• N-E-N@lemmy.ca
    link
    fedilink
    arrow-up
    52
    arrow-down
    2
    ·
    edit-2
    1 year ago

    Signal seems like an obvious choice over Telegram if privacy is the exclusive priority.

    I do love Telegram tho for the ability to send full-quality photos/videos, log-on with 2+ phones simultaneously, visual customization, etc

  • Arthur Besse@lemmy.ml
    link
    fedilink
    arrow-up
    41
    arrow-down
    6
    ·
    1 year ago

    🤔

    both require phone numbers, and both concentrate metadata in a central location (Amazon servers, in the case of signal).

    both sort of pretend to be free open source software, and sort of are but with a lot of caveats.

    telegram doesn’t even have end-to-end encryption (except for some wacky not-peer-reviewed thing in 1:1 ‘secret chats’ which are rarely used); at least signal has it beat there.

    https://simplex.chat/ is a new messenger which doesn’t have any of the above problems and seems quite promising imo.

    • PropaGandalf@lemmy.world
      link
      fedilink
      arrow-up
      14
      arrow-down
      1
      ·
      1 year ago

      Hey fellow SimpleX enjoyer. It’s still very early but only by spreading the word we can inform people about this great alternative!

    • randompepsi@lemmy.ml
      link
      fedilink
      arrow-up
      11
      arrow-down
      3
      ·
      1 year ago

      Telegram probably doesn’t have E2E so that people can have always active desktop sessions

      • Arthur Besse@lemmy.ml
        link
        fedilink
        arrow-up
        17
        arrow-down
        2
        ·
        edit-2
        1 year ago

        I’m not sure what exactly you mean by “always active desktop sessions” but for any definition I could imagine it is possible to do that while having e2ee. Many e2ee messengers have multi-device support nowadays.

        Telegram doesn’t need to have e2ee because they’ve pulled some trick of becoming widely perceived as being privacy friendly despite not actually offering any e2ee in most cases, and offering only some 🤡-protocol in the few cases where they do.

        Another reason for them not to implement e2ee is that they’re most likely monetizing their users content data as well as the metadata (and in more ways than just charging some types of police for access to it, which is presumably only a small fraction of their revenue).

      • Boring@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        E2ee doesn’t have to be 2 devices. It can be for any amount of endpoints as long as they have the key to decrypt the data.

        For example my nextcloud instance has e2ee for my phone, computer, and tablet.

      • Arthur Besse@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        They say that they don’t, and I think it is extremely likely that Signal employees are entirely sincere when they say that.

        But, even if they truly don’t keep metadata, they can’t actually know what their hosting provider (Amazon) is doing. And, their cryptographic “sealed sender” thing doesn’t really solve the problem. If someone with the right access at Amazon really wants the Signal metadata, they can get it, and if they can, anybody who can coerce, compel, or otherwise compromise those people (or their computers) can get it too.

        One can say they’re confident that the kind of adversaries they care to protect against don’t have that kind of capability, but it isn’t reasonable to say that Signal’s no-logging policy protects metadata without adding the caveat that routing all the traffic through Amazon makes the metadata of the protocol’s entire userbase available in a single place for the kind of adversaries that do.

              • Arthur Besse@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                What stops them from being able to? They could actually infer a lot of the metadata just from the encrypted network traffic, without even looking inside the VMs at their execution state. But, they can also see inside, so they can keep the kind of logs (outside the VM) which Signal [says that they] wouldn’t.

  • QuazarOmega@lemy.lol
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    Why make this post hard to search for by using an image, instead of directly asking which is more trustworthy between Telegram and Signal? It just makes it look like you’re sharing an article link.
    The question isn’t even really relevant, you can mistrust Signal and still use it because it’s made in such a way that even if the server operators were malicious, they could get little data out of you.
    Telegram has secret chats and already having to “toggle-on” your privacy undermines the privacy of the whole application because your profile is partially clear to the service, which leaves it open to make various inferences on you

  • loki@lemmy.ml
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    2
    ·
    edit-2
    1 year ago

    For people I don’t know or just started talking, I give them my telegram username that’s not linked to my personal phone number. For friends and family, I use signal.

    Lots of opensource projects have telegram channels for updates. Not to mention news and local updates as well.

    People need to incorporate a social aspect of the real world. Everyone isn’t as privacy conscious as you are and you can have multiple apps for different scenarios.

    If you don’t ever want to meet anyone new, signal is perfect.

