What is better for privacy? Signal or Telegram? I know XMPP is better then both of them.

  • riccardo@lemmy.ml
    link
    fedilink
    arrow-up
    17
    ·
    3 years ago

    Unless you use secret chats, Telegram can theoretically access all your conversations, as they are stored in their cloud. It should be a no-brainer, but there’s a couple of cool privacy/anonymity-related things that Telegram has over Signal:

    • you can chat with people and join groups without having to share your phone number
    • in private chats, you can delete messages for both sides, anytime, and even those that were sent by your chat partner (or directly wipe the entire conversation)
    • in group chats, you can delete your messages without time limit (some forks of the Android app allows to delete your entire messages history in one click, such as Forkgram (it’s on f-droid)). As far as I remember, Signal has a 3 hours threshold
    • it’s not a US-based company, and it has a good record when it comes to protect their users’ data from governments attempts to sneak into their citizens’ inboxes
  • X_Cli@lemmy.ml
    link
    fedilink
    arrow-up
    9
    ·
    3 years ago

    I would not use either of them.

    Currently, a better solution, for me, is Element/Matrix, because the crypto is mostly OK and there is federation. And it is quite featureful.

      • X_Cli@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        3 years ago

        That’s a problem. But federation at least helps by giving you the choice of who will see these metadata leaks.

          • Dessalines@lemmy.ml
            link
            fedilink
            arrow-up
            3
            arrow-down
            3
            ·
            3 years ago

            The most that instance gets is a user name. With signal, or telegram, they get your real identity via your phone #.

            • kevincox@lemmy.ml
              link
              fedilink
              arrow-up
              10
              ·
              3 years ago

              That’s unfortunately not true. Lots of data in matrix is currently unencrypted. Message content is but state events (like the room topic), reactions, stickers (if your client supports them) are not.

              This is slowly improving (the proposal for encrypted state events is going to be a significant improvement) but unfortunately strong privacy doesn’t seem like a strong priority of the spec owners.

              If it was up to me I would block every new proposal until it had a strong privacy proposal, but instead their plan is to implement everything insecurely first. Then they will try to get people to propose private versions of the specs and try to drive adoption of those. Not a great plan for something that advertises itself as “an open network for secure, decentralized communication” if you ask me.

              • X_Cli@lemmy.ml
                link
                fedilink
                arrow-up
                3
                ·
                edit-2
                3 years ago

                Thank you. I did not know that the state events were not encrypted. That’s very unfortunate. I think I still prefer Element/Matrix over Signal, but slightly less than before your message 👍

                • kevincox@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  3 years ago

                  Yeah, that is what bugs me most about this. They are adding new features and all the clients say “Your conversation is encrypted” but a lot of information isn’t. I also prefer Matrix but I do wish that they would put a higher value or privacy when evolving the spec.

  • Joe Bidet@lemmy.ml
    link
    fedilink
    arrow-up
    8
    ·
    3 years ago

    Using a chat service without disclosing a “strong selector” such as phone number (remember: “We kill people based on metadata”) should be considered freedom0.

    Moxie promised (was it in 2016?) that it would be feasible with Signal… since then Signal users got: cool new stickers (!) and a crypto-ponzi scheme. Inexcusable.

    • jackalope@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      3 years ago

      All depends on your threat model though. Are you afraid of the security state, surveillance capitalism, or your local PD. Very different threat models, very different needs.

      • testingthis@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        3 years ago

        Are you serious? It’s not about pigs, even though they’re often the first to put holes in systems compromising everyone. From that angle I suppose they are a threat to software in general. But privacy for the sake of privacy is correct, even.

  • Arthur Besse@lemmy.ml
    link
    fedilink
    arrow-up
    12
    arrow-down
    5
    ·
    edit-2
    3 years ago

    they’re both garbage because they exclusively use telephone numbers.

    phone numbers are a hassle to get, so most people don’t have more than one - which is the the first thing someone needs to steal your identity, and the only thing necessary to track your location (for anyone with access to the tools). you should never publish the phone number that you use for 2fa. if you’re concerned about privacy and carry a phone, you shouldn’t reveal the number of the SIM in the phone you carry to people you don’t trust.

    signal and telegram require that you share a phone number with anyone you want to communicate with. this hasn’t made any sense since around the time signal was called “textsecure” and actually used SMS as a transport.

    tldr: they’re both garbage.

