Greetings!
A friend of mine wants to be more secure and private in light of recent events in the USA.
They originally told me they were going to use telegram, in which I explained how Telegram is considered compromised, and Signal is far more secure to use.
But they want more detailed explanations then what I provided verbally. Please help me explain things better to them! ✨
I am going to forward this thread to them, so they can see all your responses! And if you can, please cite!
Thank you! ✨
You must log in or register to comment.
Telegram for random public chatter/file storage(with password lock), talking to strangers without giving them your number. Signal for personal/private conversations.
Spread your data (encrypted or not) around, so a single entity doesn’t own your digital life. Your device can handle 2 apps and don’t give them permissions willy nilly. Geez, every one of these posts just wants to start a flame war.
If you have a safe, but cannot open it, do you own the contents inside? Signal has no way of accessing your data, I would argue they don’t own it.
Signal supports username based chatting.
Behind those usernames, are phone numbers (meaning real identities) stored in signal’s database.
As far as I know telegram requires a phone number too.
And the conversation was about “talking to strangers without giving them your number”, not without giving signal nor telegram your number.
There are far better privacy alternatives to both: matrix, xmpp, simplex all work well and don’t require phone numbers or US-based hosting.
Where do you want to place the goal post?
We talked about comparing 2 applications. Commenter wasn’t up-to-date and implied a falsehood, I corrected it as it is important for the discussion. Then you talk about something completely else and in context, implied a falsehood, I corrected that as it is important for the discussion. And now you are talking about something completely else again.
Please express your opinion. You can do it in this thread, even if it is off-topic, I don’t care, but please stop acting like you are responding to me.
You are right. But just not a fun person capable of seeing the humor in this.
Everyone is listing the features of both and not choosing wrong on purpose!
I like sending all my conversations to Russia. It makes me laugh.
As long as i have someone wasting their time trying to snap out of their sleepy deer in headlights stupor after listening to a coder talk about coding.
I also love doing this on facebook messenger too.
Everyone worries about censorship. One thing that is never censored is a coder talking about coding. Cuz the DEI hire head explodes after one second of listening to that.
Try it! It’s magical.
In Telegram, you never have to expose your phone number. If you like walking into traps then of course you can.
But can make minimal efforts to not be a degenerate avoiding this obvious easily avoidable trap.
How to avoid exposing your phone number
Make a group called
i'm not a complete utter idiot. Whenever you have a friend wanting to connect, make a group link, send it to them, have them join. After joining have them send a message in the group. Just, “Hi”. Nothing more. Less is more.Look for that message and click on the person’s name. You are now connected. Send them a personal message, “Hi!”.
You can also add them as a contact without sharing your phone number.
Your friend will probably be a degenerate and expose their phone number. Teach them how to go into settings to always hide it.
Try not to call them a degenerate, degenerates hate that.
Also try not to think of them as a degenerate, they will already know that and be proud of it and not understand why you don’t share their enthusiasm.
So control what thoughts you project into the ether. If you have to change the topic in your mind to something involving flowers singing birds and clouds.
That’s a neat trick, thanks for sharing
Your welcome. Use it in good health. And please excuse my colorful prose.
There is many many comments on Telegram bleeding the phone number. And only one comment saying that doesn’t have to be the case.
In my view, by far the biggest reason to switch is that Telegram doesn’t end-to-end encrypt chats by default.
Yes you can start encrypted chats specifically, but i’ll bet 99% of chats on telegram aren’t encrypted - meaning whoever has access to the telegram servers can read all the messages.
Signal claims to end-to-end encrypt all chats by default, and if you want to be 100% sure you can in theory read the source code and compile the app yourself. this means signal cannot read any of your messages, even if police asks them to or servers get seized. That’s a massive advantage in privacy.
Additionally, E2E chats don’t sync between devices (and iirc you can’t use them on desktop at all), and group chats can’t be encrypted at all.
Signal very recently made syncing between devices possible:
https://signal.org/blog/a-synchronized-start-for-linked-devices/
So they have Carbons? Took them long enough.
I was talking about Telegram. Syncing messages between devices has always been possible on Signal, just not the ones from before you connected the extra device.
