- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
Signal obviously
I've never heard anyone suggest telegram as a private service.
Iirc some people used to think so for some reason when it was first released.
I know some people who still think that.
I have but it never really made sense to me
If you trust Telegram you're naive. Here is a great breakdown earlier this year from Kaspersky.
https://usa.kaspersky.com/blog/telegram-why-nobody-uses-secret-chats/27662/
Signal isn't perfect either, but their mistakes are far less egregious. They also have removed some of the more egregious mistakes,
like needing a phone number(edit: incorrect, see below) or google play services to function. It can be run on a device without Google Play Services because it only uses Google Play Services for push notifications.Since when does Signal not require a phone number?
Earlier this year. It no longer functions as an SMS service and you now have a username instead. I think the changeover was in March or April.
Hm? Not sure which Signal you’re using. But it very much still requires a phone number to use. Usernames are not available just yet. There’s activity related to usernames in the GitHub repository, but no release yet.
They did remove the ability to send and receive SMS from their Android app. That was about last year or so.
Usernames have not been released yet. When they are released, phone number will still be required for registration, but you will be able to hide it from other people on Signal.
I knew about the SMS thing (Android only), but thought they had yet to release user names as a feature. I see no settings related to user names on iOS. The SMS retirement was to remove the ability to use Signal to replace an SMS app on Android.
Forgive me, you're correct. I stopped using it when it dropped SMS, because I had only ever able to get people on it through SMS, but at the time had read plans about eventually dropping the phone number requirement. I mixed those things up in my head.
From what I understand, they're fully invested in dropping the phone number requirement though, and some more googling says that they've had versions of Signal PNP (phone number privacy) running for a while now.
You're correct, that part hasn't actually changed over yet, but it's in the works.
They do not at this time intend to drop the phone number requirement, as they see it as an anti-spam measure. Meredith Whittaker has said as much. Phone number privacy is a project independent of requiring phone number at signup, and it just prevents other users from seeing your number.
It is planned, and “in the works” for at least two years at this point. It’ll happen, eventually.
Hehe! I was just bitching about them dropping SMS (and a crapton of users) in another post.
It used to be the perfect app to get people into secure messaging. Now it's just another chat app to most people, who tend to think "who really cares when you've got WhatsApp etc, that actually have users? Why would I want some obscure app on my phone? More shit to think about."
Usernames still aren't a thing. What are you talking about?
Thanks for the article. That’s a really good breakdown for most arguments of Telegram propagandists. 🙌
Are you both bots? How can anyone read that crap and say it's a great breakdown?
It's a single widely known issue, and it can literally be summed up in one short sentence: by default it doesn't use end-to-end encrypted chats, which are also far inferior in functionality.I've never seen a pro-telegram propagandist, but you anti-telegram propagandists are swarming and very tiresome.
We are in a privacy community. A privacy community with a specific website that makes recommendations on messenger apps. And yet, OP is asking for an opinion on comparisons between Signal (recommended by the guide) and Telegram (which isn’t even in the guide). Why would this be necessary if they weren’t thinking Telegram could be a private and secure messenger too? Even tho it’s not recommended on privacy guides. Draw whatever conclusions you want to fit your own world view. But just because others do so differently, doesn’t mean they’re bots. That’s a very lazy way to view the world. And that is also just my opinion. If you wanted to discuss the points of the article, I’m down. But if you’re coming in here to be reductive because you have a differing opinion, then this is all I’m going to be saying to you.
I guess it's too hard to consider real people with real opinions might populate a niche website with small userbase and an active anti-advertising attitude.
I guess it's also too hard to just look at an account and decide if it seems spammy or if it seems like a real person, and easier to just cast aspersions because they… annoyed you?
Anyway, thanks for standing up for us both.
lol.
- post asks which app is preferred
- a clear winner with lots of reasons why emerges
- "propagandists!"
I dislike Signal because of the abandonment of SMS as an option. Without that, it's on par with (not really ahead of) most other secure messengers. Session is pretty decent, and I am curious if SimpleX will take off.
