What are the reasons to use Signal over Telegram

jumperalex@lemmy.world

Breaking news hahaha

snotflickerman@lemmy.blahaj.zone

SimpleX is taking a lot of venture capital money which makes it just slightly suspect, imho. Those guys usually want a return of some kind on their investment. I simply don't trust the motives of technocrats like Jack Dorsey.

The Matrix Foundation, on the other hand, seems a lot more democratic in governance and stewardship of the protocol.

doomsdayrs@lemmy.ml

I am not uneducated in this matter, I run Matrix instances and have dabbled in development of tools around it.

Perhaps our experience is different, but I have had great difficulty in helping groups on the ground to use Matrix.

Regardless of our agreement that Matrix is better than Signal, it should not cloud our judgement in at least reducing the harm that is Telegram.

In the future we can keep joining hands to work towards a better future, but for now I hope you can understand my perspective and choice.

flux@lemmy.world

I'm not an expert but I'll use this analogy.

Signal is you meeting a person who gives you secure devices. This person then can only ever provide the following information to someone else. From Signal website. " the date and time a user registered with Signal and the last date of a user's connectivity to the Signal service." Only your device and your friends device can read the messages. It goes direct from you to them. The only way to read any message is having the device.

Telegram is like you making an agreement with another person. By default messages are encrypted but go to the other person for decryption before going to your friends device. This other person Telegram has and will give messages, serverlogs, dates to legal entities by request. Now there is an option to bypass this person by using "secret chats" . This will make it so the message is directly from your device to their device. Telegram can't read messages but as I understand they can still potentially have metadata, server logs of when messages are sent, how many, what device they are sent from. Bottomline is they have activity logs Signal can only provide the date you signed up and the last time you used the app. Not only that but just being on the Telegram platform which allows bots makes you a target. Bots will contact you like spam. Sending you harmful links, etc.

Almost every security person I've ever read says. "I use Signal". Why wouldn't you go with the service that by default has end to end encryption? Telegram makes it a option you have to select for each person.

These are very basic descriptions. I'm Happy to remove or update if I got anything wrong.

More signal encryption info

valmond@lemmy.world

As you say yourself (cryptocraphic nerd here):

Signal’s E2EE protocol means that, most likely, message content between persons is secure.

So a shame there are no free servers, are the server soft not open source, only the signal app itself?

tokenboomer@lemmy.world

You don’t have to learn Morse code.

hotcoffee@lemm.ee

Good projects require money. And SimpleX is still way better than Signal and Telegram, so imo it's worth supporting and using

fake4000@lemmy.world

The fact that telegram operates in a country that scores 18/100 on global freedom and 30/100 on internet freedom.

https://freedomhouse.org/country/united-arab-emirates

absgeeknz@lemmy.nz

While there may be better options out there, from a purely security standpoint.

The real world, with non-tech people needs solutions that are easy, fast and as close to foolproof as possible.

I choose Signal, because my mum, my sisters and brothers (none of which are tech people) can all go to their app stores and install Signal, it works and it is easy. Signal is private BY DEFAULT, I don't have to remind them to turn on security for each chat, there is voice and video chat for individuals and groups, I can use it to send files. It is really good. Secure communication is their primary goal.

I have been using Signal since it was called TextSecure and I only had one contact using it.

Yes it sucked when they dropped SMS support; but these days about 98% of my messaging goes through Signal. Any SMS is usually from my doctor/dentist/bank.

I never really trusted Telegram, too many compromises. Secure communication is not their primary goal.

hotcoffee@lemm.ee

All big 3, Signal Telegram SimpleX, are just go to app store install, and send invite to contacts. SimpleX gets framed as technical and dissuades new users from installing, while it's just as easy as the other 2.

9tr6gyp3@lemmy.world

Signal tells me which contacts in my contacts list has Signal. It also alerts me when someone in my contacts installs Signal.

I believe Telegram also does that.

SimpleX does not.

hotcoffee@lemm.ee

The age ol convenience vs privacy. But fair that is user friendly

9tr6gyp3@lemmy.world

This entire article is guessing at hypothetical backdoors. Its like saying that AES is backdoored because the US government chose it as the standard defacto symmetrical encryption.

There is no proof that Signal has done anything nefarious at all.

amaterasu@lemmy.world

Let me start saying that for convenience I adopted Signal. Now, this argument that it validates your contacts is actually something that isn't the best feature of Signal since it implies that it is requesting and having access to phone numbers.

I don't let my number available as my contact, I created the ID and I'm using it in case someone wants to connect with me but that still not the reality for many and the fact that they retain my number it doesn't digest well.

I'm not sure how is SimpleX nowadays but features like stickers and even some emoticons or message reactions were not possible. Some family members and friends would be very difficult persuade to go back to a very simplistic communication app.

I always keep an eye on best alternatives and if usability reaches a good point we may need to consider SimpleX as the messenger for the mainstream recommendation.

absgeeknz@lemmy.nz

Maybe, but I have had all of my family on Signal for close to 9 years now. Inertia and the network effect is a big part of why platforms stay around.

It took me saying to my mum, that I would ONLY share pictures of her new grandson on Signal to get her to install it. Once mum was on board, the rest followed pretty quickly.

The thought of getting mum to install a new messaging app now, and she is nearly 10 years older. Well it isn't worth the effort. My threat threat model is low enough, to choose the convenience/security slider at Signal.

As a side note, every month or two; another of my contacts shows up on Signal. I have around 50 contacts using Signal now, as I said before around 98% of my messaging is through Signal.

flux@lemmy.world

So if I understand it Signal has your phone number but only logs sign up date and last activity date. So yes they can say this person has Signal and last used it on date X. Other than that no information.

Matrix doesn't require a phone number but has no standard on logging activity so it's up to the server admin what they log, and they could retain ip address, what users are talking in what, rooms, etc. and E2EE is not required.

I think both have different approaches. I'm just trying to understand. On one hand you have centralized system that has a standard to minimize logs or decentralized system that must be configured to use E2EE and to remove logs.

gayhitler@lemmy.ml

There’s a lot of answers itt but heres a simpler one:

If you want to prevent people in power from having access to communications there are two methods employed, broadly speaking:

The first is to make a very secure, zero knowledge, zero trust, zero log system so that when the authorities come calling you can show them your empty hands and smirk.

Signal doesn’t actually do this, but they’re closer to this model than the second one I’m about to describe. Bear in mind they’re a us company so when the us authorities come to their door or authorities from some nation the us has a treaty with come to their door signal is legally required to comply and provide all the information they have.

The second is to simply not talk to the authorities. Telegram was closer to this model than signal, using a bunch of different servers in nations with wildly different extradition and information sharing mechanisms in order to make forcing them to comply with some order Byzantine to the point of not being worth it.

Eventually the powers that be got their shit together and put hands on telegrams owner so now they’re complying with all lawful orders and a comparison of the tech is how you’d pick one.

The technology behind the two doesn’t matter really but default telegram is less “secure” than default imessage (I was talking with someone about it so it’s on the old noggin’).

corsicanguppy@lemmy.ca

Signal needs a phone number.

I don't want to give them one. Also I don't have one.

Oh my, that seems to eliminate Signal as an option.

Next?

davel@lemmy.ml

I’m not here to promote Signal, but last time I checked it no longer required a phone number.

gazby@lemmy.dbzer0.com

I won't be popular in this thread, but I don't fight this battle anymore. Telegram beats Signal in virtually every aspect of user experience. If a person is unlikely to be convinced that e2ee is worth taking all the UX hits, I don't try anymore.