Fact-checked by the SnapMessages editorial team
Quick Answer
Signal applies end-to-end encryption to 100% of messages by default; Telegram does not encrypt standard chats or any group chats end-to-end. When the U.S. government subpoenaed Signal, it could produce only 2 data points per user. Most users treat both apps as equally private, which is factually wrong and potentially dangerous for sensitive health communications.
The Signal vs Telegram privacy debate is often framed as a contest between two encrypted apps, but that framing contains a fundamental error. Telegram is not an end-to-end encrypted messaging app by default, and the gap between what users believe they have and what they actually have is wide enough to matter. According to Backlinko’s 2025 analysis of Telegram’s own data, the platform now has 1 billion monthly active users, the overwhelming majority of whom communicate through cloud chats that Telegram’s servers can access.
For anyone sharing personal health information, therapy check-ins, or sensitive conversations through a messaging app, mistaking “popular” for “private” is not a minor configuration error. It is a health-data vulnerability.
The Encryption Gap Nobody Discusses Honestly
Telegram does not use end-to-end encryption for standard messages, group chats, or channels. Signal does, for everything, automatically. That single sentence contains most of what you need to know to make an informed decision.
Telegram’s cloud chat architecture stores message content on its servers in a form Telegram can retrieve. This is not a hidden flaw or a controversial interpretation. The Electronic Frontier Foundation’s January 2026 “Encrypt It Already” campaign explicitly named Telegram, calling on it to make end-to-end encryption the default for direct messages and classifying the lack of it as a “Defaults Matter” issue. The EFF does not use that language lightly.
Signal, by contrast, applies the Signal Protocol to every message, call, and video chat without any opt-in required. That protocol has been independently audited multiple times, including by the security firm Cure53, and has been adopted by WhatsApp, Google Messages, and Meta Messenger for their encrypted chat features. When competitors license your encryption standard, that is the most credible technical endorsement available.
What Telegram’s own documentation says
Telegram’s FAQ page explicitly describes two distinct chat types as a deliberate design choice. Cloud chats are stored on Telegram’s servers for multi-device convenience; Secret Chats use end-to-end encryption but require manual activation. This is not a cover-up. Users who believe Telegram is fully private by default are misreading the product, not being deceived by one. That distinction matters, because it shifts the burden of understanding onto the user in a way that most apps do not.
Cryptographer and Johns Hopkins University professor Matthew Green made this point directly. In an August 2024 post, he argued that Telegram should not be called an “encrypted messaging app” because it does not use end-to-end encryption by default, and he critiqued MTProto (Telegram’s proprietary encryption protocol) for its non-standard design choices.
Telegram should not be called an ‘encrypted messaging app’ because it does not use end-to-end encryption by default.
Key Takeaway: Telegram’s cloud chats and all group chats are not end-to-end encrypted by default. The EFF’s 2026 campaign explicitly called this out, and Telegram’s own FAQ acknowledges the two-tier chat design as an intentional trade-off, not a hidden flaw.
The Secret Chat Workaround, and Why Most Users Never Use It
Telegram does offer end-to-end encrypted messaging through “Secret Chats,” but the feature is functionally inaccessible for most of its billion users because of how it is designed and where it is buried.
Secret Chats must be activated manually for each individual conversation. They are device-specific, meaning messages do not sync across a user’s phone, tablet, or desktop. They are entirely unavailable for group chats, which is where the majority of community communication on Telegram actually happens. To start one, a user must tap a contact’s name, open a sub-menu, and select “Start Secret Chat,” a path that is invisible to anyone who has not been explicitly told to look for it.
The result is predictable. Research into user behavior consistently shows that when a secure option requires effort and a default option is convenient, the default wins. People sharing sensitive health information in Telegram groups, including therapy accountability circles, medication support communities, and mental health check-in groups, are doing so in a mode that is not end-to-end encrypted, often while believing the opposite.
There is a psychological dimension here worth naming. The gap between believing you are protected and actually being protected is its own form of cognitive dissonance. For people managing health anxiety or seeking safe spaces for vulnerable conversations, false security can be more harmful than acknowledged risk, because it removes the motivation to take protective action. If you are reviewing how you handle sensitive conversations across apps, the guide on securing your messaging apps before international travel covers several concrete configuration steps that apply equally to everyday privacy.
Key Takeaway: Telegram’s Secret Chat feature requires manual activation per conversation, is unavailable for all group chats, and does not sync across devices. The EFF’s 2022 Telegram harm-reduction advisory recommended users needing group chat privacy migrate to Signal or equivalent platforms.
