How about not storing any information at all? Nothing to give, problem solved. Just like Signal.
I seriously don’t understand why people use Telegram instead of Signal. Any reason! The app doesn’t solve any privacy problem, default chats are unencrypted, keeps personal info. App should be dead already or turned into a dating app because it’s clearly not seriously privacy fucused.
> I seriously don’t understand why people use Telegram instead of Signal. Any reason!
Any reason? I’ll give you some serious ones.
Signal sucks really bad on user experience and features. If you try both for a week or two and learn about the features, you’d be able to conclude the same.
Signal does not care about users and prevents backups on iOS. Lose your device or delete the app due to some issues and reinstall? All your chats are gone!
Signal still has message delivery issues (like long delays)…it’s 2022!!!
Signal keeps pestering me to allow notifications and to allow contacts access. I can only choose “Not Now”, since there is no option that says “No”. When I choose “Not Now”, it will say “we’ll remind you later” and pester me again. I don’t understand why anyone would assume that this app cares about privacy or about users’ time.
> Signal sucks really bad on user experience and features. If you try both for a week or two and learn about the features, you’d be able to conclude the same.
Hm, for me Signal does all I need: Chat, voice chat, video chat, group chat, sending text, pictures, videos, whatever. All of that of course encrypted and not financed by a Russian millionaire/billionaire.
> Signal still has message delivery issues (like long delays)…it’s 2022!!!
Haven't noticed those. How sure are you, that your contacts are actually looking at Signal messages (two filled cirles checkmarks) or have network to receive the messages (two unfilled circles checkmarks)?
> Signal keeps pestering me to allow notifications and to allow contacts access. I can only choose “Not Now”, since there is no option that says “No”. When I choose “Not Now”, it will say “we’ll remind you later” and pester me again. I don’t understand why anyone would assume that this app cares about privacy or about users’ time.
OK, that's really annoying then. I usually use Signal on my computer, from which it works very nicely and never asks me any of those things.
Signal operates on the idea that anything sent through chat is ephemeral and not worth keeping, which just doesn’t work in practice in my experience.
When you’re knee deep in conversation with someone you’re probably not going to say, “oh hey we should switch to email so we can keep a record of this”. It might not even occur to you that the conversation could ever be of value.
There’s been several occasions when my life has been made much more easy for having been able to dig up some old message in iMessage, Telegram, etc from as far back as multiple years ago sometimes because the way things played out the pertinent info didn’t exist anywhere else simply because nobody involved could’ve ever guessed it had any importance.
> Signal operates on the idea that anything sent through chat is ephemeral and not worth keeping, which just doesn’t work in practice in my experience.
Why do you think that? Did you lose any messages? 'cause I can scroll back months and still see all my messages there. Never noticed any loss.
> Signal does not care about users and prevents backups on iOS. Lose your device or delete the app due to some issues and reinstall? All your chats are gone!
Switching out devices is something that happens often enough for many users that transferring history should not be an ordeal. Even the most careful users will occasionally break their phones, and sometimes people need to switch platforms for whatever reason.
WhatsApp suffers from this issue too, at least when trying to migrate histories between platforms.
just to add, telegram can NOT transfer or back up E2E encrypted chats either. unencrypted chats transfer because they are saved on the telegram server.
i think deltachat is possibly the only one that can transfer encrypted messages because you can copy the encryption keys and the messages are just mails, easy to copy (and usually stored on your mail server too)
i don't know how matrix handles this, but from the way verification works there, i am not confident.
> Signal does not care about users and prevents backups on iOS. Lose your device or delete the app due to some issues and reinstall? All your chats are gone!
My chats being gone from new devices is one reason I use Signal over others.
> Signal still has message delivery issues (like long delays)…it’s 2022!!!
I've sent tens or hundreds of thousands of messages over the course of years and the only time i've had delays is when I had spotty service.
I for one am 100% satisfied with Signals UX, and a big reason for that it precisepy that it does not evolve into a communications platform, but just pushes chats around. The delivery issues are very rare, and not a btother anyways. Chat is not time sensitive nor should it be.
Signal cares about privacy (unlike Telegram) and the evidence is right there in their respective source repositories.
UX of Signal is terrible. Part of that is a direct result of security-usability trade-offs.
> The app doesn’t solve any privacy problem, default chats are unencrypted, keeps personal info.
I am using it for public chats.
--------------------
EDIT: this is inacurate, see replies
For example I get repeated "insert PIN password here to remember it".
I have a password manager. There is no way to get rid of it, even via deeply hidden settings. For example, what about disabling it for password with length over 40? Or something?
> There is no way to get rid of it, even via deeply hidden settings.
At least on iOS: Settings > Account > [ ] PIN Reminders. I would be very surprised if there isn't a similar way of disabling those reminders on Android.
