Privacy Comparison · WhatsApp · Telegram · Signal · Radar

How they actually compare —
scored across 27 criteria.

Most platform comparisons are written by marketers. This one is written from technical architecture and documented legal record. Every platform is measured against the same 10 positive privacy properties and 17 known risk factors — with no credit given for intentions, only for demonstrated design. The results are unambiguous.

Overall Assessment · All Four Platforms

The scoreboard

Each platform is rated on 10 positive privacy properties (higher is better) and 17 risk factors (lower is better). The net score is the difference. Only one platform achieves a positive score in both dimensions simultaneously.

📱 WhatsApp
✓ 4 / 10 ✗ 13 / 17
Net: −9
Good score − Risk count
Strong E2E encryption for content, but a surveillance ecosystem built around the metadata. Owned by Meta.
✈️ Telegram
✓ 2 / 10 ✗ 14 / 17
Net: −12
Good score − Risk count
The worst-scoring platform despite its privacy reputation. Not E2E encrypted by default. Founder arrested 2024.
🔵 Signal
✓ 10 / 10 ✗ 2 / 17
Net: +8
Good score − Risk count
Excellent privacy by design. Structural limitations remain: centralised, phone-number-anchored, jurisdiction-exposed.
Best Score
📡 Radar
✓ 10 / 10 ✗ 1 / 17
Net: +9
Good score − Risk count
Privacy-first, decentralised, serverless by default. No central infrastructure to subpoena, breach, or block.
"Only one platform in this comparison achieves a perfect score on positive privacy properties while also presenting the minimum possible number of risk factors. That platform operates without central servers, without phone number registration, and without any infrastructure that can be compelled, breached, or blocked by any government, corporation, or adversary." — DAL Technology Research Brief, 2026
Privacy Strengths · 10 Positive Properties

What each platform
gets right

Ten positive privacy and security properties, assessed against each platform's documented architecture and default behaviour. Partial credit where a feature exists but is not the default or is structurally limited.

✓ Strengths Matrix — higher is better
Privacy Property Telegram Signal Radar
End-to-end encryption by default No Yes Yes
Strong, widely vetted encryption protocol No Yes Yes
Minimal metadata collection No Yes Yes
No central storage of message content No Yes Yes
No advertising / tracking ecosystem Partial Yes Yes
No cross-platform data sharing Yes Yes Yes
No behavioural profiling No Yes Yes
Open source transparency (core systems) Partial Yes Yes
No server-side access to message content No Yes Yes
Privacy-first architecture design No Yes Yes
GOOD Score (out of 10) 2 / 10 10 / 10 10 / 10
Risk Factors · 17 Known Vulnerabilities

Where each platform
exposes you

Seventeen documented privacy and security risks, assessed against each platform's default architecture. A red cell is a confirmed risk. A green cell means the platform's design eliminates or structurally prevents that risk. Lower scores are better.

✗ Risk Matrix — lower is better
Risk / Weakness Telegram Signal Radar
Centralised infrastructure — single point of data control, failure & censorship Risk Risk Safe
Extensive metadata collection Risk Safe Safe
Social graph / contact network mapping Risk Safe Safe
Contact list harvesting Risk Safe Safe
Cross-platform identity linking Safe Safe Safe
Data used for advertising / commercial monetisation Safe Safe Safe
Message content accessible to provider (default use) Risk Safe Safe
Encryption not enabled by default Risk Safe Safe
Cloud storage of messages by default Risk Safe Safe
Vulnerability via cloud backups (iCloud / Google Drive) Risk Safe Safe
Business / third-party API data exposure risk Risk Safe Safe
Legal pressure exposure — IPA, PRISM-type compelled access Risk Risk Safe
Metadata accessible to authorities under lawful process Risk Safe Safe
Potential for large-scale behavioural profiling Risk Safe Safe
High-value surveillance / data aggregation target Risk Safe Safe
Proprietary or partially closed systems — unverifiable Risk Safe Safe
Endpoint / device vulnerability — universal risk for all software Risk Risk Risk
BAD Score (risks present — lower is better) 14 / 17 2 / 17 1 / 17
"Note: The single risk Radar shares with all other platforms is device-level endpoint vulnerability — a universal property of any software running on a physical device. It cannot be eliminated by any messaging architecture. Every other risk in this matrix is structurally eliminated by Radar's design." — DAL Technology Research Brief, 2026
Radar Architecture · Why the Scores Are Earned

How Radar achieves what
centralised platforms cannot

Radar's privacy properties are not the result of better policy or stronger intentions — they are the result of a fundamentally different technical architecture. The features below are not optional settings or trust commitments. They are structural consequences of how the system is built.

🔁

No Central Servers — By Design

Radar is a peer-to-peer application. There are no Radar servers routing your messages, storing your conversations, or aggregating your behavioural data. Communication happens directly between devices over Bluetooth LE, WiFi Aware, local network, or optional internet relay. There is no central point of failure, no infrastructure to subpoena, and no server operator to compel.

📡

Works Fully Offline

Radar operates without internet connectivity. Discovery and messaging function entirely over local radio transports (BLE, WiFi Aware 802.11mc, mDNS). There is no cloud dependency, no registration server, and no session that generates internet-level metadata. A network-level adversary watching your internet connection sees nothing, because nothing is sent.

