technology

Is Clubhouse safe?

Despite its sudden success, the Clubhouse app appears to be missing some basic privacy and security features. Can you trust Clubhouse with your data? Let’s find out.

What is Clubhouse?
Clubhouse is an invite-only audio chat room app. Users can listen to live audio streams from virtual chat rooms and even join in discussions if the moderator allows it. At just over a year old and with 2 million users, including some of the world’s greatest minds, it’s easy to get caught up in the excitement. However, the app hasn’t managed to seduce privacy and security experts in quite the same way.

From Chinese servers to contact sharing, we dissect Clubhouse’s security misdemeanors to help keep you safe.

Data spillage
A month after the app’s release, a user was discovered streaming audio feeds and metadata from multiple rooms to another website. Admitting the “data spillage” in an interview with Bloomberg, Clubhouse said that this violated its terms of service, banned the user, and added safeguards to stop this from happening again. How safe those safeguards are is impossible to say at this stage.

Does Clubhouse access your contacts?
Clubhouse is invite-only. Once you manage to join, you can invite two other people. But there’s a catch. You have to give Clubhouse access to all your contacts to invite others.

Not everyone in your contact list is a trusted friend. It could include your previous boss, a bad ex, your hairdresser, business associates, or, if you’re a journalist, confidential sources. When you give an app access to a contact, not only are you telling the app that you’re connected to them, but you’re also telling the app that they are connected to you.

While granting an app access to your contacts isn’t big news, it poses some privacy issues:

Awkwardness: As soon as someone from your contacts joins Clubhouse, you’ll receive a “walk them in” notification. Tapping on it immediately throws you both into a private room, along with other Clubhouse users who also had them in their contacts. Wonderful if you get to reconnect with some old school friends. Weird if you get shoved in a private room with your ex and their new partner.
Blind consent: If you want to invite others, Clubhouse will pull up a list of your contacts who haven’t yet joined. Here’s the non-consensual part: Clubhouse ranks each contact based on how many people they already know on Clubhouse. This undermines people who haven’t agreed to have anything to do with Clubhouse. It’s also non-consensual if your Clubhouse contacts are revealed to someone you’ve blocked or are trying to get away from.
Government snooping
When you hear the words “plaintext” and “data” in one sentence, it’s rarely a good thing. Combine that with certain governments that prosecute citizens for opposing speech, and you have a recipe for disaster. Clubhouse audio messages leave no public record after the speech occurs, but the SIO discovered that users’ unique Clubhouse ID numbers and chat room IDs are transmitted in plaintext (unencrypted) to servers operated by Agora, a China-based company. What does this mean?

The Chinese government could access Clubhouse data.
Agora provides the “real-time voice engagement” part of Clubhouse. It transmits user data via Chinese servers to the rest of the world. Agora acknowledged that it would be required to support PRC law, including the oath to protect national security and aid criminal investigations by supplying user data. Since Agora claims they don’t store any user audio or metadata (except to monitor network quality), users are reassured. Partially. Given that SIO observed unencrypted room metadata being relayed to servers hosted and managed by China, the Chinese government can collect this information without even accessing Agora’s networks.

Clubhouse could violate your privacy and aid unnecessary data harvesting.
Researchers have discovered a flaw within Clubhouses’s backend infrastructure that could let hackers extract audio chat from the Agora API without having to use the Clubhouse app. Agora does not mix the audio from speakers into one track — each speaker is assigned an audio track containing metadata like their unique user ID. It’s also likely that Clubhouse IDs can be connected to user profiles, which means that your data could be harvested, including your phone number, the subjects you’re interested in, and who you’re talking to – not ideal in countries where certain speech is punishable.

Is your data safe on Clubhouse?
Is your audio data safe with Clubhouse? That depends on where it’s stored, how long it’s stored for, and whether your voice ever gets cloned.

How long is Clubhouse audio data stored for?