I seriously don’t understand why people use Telegram instead of Signal. Any reason!
telegram is the only chat app that offers Free Software clients, does not force me to share my phonenumber, is easy enough to use even for old people.
matrix is ok. but element is still buggy and the ux is complex and takes some learning.
another alternative is deltachat. it uses smtp as transport and works with an email account. the UX is also easy enough to use. easier than matrix/element.
The multiple third party clients feature is huge for me. It’s means I’m not stuck with living with whatever set of trade offs have been made in the official client, and it means there are true native (UWP, UIKit, etc) clients for just about every platform that don’t use UI as branding and behave the way one would expect apps of those platforms to behave.
Last time I tried Telegram to see what it is like, it did automatically broadcast to all my contacts, that I use Telegram, and as a consequence people thought they could message me there, even though I was only testing the app. Also it did require associating with my phone/SIM. Do you mean, that it does not publish your phone number to other people on Telegram?
I keep an eye on deltachat, hoping, that it might become a viable alternative to phone number associated chat solutions. Not sure how mature deltachat is already.
it should have asked you about that broadcasting. i am very sensitive about that so i am careful not to allow it.
deltachat is pretty mature for the features that it has. one nice one is that the autocrypt feature works with some regular email clients, so you can exchange encrypted deltachat messages with people who don't have a deltachat client.
it handles groups, image sharing, and integrates videochat with a configurable url (so you can use any video chat that can be opened through a webbrowser)
It requires a phone number, but it doesn't require sharing the phone number with other people. On signal you are only reachable via the phone number, Telegram has User names and allows to hide the number from the profile.
It asks for a phone number when you sign up, but you don't have to share the phone number with people you want to add as a contact/share it in groups.
For a lot of people, Telegram does a good job of being "less evil than Facebook Messenger", and private in ways that matter to them. I'm more worried about some nutcase from a video game meetup group getting hold of my phone number than I am law enforcement finding out I was in that video game group in the first place.
I have a Matrix server and an XMPP server for 'truly private' communication anyway.
that's very subjective i suppose, i don't have much to compare it to. if by fun you mean stickers and animated emojis. sure. it doesn't get in my way. it is possible to find groups and people through searching for keywords.
i can name my contacts as i like. (which matrix/element for example does not allow, and that's a real problem)
the only thing annoying is that anyone can just talk to me, whereas eg. in wechat people have to make a contact request before they can talk to me directly. but i have the impression that wechat is the unusual one here, which a feature that i'd like to see adapted by other messengers too.
i also miss wechat's feature of being able to choose a custom name for myself in each group. but again, i don't know if any other messenger offers that.
That wouldn't work for groups. Abusers could then destroy the groups with impunity for the purpose of censorship. Telegram is mostly about groups. Telegram is often used for activism.
Signal claims to not store data about who is talking to who. That doesn't mean that they don't. If they were, say, a secret subsidiary of the CIA they would act exactly as they are acting now. In general you can't trust the providers of these sorts of things. See Crypto AG...
To some degree you can trust them, as data request to Signal have been through the court systems which is public. You can actually look up and see what data they have turned over after receiving court orders to do so.
Would a secret CIA subsidiary hand over data for a routine civilian court request? If anything not doing so would make their covert surveillance tool even more trustworthy and effective.
That's my point, if Signal were a CIA front with some kind of secret backdoor, it would probably not reveal that in response to a request from a Central District of California grand jury.
Suppose an update is rolled out in app stores, and many people update to it. Suppose this new version contains surveillance instead of matching the published/reviewed code. Won't there be some substantial period of time during which many messages can be stolen before somebody eventually goes on twitter to say "hmm, wireshark shows more data than I'd expect" and/or "hmm, I can't get the source to build quite like the store's new apk"?
We know exactly how much metadata can be collected. You can just look at how the official client works. You can reverse engineer what the server has to do. This not a matter of uncertainty. Signal doesn't mention the collection of the push messaging device IDs explicitly. But that ID doesn't yield a government level adversary any advantage that they don't already have from knowing the phone number, so it doesn't matter. Contact intersection can be logged, then pre-imaged. We can't know. But we already know it can because we know how the clients work. That's it.
Signal doesn't claim cryptographic security against that metadata collection, but then there isn't currently any working system that can make such a claim, so why bust their balls over it?
No, it simply does not matter what modified version of their server they run. We know what the clients do, and we know what the servers can log. This is a fact as sure as day follows night, and that an apple will fall to the ground when dropped. It isn't even debatable. Your comment is incorrect, full stop.
Because you lose all your chat history without any way to export it.
I unfortunately have convinced some of my relatives to use Signal without me looking into it beforehand.
