Signal isn’t perfect either, but their mistakes are far less egregious. They also have removed some of the more egregious mistakes, like needing a phone number (edit: incorrect, see below) or google play services to function. It can be run on a device without Google Play Services because it only uses Google Play Services for push notifications.
I knew about the SMS thing (Android only), but thought they had yet to release user names as a feature. I see no settings related to user names on iOS. The SMS retirement was to remove the ability to use Signal to replace an SMS app on Android.
Forgive me, you’re correct. I stopped using it when it dropped SMS, because I had only ever able to get people on it through SMS, but at the time had read plans about eventually dropping the phone number requirement. I mixed those things up in my head.
From what I understand, they’re fully invested in dropping the phone number requirement though, and some more googling says that they’ve had versions of Signal PNP (phone number privacy) running for a while now.
You’re correct, that part hasn’t actually changed over yet, but it’s in the works.
They do not at this time intend to drop the phone number requirement, as they see it as an anti-spam measure. Meredith Whittaker has said as much. Phone number privacy is a project independent of requiring phone number at signup, and it just prevents other users from seeing your number.
Hehe! I was just bitching about them dropping SMS (and a crapton of users) in another post.
It used to be the perfect app to get people into secure messaging. Now it’s just another chat app to most people, who tend to think “who really cares when you’ve got WhatsApp etc, that actually have users? Why would I want some obscure app on my phone? More shit to think about.”
Hm? Not sure which Signal you’re using. But it very much still requires a phone number to use. Usernames are not available just yet. There’s activity related to usernames in the GitHub repository, but no release yet.
They did remove the ability to send and receive SMS from their Android app. That was about last year or so.
Usernames have not been released yet. When they are released, phone number will still be required for registration, but you will be able to hide it from other people on Signal.
GPS was short for Google Play Services, not Global Positioning System. Sorry.
Signal is always encrypted by default. Same with Matrix. Telegram you have to choose for it to be an encrypted chat, and you can’t do encrypted group chats.
Are you both bots? How can anyone read that crap and say it's a great breakdown?
It's a single widely known issue, and it can literally be summed up in one short sentence: by default it doesn't use end-to-end encrypted chats, which are also far inferior in functionality.
I've never seen a pro-telegram propagandist, but you anti-telegram propagandists are swarming and very tiresome.
We are in a privacy community. A privacy community with a specific website that makes recommendations on messenger apps. And yet, OP is asking for an opinion on comparisons between Signal (recommended by the guide) and Telegram (which isn’t even in the guide). Why would this be necessary if they weren’t thinking Telegram could be a private and secure messenger too? Even tho it’s not recommended on privacy guides. Draw whatever conclusions you want to fit your own world view. But just because others do so differently, doesn’t mean they’re bots. That’s a very lazy way to view the world. And that is also just my opinion. If you wanted to discuss the points of the article, I’m down. But if you’re coming in here to be reductive because you have a differing opinion, then this is all I’m going to be saying to you.
I guess it’s too hard to consider real people with real opinions might populate a niche website with small userbase and an active anti-advertising attitude.
I guess it’s also too hard to just look at an account and decide if it seems spammy or if it seems like a real person, and easier to just cast aspersions because they… annoyed you?
I dislike Signal because of the abandonment of SMS as an option. Without that, it’s on par with (not really ahead of) most other secure messengers. Session is pretty decent, and I am curious if SimpleX will take off.
Anyways. Not a Session fanboy by any means, but I cam still see that (given the two options asked about) session is the clear winner. But your take on this all is hilarious.
I don't like to participate in pointless discussions, but I'll at least clarify it to avoid more silly replies.
-I call the other user a propagandist just for using the other user's language, obviously the correct thing would be hater.
-The article is crap and I criticize the nonsense of praising it. This is not a defense of telegram, nor being against criticizing it.
-I called them bots in a mocking way for their conclusion to the article.
it’s not simply the fact that SMS is gone, it’s also the administrative decision that caused that. Session will likely have some gaffes administratively as they get larger, but for now, I don’t know of any I particularly dislike.
@bastion Anonymity is useful, sure. But if you're going to use an IM app like the majority of people do, you're going to use it to contact friends and family, which means that the account isn't anonymous.
You should also know that Session lacks forward secrecy (a very important feature imo).
True. And although perfect forward secrecy isn’t a huge deal, it is potentially useful, if (for example) you have the encrypted messages backed up, then deleted from your phone, and someone gets access to both your backup and secret key (somehow).
