• N-E-N@lemmy.ca
    492·
    1 year ago

    Signal seems like an obvious choice over Telegram if privacy is the exclusive priority.

    I do love Telegram tho for the ability to send full-quality photos/videos, log-on with 2+ phones simultaneously, visual customization, etc

  • Arthur Besse@lemmy.ml
    396·
    1 year ago

    🤔

    both require phone numbers, and both concentrate metadata in a central location (Amazon servers, in the case of signal).

    both sort of pretend to be free open source software, and sort of are but with a lot of caveats.

    telegram doesn’t even have end-to-end encryption (except for some wacky not-peer-reviewed thing in 1:1 ‘secret chats’ which are rarely used); at least signal has it beat there.

    https://simplex.chat/ is a new messenger which doesn’t have any of the above problems and seems quite promising imo.

    • PropaGandalf@lemmy.world
      131·
      1 year ago

      Hey fellow SimpleX enjoyer. It’s still very early but only by spreading the word we can inform people about this great alternative!

    • randompepsi@lemmy.ml
      113·
      1 year ago

      Telegram probably doesn’t have E2E so that people can have always active desktop sessions

      • Arthur Besse@lemmy.ml
        172·
        1 year ago

        I’m not sure what exactly you mean by “always active desktop sessions” but for any definition I could imagine it is possible to do that while having e2ee. Many e2ee messengers have multi-device support nowadays.

        Telegram doesn’t need to have e2ee because they’ve pulled some trick of becoming widely perceived as being privacy friendly despite not actually offering any e2ee in most cases, and offering only some 🤡-protocol in the few cases where they do.

        Another reason for them not to implement e2ee is that they’re most likely monetizing their users content data as well as the metadata (and in more ways than just charging some types of police for access to it, which is presumably only a small fraction of their revenue).

      • Boring@lemmy.ml
        4·
        1 year ago

        E2ee doesn’t have to be 2 devices. It can be for any amount of endpoints as long as they have the key to decrypt the data.

        For example my nextcloud instance has e2ee for my phone, computer, and tablet.

      • Arthur Besse@lemmy.ml
        2·
        1 year ago

        They say that they don’t, and I think it is extremely likely that Signal employees are entirely sincere when they say that.

        But, even if they truly don’t keep metadata, they can’t actually know what their hosting provider (Amazon) is doing. And, their cryptographic “sealed sender” thing doesn’t really solve the problem. If someone with the right access at Amazon really wants the Signal metadata, they can get it, and if they can, anybody who can coerce, compel, or otherwise compromise those people (or their computers) can get it too.

        One can say they’re confident that the kind of adversaries they care to protect against don’t have that kind of capability, but it isn’t reasonable to say that Signal’s no-logging policy protects metadata without adding the caveat that routing all the traffic through Amazon makes the metadata of the protocol’s entire userbase available in a single place for the kind of adversaries that do.

              • Arthur Besse@lemmy.ml
                1·
                1 year ago

                What stops them from being able to? They could actually infer a lot of the metadata just from the encrypted network traffic, without even looking inside the VMs at their execution state. But, they can also see inside, so they can keep the kind of logs (outside the VM) which Signal [says that they] wouldn’t.

  • QuazarOmega@lemy.lol
    20·
    1 year ago

    Why make this post hard to search for by using an image, instead of directly asking which is more trustworthy between Telegram and Signal? It just makes it look like you’re sharing an article link.
    The question isn’t even really relevant, you can mistrust Signal and still use it because it’s made in such a way that even if the server operators were malicious, they could get little data out of you.
    Telegram has secret chats and already having to “toggle-on” your privacy undermines the privacy of the whole application because your profile is partially clear to the service, which leaves it open to make various inferences on you

  • loki@lemmy.mlEnglish
    192·
    1 year ago

    For people I don’t know or just started talking, I give them my telegram username that’s not linked to my personal phone number. For friends and family, I use signal.

    Lots of opensource projects have telegram channels for updates. Not to mention news and local updates as well.

    People need to incorporate a social aspect of the real world. Everyone isn’t as privacy conscious as you are and you can have multiple apps for different scenarios.

    If you don’t ever want to meet anyone new, signal is perfect.

  • randompepsi@lemmy.ml
    124·
    1 year ago

    I ”trust” Signal the most because there is 100% transparency, I can look into the inner workings of the app and see what it does at all time.

    Telegram is the best (in sense of privacy) message app you can actually manage to get your friends and family to use.

        • ekky43@lemmy.dbzer0.com
          5·
          1 year ago

          Wait what? I thought Telegram pretty much was Discord but for people who prefer phones over computers.

          Wasn’t there also a controversy where some people believed that telegram was private and secure, but that only was for a very limited subset of their features?

          Disclaimer: I’ve only ever installed telegram once for one single person, but promptly removed it afterward for sending out messages to some of my contacts on its own, so I have no clue how it actually works. Feel free to correct or educate me.

            • ekky43@lemmy.dbzer0.com
              1·
              1 year ago

              It was a message along the lines of “Your friend Ekky has started using Telegram, say hello to them”.

              Not sure if it was a notification or a message, but that was very uncanny and definitely felt scammy and abusive. It’s not the first time I’ve seen an app behave this way, though usually the app asks first.

          • bartleby1@lemmy.ml
            2·
            1 year ago

            I thought Telegram pretty much was Discord but for people who prefer phones over computers.

            Not a bad way to look at it, although I think one-on-one messaging is much more common on Telegram compared to discord, which has its “communities” thing as its main use case.

          • FIST_FILLET@lemmy.ml
            2·
            1 year ago

            Wasn’t there also a controversy where some people believed that telegram was private and secure, but that only was for a very limited subset of their features?

            i think you’re thinking of how you have to go out of your way to start a “secret chat” for it to have the touted encryption. those “secret chats” are way less feature-rich than the standard ones though, which sucks ass

  • Thisfox@sopuli.xyz
    91·
    1 year ago

    My friends are already on telegram, I don’t have to force change. I can make any chat more secure from the start. I am not using massive government level secrets anyhow. I mean, security is nice, but my cat photos, bad code, homegrown mint tea, and plans for the beach this coming summer are hardly a top secret problem anyway, I’m not planning a murder, I just don’t want meta or facebook using them for advertising. Telegram is good enough.

  • jeffhykin@lemm.ee
    7·
    1 year ago

    I can generally convince people to use Telegram, but not signal. Telegram is better than SMS, GroupMe, WhatsApp, Discord, Facebook Messenger, SnapChat, etc so its what I use.

    If anything, I’ve got hopes that Element/Matrix will get enough polish to become viable.