Now because of Signal’s moronic design I dread the day when something happens and I decide I want to save all our chats for posterity / memories, but wouldn’t be able to. There is simply no “export” button. There is some way to do it on Android but on iOS we are SOL.
I would prefer them to be clearer to say "we will redesign our systems so we no longer store IP addresses".
"Change our data structure" sounds like they might just host the servers outside the country and use a "Telegram Deutschland Inc" company that doesn't have access to any user data to run the service.
Just to remind that Signal is bu//sh*t messenger that ask you for your phone number. And keep and share all the information with authorities. Since it is a US based company, and it is what US based companies do.
If you want to make a protected application, don't tie it to any real world data. That is very easy.
I love Signal, but in some jurisdictions government request for data can be accompanied by gagging orders with serious penalties for breach. I'm not sure that list can be considered complete.
Does the design of Signal's applications or server infrastructure change because of the jurisdiction? Does the information they gather or store change?
> How about not storing any information at all? Nothing to give, problem solved. Just like Signal.
Yeah, give S̶i̶g̶n̶a̶l̶ Twilio your phone number instead. Problem solved.
> I seriously don’t understand why people use Telegram instead of Signal. Any reason! The app doesn’t solve any privacy problem, default chats are unencrypted, keeps personal info. App should be dead already or turned into a dating app because it’s clearly not seriously privacy fucused.
They don't care and Signal offers less that what Telegram has despite Telegram being less secure. Signal is bad at selling itself.
Maybe Signal needs to offer a better user experience, backup chats across all devices and offer more useful features; not less than their competitors rather than pushing a private cryptocurrency scam project useful for criminals, scammers and money launderers.
If the cryptocurrency weren't useful for criminals, scammers, and money launderers, then it wouldn't be useful for political dissidents either. The reason the undesirables use those technologies is because they work. Yes, bad people are going to use effective tools. Does that mean nobody should have them? Granted, I wish they would have just implemented Monero instead, especially since MobileCoin was (is?) unusable in the US. I agree they definitely could use some work on the backups side of the house as well.
Telegram has a great bot feature, that you can use to do a bunch of stuff (from smart house notifications, to "uptime robot" tracking of services up/down states, build results, temperature alarms, server monitoring, etc. One curl oneliner, and you get a message on your phone with whatever data needed (even with an image/graph or a file attachment).
Signal bugs on ios really are a pain point for people that I have convinced to switch. Even basic things, the ios app does not seem to use the correct camera API which makes using the internal camera lower quality which also makes video calls blurry.
You can install Telegram with f-droid, and it works well on a degoogled phone. Signal forbids alternate clients and is not on f-droid. It's thus just not an option.
It was mainly moxie who was hell-bent against that though. I'm hoping they'll reverse their stance since he left. And on federation as well.
Moxie was against all these things because it would make new features more difficult to implement. But personally I care much more for an open infrastructure. Most of their new features weren't even useful.
I'm currently using a matrix bridge and I didn't get banned (officially that's a third party client too) so that's a good sign.
I'm not messaging to you but to HN via E2E https connection.
You can't read that messages as they are transported, you can read them afterwards because HN makes them public not because my message wasn't send encrypted.
You seem to be mistaken about what the "ends" refer to in end to end encryption. If I whisper something in my friend's ear and she whispers it into your ear, that is not a secret message between you and me even if each "hop" was private.
E2E means no intermediaries see the plaintext, only the original sender and ultimate recipient see the plaintext. HN is not the recipient of your message, it's an intermediary.
With HTTPS alone, I can assure you that HN is, indeed, the recipient/end. If you post something like a PGP-encrypted message on HN, now you've got a situation where HN is no longer a recipient/end.
I think the better point to make is that we all collectively agree to refrain from using the term "end" (as in E2EE) in situations like the former, as it's misleading despite being accurate; please only use it for the latter.
Messenger like the telegram are something different than sites like HN.
I am aware that I send my messages to HN, they are not forwarded to you but you open the HN page to read my response.
HN is more like a message board with message hierarchy.
The communication is public, the transmission path is encrypted.
I am aware that I send my messages to HN, they are not forwarded to you but you open the HN page to read my response.
HN is more like a message board with message hierarchy.
The communication is public, the transmission path is encrypted.
It's more like whispering in your friends ear and she/he writes in down and pins it to a public board. My communication was private, but he/she is a chatterbox and I'm well aware of that.
Telegram is just the middleman between sender and receiver.
When you write on HN, the receiver is HN. That message is transported via E2E https encryption so it's secure.
But because HN displays all messages publicly you can read them after they were received.
This doesn't change the fact that the transport as such is E2E.