Clubhouse temporarily stores user audio for the purpose of trust and safety investigations (e.g. terrorist threats, hate speech, threats to children, etc.). But how long “temporarily” is, remains unknown. We are informed, however, that if no trust or safety report is filed, the audio is deleted.
Where is Clubhouse data stored?

To add fuel to the fire, Clubhouse’s privacy policy does not mention Agora or any other China-based data sub-processors. So, we don’t know where audio data is stored. If audio data is stored in the US, a federal law would prohibit the disclosure of information requested by the Chinese government. If Agora has access to Clubhouse’s raw audio traffic (which is deemed likely by SIO investigations), it could be intercepted and transcribed if the data is not end-to-end encrypted.
Can your voice be cloned from Clubhouse?

Adobe’s audio manipulator, Voco, can clone anyone’s voice in seconds by inspecting audio waves. Frighteningly realistic, you’d have a hard time defending an audio deepfake from someone’s actual words. Great as a silly joke between friends — not so great if you’re the president of a country.
Final thoughts
Voice notes are overtaking text, podcasts have the same demand as video, and forums like Reddit and comment sections are blowing up. Clubhouse is the natural next step for social media and a refreshing reprisal from a society soaked in images.

Now, you can drop into a live conversation about a new medical insight or talk to a researcher who is one of the best minds in their field. It’s great to hear that Clubhouse is operating a bug bounty program with HackerOne to weed out security holes. But what we also need from Clubhouse is a better managed outlet for discussion with tighter privacy controls. Clubhouse is still in beta mode, which is why we should demand privacy now instead of boycotting it later.

technology

DATA OF 1.3 MILLION USERS LEAKED IN CLUBHOUSE SECURITY BREACH.

It was only a week ago that hackers were able to gather personal information from billions of Facebook and LinkedIn accounts and were put for sale on the internet. It now seems as if Clubhouse had fallen prey to a similar attack. The audio-only chatting platform oversaw more than 1.3 million users having their records stolen and posted online on a popular hacker forum.

This means that consumers had all the data from their Clubhouse profiles leaked which consisted of their:

Full Names
User ID and username
Number of followers and followings
Other social media account handles
Account creation dates
Invites sent and who they were invited by on the app
Is Clubhouse’s API Susceptible to Allowing Mass Scrapes of User Data?
Clubhouse later came forward with a statement regarding the issue, claiming that they did not observe any form of a security breach in their systems. They went ahead and stated that the leaked data was already public information available to anyone and easily accessible through their API(Application Programming Interface).

These comments did little to ease the general public’s concerns and their user base, as this event showcased the position of Clubhouse with regards to their privacy policy. Public information was obtainable for a large number of accounts through Clubhouse’s API, which can have severe ramifications for user privacy.

Mantas Sasnauskas, a senior information security researcher at CyberNews, called this policy into question, stating that the platform allowed anyone with a token or an API to collect the entire library of public profile information from the Clubhouse app without an expiration period in place for said token.

He further added that despite Clubhouse having a privacy policy in place which does not permit unauthorized data mining and data scraping, they should take measures to make it difficult for anyone to scrape user data, rather than just writing a few sentences against it in their policy.

How Can This Impact Users?
The consequence of the public data being leaked online is that cybercriminals can use it to carry out attacks such as phishing and social engineering attacks. On the hacker forum mentioned above, the SQL database posted revealed only public Clubhouse profile information. There were no signs of sensitive data, such as credit card information, present for any user. However, for certain cybercriminals, this basic public information is sufficient and useful in their efforts to commit heinous acts against innocent individuals using these apps.

These individuals are able to compare information found in the leaked SQL database with other data breaches through which they create comprehensive profiles of their targets. This sets a platform for them to conduct identity theft against the people whose information they can find readily available on the hacker forum.

Next Steps
There are a few necessary steps that you must undertake if you are fearful that your Clubhouse profile information has been leaked and published online. This includes:

Avoid accepting Clubhouse connection requests from dodgy people who you do not know.
Going forward, create strong passwords and use a password manager tool to help you remember them.
Begin enabling two-factor authentication for all your accounts.
Be wary of suspicious emails and messages you receive online, as these can contain links that may lead to your privacy being compromised.

technology

Bluesnarfing: what you need to know.