Anyways. Not a Session fanboy by any means, but I cam still see that (given the two options asked about) session is the clear winner. But your take on this all is hilarious.
@bastion @Infiltrated_ad8271 But Session doesn't support SMS too. Why do you consider it superior if that's the reason you dislike Signal ?
Two reasons:
- it's not simply the fact that SMS is gone, it's also the administrative decision that caused that. Session will likely have some gaffes administratively as they get larger, but for now, I don't know of any I particularly dislike.
- Session has greater anonymity.
@bastion Anonymity is useful, sure. But if you're going to use an IM app like the majority of people do, you're going to use it to contact friends and family, which means that the account isn't anonymous.
You should also know that Session lacks forward secrecy (a very important feature imo).
True. And although perfect forward secrecy isn't a huge deal, it is potentially useful, if (for example) you have the encrypted messages backed up, then deleted from your phone, and someone gets access to both your backup and secret key (somehow).
If a hacker had access to the private long-term key, though, odds are extremely high that they have access to the message database of decrypted messages that signal keeps around to show your history - so kinda moot at that point. There are some useful niche cases for it, though.
Not a dealbreaker for my by far.
I don't like to participate in pointless discussions, but I'll at least clarify it to avoid more silly replies.
-I call the other user a propagandist just for using the other user's language, obviously the correct thing would be hater.
-The article is crap and I criticize the nonsense of praising it. This is not a defense of telegram, nor being against criticizing it.
-I called them bots in a mocking way for their conclusion to the article.
No idea how they use GPS for push messages, but is the thing that you need to select encrypted chat and that it’s not e2ee otherwise?
GPS was short for Google Play Services, not Global Positioning System. Sorry.
Signal is always encrypted by default. Same with Matrix. Telegram you have to choose for it to be an encrypted chat, and you can't do encrypted group chats.
Ah - I’m on iOS but should have figured that out. https://emteria.com/blog/what-is-google-push-service
I still get shit video on signal, but for texts it’s ok. I use both - and don’t really trust any of them
deleted by creator
Telegram is, by all accounts, a privacy garbage fire. They rolled their own crypto, bless them, and as they say, anyone can design a cryptosystem that they themselves can’t break.
Telegram is not even an option.
Signal every time.
Session and Threema seem to be coming along too, but I'm quite happy with Signal as my go to messaging service for now.
I like the work they do, and the head of the Signal Foundation, Meredith Whitaker, seems very level headed and passionate about their mission.
My only concern with Signal is how they will be able to keep the lights on long term. Either they will continuously need bailouts from billionaire benefactors, or they'll have to monetize the shit out of their branding, with merch, a Patreon, probably some kind of ads and pushing even more for donations and fundraising. I hope I'm wrong but I have a feeling I'm not.
It's a not for profit, so they don't need to rake in dough, just need to keep functioning, which isn't a ton of cash for a messaging service. Wikipedia does just fine with donations, and they serve far more people.
I donate every month, and I bet there's enough that do to keep running like they are.
I love Signal, but at the end of the day they still operate a centralized service with all the drawbacks that entails. It only takes a change of leadership to kick of progressive enshitification, just look at what happened to WhatsApp. Being run by a non-profit should help, but the chance always exists with centralized control. Also their multi-device support is still not great, no official support for Android tablets for example. And idk why not, because Molly (Signal fork) recently added that without too much difficulty afaik.
Session looks really interesting imo, kinda like a decentralized and multi-device version of Signal.
Last time I used adguard, they seemed to want to get money from user donations. By having more users, more users would donate, and there would be a point where there would be enough.
Tho I'm not sure if they have reached such point or if they would reach it in the future.
Answer: Signal
I wish people would use Signal, but Telegram is the closest thing to a sane privacy policy I've got. There are a few that luckily agreed to use Signal.
Waiting on interoperability, see how that's implemented in Signal+WhatsApp (hopefully with Telegram to so I can ditch that).
non e2e encrypted by default, is not a sane privacy policy
IMO I'd rather have that and have them clearly say they're not using it for anything than potentially be profiled on WhatsApp where my friends keyboards are spying on their end in terms of content, i.e. be plugged into a social network with half the conversation exposed that way.