If a hacker had access to the private long-term key, though, odds are extremely high that they have access to the message database of decrypted messages that signal keeps around to show your history - so kinda moot at that point. There are some useful niche cases for it, though.
There’s a physical necessity to keep all of the information necessary to decrypt messages in the app’s folder.
Anything the signal app shows you can also be seen by an app with access to Signal’s data on that device. This is true of any E2E encrypted messenger service.
Of course, this is disallowed by the OS, but if you have physical access to that device, you have and can access that data. That includes the database of all of your messages on that device, and the key to decrypt them.
PFS prevents someone using the key your device has on it from decrypting earlier cyphertexts. But if they have access to that key, they almost inevitably also have access to the database that signal keeps all of your messages in.
Thus PFS only works in practice if you delete the data from both the sending and receiving devices. PFS is useful, but it’s usefulness is fairly limited in typical scenarios. But, if someone sniffed the cyphertext and then you read the message and deleted it/had disappearing messages on, and they later hacked your phone and got the key, you’d be safe and they couldn’t decrypt the cyphertext they’d sniffed earlier.
It’s just… …it’s a really niche scenario, and most people (except the very paranoid) aren’t regularly deleting every message.
Telegram is, by all accounts, a privacy garbage fire. They rolled their own crypto, bless them, and as they say, anyone can design a cryptosystem that they themselves can’t break.
Session and Threema seem to be coming along too, but I’m quite happy with Signal as my go to messaging service for now.
I like the work they do, and the head of the Signal Foundation, Meredith Whitaker, seems very level headed and passionate about their mission.
My only concern with Signal is how they will be able to keep the lights on long term. Either they will continuously need bailouts from billionaire benefactors, or they’ll have to monetize the shit out of their branding, with merch, a Patreon, probably some kind of ads and pushing even more for donations and fundraising. I hope I’m wrong but I have a feeling I’m not.
Last time I used adguard, they seemed to want to get money from user donations. By having more users, more users would donate, and there would be a point where there would be enough.
Tho I’m not sure if they have reached such point or if they would reach it in the future.
It’s a not for profit, so they don’t need to rake in dough, just need to keep functioning, which isn’t a ton of cash for a messaging service. Wikipedia does just fine with donations, and they serve far more people.
I donate every month, and I bet there’s enough that do to keep running like they are.
I love Signal, but at the end of the day they still operate a centralized service with all the drawbacks that entails. It only takes a change of leadership to kick of progressive enshitification, just look at what happened to WhatsApp. Being run by a non-profit should help, but the chance always exists with centralized control. Also their multi-device support is still not great, no official support for Android tablets for example. And idk why not, because Molly (Signal fork) recently added that without too much difficulty afaik.
Session looks really interesting imo, kinda like a decentralized and multi-device version of Signal.
I wish people would use Signal, but Telegram is the closest thing to a sane privacy policy I’ve got. There are a few that luckily agreed to use Signal.
Waiting on interoperability, see how that’s implemented in Signal+WhatsApp (hopefully with Telegram to so I can ditch that).
I’m also using telegram but I don’t trust it. It’s made by two Russian brothers who are fleeing from every country in the world. A bit to sketchy in my opinion.
Don’t trust them either but that’s sometimes a good sign. It’s been used for illegal activities using a 3rd party client for a while in one country that I know of, which oddly enough makes me a little more comfortable. Or at least that country just couldn’t get access to the data
IMO I’d rather have that and have them clearly say they’re not using it for anything than potentially be profiled on WhatsApp where my friends keyboards are spying on their end in terms of content, i.e. be plugged into a social network with half the conversation exposed that way.
do you change keyboards for different apps? The keyboard itself is a separate app. Switching whatsapp for telegram (of all things) means you switched the messaging app. You did not switch the keyboard app too.
So if you think your keyboard is spying on you, that has absolutely nothing to do with messaging apps. At all
I see the confusion, what I meant to say their keyboard is spying on them which includes their part of my conversation with them. Having an app broadcast the metadata of the conversations (whatsapp) + a keyboard spying on them = me getting profiled, somewhat.
Although Meta tries to go Apple’s way and not share data (likewise for Google, iirc)
As long as Signal requires my phone number, it’s a hard NO for me. I don’t care how good they encrypt if the first thing they do is require one of my most personal identifiers.
You’ll be able to connect with people by giving out your username instead of your phone number. You will however still be required to register using your phone number, if I’m not completely mistaken.
So you can buy a burner phone (number) to receive the registration code and you’re good. Perhaps need to keep the number for migrating to new phone though.
