What are the reasons to use Signal over Telegram

wolflink@sh.itjust.works

Note that this is sent at time of syncing rather than being in an archive on the company’s server 24/7

corsicanguppy@lemmy.ca

Apparently I still don't have one. Haven't had a phone number for about a decade. No SMS spam, no "survey" calls; nothing.

sailing7@lemmy.ml

Get what you are trying to say but both are still encrypted. They simply aren't end to end encrypted.
So the messages are private. Until obviously the company servers get hacked or police raided and the keys to the encryption get stolen.
You are protected against this in E2E encryption. True.

Ii guess telegram once was the alternative to whatsapp, then made maany more featutes abailable in fast time paces which led to another bunch of migrators.

Now noone wants to move away because why? For the usual end user there is no negative to them.

I am fully on your side and am using signal and matrix and try to migrate as many people as possible but its hard.

vext01@lemmy.sdf.org

How is setting up e2e on matrix these days?

thehobbyist@lemmy.zip

Get what you are trying to say but both are still encrypted. They simply aren't end to end encrypted. So the messages are private.

You explain exactly why messages are not private: if they are not end-to-end encrypted, by definition Telegram can read all the messages. That's exactly what end-to-end is meant to protect against. So in that aspect, Signal truly is private and Telegram maybe, if you activate their private chats but I've not seen security experts praise their algorithm, compared to their regular endorsement for Signal.

lawn_and_disorder@hexbear.net

Reding the link now
" The reason the US government hasn’t tried to block or hinder Signal, is because it’s satisfied with the amount of information Signal can provide to it."
Well the metadata of who is contacting who can be acquired by other means. CIA also like to have secure tools. Just like you can argue the CIA connection in the TOR case . It doesn't mean backdoors and so on.

Centralisation argument sure, but that issue will always be there at some level, even for matrix.

Phonenumber discovarability argument is no longer correct as it is possible to use signal and not disclosing it to contacts, but yes still to signal.

I have a signal account with a fake number so that is an option as well, if even more work than matrix process.

thehobbyist@lemmy.zip

and requires phone numbers (meaning your real identity in the US).

This gets shared a lot as a major concern for all services requiring a phone number. It is definitely true that by definition, a phone number is linked to a person's identity, but in the case of signal, no other information can be derived from it. When the US government requests data for that phone number from Signal, like they occasionally do, the only information Signal provides them with is whether they do have a signal account and when they registered it last and when they last signed in. How is that truly problematic?
For all other services which require a phone number, you would have much more information which is where it is truly problematic, say social graph, text messages, media, locations, devices etc. But none of that is accessible by Signal. So literally the only thing signal can say is whether the person has an account, that's about it. What's the big deal about it? Clearly the US government already has your phone number because they need it to make the request for Signal, but they gain absolutely no other information.

aria@lemmygrad.ml

Signal is USA government approved. Definitely don't trust it. Use Matrix.

aria@lemmygrad.ml

It's not my friends I want to hide my number from, it's Signal.

kilgore_trout@feddit.it

Are you sure that i.e. Whatsapp isn't just as wasteful?

aria@lemmygrad.ml

Your data is routed through Signal servers to establish connections. Signal absolutely can does provide social graphs, message frequency, message times, message size. There's also nothing stopping them from pushing a snooping build to one user when that user is targeted by the NSA. The specific user would need to check all updates against verified hashes. And if they're on iOS then that's not even an option, since the official iOS build hash already doesn't match the repo.

9tr6gyp3@lemmy.world

Being critical is good, and we should always hold them accountable for our security. We can look to third party audits for help with that.

https://community.signalusers.org/t/overview-of-third-party-security-audits/13243

thehobbyist@lemmy.zip

Signal absolutely can does provide social graphs, message frequency, message times, message size.

Do you have anything to back this up?

aria@lemmygrad.ml

Your link lists all the things they don't share. The only reasonable reading is that anything not explicitly mentioned is shared. It's information they have, and they're legally required to share what they have, also mentioned in your link in the documents underneath their comment.

patatahooligan@lemmy.world

Do you have access to Signal servers to verify your claims by any chance?

That's not how it works. The signal protocol is designed in a way that the server can't have access to your message contents if the client encrypts them properly. You're supposed to assume the server might be compromised at any time. The parts you actually need to verify for safe communication are:

• the code running on your device
• the public key of your intended recipient

apotheotic@beehaw.org

Does it though? I have used both and I vastly prefer my experience on signal. I don't really engage with the like, "communities" aspect of telegram though so perhaps thats what I'm missing?

hadriscus@lemm.ee

it's open source

aria@lemmygrad.ml

Sure. You can trust your own fork. Just don't use the official repos or their servers. The client isn't where the danger is.

gazby@lemmy.dbzer0.com

Nope, see my reply to sibling for a more complete example

tartas1995@discuss.tchncs.de

Signal supports username based chatting.