What are the reasons to use Signal over Telegram

cysioland@lemmygrad.ml

Compromising one of the devices is always game over. The only way to be Pegasus-proof is to not communicate digitally.

cysioland@lemmygrad.ml

WhatsApp is E2EE and it does maintain some of the "cloud" functionality, at the expense of the device transfers being a pain and potentially you losing your message history if you don't have a backup.

hedgehog@ttrpg.network

https://signal.org/blog/sealed-sender/ explains the feature.

https://github.com/signalapp/Signal-Android/issues/13842 has some links into the code base showing where sealed sender is implemented.

hedgehog@ttrpg.network

The concern is valid, and it has caused a lot of distrust in many companies due to the Snowden leaks, but that distrust is founded in the leaks.

Snowden explicitly endorsed Signal, too - and as far as I know he’s never walked that endorsement back.

logging_strict@lemmy.ml

In Telegram, you never have to expose your phone number. If you like walking into traps then of course you can.

But can make minimal efforts to not be a degenerate avoiding this obvious easily avoidable trap.

How to avoid exposing your phone number

Make a group called i'm not a complete utter idiot. Whenever you have a friend wanting to connect, make a group link, send it to them, have them join. After joining have them send a message in the group. Just, "Hi". Nothing more. Less is more.

Look for that message and click on the person's name. You are now connected. Send them a personal message, "Hi!".

You can also add them as a contact without sharing your phone number.

Your friend will probably be a degenerate and expose their phone number. Teach them how to go into settings to always hide it.

Try not to call them a degenerate, degenerates hate that.

Also try not to think of them as a degenerate, they will already know that and be proud of it and not understand why you don't share their enthusiasm.

So control what your thoughts.

logging_strict@lemmy.ml

You are right. But just not a fun person capable of seeing the humor in this.

Everyone is listing the features of both and not choosing wrong on purpose!

I like sending all my conversations to Russia rather than the US. Or both of them.

As long as i have someone wasting their time trying to snap out of their sleepy deer in headlights stupor after listening to a coder talk about coding.

I also love doing this on facebook messenger too.

Everyone worries about censorship. One thing that is never censored is a coder talking about coding. Cuz the DEI hire head explodes after one second of listening to that.

Try it! It's magical.

logging_strict@lemmy.ml

Signal pretends not to.

I prefer Telegram's honesty.

We are Telegram and we are here to help. And to make it more fun we will send all your communications to Russia for a change.

Oh man! Where do i sign up /nosarc

logging_strict@lemmy.ml

This 1 + 1 = 2 logic is boring. It's trying to escape out of a wet paper bag over and over again. Whatever your 1 + 1 = 2 logic is their is another guy who can drive a bus staight thru it. Every single time.

In a year from now you will find out you are completely mistaken and just repeating nonsense. Every freak'n time.

Just for once, do the wrong thing. Make the wrong choice on purpose.

Instead of seeing never ending red flags. Today see purple flags. And tomorrow orange. Cuz why do flags always have to be red?

You can be right or you can have fun.

Do the wrong thing sometimes. Live a little.

logging_strict@lemmy.ml

The real world, with non-tech people needs solutions that are easy, fast and as close to foolproof as possible.

Nope. Grandma gets a smartphone

Meaning they are hopeless and it's impossible for them to emulate a techie.

It's a fools errand.

Just stop trying to pretend Grandma is something more than completely unimportant and forgettable and hopeless and more likely than not merely a pest.

I'm so tired of entertaining Grandmas.

logging_strict@lemmy.ml

I was sold on threats and coersion. Lets do more of that

bazoogle@lemmy.world

Hopefully you aren't driving any buses while you're this high.

It's not never ending red flags. In fact, I see lots of green flags from signal. Telegram, though, that's a different story.

logging_strict@lemmy.ml

Then talk about coding. Non-techies curl up into a ball and die slightly inside as they run for the exits.

Highest form of encryption possible.

Try it

logging_strict@lemmy.ml

You are right but

we like doing the wrong thing over and over again. And being surprised, each and every time, when it turns out to be wrong. Never picking up onto the repeating simple pattern.

1111111111111 what's the next number ... errrr Signal! That's it you got it. Good job.

Embrace the idiocracy!

This is why Telegram is awesome.

Eventually you will come around and realize how hopeless humanity is and embrace that it is well beyond hope.

And then you will have a larger network and enjoy each and every one of them.

anarchistartificer@lemmy.world

That's a neat trick, thanks for sharing

hedgehog@ttrpg.network

Also read that the keys are stored locally but also somehow stored in the cloud (??),

Which keys? Are they always stored or are they only stored under certain conditions? Are they encrypted as well? End to end encrypted?

which makes it all completely worthless if it is true.

It doesn’t, because what you described above could be fine or could have huge security ramifications. As it is, my guess is that you’re talking about how Signal supports secure value recovery. In that case:

1. The key is used to encrypt your contacts, profile name, group avatars, social graph, etc., but not your messages.
2. Your key is only uploaded to the cloud if you have a recovery PIN or passphrase
3. Your key is encrypted using your PIN or passphrase using techniques (key-stretching, storing in server secure enclaves) that make it more difficult to brute force

The main criticism of this is that you can’t opt out of it without opting out of the Registration Lock, that it necessarily uses the same PIN or passphrase, and that, particularly because it isn’t clear that your PIN/passphrase is used for encryption, users are less likely to use more secure pass phrases here.

But even without the extra steps that we can’t 100% confirm, like the use of the Secure Enclave on servers and so on, this is e2ee, able to be opted out by the user, not able to be used to recover past messages, and not able to be used to decrypt future messages.

hedgehog@ttrpg.network

Message history won’t be fully fixed. It can’t be without storing message backups in some cloud somewhere (whether it’s to iCloud, Google Drive, Dropbox, or Signal’s servers) and Signal omits its message history from system backups on iOS and Android.

iOS users are completely incapable of backing up their message history in the event of their phone being lost, stolen, or broken. This omission isn’t justified in any way, as far as I’m aware; I don’t know of any technical reason why following the exact same process as on Android wouldn’t work.

Android users are able to back up locally via Signal, but that isn’t on by default, can’t be automated, needs to be backed up separately, requires you to record a 30 digit code to decrypt it, and has limitations on when it can be used for a restore (can’t restore on iOS, for example). See https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages for more details.

Message history on linked devices - meaning iPads and desktop computers - is being improved, but it still won’t mean that a user who loses or trades in their phone as they get a new phone will be able to simply restore their phone from a system backup and restore their Signal message history. And even that isn’t anywhere near as easy as on Telegram, where a user can just log in with their password and restore their message history, no backup needed.

It’s great that they’re improving the experience for linked devices, but right now that doesn’t actually help if you lose, break, or trade in your phone. Maybe they’ll later allow users to restore to a phone from a linked device or support backups on iPhones, but right now the situation with message history isn’t just an unfriendly UX, but one that is explicitly and intentionally unreliable for a huge portion of Signal’s user-base.