There is also desktop clients for both.
Breaking news hahaha
Note that this is sent at time of syncing rather than being in an archive on the company’s server 24/7
Signal is USA government approved. Definitely don’t trust it. Use Matrix.
This is unfortunately completely wrong, since you can learn from the homepage of matrix very own client Element, that its supported an trusted by a whole bunch of NATO Armys, including the US of course…
I don’t mean by that you shouldnt use matrix, but arguing against signal with matrix is, in so many means, hilarious.
The arguable, but professional cryptographer soatok discribes from a mathematical/cryptographical point of view, what it needs to be a Signal competitor, where matrix (and others) dont catch up (unfortunately)
Used by a bunch of NATO armies isn’t the same as promoted by or made by. It just means they trust Element not to share their secrets. And that blog post is without merit. The author discredits Matrix because it has support for unencrypted messaging. That’s not a negative, it’s just a nice feature for when it’s appropriate. Whereas Signal’s major drawback of requiring your government ID and that you only use their servers is actually grounds to discredit a platform. Your post is the crossed arms furry avatar equivalent of “I drew you as the soyjack”. The article has no substance on the cryptographic integrity of Matrix, because there’s nothing to criticise there.
it’s open source
Sure. You can trust your own fork. Just don’t use the official repos or their servers. The client isn’t where the danger is.
There’s a server side and it is secret ?
Your client talks to their server, their server talks to your friend’s client. They don’t accept third party apps. The server code is open source, not a secret. But that doesn’t mean it isn’t 99% the open source code, with a few privacy breaking changes. Or that the server software runs exactly as implied, but that that is moot since other software also runs on the same servers and intercepts the data.
Do you mean the servers aren’t guaranteed to be running the exact code that’s on github ?
Yes.
There’s a lot of answers itt but heres a simpler one:
If you want to prevent people in power from having access to communications there are two methods employed, broadly speaking:
The first is to make a very secure, zero knowledge, zero trust, zero log system so that when the authorities come calling you can show them your empty hands and smirk.
Signal doesn’t actually do this, but they’re closer to this model than the second one I’m about to describe. Bear in mind they’re a us company so when the us authorities come to their door or authorities from some nation the us has a treaty with come to their door signal is legally required to comply and provide all the information they have.
The second is to simply not talk to the authorities. Telegram was closer to this model than signal, using a bunch of different servers in nations with wildly different extradition and information sharing mechanisms in order to make forcing them to comply with some order Byzantine to the point of not being worth it.
Eventually the powers that be got their shit together and put hands on telegrams owner so now they’re complying with all lawful orders and a comparison of the tech is how you’d pick one.
The technology behind the two doesn’t matter really but default telegram is less “secure” than default imessage (I was talking with someone about it so it’s on the old noggin’).
I really like this explanation. Not many are aware of how telegram was designed to make it as cumbersome for authorities as possible by splitting their data across different nations.
Telegrsm is not secure anymore. USA have all the keys of the encriptions of telegrsm.
citation?
I wouldn’t say USA has all the encryption keys, but the fact that it is actually possible to have a backdoor is reason enough for me to not use it. Signal complies with all search warrants, giving all the data they have to law enforcement. They have never given any data to law enforcement, because they do not have access to it. Telegrams approach is to simply to spread the data to several servers in different countries, so if law enforcement wanted access they’d have to submit requests to each country (some of which wouldn’t comply).
I won’t be popular in this thread, but I don’t fight this battle anymore. Telegram beats Signal in virtually every aspect of user experience. If a person is unlikely to be convinced that e2ee is worth taking all the UX hits, I don’t try anymore.
Does it though? I have used both and I vastly prefer my experience on signal. I don’t really engage with the like, “communities” aspect of telegram though so perhaps thats what I’m missing?
Nope, see my reply to sibling for a more complete example
I can’t see anyone else on this comment thread so I guess I must be defederated with whatever user you replied to
I keep seeing this claim, but I may be too much of a computer nerd to notice when using them both. What does Telegram do better and how?
I may be too much of a computer nerd to notice when using them both
That’s probably true of just about everyone on Lemmy.
What does Telegram do better and how?