What Signal Gets Wrong: The Phone Number Problem
Signal is the stronger choice for private communication, but it is not without a real limitation, and honest analysis requires naming it. Until recently, Signal required a phone number to register, directly linking an account to a real-world identity. For activists, domestic-abuse survivors, addiction recovery participants, or anyone in a sensitive health support network, that linkage is a genuine risk, not a theoretical one.
Signal introduced a username feature in 2024 that addresses this directly. Users can now connect and communicate without exposing their phone number to contacts; the number is hidden by default from non-contacts. This is a meaningful architectural improvement that most competing articles have not caught up to, which means many readers still encounter the outdated dismissal that “Signal requires your phone number” as though nothing has changed.
The configuration gap that still exists
The limitation that remains is a behavioral one. Usernames are optional. Phone number visibility settings are not automatically configured for maximum privacy. Users must actively go into Settings, then Privacy, then Phone Number, and change the visibility from “My Contacts” to “Nobody” to fully benefit from the username system. Most users never do this. The privacy benefit exists architecturally but requires deliberate action to activate, which puts it in the same category as Telegram’s Secret Chats: technically available, practically underused.
For a broader look at how to build consistent habits around these kinds of settings, the article on building a personal digital security routine offers a structured approach that does not require becoming a security expert.
Key Takeaway: Signal’s 2024 username feature allows users to communicate without exposing their phone number, but the phone number visibility setting must be manually changed to “Nobody” in Privacy settings. Most users never complete this step, leaving a real-identity link in place by default. See Signal’s feature history on Wikipedia.
| Feature | Signal | Telegram |
|---|---|---|
| Default Encryption | End-to-end for all messages and calls | Cloud encryption only (not E2E) for standard and group chats |
| Group Chat Encryption | End-to-end encrypted by default | Not end-to-end encrypted (no Secret Chat option for groups) |
| Monthly Active Users | 70 million (January 2025) | 1 billion (March 2025) |
| Law Enforcement Data Shared | Account creation date + last connection date only | 900 U.S. requests fulfilled in 2024; 22,777 users’ data shared globally in Q1 2025 |
| Protocol Audits | Multiple independent audits (including Cure53) | MTProto: significantly fewer independent audits |
| Phone Number Requirement | Required for registration; can be hidden via username (2024) | Required for registration; phone number visible in more contexts |
| Metadata Minimization | Sealed Sender obscures sender identity from Signal’s own servers | Cloud infrastructure retains metadata as part of feature set |
| Annual Operating Cost | $50 million (2025) | Revenue-funded via Premium subscriptions and business tools |
The Metadata Risk Both Apps Share, and Why Health Users Should Care More
Even strong message encryption does not protect metadata, and for people in health-sensitive communities, metadata can be more revealing than the messages themselves. Who you talk to, when, and how often creates a pattern that identifies you as a member of a support group, a therapy client, or someone managing a specific condition, without a single word of content being read.
Signal has addressed this more directly than any other consumer messaging app through a technology called Sealed Sender. Sealed Sender obscures the sender’s identity from Signal’s own servers, meaning even Signal cannot determine who is messaging whom in a given exchange. This is not a marketing claim. It is a documented architectural feature that places Signal in a different category from every other mainstream messaging option for metadata-sensitive communications.
Telegram’s cloud infrastructure, by design, retains metadata as part of what makes its multi-device sync and search features work. This is not inherently malicious; it is a consequence of the product’s architecture. But the consequence is real. Consider that Telegram fulfilled 900 U.S. law enforcement data requests in 2024 alone, affecting 2,253 users, according to TechCrunch’s analysis of Telegram’s transparency reporting. That number represented a significant policy shift, concentrated in Q4 2024 after founder Pavel Durov’s legal troubles in France.
The scale of that shift became clearer in early 2025. The Freedom of the Press Foundation reported that Telegram shared data on 22,777 users globally in Q1 2025 alone, compared to 5,826 in Q1 2024. That is a nearly fourfold increase in a single year.
Signal’s track record is structurally different. When the U.S. government subpoenaed Signal in 2021, demanding a user’s name, address, contacts, and call records, Signal was able to hand over only two data points: the account creation date and the date of last connection to Signal’s servers. That is not a marketing claim. It is a documented federal court record. For people managing sensitive health information through messaging apps, understanding how disappearing messages actually work is also relevant; the article on how disappearing messages work across different apps covers the mechanics in detail.
Key Takeaway: Telegram shared data on 22,777 users in Q1 2025 alone, a nearly fourfold increase from Q1 2024, per the Freedom of the Press Foundation. Signal’s Sealed Sender architecture prevents even Signal’s servers from logging who is messaging whom, making it categorically different for metadata-sensitive health communications.