When buying a technological device today, whether it’s a smartphone, a speaker, a keyboard or a smart watch, one of things people look for is Bluetooth compatibility. And who could blame them when Bluetooth has become a ubiquitous feature of technology that everyone can’t live without. But just like any technology, convenience can quickly turn into chaos when fallen into the wrong hands. With that in mind, here’s what you need to know to guard against cybercriminals when using Bluetooth.

Google paid a settlement fee of $7million for unauthorized data collection from unsecured wireless networks in 2013. While their intention likely wasn’t theft, many disagreed and called them out for Bluesnarfing, a method most hackers are familiar with.

What is it?
Bluesnarfing is the use of Bluetooth connection to steal information from a wireless device, particularly common in smartphones and laptops. Using programming languages that allow them to find Bluetooth devices left continuously on and in “discovery” mode, cybercriminals can attack devices as far as 300 feet away without leaving any trace.

Once a device is compromised, hackers have access to everything on it: contact, emails, passwords, photos, and any other information. To make matters worse, they can also leave victims with costly phone bills by using their phone to tap long distance and 900-number calls.

What preventive measures can you take?
The best way is to disable Bluetooth on your device when you’re not using it, especially in crowded public spaces, a hacker’s sweet spot. Other ways to steer clear of Bluesnarfing include:

Switching your Bluetooth to “non-discovery” mode
Using at least eight characters in your PIN as every digit adds approximately 10,000 more combinations required to crack it
Never accept pairing requests from unknown users
Require user approval for connection requests (configurable in your smartphone’s security features)
Avoid pairing devices for the first time in public areas.

technology

How to spot a fake Facebook account.

83 million Facebook accounts are fakes and dupes.

Whether you are evaluating incendiary political posts, a target of cyber-stalking or being asked for money, it is important to know how to separate real Facebook accounts from fake ones.

Over a period of nine months in 2019, Facebook removed more than 5.4 billion fake accounts, up from 3.8 billion for all of 2018 (source: Facebook Transparency Reportage).

“We estimate that fake accounts represented approximately 5% of our worldwide monthly active users on Facebook during Q2 and Q3 2019, Facebook says. “There are two types of accounts we identify as fake: abusive and user-misclassified.”

According to Facebook, there are several clues one should look for if they suspect a profile is fake by examining their names, photos, mutual friends and shared content.

NAMES

Names which are characteristic of fake accounts can use combinations of popular names (i.e. John, Sam, Rachel, Miller, Smith, Brown). This is true for all languages.
They can also include names of famous people.

PROFILE AND COVER PHOTOS

Types of images that could be red flags include: photos of models for their profile pic, photos of only themselves, photos that are “too perfect” (most normal users will not have a professional profile photo). Sometimes scammers will use photos of people in military uniforms or wearing formal attire, like tuxedos.

SHARED CONTENT

Some tell-tale signs of fake accounts include: a recent date of creation when it comes to timeline posts, almost no shared content, shared fake content, zero to few mutual friends.

technology

App permission consequences.

Now let’s take a look at some of the categories that apps might ask for access to. The consequences of granting access can be very damaging.

  1. SMS permissions.

If you allow a new app to access SMS, that new utility will be able to access MMS messaging systems as well as any SMS app you have on your phone, not just the one default SMS tool that comes with the Android operating system. Furthermore, an app with permission to access SMS will be able to read all of the messages you have stored in your SMS apps. It will also be able to intercept and read (and possibly alter) incoming messages and it will even be allowed to send out SMS messages from your phone.

  1. Phone call permissions.

The permission to access any communication service on your phone is a gift to any malware that wants to replicate itself by sending out Trojan programs to your Contacts list. If the worm can send those infections out from your Phone number, the hacker that wrote the original virus saves a lot of money and also hides his identity.