User experience, like I said. How many less technically inclined people do you know who will understand why they have no message history in Signal after moving devices? Yes, they could have kept it if they’d had backups enabled and moved the archive over and restored from it, but it’s too late now, their entire contact list has been notified that their safety number’s changed (another aspect we get to attempt to explain). It’s a bummer.
Message history is a valid point. Signal just announced they’re fixing it.
Safety number change notifications are probably necessary to maintain Signal’s high level of security. The above device linking improvements should make them less frequent, though I’ll concede some might consider that a worse UX than an insecure chat with no such notifications.
Message history won’t be fully fixed. It can’t be without storing message backups in some cloud somewhere (whether it’s to iCloud, Google Drive, Dropbox, or Signal’s servers) and Signal omits its message history from system backups on iOS and Android.
iOS users are completely incapable of backing up their message history in the event of their phone being lost, stolen, or broken. This omission isn’t justified in any way, as far as I’m aware; I don’t know of any technical reason why following the exact same process as on Android wouldn’t work.
Android users are able to back up locally via Signal, but that isn’t on by default, can’t be automated, needs to be backed up separately, requires you to record a 30 digit code to decrypt it, and has limitations on when it can be used for a restore (can’t restore on iOS, for example). See https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages for more details.
Message history on linked devices - meaning iPads and desktop computers - is being improved, but it still won’t mean that a user who loses or trades in their phone as they get a new phone will be able to simply restore their phone from a system backup and restore their Signal message history. And even that isn’t anywhere near as easy as on Telegram, where a user can just log in with their password and restore their message history, no backup needed.
It’s great that they’re improving the experience for linked devices, but right now that doesn’t actually help if you lose, break, or trade in your phone. Maybe they’ll later allow users to restore to a phone from a linked device or support backups on iPhones, but right now the situation with message history isn’t just an unfriendly UX, but one that is explicitly and intentionally unreliable for a huge portion of Signal’s user-base.
Use signal and matrix. Telegram is as people pointed out usually unencrypted. Also unverifieble in its code . Signal is easy uses but phonenumbers ( you can register a fake one however) but always EE2E. Matrix does not require a number at all. But definatly is a bit harder to get started with and are therefore harder to get your contact to use it.
If we care about the planet & sustainability, we would not be recommending a eventual-consistency model for chat communications. Matrix’s protocol is so wasteful & expensive.
Are you sure that i.e. Whatsapp isn’t just as wasteful?
Not an endorsement of WhatsApp but they aren’t duplicating the metadata everywhere since it is centralized. I believe they run a fork of Ejabberd as well for the platform which is orders of magnitude more scalable & uses less resources than any of the Matrix servers—& they have to me RAM intensive due to how they duplicate that data…
The fact that telegram operates in a country that scores 18/100 on global freedom and 30/100 on internet freedom.
While there may be better options out there, from a purely security standpoint.
The real world, with non-tech people needs solutions that are easy, fast and as close to foolproof as possible.
I choose Signal, because my mum, my sisters and brothers (none of which are tech people) can all go to their app stores and install Signal, it works and it is easy. Signal is private BY DEFAULT, I don’t have to remind them to turn on security for each chat, there is voice and video chat for individuals and groups, I can use it to send files. It is really good. Secure communication is their primary goal.
I have been using Signal since it was called TextSecure and I only had one contact using it.
Yes it sucked when they dropped SMS support; but these days about 98% of my messaging goes through Signal. Any SMS is usually from my doctor/dentist/bank.
I never really trusted Telegram, too many compromises. Secure communication is not their primary goal.
The real world, with non-tech people needs solutions that are easy, fast and as close to foolproof as possible.
Nope. Grandma gets a smartphone
Meaning they are hopeless and it’s impossible for them to emulate a techie.
It’s a fools errand.
Just stop trying to pretend Grandma is something more than completely unimportant and forgettable and hopeless and more likely than not merely a pest.
I’m so tired of entertaining Grandmas.
All big 3, Signal Telegram SimpleX, are just go to app store install, and send invite to contacts. SimpleX gets framed as technical and dissuades new users from installing, while it’s just as easy as the other 2.
