- cross-posted to:
- privacyguides@lemmy.one
- cross-posted to:
- privacyguides@lemmy.one
Signal. This isn’t even up for discussion.
Uhm, yeah why are we even comparing the two? Definitely isn’t a discussion. Signal is superior
Signal seems like an obvious choice over Telegram if privacy is the exclusive priority.
I do love Telegram tho for the ability to send full-quality photos/videos, log-on with 2+ phones simultaneously, visual customization, etc
🤔
both require phone numbers, and both concentrate metadata in a central location (Amazon servers, in the case of signal).
both sort of pretend to be free open source software, and sort of are but with a lot of caveats.
telegram doesn’t even have end-to-end encryption (except for some wacky not-peer-reviewed thing in 1:1 ‘secret chats’ which are rarely used); at least signal has it beat there.
https://simplex.chat/ is a new messenger which doesn’t have any of the above problems and seems quite promising imo.
Hey fellow SimpleX enjoyer. It’s still very early but only by spreading the word we can inform people about this great alternative!
Did chatgpt write this?
Now I understand what you mean. But no it isn’t. Just wanted to sound like an old advertisement slogan.
Telegram probably doesn’t have E2E so that people can have always active desktop sessions
I’m not sure what exactly you mean by “always active desktop sessions” but for any definition I could imagine it is possible to do that while having e2ee. Many e2ee messengers have multi-device support nowadays.
Telegram doesn’t need to have e2ee because they’ve pulled some trick of becoming widely perceived as being privacy friendly despite not actually offering any e2ee in most cases, and offering only some 🤡-protocol in the few cases where they do.
Another reason for them not to implement e2ee is that they’re most likely monetizing their users content data as well as the metadata (and in more ways than just charging some types of police for access to it, which is presumably only a small fraction of their revenue).
E2ee doesn’t have to be 2 devices. It can be for any amount of endpoints as long as they have the key to decrypt the data.
For example my nextcloud instance has e2ee for my phone, computer, and tablet.
Signal doesn’t keep metadata at all.
They say that they don’t, and I think it is extremely likely that Signal employees are entirely sincere when they say that.
But, even if they truly don’t keep metadata, they can’t actually know what their hosting provider (Amazon) is doing. And, their cryptographic “sealed sender” thing doesn’t really solve the problem. If someone with the right access at Amazon really wants the Signal metadata, they can get it, and if they can, anybody who can coerce, compel, or otherwise compromise those people (or their computers) can get it too.
One can say they’re confident that the kind of adversaries they care to protect against don’t have that kind of capability, but it isn’t reasonable to say that Signal’s no-logging policy protects metadata without adding the caveat that routing all the traffic through Amazon makes the metadata of the protocol’s entire userbase available in a single place for the kind of adversaries that do.
This is pure speculation
which part?
If someone with the right access at Amazon really wants the Signal metadata, they can get it,
What stops them from being able to? They could actually infer a lot of the metadata just from the encrypted network traffic, without even looking inside the VMs at their execution state. But, they can also see inside, so they can keep the kind of logs (outside the VM) which Signal [says that they] wouldn’t.
Why make this post hard to search for by using an image, instead of directly asking which is more trustworthy between Telegram and Signal? It just makes it look like you’re sharing an article link.
The question isn’t even really relevant, you can mistrust Signal and still use it because it’s made in such a way that even if the server operators were malicious, they could get little data out of you.
Telegram has secret chats and already having to “toggle-on” your privacy undermines the privacy of the whole application because your profile is partially clear to the service, which leaves it open to make various inferences on youI’m still not sure whether the post is just spam.
I have this impression too with the profile’s posts, but I’ll give the benefit of the doubt
Yeah it took me a while to figure out it was about those two apps. I thought OP meant any app.
That wasn’t very programming.dev of you
For people I don’t know or just started talking, I give them my telegram username that’s not linked to my personal phone number. For friends and family, I use signal.
Lots of opensource projects have telegram channels for updates. Not to mention news and local updates as well.
People need to incorporate a social aspect of the real world. Everyone isn’t as privacy conscious as you are and you can have multiple apps for different scenarios.
If you don’t ever want to meet anyone new, signal is perfect.
deleted by creator
I wish we would move away from centralized messengers entirely. They are always just one law away from being banned. See: whatever the UK is doing.