Which App to Use, and When to Use Both
The honest answer is not “use Signal and delete Telegram.” The honest answer is that both apps serve real purposes, and clarity about which one fits which conversation is more useful than declaring a single winner.
Use Signal for any conversation that involves sensitive personal information: therapy progress, medication schedules, mental health check-ins, abuse recovery, chronic illness updates, or medical diagnoses. The EFF’s February 2025 community privacy guide states explicitly that Signal “provides the most extensive privacy protections” of common messaging apps and advises users who need group communication privacy to move away from Telegram. That is a specific recommendation from a credible organization, not a preference.
Telegram remains genuinely useful for public channels, large community groups, broadcast-style communication, and situations where privacy is not the primary concern. Its features are richer, its user base is vastly larger (with 70 million Signal monthly active users against Telegram’s 1 billion, per Signal’s own data), and there are real social costs to asking every contact to switch platforms.
Using both apps simultaneously, each for its appropriate context, is not a compromise. It is a realistic, sustainable approach. Insisting on a single perfect tool and then forcing the issue with reluctant contacts introduces its own social stress, which is itself a wellness consideration. The goal is deliberate choice, not platform purity. For context on how social engineering tactics exploit the same kind of misplaced trust users place in messaging apps, the piece on how hackers exploit social engineering is worth reading alongside this one.
Three concrete actions are worth taking this week, framed as acts of informed self-care rather than paranoia: configure Signal’s phone number visibility to “Nobody” in Privacy settings, understand which of your Telegram chats are not end-to-end encrypted (the answer is all of them, unless you manually activated a Secret Chat), and designate one app specifically for sensitive health conversations going forward. These are one-time configuration decisions, not an ongoing audit, and they take less than ten minutes total.
Key Takeaway: The EFF’s 2025 community privacy guide explicitly recommends Signal over Telegram for group privacy needs. With Signal at 70 million monthly active users and Telegram at 1 billion, the social cost of switching is real, making a deliberate dual-app strategy more practical than an all-or-nothing choice.
Frequently Asked Questions
Is Telegram end-to-end encrypted?
No, not by default. Telegram’s standard chats, all group chats, and channels use cloud encryption, meaning Telegram’s servers can access the content. Only manually activated Secret Chats use end-to-end encryption, and that option is unavailable for groups. Most of Telegram’s 1 billion users communicate in non-E2E modes without realizing it.
What data can Signal hand over to law enforcement?
Almost nothing. When subpoenaed by a U.S. federal grand jury in 2021, Signal could only provide the account creation date and the date the account last connected to Signal’s servers. No message content, no contact lists, no call records. This is documented in Signal’s published court response, not a marketing claim.
Does Signal still require a phone number?
Yes, a phone number is required to create a Signal account. However, a username feature introduced in 2024 allows users to communicate without exposing that number to contacts. To activate full protection, users must manually set phone number visibility to “Nobody” in the app’s Privacy settings, a step most users skip.
Are Telegram Secret Chats actually secure?
Telegram’s Secret Chats do use end-to-end encryption and are technically more secure than standard cloud chats. The practical problem is that they must be manually activated for each conversation, are device-specific (no cross-device sync), and are completely unavailable for group chats. These limitations mean the feature goes unused by the vast majority of Telegram’s user base.
Which app is safer for sharing health information?
Signal is significantly safer for sensitive health information. Its end-to-end encryption is automatic and covers all message types, its Sealed Sender feature minimizes metadata exposure, and its track record with law enforcement data requests is documented. Telegram’s cloud architecture and growing transparency report numbers make it a poor choice for private health conversations, particularly in group settings.
What is Sealed Sender and why does it matter?
Sealed Sender is a Signal feature that hides the sender’s identity from Signal’s own servers during message delivery. Standard encrypted apps protect message content but still log who is talking to whom; Signal’s Sealed Sender removes even that metadata. For people communicating with health support groups, crisis lines, or recovery communities, this distinction is meaningful because contact patterns alone can constitute sensitive health information.
Sources
- Signal Foundation, Government Data Request Response, Central California Grand Jury
- Electronic Frontier Foundation, Introducing “Encrypt It Already” Campaign (January 2026)
- Electronic Frontier Foundation, Building a Community Privacy Plan (February 2025)
- TechCrunch, Telegram Reports Spike in Sharing User Data with Law Enforcement (2025)
- Freedom of the Press Foundation, Telegram’s Growing Mountain of Data Requests (2025)
- Matthew Green, Cryptography Engineering Blog, Telegram Is Not Really an Encrypted Messaging App (August 2024)
- Backlinko, Telegram User Statistics (2025)
- Wikipedia, Signal (Software): User and Download Statistics (2025)
