption technology as Signal, why do many at risk individuals and organizations prefer to use Signal?
Signal’s approach to digital communication prioritises both security and privacy. From a security perspective, it implements state-of-the-art end-to-end encryption through the Signal Protocol, which has become the gold standard for secure messaging. The protocol’s open-source nature and peer-reviewed cryptography provide transparency and trust that proprietary systems cannot match.
What makes Signal attractive is the privacy features. Unlike many competitors, Signal deliberately minimizes metadata collection—the information about who communicates with whom, when, and how often. This “privacy by design” approach starkly contrasts with mainstream platforms that collect extensive user data for various purposes. Traditional messaging services, even those with end-to-end encryption, typically know who is sending messages to whom. Sealed Sender conceals the sender’s identity from Signal’s servers, dramatically reducing observable metadata. Additionally, Signal’s servers remain ignorant of group membership and structure. The system implements secure fan-out for message delivery while maintaining group privacy, ensuring that even Signal’s own infrastructure can’t monitor group associations. The local-only storage policy also means that messages can’t be accessed from Signal’s servers—because they’re simply not there.
| Feature | Signal | Telegram | |
| E2EE Default | Yes | Yes (but metadata shared with Meta) | Only in “Secret Chats” |
| Metadata Collection | None (Sealed Sender) | Extensive (IP, timestamps, contacts) | IPs, usernames |
| Ownership | Nonprofit | Meta (for-profit) | For-profit |
| Open Source | Fully (client & server) | Partial (client only) | Partial (server closed) |
Comparative Analysis of Signal and Similar Apps
Granted, logs and data retention, are needed to prevent security problems. However, in the age of mass digital surveillance, data collection and retention can be viewed as dangerous to end users because it presumes everyone is a suspect, with their communication content and behaviour readily available for scrutiny. As such, privacy is shifting from just a cyber security issue to a systemic and societal one, where decisions about security must align with priorities that put the users’ rights first. Signal’s approach, while not perfect, demonstrates that robust security and meaningful privacy can coexist with usability. The platform’s success in serving diverse user groups across the globe shows that privacy-first design need not compromise functionality–it can instead create a foundation of trust that prioritises user rights.