So you are recommending matrix? Signal ban us? Is a signal ban as terrible as a telegram ban?
I think it should be more akin to something like email. There is no one entity that controls all emails. It’s lots of independant servers and clients able to communicate with each other.
So… XMPP) With Matrix as a newer, more bloated version of it.
I would like something P2P like Briar to be the norm. But something federated like Matrix or DeltaChat would be nice too.
It should be P2P (like Torrent, not like Lemmy), routed through some anonymity layer like Tor or I2P so no one knows your IP, there should be no central point of failure, and of course I would love for it to have the same features, reliablility and speed as Signal or Telegram.
Closest I could find is Briar. It even works if the internet is down, which is nice. But it would be cooler if it worked with LoRA or something too.
I don’t know what would be most censorship resistant or technically capable of fully replacing modern messengers, but this here is a good list, anything that says ‘decentralized’:
Have you tried Jami?
A long time ago, like 5+ years ago shortly after release, I can’t say it impressed me. Neither when I periodically checked on it. Seems like is has significantly improved since then.
The issue is always whether or not I can sell it to my technically challenged friends and family. I don’t see those platforms taking over unless anyone can use them. Briar is sadly pretty lacking. Cwtch also seems interesting but I haven’t taken to time to check if it’s good yet.
I haven’t been that deeply immersed in the topic in the last 5+ years, but it seems like nothing much has changed. It’s still all the same players that seem to be interesting.
For me its not usable as sometimes messages don’t deliver. However I’m watching it closely to see if it gets better.
I wish it didn’t tie your profile into a username. I have been using simplex chat and it is nice not having a username that could get leaked or abused. Jami requires approval from the recipient before you can send messages but in my option that isn’t enough.
Yeah I feel like the entire space still needs another 5 to 10 years until it produces a viable competitor to centralized messengers.
Simplex Chat sounds interesting. So you basically generate new public IDs for every new contact? That’s probably the best way to do it.
Using signal but planning to switch. SimpleX and XMPP are my candidates.
I use Signal, it’s about as private as I can get other normal people to use.
Signal is privacy focused Telegram is a privacy nightmare
Signal hands down
Signal. SimpleX is a second to that.
I ”trust” Signal the most because there is 100% transparency, I can look into the inner workings of the app and see what it does at all time.
Telegram is the best (in sense of privacy) message app you can actually manage to get your friends and family to use.
In my case, the hardest app to convince my friends and family to use is Telegram.
There’s definitely the stigma that Telegram is only used by criminals
Wait what? I thought Telegram pretty much was Discord but for people who prefer phones over computers.
Wasn’t there also a controversy where some people believed that telegram was private and secure, but that only was for a very limited subset of their features?
Disclaimer: I’ve only ever installed telegram once for one single person, but promptly removed it afterward for sending out messages to some of my contacts on its own, so I have no clue how it actually works. Feel free to correct or educate me.
Automatically sending messages to your contacts?? Someone might have access to your account
It was a message along the lines of “Your friend Ekky has started using Telegram, say hello to them”.
Not sure if it was a notification or a message, but that was very uncanny and definitely felt scammy and abusive. It’s not the first time I’ve seen an app behave this way, though usually the app asks first.
Oh yeah it notifies people who already have your number
I thought Telegram pretty much was Discord but for people who prefer phones over computers.
Not a bad way to look at it, although I think one-on-one messaging is much more common on Telegram compared to discord, which has its “communities” thing as its main use case.
Wasn’t there also a controversy where some people believed that telegram was private and secure, but that only was for a very limited subset of their features?
i think you’re thinking of how you have to go out of your way to start a “secret chat” for it to have the touted encryption. those “secret chats” are way less feature-rich than the standard ones though, which sucks ass
Here, telegram is effectively used only for piracy.
piracysharing
- Session
- XMPP with OMEMO
- a Tox, if possible (no real asynch common)
- Matrix
- Signal
My friends are already on telegram, I don’t have to force change. I can make any chat more secure from the start. I am not using massive government level secrets anyhow. I mean, security is nice, but my cat photos, bad code, homegrown mint tea, and plans for the beach this coming summer are hardly a top secret problem anyway, I’m not planning a murder, I just don’t want meta or facebook using them for advertising. Telegram is good enough.
I would never trust telegram. The company behind it is mostly Russian scammers. I would use the opensource alternative to signal called Molly