I say sane in comparison to that.
Granted these are my own concerns
they use the same keyboards in different apps…
Wdym? I was under the impression that the Google native/default keyboard on Android feeds some stuff to their ad-related dataset
do you change keyboards for different apps? The keyboard itself is a separate app. Switching whatsapp for telegram (of all things) means you switched the messaging app. You did not switch the keyboard app too.
So if you think your keyboard is spying on you, that has absolutely nothing to do with messaging apps. At all
I see the confusion, what I meant to say their keyboard is spying on them which includes their part of my conversation with them. Having an app broadcast the metadata of the conversations (whatsapp) + a keyboard spying on them = me getting profiled, somewhat.
Although Meta tries to go Apple's way and not share data (likewise for Google, iirc)
I'm also using telegram but I don't trust it. It's made by two Russian brothers who are fleeing from every country in the world. A bit to sketchy in my opinion.
Don't trust them either but that's sometimes a good sign. It's been used for illegal activities using a 3rd party client for a while in one country that I know of, which oddly enough makes me a little more comfortable. Or at least that country just couldn't get access to the data
Maybe check out beeper? I'm not sure if it has Telegram integration but it works with WhatsApp and Signal as well as Matrix iMessage and others
Will do, thanks!
https://www.beeper.com/privacy
We use your information only as you’ve permitted and in service of bettering your user experience.
Little worried about the second part but I like that's it's short
@Scolding7300 @iesou there's even more to it.
https://www.rubdos.be/privacy/signal/2023/09/07/my-problem-with-beeper.html
''being a passive member of a group with even a single Beeper user destroys group anonymity!''
That's a good read, thanks!
As long as Signal requires my phone number, it's a hard NO for me. I don't care how good they encrypt if the first thing they do is require one of my most personal identifiers.
Threema has a very good model in that regard.
I heard from their forums it's something they're working on, so hopefully this year
You'll be able to connect with people by giving out your username instead of your phone number. You will however still be required to register using your phone number, if I'm not completely mistaken.
So you can buy a burner phone (number) to receive the registration code and you're good. Perhaps need to keep the number for migrating to new phone though.
Is that a real question?
I use both but for different purposes: Signal for group chats and Telegram for channels (news and piracy).
I trust Signal more.
Stop "trusting" your messaging platform and use matrix for fucks sake.
Stop trusting your messaging platform and use this other messaging platform! Matrix can be less secure than Signal if used improperly
deleted by creator
deleted by creator
Out of those options obviously Signal.
In reality I just use SMS because everyone I know is still using that or iMessage so what's happening at my end is irrelevant to my privacy, and I wouldn't send anything I wanted to be private from a phone at all. There are no good solutions for that.
There used to be: Signal.
With Signal as your default messaging app, you could just tell people to switch to Signal and use one app. If both parties had Signal, secure messaging was used automatically.
Friends and family slowly started using Signal, because it's just a nice messaging app, plus it's potentially more secure.
Then Signal decided to tank SMS. …and slowly, friends and family started leaving Signal, and now it's just us security-conscious folks again.
I still have Silence installed on my phone because of that. It's not being maintained any more though so it's only a matter of time before Silence stops working or has some security vulnerability (if it's doesn't already.
I still feel really disappointed that Signal (and the apologists) don't seem to understand that for many countries SMS is still the go to.
Thanks for pointing out silence. I didn't know about it.
I echo this.
For the non-tech savy, having one messaging app (Signal/SMS) was excellent because a user can send a message to a contact and it would automatically use signal if the recipient was also using it and use SMS when the recipient wasn't.
Now I get SMSs and have to gently remind the contact (or just reply in signal).
Or a frantic call from family "hey I can't message my boss, I have their contact but signal isn't finding the contact" then having to explain that SMS and signal are different.
Yep. Sad day for security, though somewhat ironically.
worth mentioning that SMS messages are plaintext as they traverse the carrier network. They are also logged by seemingly any equipment that they traverse. Also when they aren't delivered immediately, they wait in a queue on the network waiting for the receiving device to "phone home" (pun intended 😎).