Signal. Also, the solution to the “no-one on signal” problem is simply to refuse to use insecure platforms like WhatsApp. If people want to talk to you then, they have to download signal. They might get annoyed with you, but sometimes a bit of coercion is necessary to get people to do what’s good for them.
In reality I just use SMS because everyone I know is still using that or iMessage so what’s happening at my end is irrelevant to my privacy, and I wouldn’t send anything I wanted to be private from a phone at all. There are no good solutions for that.
With Signal as your default messaging app, you could just tell people to switch to Signal and use one app. If both parties had Signal, secure messaging was used automatically.
Friends and family slowly started using Signal, because it’s just a nice messaging app, plus it’s potentially more secure.
Then Signal decided to tank SMS. …and slowly, friends and family started leaving Signal, and now it’s just us security-conscious folks again.
I still have Silence installed on my phone because of that. It's not being maintained any more though so it's only a matter of time before Silence stops working or has some security vulnerability (if it's doesn't already.
I still feel really disappointed that Signal (and the apologists) don't seem to understand that for many countries SMS is still the go to.
For the non-tech savy, having one messaging app (Signal/SMS) was excellent because a user can send a message to a contact and it would automatically use signal if the recipient was also using it and use SMS when the recipient wasn’t.
Now I get SMSs and have to gently remind the contact (or just reply in signal).
Or a frantic call from family “hey I can’t message my boss, I have their contact but signal isn’t finding the contact” then having to explain that SMS and signal are different.
worth mentioning that SMS messages are plaintext as they traverse the carrier network. They are also logged by seemingly any equipment that they traverse. Also when they aren’t delivered immediately, they wait in a queue on the network waiting for the receiving device to “phone home” (pun intended 😎).
The caveat here is often times the plaintext message is in an encrypted tunnel (physical wireless layer, and data tunnels in carrier EPC) but at tunnel endpoints, SMSs are nakey
I would trust a Matrix client like Element / Schildichat over Signal and Telegram. But if we are only considering the latter, I would pick signal (like many other comments have mentioned).
Trust doesn’t matter if no one uses these platforms to message you.
I persuaded my friends into trying other messaging platforms but they ended up flocking back to Whatsapp because their contacts are not on Signal and definitely not on Matrix. Also normies may find Element/Matrix difficult to use. Almost all of them have Telegram accounts and believes it’s more private than Whatsapp, also apparently they use it as a content downloading app than a messaging app.
me: a telegram premium user reading comments 👀 guys the fact is that signal is fucking empty, there’s nothing. lacking of a lot of features and one thing that is the worst (for me) is that signal isn’t social and (as I saw when i used it) there aren’t any public group or channels. I use Telegram for everything, as music player, as private chatting and as social app but sane and without an algorithm that tracks me, and knowing that there isn’t CIA behind me watching me enjoying memes is enough. I also saw someone posting an article about Telegram not having e2e encryption, the reason for that (as I known) is the sync from all devices being difficult to have with e2e and the contents of the messages are very heavy (looking at animated emojis, reactions, stickers ecc). Of course I’d prefer to have a more secure app like Signal that has e2e and has been suggested by EU itself, but if I have to think all the thing I’m loosing to just have 1 feature, that doesn’t that much to me (telegram has never given any info to policy as i know and a lot of illegal things happens on telegram proving that maybe their privacy is better than you think), I prefer to have a lot of more features. If you want to correct me I’ll enjoy reading more on the platform I like.
for the first i didn’t really understand the circumstances (the sites requires subscribtion to read the article) for the second i guess it’s normal that if you do something anti ethical you don’t deserve the privacy the app offered to you. like dark web is nice for not getting censured but pedosites needs to be shutted down and people behind them punished
@progettarsi Then they shouldn't publicize their app as a private messaging app, since they have access to our supposedly private conversations. That is actively harming their users because they're giving them a false sense of security. I have some IRL friends who think Telegram is more private than WhatsApp (which is obviously wrong because WhatsApp at least uses E2EE by default) due to this false publicity.
i’m that friend. telegram isn’t selling my data and isn’t spying on my chat while I’m writing which makes e2e useless. also telegram isn’t owned by a multimillionaire corporation that is famous for selling any data of its users. And honestly I’m feeling better chatting on an app that admits that doesn’t have e2e, that WhatsApp selling itself as e2e but spying on its users constantly My personal rank in security is: 1. Signal, the best in security but lacking of features; 2. Telegram, good security and a lot of features, in contact with the community; 3. WhatsApp, lacking of features, owned by Meta, spying on users
Add comment