      • Arthur Besse@lemmy.ml
        link
        fedilink
        arrow-up
        8
        arrow-down
        2
        ·
        3 years ago

        ok, i see i was mistaken about telegram requiring you to reveal your phone number to everyone you talk to, but, you still need one to sign up which makes it unsuitable for anyone who cares about privacy (and potentially harmful to those who don’t, even if they don’t realize it).

    • tmpod@lemmy.ptM
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      3 years ago

      While I do agree that Signal should implement a way to register without a phone number, saying “they are garbage” is not helpful to the conversation.

      That kind of statement is also inaccurate, in my opinion. It highly depends onyour threat model, which is something that is often overlooked in these kind of threads. Not everyone has the same needs or is able to make the same sacrifices for privacy, and I’d say Signal is a very good option for the vast majority of people getting into a more privacy-oriented tech “lifestyle” (not the best word, but can’t think of a better one rn).

    • zedro@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      6
      ·
      3 years ago

      The phone number is used only for registration by Signal. It’s not used as a ID for registration.

      • Arthur Besse@lemmy.ml
        link
        fedilink
        arrow-up
        11
        ·
        edit-2
        3 years ago

        requiring one just for registration would still make it garbage, but, last I checked it was also the only identifier with which you can be reached. did they finally add usernames recently or something? searching for a minute I don’t see that anywhere.

          • peppermint@lemmy.ml
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            3 years ago

            Get a burner phone number and set up a pin, problem solved. If you think telegram can be anonymous you are being rather naive. Go to your session lists and read information on all of your connected devices, whether connected through proxy or not. That’s not a one-out example. Did you share contacts list? Did you ever enable location? What about your device’s uptime? It is very much pseudonymous.

      • gmate8@lemmy.ml
        link
        fedilink
        arrow-up
        2
        arrow-down
        7
        ·
        3 years ago

        Signal hashes your phone number so you don’t need to worry about it.

  • the_tech_beast@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    3 years ago

    Every messaging app has its own problems including Signal and Telegram. If you look here, you will be able to find posts on why some people don’t prefer Signal/Telegram.

    I would just recommend you to use Signal. At least their server side code is open source (some of the code is not like the new spam detection tool.)

    Telegram is not really great for private communication. Also end to end encryption is not enabled by default and the server side is closed source. But Telegram is a really feature rich and powerful messaging app.

    • sibachian@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      3 years ago

      Threema is an interesting option, but in my limited experience, it seems to drain a lot of battery? My second caveat is the price tag, which makes it difficult to get people to migrate - don’t get me wrong, I think a price tag is an ingenious marketing strategy, it straight up communicates that they don’t need to sell your data for survival (assuming adoption grows).

  • Jay Baker (he/they)@lemmy.ml
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    3 years ago

    For people wanting to hop off WhatsApp to a similar alternative, Telegram is ideal - it may not beat Signal on security, but it beats it in the aesthetics, UI, user-friendly areas. But aside from Telegram sadly being a haven for fascists and literal Nazis floating around its groups and channels, Signal is seen as a more secure app to use. But other posters here have made some great recommendations!

  • wtv the privacy & security issues, telegram is amazingly fast, thousands of messages with zero lag on a lousy smatphone (and desktop). on signal and whatsapp that device will start burning and crash or hang for abit

    • sibachian@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      afaik, every modern chat program except for telegram is web based (and clients use electron); which is part of the reason why they’re all so slow and prone to lag. hopefully there will be adoption of tauri over electron some day soon, but for now, that means telegram will remain the only snappy chat software on the market.

    • kind@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      3 years ago

      Ya, telegram is really performant. I really wish they would adopt a 100% private stance, by defaulting private chats for smaller groups and 1-to-1 chats.