A malicious money-making app with permission to access your phone’s call functions can rack up your bill and make a ton of money for its owner by making repeated calls to premium numbers owned by the hacker.

  1. Camera permissions.

Apps that have the permission to access your camera can take screenshots of your activities, take photos and videos of you and your friends, and send those image and video files back to the writer of the app. Similarly, if an app has access to your microphone, any recording tool on your phone can be manipulated to record you without your knowledge.

  1. Location permissions.

The location feature on your phone can tell burglars when you are away from your home and can tell the owners of location-restricted websites and services that you are outside of their operating area so they can block you.

  1. Operating system and storage permissions.

Giving an app permission to access your storage allows data thieves to steal your information. It also opens the door to ransomware that can encrypt all of the files on your device and make them inaccessible until you pay for the decryption key.

Allowing an app to gain control of system settings could mean you lose access to your phone.

Turn off location services completely
On Android, the only way you can turn off access permissions is on a per app basis, as described above. This is the case with all categories except for the Location services of your phone. These can be turned off completely.

Turning off location services defeats geo-restricted websites that try to block your access from other countries. You can bypass their restrictions by using a VPN. However, many sites also check your location in the operating system and that defeats that masking action of the VPN because it gives away your real location.

The strategy of turning off location services completely doesn’t always work to get you into overseas websites. For example, even if you have a VPN operating, the YouTube TV site won’t give you access unless it can also check your phone’s location. You also lose the benefit of being able to track your progress along a route in a web map service.

However, if you want to turn off the location services on your Android phone, go to the Settings screen, scroll down to the Personal section, and tap on Location.

Android location 1

Click on the slider at the top of the Location screen.

Android location 2

Android permission problems
An example of a malware nightmare that will ruin your phone if you allow it to access the system is the Loapi Trojan, which Kaspersky Labs spotted towards the end of 2017. This malware is advertised as an antivirus utility or an adult content app. Once it is installed, the app will constantly demand permission to access the system. It will repeat the demand over and over again until you tap on Allow. You restart your phone to try to turn the app off, but that won’t work. When your phone starts up again, the first thing you will see is that demand for access.

The Loapi Trojan has a wide range of malicious functions. These include launching DDoS attacks on command on other internet connected devices, cryptocurrency mining, and frantic web page access to bump up income from recorded visits. The design of the Trojan enables its controller to load up new attacks on your phone at will. So this is a backdoor that will allow a constant stream of attacks to download onto your phone.

When investigating this Trojan, Kaspersky Labs loaded it onto a smartphone. Within two days, the excessive processing caused by the virus caused the device’s battery to bloat and the phone’s cover to warp. Basically, if you unintentionally download Loapi, you might as well throw your phone away.

The Trojan’s antivirus sweep will detect other antivirus programs running on your phone and alert you to allow removal of those programs, which Loapi falsely labels as malware. Again, the app will not take Deny for an answer. The prompt to allow removal of those programs will not stop until you tap on Allow.

If you have Loapi on your phone, you might try all of the steps outlined in this guide to remove its permissions. However, the defense mechanisms of this malware suite will lock the phone and shut down the settings screens, making it impossible for you to revoke its access rights. This vicious app is just one example of malware that will render your phone unusable.

technology

Virus alert! WhatsApp Pink link will give hackers control of your phone, don’t open it at any cost.

Disguised as a WhatsApp theme-changing APK, WhatsApp Pink is a malware link that installs a virus on your smartphone, giving hackers access to your device.

HIGHLIGHTS:

WhatsApp Pink link is being circulated online that claims to change your WhatsApp theme from green to pink.
This is a malware link that can allow hackers control of your phone.
The APK is disguised as an official WhatsApp update.

A new malware link disguised as a custom WhatsApp theme is making the rounds on WhatsApp group chats. Dubbed as WhatsApp Pink, the malware link claims to change your WhatsApp theme from the original green to pink. However, according to top cybersecurity experts, it’s a virus that allows cybercriminals to hack and take control of your phone. The virus may also take control of your WhatsApp account, and you won’t be able to access it.