Maybe, but I have had all of my family on Signal for close to 9 years now. Inertia and the network effect is a big part of why platforms stay around.
It took me saying to my mum, that I would ONLY share pictures of her new grandson on Signal to get her to install it. Once mum was on board, the rest followed pretty quickly.
The thought of getting mum to install a new messaging app now, and she is nearly 10 years older. Well it isn’t worth the effort. My threat threat model is low enough, to choose the convenience/security slider at Signal.
As a side note, every month or two; another of my contacts shows up on Signal. I have around 50 contacts using Signal now, as I said before around 98% of my messaging is through Signal.
I was sold on threats and coersion. Lets do more of that
Hmmm the Signal users sure like it, will have to take off my tinfoil data hat and give it a try
Signal tells me which contacts in my contacts list has Signal. It also alerts me when someone in my contacts installs Signal.
I believe Telegram also does that.
SimpleX does not.
If they haven’t already, SimpleX registers a URI handler, you could put an ID in a vCard just like your contacts on XMPP show up in a messaging client.
They reason this happens more often with Signal is a) Signal requires a phone number (which is not good for your privacy) b) your contact is more likely to put in their phone number but many forget to add other IM protocols to their vCard & the default contact managers do not make this very discoverable.
The age ol convenience vs privacy. But fair that is user friendly
Let me start saying that for convenience I adopted Signal. Now, this argument that it validates your contacts is actually something that isn’t the best feature of Signal since it implies that it is requesting and having access to phone numbers.
I don’t let my number available as my contact, I created the ID and I’m using it in case someone wants to connect with me but that probably isn’t something that everyone is practicing and the fact that they retain my number it doesn’t digest well.
I’m not sure how is SimpleX nowadays but features like stickers and even some emoticons or message reactions were not possible. Family members and friends would be very difficult to persuade to go back to a very simplistic communication app.
I always keep an eye in alternatives and if usability reaches a good point we may need to consider SimpleX as the messenger for the mainstream recommendation.
You don’t have to learn Morse code.
Telegram rolls their own crypto. That should be the biggest red flag by far. I say this as a telegram user
Signal pretends not to.
I prefer Telegram’s honesty.
We are Telegram and we are here to help. And to make it more fun we will send all your communications to Russia for a change.
Oh man! Where do i sign up /nosarc
The encryption method they use was made up by them, and the chats aren’t even end to end encrypted by default. Which I would argue is a larger red flag.
This
1 + 1 = 2logic is boring. It’s trying to escape out of a wet paper bag over and over again. Whatever your1 + 1 = 2logic is their is another guy who can drive a bus staight thru it. Every single time.In a year from now you will find out you are completely mistaken and just repeating nonsense. Every freak’n time.
Just for once, do the wrong thing. Make the wrong choice on purpose.
Instead of seeing never ending red flags. Today see purple flags. And tomorrow orange. Cuz why do flags always have to be red?
You can be right or you can have fun.
Do the wrong thing sometimes. Live a little.
Hopefully you aren’t driving any buses while you’re this high.
It’s not never ending red flags. In fact, I see lots of green flags from signal. Telegram, though, that’s a different story.
i’m a milk tea addict. Carry around cinnamon and nutmeg. And hang out on github.
These are horrible vices. But no excuse for having divergent opinions.
Telegram is fine.
Signal will be gone tomorrow and you’ll lose your network. Moving networks from one platform to another is impossible. So we end up creating new networks.
Currently i’m making a network of Python coders i’ve collaborated with. The communication medium is not consistent nor ideal.
Hate email with a passion. So of course most the communication is going over plain text email. Tried pushing for communication on plain text mastodon.
Signal needs a phone number.
I don’t want to give them one. Also I don’t have one.
Oh my, that seems to eliminate Signal as an option.
Next?
Same with telegram though
Apparently Signal still requires it, though you no longer must reveal it to others.
Wired last year: Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private
Those features, which WIRED has tested, are designed to allow users to conceal their phone numbers as they communicate on the app and instead share a username as a less-sensitive method of connecting with one another.
Whittaker says that, for better or worse, a phone number remains a necessary requisite as the identifier Signal privately collects from its users.