  • DavidGarcia@feddit.nl
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    I wish we would move away from centralized messengers entirely. They are always just one law away from being banned. See: whatever the UK is doing.

    • Jobin Jose@kerala.partyOP
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      So you are recommending matrix? Signal ban us? Is a signal ban as terrible as a telegram ban?

      • PrinzKasper@kbin.social
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        I think it should be more akin to something like email. There is no one entity that controls all emails. It’s lots of independant servers and clients able to communicate with each other.

      • DavidGarcia@feddit.nl
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        I would like something P2P like Briar to be the norm. But something federated like Matrix or DeltaChat would be nice too.

        It should be P2P (like Torrent, not like Lemmy), routed through some anonymity layer like Tor or I2P so no one knows your IP, there should be no central point of failure, and of course I would love for it to have the same features, reliablility and speed as Signal or Telegram.

        Closest I could find is Briar. It even works if the internet is down, which is nice. But it would be cooler if it worked with LoRA or something too.

        I don’t know what would be most censorship resistant or technically capable of fully replacing modern messengers, but this here is a good list, anything that says ‘decentralized’:

        https://www.privacytools.io/privacy-messaging

          • DavidGarcia@feddit.nl
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            A long time ago, like 5+ years ago shortly after release, I can’t say it impressed me. Neither when I periodically checked on it. Seems like is has significantly improved since then.

            The issue is always whether or not I can sell it to my technically challenged friends and family. I don’t see those platforms taking over unless anyone can use them. Briar is sadly pretty lacking. Cwtch also seems interesting but I haven’t taken to time to check if it’s good yet.

            I haven’t been that deeply immersed in the topic in the last 5+ years, but it seems like nothing much has changed. It’s still all the same players that seem to be interesting.

            • Possibly linux@lemmy.zip
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              For me its not usable as sometimes messages don’t deliver. However I’m watching it closely to see if it gets better.

              I wish it didn’t tie your profile into a username. I have been using simplex chat and it is nice not having a username that could get leaked or abused. Jami requires approval from the recipient before you can send messages but in my option that isn’t enough.

              • DavidGarcia@feddit.nl
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Yeah I feel like the entire space still needs another 5 to 10 years until it produces a viable competitor to centralized messengers.

                Simplex Chat sounds interesting. So you basically generate new public IDs for every new contact? That’s probably the best way to do it.

  • randompepsi@lemmy.ml
    link
    fedilink
    arrow-up
    13
    arrow-down
    4
    ·
    1 year ago

    I ”trust” Signal the most because there is 100% transparency, I can look into the inner workings of the app and see what it does at all time.

    Telegram is the best (in sense of privacy) message app you can actually manage to get your friends and family to use.

        • ekky43@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          6
          ·
          edit-2
          1 year ago

          Wait what? I thought Telegram pretty much was Discord but for people who prefer phones over computers.

          Wasn’t there also a controversy where some people believed that telegram was private and secure, but that only was for a very limited subset of their features?

          Disclaimer: I’ve only ever installed telegram once for one single person, but promptly removed it afterward for sending out messages to some of my contacts on its own, so I have no clue how it actually works. Feel free to correct or educate me.

            • ekky43@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              It was a message along the lines of “Your friend Ekky has started using Telegram, say hello to them”.

              Not sure if it was a notification or a message, but that was very uncanny and definitely felt scammy and abusive. It’s not the first time I’ve seen an app behave this way, though usually the app asks first.

          • bartleby1@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            I thought Telegram pretty much was Discord but for people who prefer phones over computers.

            Not a bad way to look at it, although I think one-on-one messaging is much more common on Telegram compared to discord, which has its “communities” thing as its main use case.

          • FIST_FILLET@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Wasn’t there also a controversy where some people believed that telegram was private and secure, but that only was for a very limited subset of their features?

            i think you’re thinking of how you have to go out of your way to start a “secret chat” for it to have the touted encryption. those “secret chats” are way less feature-rich than the standard ones though, which sucks ass

  • Thisfox@sopuli.xyz
    link
    fedilink
    arrow-up
    9
    arrow-down
    1
    ·
    1 year ago

    My friends are already on telegram, I don’t have to force change. I can make any chat more secure from the start. I am not using massive government level secrets anyhow. I mean, security is nice, but my cat photos, bad code, homegrown mint tea, and plans for the beach this coming summer are hardly a top secret problem anyway, I’m not planning a murder, I just don’t want meta or facebook using them for advertising. Telegram is good enough.