What is WhatsApp Pink scam?

This dangerous WhatsApp Pink virus is different from the WhatsApp flaw that was discovered a week back. The flaw only allowed nefarious entities to suspend a user’s WhatsApp account. However, the virus not only restricts users from accessing their WhatsApp account but also gives hackers access to their phone.

Once a user clicks on the link, it takes them to an APK download page. The APK is disguised as an official WhatsApp update, so users might not know that it’s a modified APK that contains the virus. If a user installs the APK, they give hackers access to their phone. There’s a chance that just clicking the link does not download the virus on your phone. So, if you have already clicked on the link but have not downloaded and installed the APK, you might still be safe. If you have not received the WhatsApp Pink message yet, we advise you not to click on the link.

“DO NOT CLICK ON THE WHATSAPP PINK LINK AND INSTALL THE APK FILE. IT WILL LOAD A VIRUS ON YOUR PHONE THAT WILL GIVE HACKERS ACCESS TO YOUR DEVICE.”
WhatsApp has released its official statement on the matter.

“Anyone can get an unusual, uncharacteristic or suspicious message on any service, including email, and anytime that happens we strongly encourage everyone to use caution before responding or engaging. On WhatsApp in particular, we also recommend that people use the tools that we provide within the app to send us a report, report a contact or block contact.”

As much we have berated WhatsApp for its shady practices in the past, this response is genuine. We as users have to take responsibility for such attacks as anyone can send a malware-laced link to us. It’s up to us to judiciously decide whether to click on them or not. The easiest way to avoid such attacks is to never install popular apps from outside Google Play Store. So, beware of the WhatsApp Pink link and any such attempts in the future and protect your online privacy.

technology

Over 1 lakh Fake Nudes Made Using Deepfake Bots on Telegram :

The menace of deep fake pictures and videos is getting bigger and worrying. The latest revelation by an international cybersecurity firm will leave you shocked. Sensity’s researchers have found a “deepfake ecosystem” on the encrypted messaging app –Telegram, which is centered around AI-powered bots and can generate fake nudes on request.

The security firm claims that over one lakh women have been targeted and their personal “stripped” images have been shared publicly by the end of July 2020.

According to cyber experts, these stripped images can be misused by sharing it in private or public channels beyond Telegram as part of public shaming or extortion-based attacks.
Researchers say that the people are using these bots to mainly create nudes of women they know. They are copying images of their target from social media and after converting them it in nudes they then share and trade with one another in various Telegram channels. The software is used to generate these images is known as DeepNude.

Explained: How Deepfake bots on Telegram work.
Explained: How Deepfake bots on Telegram work.
To “strip” an image, a user simply needs to upload a photo of a target to the bot and receive the processed image after a short generation process.
There are various other similar underground tools but what is worrying about this bot service is that it easy to use and accessible. It comes with a simple user interface that functions on mobile phones as well as computers.

These bots are free to use, but they create fake nudes with watermarks or only partial nudity. However, users can pay it more to “uncover” the pictures completely.
“The number of these images grew by 198% in the last three months until July. Self-reporting by the bot’s users indicated that 70% of targets are private individuals whose photos are either taken from social media accounts or private material,” Sensity said in its key findings.

The finding also shows that the bot and its affiliated channels have so far got around over a lakh member worldwide. A maximum of 70 per cent is from Russia and ex-USSR countries.
The misuse of Deepfakes is becoming a big concerning as it allows to manipulate or fabricate visual and audio content on the internet to make it seem very real. These software are quite similar to face animation techniques used in movies.

technology

Beware! These 7 Google Pay and PhonePe scams will let hackers steal your money.

HIGHLIGHTS:

Requesting money, taking remote access of the phone, and vishing some popular UPI scams
SIM cloning and SMS forward scams have also cost people lakhs of rupees
Other common methods include fake helpline numbers and counterfeit UPI apps that trick users into giving them money.