🆔

No Phone Number Registration

Radar requires no phone number, email address, or government-linked identifier to create an identity or begin communicating. Every other platform in this comparison anchors its identity system to a phone number, which in most countries is tied to a real identity via SIM registration law. Radar's identity is device-based and user-controlled.

🔐

End-to-End Encryption — Always

All Radar messages are end-to-end encrypted by default, with no unencrypted mode. Because there is no central server, there is no server key to compromise, no operator capable of performing a man-in-the-middle attack, and no infrastructure whose key management practices need to be trusted.

🗺️

Multi-Transport Mesh Routing

Radar uses four independent communication transports — Bluetooth LE, WiFi Aware (802.11mc NAN), mDNS local network scanning, and optional internet relay. Messages are automatically routed over whatever channels are available. Mesh store-and-forward relaying extends range beyond direct radio reach. Blocking one transport does not silence communication.

📊

Zero Metadata Aggregation

Because Radar has no central servers, it collects no metadata at scale. There is no server-side record of who communicated with whom, when, or how frequently. The social graph of Radar users does not exist anywhere outside users' own devices. There is nothing to hand over under a subpoena because there is nothing held.

🛰️

Radar — Proximity-Aware by Architecture

Radar visualises nearby peers on a radar-style display, using GPS and radio signal strength to show relative position and distance. This proximity model is inherently local — it requires no cloud lookups, no location servers, and no sharing of your position with any central infrastructure. Location is shared peer-to-peer, on-device, in real time.

No App Store Kill Switch

Because Radar operates over local radio transports that function independently of internet connectivity, removing Radar from an app store does not silence existing users. Unlike Signal — which can be blocked by instructing Apple and Google to remove it — a local-radio mesh cannot be disabled by any centralised platform decision.

🔒

No Government Access — Structurally

Radar cannot comply with a subpoena for user data because Radar holds no user data. There are no servers to seize, no databases to query, no metadata logs to produce. The legal compulsion mechanism that works against every other platform in this comparison has nothing to act upon with Radar.

🌐

Jurisdiction-Independent

Platforms with central servers have a legal domicile — a jurisdiction whose laws they must comply with. Radar's peer-to-peer architecture means there is no single legal entity holding your data that can be compelled by any national legal framework. Communication between two Radar devices is a private interaction between two people, not a transaction through a regulated corporate infrastructure.

📵

No Push Notification Metadata

WhatsApp, Telegram, and Signal all route notification alerts through Apple's APNs or Google's FCM — creating metadata that Apple and Google can observe and disclose. Radar does not use push notifications from Apple or Google for its core local-radio messaging function. Local device discovery happens without any internet gateway.

🤝

No Single Point of Trust

Every other platform in this comparison requires you to trust one entity: Meta, Telegram, or the Signal Foundation. If that entity is compromised, pressured, or changes its mission, your privacy is at risk. Radar requires no such trust — its privacy guarantees are cryptographic and architectural, not dependent on any operator's continued good will or resistance to legal pressure.

The Fundamental Divide

Centralised versus decentralised —
why the architecture is everything

Signal is the best centralised messaging platform in existence. Its privacy credentials are genuine. But it shares one property with WhatsApp and Telegram that no amount of cryptographic excellence can overcome: it is centralised. That single property creates every risk that Radar structurally eliminates.

Property Any Centralised Platform
(WhatsApp / Telegram / Signal)		 Radar
(Decentralised P2P)
Can be subpoenaed for user data Yes — operator holds or can access data No — no data held centrally
Can be blocked at national level Yes — IP blocking, app store removal Resistant — local radio operates independently
Dependent on operator's continued integrity Yes — policy can change (see: Telegram 2024) No — architecture, not policy, provides privacy
Single point of infrastructure failure Yes — outage disables all users simultaneously No — each device is autonomous
Identity anchored to phone number / real ID Yes — all three require phone number registration No — device-based, user-controlled identity
Push notification metadata via Apple / Google Yes — APNs / FCM metadata exists and is disclosable No — local radio requires no internet notification path
Jurisdiction-specific legal exposure Yes — each platform has a legal domicile No — no central legal entity holds user data
Future legislative compulsion possible Yes — EARN IT, Chat Control, Online Safety Act Resistant — no server to mandate backdoor on
"Radar: privacy-first, decentralised, point-to-point messaging with minimal metadata, no central aggregation, and architecture designed from the ground up to resist profiling and surveillance — by making the data that enables it structurally impossible to collect." — DAL Technology Research Brief, 2026

The numbers tell the story.
Architecture is destiny.

WhatsApp scores −9. Telegram scores −12. Signal scores +8. Radar scores +9. The gap between Signal and Radar is one point on the overall score — but it represents the entire category of risks that only decentralisation can eliminate: compelled legal access, infrastructure blocking, jurisdictional exposure, phone number identity linkage, and dependence on a single operator's willingness to resist state pressure. Signal resists because it wants to. Radar resists because it has nothing to hand over.

This matrix reflects publicly known technical architecture, published policies, and documented legal capabilities across all four platforms. Scoring methodology applies identical criteria to each platform based on confirmed default behaviour, not marketing claims. The single risk all platforms share — device-level endpoint vulnerability — is a universal property of client software and cannot be eliminated by any messaging architecture. All other risk assessments are structural. WhatsApp is a trademark of Meta Platforms, Inc. Signal is a trademark of the Signal Foundation. Telegram is a trademark of Telegram Messenger LLP. Radar is not affiliated with or endorsed by any of these companies. All logos are the property of their respective owners.