- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
You must log in or register to comment.
First choice is always talk on SimpleX, second is Signal/Molly for something easier, there is no other app that I use.
🤔
both require phone numbers, and both concentrate metadata in a central location (Amazon servers, in the case of signal).
both sort of pretend to be free open source software, and sort of are but with a lot of caveats.
telegram doesn’t even have end-to-end encryption (except for some wacky not-peer-reviewed thing in 1:1 ‘secret chats’ which are rarely used); at least signal has it beat there.
https://simplex.chat/ is a new messenger which doesn’t have any of the above problems and seems quite promising imo.
Telegram probably doesn’t have E2E so that people can have always active desktop sessions
I’m not sure what exactly you mean by “always active desktop sessions” but for any definition I could imagine it is possible to do that while having e2ee. Many e2ee messengers have multi-device support nowadays.
Telegram doesn’t need to have e2ee because they’ve pulled some trick of becoming widely perceived as being privacy friendly despite not actually offering any e2ee in most cases, and offering only some 🤡-protocol in the few cases where they do.
Another reason for them not to implement e2ee is that they’re most likely monetizing their users content data as well as the metadata (and in more ways than just charging some types of police for access to it, which is presumably only a small fraction of their revenue).
E2ee doesn’t have to be 2 devices. It can be for any amount of endpoints as long as they have the key to decrypt the data.
For example my nextcloud instance has e2ee for my phone, computer, and tablet.
Signal doesn’t keep metadata at all.
They say that they don’t, and I think it is extremely likely that Signal employees are entirely sincere when they say that.
But, even if they truly don’t keep metadata, they can’t actually know what their hosting provider (Amazon) is doing. And, their cryptographic “sealed sender” thing doesn’t really solve the problem. If someone with the right access at Amazon really wants the Signal metadata, they can get it, and if they can, anybody who can coerce, compel, or otherwise compromise those people (or their computers) can get it too.
One can say they’re confident that the kind of adversaries they care to protect against don’t have that kind of capability, but it isn’t reasonable to say that Signal’s no-logging policy protects metadata without adding the caveat that routing all the traffic through Amazon makes the metadata of the protocol’s entire userbase available in a single place for the kind of adversaries that do.
This is pure speculation
which part?
If someone with the right access at Amazon really wants the Signal metadata, they can get it,
What stops them from being able to? They could actually infer a lot of the metadata just from the encrypted network traffic, without even looking inside the VMs at their execution state. But, they can also see inside, so they can keep the kind of logs (outside the VM) which Signal [says that they] wouldn’t.
Hey fellow SimpleX enjoyer. It’s still very early but only by spreading the word we can inform people about this great alternative!
Did chatgpt write this?
Now I understand what you mean. But no it isn’t. Just wanted to sound like an old advertisement slogan.
Signal seems like an obvious choice over Telegram if privacy is the exclusive priority.
I do love Telegram tho for the ability to send full-quality photos/videos, log-on with 2+ phones simultaneously, visual customization, etc
I got banned from Telegram so…
that’s why I trust it
Personally, Signal. But I don’t have much reason to back it up other than Telegram being Russian.
Telegram is not Russian. The founder is a Russian - who left Russia about a decade ago after being pushed out of his local Facebook clone (VK) due to not complying with government requests. They nowadays mostly seem to be in Dubai, but as a legal entity hard to locate due to a cat and mouse game they’re playing to avoid being reachable for authorities worldwide who want to enforce local laws.
It’s tragicomic how some people trust Telegram specifically because they perceive CEO Pavel Durov to be an enemy of the Russian government, while others trust Telegram because they think it is actually a Russian company and thus won’t share data with western governments. (Durov talking about the facts that Signal has received millions from the US government’s Radio Free Asia and sends all messages through Amazon servers helps with this second perception).
I assume Durov’s relationship status with various governments is it’s complicated but also cordial. IMO it would be prudent to assume that intelligence and law enforcement agencies from lots of countries, including ones that are adversaries of each other, are all getting lots of data from Telegram both with and without the company’s cooperation.
There is literally no e2ee for most messages, and new devices can be added and authenticated by SMS, so, even the weakest of adversaries can play with it. Telegram really democratizes surveillance capabilities.
But their main office in st Petersburg (russia) lol
not that it matters (see my other comment in this thread), but, citation needed? wikipedia says it is maybe in Dubai.
Fair enough, thanks for the info
I use Signal, it’s about as private as I can get other normal people to use.
Signal is privacy focused Telegram is a privacy nightmare
deleted by creator
I can generally convince people to use Telegram, but not signal. Telegram is better than SMS, GroupMe, WhatsApp, Discord, Facebook Messenger, SnapChat, etc so its what I use.
If anything, I’ve got hopes that Element/Matrix will get enough polish to become viable.
Neither.
You sound like a matrix user
I am. You are too.
- Session
- XMPP with OMEMO
- a Tox, if possible (no real asynch common)
- Matrix
- Signal
Signal hands down
I wish we would move away from centralized messengers entirely. They are always just one law away from being banned. See: whatever the UK is doing.
So you are recommending matrix? Signal ban us? Is a signal ban as terrible as a telegram ban?
I would like something P2P like Briar to be the norm. But something federated like Matrix or DeltaChat would be nice too.
It should be P2P (like Torrent, not like Lemmy), routed through some anonymity layer like Tor or I2P so no one knows your IP, there should be no central point of failure, and of course I would love for it to have the same features, reliablility and speed as Signal or Telegram.
Closest I could find is Briar. It even works if the internet is down, which is nice. But it would be cooler if it worked with LoRA or something too.
I don’t know what would be most censorship resistant or technically capable of fully replacing modern messengers, but this here is a good list, anything that says ‘decentralized’:
Have you tried Jami?
A long time ago, like 5+ years ago shortly after release, I can’t say it impressed me. Neither when I periodically checked on it. Seems like is has significantly improved since then.
The issue is always whether or not I can sell it to my technically challenged friends and family. I don’t see those platforms taking over unless anyone can use them. Briar is sadly pretty lacking. Cwtch also seems interesting but I haven’t taken to time to check if it’s good yet.
I haven’t been that deeply immersed in the topic in the last 5+ years, but it seems like nothing much has changed. It’s still all the same players that seem to be interesting.
For me its not usable as sometimes messages don’t deliver. However I’m watching it closely to see if it gets better.
I wish it didn’t tie your profile into a username. I have been using simplex chat and it is nice not having a username that could get leaked or abused. Jami requires approval from the recipient before you can send messages but in my option that isn’t enough.
Yeah I feel like the entire space still needs another 5 to 10 years until it produces a viable competitor to centralized messengers.
Simplex Chat sounds interesting. So you basically generate new public IDs for every new contact? That’s probably the best way to do it.
I think it should be more akin to something like email. There is no one entity that controls all emails. It’s lots of independant servers and clients able to communicate with each other.
So… XMPP) With Matrix as a newer, more bloated version of it.
My friends are already on telegram, I don’t have to force change. I can make any chat more secure from the start. I am not using massive government level secrets anyhow. I mean, security is nice, but my cat photos, bad code, homegrown mint tea, and plans for the beach this coming summer are hardly a top secret problem anyway, I’m not planning a murder, I just don’t want meta or facebook using them for advertising. Telegram is good enough.