It’s not my friends I want to hide my number from, it’s Signal.
Apparently I still don’t have one. Haven’t had a phone number for about a decade. No SMS spam, no “survey” calls; nothing.
Telegram doesn’t even encrypt group chats. And it doesn’t encrypt private convos by default.
Get what you are trying to say but both are still encrypted. They simply aren’t end to end encrypted. So the messages are private. Until obviously the company servers get hacked or police raided and the keys to the encryption get stolen. You are protected against this in E2E encryption. True.
Ii guess telegram once was the alternative to whatsapp, then made maany more featutes abailable in fast time paces which led to another bunch of migrators.
Now noone wants to move away because why? For the usual end user there is no negative to them.
I am fully on your side and am using signal and matrix and try to migrate as many people as possible but its hard.
Get what you are trying to say but both are still encrypted. They simply aren’t end to end encrypted. So the messages are private.
You explain exactly why messages are not private: if they are not end-to-end encrypted, by definition Telegram can read all the messages. That’s exactly what end-to-end is meant to protect against. So in that aspect, Signal truly is private and Telegram maybe, if you activate their private chats but I’ve not seen security experts praise their algorithm, compared to their regular endorsement for Signal.
Why use two different apps? I only use Signal, and have gotten so many friends, coworkers, and family to use Signal.
Then talk about coding. Non-techies curl up into a ball and die slightly inside as they run for the exits.
Highest form of encryption possible.
Try it
And if that is not enough to kill someones spirit and make them beg for mercy, recite random sections of the GNU Make documentation out of context and watch them go into convolutions.
Wat.jpg
Telegram is not end to end encrypted. Repeating it’s not. Only private mode or something like that is.
You don’t say? A cloud-service I can access from all devices plus API and bots is not e2e-encrypted with zero knowledge? I’m shocked. That’s what “secret chat” is for. Literally.
They chose this way as the regular Joe and Jane don’t care for privacy but for comfort. You can never ever have both. Nowhere.
I love tgram for it being so open. And e2e when I need it. I don’t need privacy for when my smarthome sends me notifications about a light I left on or something 😁
WhatsApp is E2EE and it does maintain some of the “cloud” functionality, at the expense of the device transfers being a pain and potentially you losing your message history if you don’t have a backup.
Despite being us-american and from Zuckerberg, it’s an incredibly horrible app. I would not touch this shit with a 10m-pole. It might be e2e, but can I verify this in the source? Oh right.
Yep, and this allows for proper content moderation. Telegram can actually just find and report creeps to authorities
That too. Sadly the restrictiveness was badly abused. Noone really wonders but…that’s why we can’t have nice things.
Well then use the secret chat if you want your chat to be secret from any prying eyes
I meant the restrictiveness towards governments. The pesos and Nazis fucked that up, tgram had to do something or have their ill repute grow even more.
Telegram seems to be a popular option for groups of such orgs. Other apps have the same risks tho. It’s a bit if a mess
I actually always deemed that a quality aspect. If those shitbags use tgram it has a reason. Sadly it’s not really great for the app itself. So he had to do something about it. IMHO the best compromise he could do other than just staying “the bad guy”.
It really depends on who your friend is, and who they are trying to defenf against.
If the US ( or Russian / Chinese) government really wants to access an internet-connected device, they can do it; what app you are using doesn’t even matter. For example, most people use the default Google keyboard, which could be compromised.
If the concern is about local goons / employers / coworkers, then both Telegram and Signal are more than enough to stop them prying.
As for whether to use Signal or Telegram, Signal has end to end encryption enabled by default, while in Telegram you have to switch it on for each chat. On the other hand, Telegram has the best UI among messaging apps hands down.
Pegasus really negates a lot of security too.
Compromising one of the devices is always game over. The only way to be Pegasus-proof is to not communicate digitally.
Even if you switch to an offline keyboard, the new “ai” assistants in Windows, iOS, and Android? Can read your screen, microphone, and etc. I’m not really sure what you should use unless you use coded language. Even then, there’s just too much information about you out there anyway. Best bet would to be have conversations in private away from any electronic devices or use something like tails.