Ideally it would be the human at each end doing the encrypting and decrypting. But humans can't be bothered, so we let some code that we know very little about do it for us. Obviously having that code run on the client device (the one in your hand) is preferable to having it run elsewhere (like some web server), but either way the human (the true end) is delegating the job to an entity that isn't quite at the end, it's ever so slightly toward the center.
Things like PGP help to maximize the endianness, since the human has a better sense that the crypto software is legitimate, and can read the code before executing it, although there's still plenty of points of compromise between that code and the human (compiler, Intel ME, etc.) so unless you're doing crypto with a pencil and paper, you're always putting your trust somewhere that isn't precisely the "end."
That your message is transferred from your computer to the recipient, HN's servers, encrypted. At no point should anyone in the middle be able to read your message. After arrival, HN then publishes it on a public forum for everyone to see.
Kind of, but as they aren't lying about allowing private conversations not really. More saying https is end to end encrypted, but what one end does with that data isn't necessarily private.
>End-to-end encryption (E2EE) is a system of communication where *only the communicating users can read the messages*. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious actors, *and even the provider of the communication service* – from being able to access the cryptographic keys needed to decrypt the conversation.[1]
If the server can read the content, it isn't end-to-end encryption.
The server is the communicating user in this instance, it is the intended recipient of the message. No potential eavesdropping can happen.
Even though I intend for you to read this message, I am sending it to the HN server to post publicly. My communication with HN is E2EE, my communication with you is not. This isn't meant to be useful information, and it certainly isn't advice. It's just an accurate nonstandard way of looking at things.
The people signing up for telegram in droves aren't looking for a replacement for signal or wickr or whatever "secure" messaging platform.
They're joining their friends' group chats and subscribing to their friends' channels. It's a replacement for twitter/facebook more than anything else.
> How about not storing any information at all? Nothing to give, problem solved. Just like Signal.
just so you know, Signal does permanently store sensitive user data in the cloud. They collect your name, photo, phone number, and a list of every person you contact using Signal. That data is stored in your profile on their servers.
Signal really used to not store anything, but that hasn't been the case for a long time now and if this is the first you're hearing about that, it should tell you all you need to know about how trustworthy Signal is.
> Telegram may disclose IP addresses and phone numbers
How do you propose this data is masked? You need a phone number to use Telegram (and Signal), and you need an internet connection, thus exposing your IP address.
I’m not sure why you think Signal does not have this information.
Signal has been subpoena'd in the past, and the only relevant information they were able to provide were account creation date and account's last connection date. Literally nothing else. It's actually a little funny to read:
That was in the past though. Now Signal is storing exactly that same information permanently in the cloud. Specifically they store your name, phone number, photo, and a record of every person you contact.
Metadata is enough to execute people (by certain country but anywhere in the world--it is immoral for Signal to position itself as secure if it provides such data).
Last I checked Signal was outright lying in their privacy policy which was never updated after they started collecting and storing user data in the cloud. You can't morally market yourself as secure while you lie to your users about what their risks are.
But did you actually read that? It specifically doesn’t mention the obvious data that they do have (phone and IP), but instead focus on other sensitive metadata:
> variety of information we don’t have, including the target’s name, address, correspondence, contacts, groups, calls.
Telegram and Signal has basically same problem. Thats centralised storage of data. So if you care about privacy, Signal is not alternative to Telegram.
Matrix is decentralised open-source solution. I don't understand why people don't use it more instead of Signal or Telegram. Or Session, but it is not very user friendly.
I'm not sure what you mean. Messages sync just fine between my iPhone and Linux machine.
> Horrible UX
It got way better in the past few years. When I did the initial push with my friends, we failed. Mainly because the basic functionality was buggy at times, such as messages that would simply not be received. But now it's running real smooth imo. Sure, there are a few things I would like to see. Polls is a big one. Maybe a smooth gif creation like WhatsApp -- but those are fairly minor. My experience is that it gets pretty much the job done and that's all I want from it. What exactly is so horrible about it in your experience?
> only thing: not Facebook & open source
Those two are pretty big positives, at least for me. That's pretty much exactly what I'm looking for.
> You can have all of that with a Matrix client
Well ... unfortunately that's a bit much for your average Joe, simple as.
No they don't sync just fine. A device cannot receive chat history from before it was added and signal regularly "forgets" linked devices, losing all messages on the device and starting from scratch after relinking.
>I seriously don’t understand why people use Telegram instead of Signal. Any reason!
Very easy to integrate custom notifications with bots. Signal is more like "maybe it works with this 3rd party tool". Also being able to use custom buttons with bots.
How about not storing any information at all? Nothing to give, problem solved. Just like Signal.
I seriously don’t understand why people use Telegram instead of Signal. Any reason! The app doesn’t solve any privacy problem, default chats are unencrypted, keeps personal info. App should be dead already or turned into a dating app because it’s clearly not seriously privacy fucused.