The caveat here is often times the plaintext message is in an encrypted tunnel (physical wireless layer, and data tunnels in carrier EPC) but at tunnel endpoints, SMSs are nakey
At my time of adoption, Telegram had a better feature set and I wasn’t honestly super focused on the privacy minutia. Knowing what I know now…I guess Signal, but honestly I’d probably go even more niche if I was after something truly private. Like P2P messengers or something like that. I don’t really treat any messaging platform as fully private. If I really need something guaranteed to be private and I don’t want to try to convince a friend to install a new, even more obscure app, I’d probably just encrypt text files and generate keys for each other and send them via something, maybe email idk.
Signal. Also, the solution to the "no-one on signal" problem is simply to refuse to use insecure platforms like WhatsApp. If people want to talk to you then, they have to download signal. They might get annoyed with you, but sometimes a bit of coercion is necessary to get people to do what's good for them.
me: a telegram premium user reading comments 👀 guys the fact is that signal is fucking empty, there's nothing. lacking of a lot of features and one thing that is the worst (for me) is that signal isn't social and (as I saw when i used it) there aren't any public group or channels. I use Telegram for everything, as music player, as private chatting and as social app but sane and without an algorithm that tracks me, and knowing that there isn't CIA behind me watching me enjoying memes is enough. I also saw someone posting an article about Telegram not having e2e encryption, the reason for that (as I known) is the sync from all devices being difficult to have with e2e and the contents of the messages are very heavy (looking at animated emojis, reactions, stickers ecc). Of course I'd prefer to have a more secure app like Signal that has e2e and has been suggested by EU itself, but if I have to think all the thing I'm loosing to just have 1 feature, that doesn't that much to me (telegram has never given any info to policy as i know and a lot of illegal things happens on telegram proving that maybe their privacy is better than you think), I prefer to have a lot of more features. If you want to correct me I'll enjoy reading more on the platform I like.
@progettarsi @Albin9326 Telegram did actually share user info with authorities:
https://www.livelaw.in/news-updates/after-court-order-telegram-discloses-phone-numbers-ip-addresses-of-users-accused-of-sharing-infringing-material-215311
https://www.androidcentral.com/apps-software/telegram-reportedly-gives-user-data-to-german-authoritiesYet they still claim that they "have disclosed 0 bytes of user data to third parties, including governments".
for the first i didn't really understand the circumstances (the sites requires subscribtion to read the article) for the second i guess it's normal that if you do something anti ethical you don't deserve the privacy the app offered to you. like dark web is nice for not getting censured but pedosites needs to be shutted down and people behind them punished
@progettarsi > the sites requires subscribtion to read the article
Here's a link without a pay wall
https://web.archive.org/web/20230207144839/https://www.livelaw.in/news-updates/after-court-order-telegram-discloses-phone-numbers-ip-addresses-of-users-accused-of-sharing-infringing-material-215311> it’s normal that if you do something anti ethical you don’t deserve the privacy the app offered to you
This contradicts what you said earlier : "a lot of illegal things happens on telegram proving that maybe their privacy is better than you think"
yeah a lot of illegal things happen on telegram = the app tries to cover you how it can, but if the law claims a thing there isn't a lot to do
@progettarsi Then they shouldn't publicize their app as a private messaging app, since they have access to our supposedly private conversations. That is actively harming their users because they're giving them a false sense of security. I have some IRL friends who think Telegram is more private than WhatsApp (which is obviously wrong because WhatsApp at least uses E2EE **by default**) due to this false publicity.
i'm that friend. telegram isn't selling my data and isn't spying on my chat while I'm writing which makes e2e useless. also telegram isn't owned by a multimillionaire corporation that is famous for selling any data of its users. And honestly I'm feeling better chatting on an app that admits that doesn't have e2e, that WhatsApp selling itself as e2e but spying on its users constantly My personal rank in security is: 1. Signal, the best in security but lacking of features; 2. Telegram, good security and a lot of features, in contact with the community; 3. WhatsApp, lacking of features, owned by Meta, spying on users
None of them to be honest.