Online payments services like Google Pay, Paytm, and PhonePe have grown in popularity over the past few years thanks to the government’s ‘Digital India’ push. UPI (or Unified Payments Interface) has made it easy for users to transfer money and our dependence on these services may have even increased during the ongoing coronavirus lockdown as people are forced to stay at home and make payments online instead of doing it in person via cash. Thus, this is the time to be extra vigilant when it comes to UPI scams as fraudsters try to dupe unsuspecting users since scammers are always on the lookout to trick users into giving them money directly from their bank accounts, and UPI is a great tool for them to do so. In fact, several people have lost thousands and lakhs of rupees in these UPI scams. Here are a few popular UPI scams through which fraudsters are able to scam people using apps such as Google Pay and PhonePe.

  1. Request Money scam
    One of the most common UPI scams is the ‘Request Money’ scam. This happens when a user receives a request to pay money instead of getting a payment, and isn’t paying enough attention to the transaction. OLX and Quikr are well-known for hunting grounds for frauds using this scam. On apps like Google Pay, PhonePe, BHIM, etc., there is an option to request money from another person, which is something fraudsters take advantage of. Say you’re expecting a payment from a person for a product you want to sell, but instead of paying you the amount, the person sends a payment request for that amount. You receive the request and, unassumingly, enter your UPI M-PIN. As soon as you enter the PIN, you have validated the transaction and the money gets transferred from your bank account to the fraudster’s account.

Example;

I Just got a call from +91 9064342853. Saying I hv got 3999 from @PhonePe_ as reward. The guy is still on call on 8:49. He even tried requesting me rs 3999 through phone pe. Please look into this number. I’m attaching some screenshots. @phonepe_safety @PhonePeSupport pic.twitter.com/7z2syFA4jj

— 🇮🇳SHIVAM KUMAR (@_EKANSH11) MAY 5, 2020

  1. Cashback/ refund scam
    This is a variation of the Request Money scam, wherein the scammer will call and pose as an agent of the bank or a major retail chain. She/ he says the user has been awarded some cashback and asks them to accept it via any UPI app of your choice. Many scammers even keep an eye on Twitter and Facebook for complaints shared by users on the platform; they then call as executives of such companies and promise to process a refund. Within seconds, the user gets a message mentioning the said amount on your UPI app; in a rush to encash the cashback, many users enter their PIN. However, this will be a payment request — UPI apps do not require users to enter PIN to accept a payment. This means they authorised a UPI payment from their phone instead of accepting money from the caller. This is a fairly common scam and many have fallen for it.
  2. Remote access/ Vishing
    UPI has a simple four-digit PIN to authorise transactions. The simplicity of this process also makes it easy for hackers to transfer funds from your bank to their accounts once they discover your PIN. One of the ways hackers can do this is by accessing your phone remotely using apps like AnyDesk. This is a remote desktop software that can allow hackers to gain access to your phone and all the OTPs it receives.

In such a scam, you can get a call from a fraudster pretending to be a bank representative calling regarding an issue with your account. They will then try to establish a conversation, asking for personal details such as your date of birth, name, and mobile number. They will then ask you to download an app like AnyDesk or ScreenShare or TeamViewer from Google Play Store. The fraudster will then ask for an OTP that is generated when setting up the app. They will also ask you to grant all the necessary permissions in the app. Once this is done, the hacker will have full control of your phone and can make transactions using your UPI account.

In such a case it is important to understand that a bank representative will never ask for your credentials such as passwords or OTPs. They will also never ask you to download a third-party app. If anyone asks you to do any of these over the phone, they are most likely trying to scam you. Notably, apps like Paytm will not work if you have a screen-sharing app installed in order to protect your confidential data.

  1. SIM cloning
    Another way fraudsters have been able to hack someone’s bank account is by cloning their SIM card without their knowledge. By cloning the number, the fraudster can receive OTPs, allowing them to change the victim’s UPI PIN and access banking apps and payments services like Google Pay, Paytm, and so on. The process for SIM swapping or cloning is not easy, which is why it’s not popular even among scammers. SIM swap fraud has been steadily increasing in India in recent times. Last year, a person reportedly lost Rs 25 lakh due to SIM cloning.

