What are the reasons to use Signal over Telegram

toastal@lemmy.ml

If we care about the planet & sustainability, we would not be recommending a eventual-consistency model for chat communications. Matrix’s protocol is so wasteful & expensive.

juli@lemmy.world

This entire article is guessing at hypothetical backdoors. Its like saying that AES is backdoored because the US government chose it as the standard defacto symmetrical encryption.

There is no proof that Signal has done anything nefarious at all.

As an outsider, I mean isn't that the same for news coverage for chinese/russian backdoors, but everyone believes it without any proof.

Why is US company being a US honeypot a big surprise, and its government recommending it not a big red flag? but it is when China recommends wechat? Can't we be critical and suspicious of both authoritarian countries?

Do you have access to Signal servers to verify your claims by any chance? Afaik their servers are running modified codebase, and third party apps cannot use them. So how do you claim anything that goes behind closed doors at all? Genuinel curious.

snotflickerman@lemmy.blahaj.zone

Further, they're hosted in Germany, so they must still follow German law and court requests.

juli@lemmy.world

Telegram for random public chatter/file storage(with password lock), talking to strangers without giving them your number. Signal for personal/private conversations.

Your device can handle 2 apps and don't give them permissions willy nilly. Geez, every one of these posts just wants to start a flame war.

wolflink@sh.itjust.works

Note that this is sent at time of syncing rather than being in an archive on the company’s server 24/7

corsicanguppy@lemmy.ca

Apparently I still don't have one. Haven't had a phone number for about a decade. No SMS spam, no "survey" calls; nothing.

sailing7@lemmy.ml

Get what you are trying to say but both are still encrypted. They simply aren't end to end encrypted.
So the messages are private. Until obviously the company servers get hacked or police raided and the keys to the encryption get stolen.
You are protected against this in E2E encryption. True.

Ii guess telegram once was the alternative to whatsapp, then made maany more featutes abailable in fast time paces which led to another bunch of migrators.

Now noone wants to move away because why? For the usual end user there is no negative to them.

I am fully on your side and am using signal and matrix and try to migrate as many people as possible but its hard.

vext01@lemmy.sdf.org

How is setting up e2e on matrix these days?

thehobbyist@lemmy.zip

Get what you are trying to say but both are still encrypted. They simply aren't end to end encrypted. So the messages are private.

You explain exactly why messages are not private: if they are not end-to-end encrypted, by definition Telegram can read all the messages. That's exactly what end-to-end is meant to protect against. So in that aspect, Signal truly is private and Telegram maybe, if you activate their private chats but I've not seen security experts praise their algorithm, compared to their regular endorsement for Signal.

lawn_and_disorder@hexbear.net

Reding the link now
" The reason the US government hasn’t tried to block or hinder Signal, is because it’s satisfied with the amount of information Signal can provide to it."
Well the metadata of who is contacting who can be acquired by other means. CIA also like to have secure tools. Just like you can argue the CIA connection in the TOR case . It doesn't mean backdoors and so on.

Centralisation argument sure, but that issue will always be there at some level, even for matrix.

Phonenumber discovarability argument is no longer correct as it is possible to use signal and not disclosing it to contacts, but yes still to signal.

I have a signal account with a fake number so that is an option as well, if even more work than matrix process.

thehobbyist@lemmy.zip

and requires phone numbers (meaning your real identity in the US).

This gets shared a lot as a major concern for all services requiring a phone number. It is definitely true that by definition, a phone number is linked to a person's identity, but in the case of signal, no other information can be derived from it. When the US government requests data for that phone number from Signal, like they occasionally do, the only information Signal provides them with is whether they do have a signal account and when they registered it last and when they last signed in. How is that truly problematic?
For all other services which require a phone number, you would have much more information which is where it is truly problematic, say social graph, text messages, media, locations, devices etc. But none of that is accessible by Signal. So literally the only thing signal can say is whether the person has an account, that's about it. What's the big deal about it? Clearly the US government already has your phone number because they need it to make the request for Signal, but they gain absolutely no other information.

aria@lemmygrad.ml

Signal is USA government approved. Definitely don't trust it. Use Matrix.

aria@lemmygrad.ml

It's not my friends I want to hide my number from, it's Signal.

kilgore_trout@feddit.it

Are you sure that i.e. Whatsapp isn't just as wasteful?

aria@lemmygrad.ml

Your data is routed through Signal servers to establish connections. Signal absolutely can does provide social graphs, message frequency, message times, message size. There's also nothing stopping them from pushing a snooping build to one user when that user is targeted by the NSA. The specific user would need to check all updates against verified hashes. And if they're on iOS then that's not even an option, since the official iOS build hash already doesn't match the repo.

9tr6gyp3@lemmy.world

Being critical is good, and we should always hold them accountable for our security. We can look to third party audits for help with that.

https://community.signalusers.org/t/overview-of-third-party-security-audits/13243

thehobbyist@lemmy.zip

Signal absolutely can does provide social graphs, message frequency, message times, message size.

Do you have anything to back this up?

aria@lemmygrad.ml

Your link lists all the things they don't share. The only reasonable reading is that anything not explicitly mentioned is shared. It's information they have, and they're legally required to share what they have, also mentioned in your link in the documents underneath their comment.

patatahooligan@lemmy.world

Do you have access to Signal servers to verify your claims by any chance?

That's not how it works. The signal protocol is designed in a way that the server can't have access to your message contents if the client encrypts them properly. You're supposed to assume the server might be compromised at any time. The parts you actually need to verify for safe communication are:

• the code running on your device
• the public key of your intended recipient

apotheotic@beehaw.org

Does it though? I have used both and I vastly prefer my experience on signal. I don't really engage with the like, "communities" aspect of telegram though so perhaps thats what I'm missing?