Notably, this method happens after some of the previous scams we mentioned such as phishing and fraudsters pretending to be bank representatives. Once they obtain enough personal information from the victim, they can call the mobile operator and convince them to block your SIM number. They will then obtain a new SIM and access your banking accounts via SMSs and OTPs.

  1. SMS forwarding scam
    This is a relatively elaborate scam in which the scammer will ask you to send an SMS from your phone in order to authenticate an order or to process a refund, etc. However, this SMS actually contains an alphanumeric identifier for your smartphone — this alphanumeric identifier tells UPI that the request to register a UPI account was made from the users’ registered phone number. When you send the requisite SMS to the scammer, they will get this alphanumeric identifier too, which allows them to register for a UPI account from your phone number. Then they will be able to steal money from your account. This usually involves the fraud guessing the UPI PIN based on the personal info they have of the user. However, there have been cases where the scammer convinced the user to give their PIN in order to process refunds etc.
  2. Fake helpline numbers
    This is a fast-growing UPI scam these days. When you search for something innocuous, like the phone number of courier service or a local restaurant, Google may show a listing that is unverified and actually belongs to a scammer. The scammer achieves this by optimising the website for social media as well as by registering as a business on multiple platforms to convince users (and Google) of its authenticity. When you call that number, the person on the other end will ask you for details or your package or take your order; then will request partial or even full payment to confirm the order via UPI. After this, money will be deducted from your account and the phone number will become unresponsive.
  3. Counterfeit UPI apps
    Counterfeit UPI apps are available by the hundreds on the Google Play Store, with names that try to trick the user into downloading them. These include and are pretty easy to spot due to poor ratings and few downloads. Nonetheless, if someone does end up downloading such an app, they can not only give away their phone number in the registration process but also their debit card PIN and access to their bank account. In many cases related to these fake banking apps, the OTP the user receives and then enters in the app is used to authenticate a payment/ transaction by the scammer.
technology

Telegram vs Signal: What is the best WhatsApp alternative?

The WhatsApp privacy policy has been bothering a lot of people. The date of the update and policy rolling out has passed and the lingering question still is “What is a good WhatsApp alternative?” There are multiple social messaging apps available. Apps like Google Hangouts, Google Chats, Telegram and Signal, among others have been up for consideration.

The two most popular options that a lot of people are considering are Telegram and Signal. There are a few things that users need to consider before making the switch. There has to be a lot of data transfer. Since the sole reason for the transfer is privacy, users need to choose based on the security features provided by both apps.

Telegram
Telegram started off as a messaging service in 2013 but the platform has transitioned into much more since then. The app now has a number of features and even channels. A lot of users think of it as a good alternative to torrent since torrent has its own share of problems in India. Apart from messaging, users can stream songs, movies and web series on the platform for free of cost. The app itself is free to download and use. Number of people are already making a switch to the platform from WhatsApp.

Signal
Signal is a fairly new social messaging platform that was launched in March 2021. The app has garnered a lot of attention and was considered to be a good alternative for WhatsApp. It is a simple messaging app that does nothing more. When compared to Telegram, it has a lot fewer features to offer. The interface is simple and easy to understand. New users will not have any difficulty in making a switch.

The Better Alternative
There are some differences between the apps when it comes to the treatment of data. One feature that was highly appreciated in WhatsApp was the end-to-end encryption of chats. If you are looking for an alternative that will encrypt all your chats including group chats, then Signal is the app to go for. Telegram does not encrypt all your chats. It only encrypts the secret chat. Signal even encrypts the metadata of your chats, so it does not know who you are talking to and for how long. Whereas, WhatsApp and Telegram do not encrypt your metadata and metadata encryption is important.

So if you are looking for the safest and most secure WhatsApp alternative, Signal is the way to go and not Telegram.