What are the reasons to use Signal over Telegram
-
Note that this is sent at time of syncing rather than being in an archive on the company’s server 24/7
-
Apparently I still don't have one. Haven't had a phone number for about a decade. No SMS spam, no "survey" calls; nothing.
-
-
How is setting up e2e on matrix these days?
-
Get what you are trying to say but both are still encrypted. They simply aren't end to end encrypted. So the messages are private.
You explain exactly why messages are not private: if they are not end-to-end encrypted, by definition Telegram can read all the messages. That's exactly what end-to-end is meant to protect against. So in that aspect, Signal truly is private and Telegram maybe, if you activate their private chats but I've not seen security experts praise their algorithm, compared to their regular endorsement for Signal.
-
Reding the link now
" The reason the US government hasn’t tried to block or hinder Signal, is because it’s satisfied with the amount of information Signal can provide to it."
Well the metadata of who is contacting who can be acquired by other means. CIA also like to have secure tools. Just like you can argue the CIA connection in the TOR case . It doesn't mean backdoors and so on.Centralisation argument sure, but that issue will always be there at some level, even for matrix.
Phonenumber discovarability argument is no longer correct as it is possible to use signal and not disclosing it to contacts, but yes still to signal.
I have a signal account with a fake number so that is an option as well, if even more work than matrix process.
-
-
-
It's not my friends I want to hide my number from, it's Signal.
-
Are you sure that i.e. Whatsapp isn't just as wasteful?
-
Your data is routed through Signal servers to establish connections. Signal absolutely can does provide social graphs, message frequency, message times, message size. There's also nothing stopping them from pushing a snooping build to one user when that user is targeted by the NSA. The specific user would need to check all updates against verified hashes. And if they're on iOS then that's not even an option, since the official iOS build hash already doesn't match the repo.
-
Being critical is good, and we should always hold them accountable for our security. We can look to third party audits for help with that.
https://community.signalusers.org/t/overview-of-third-party-security-audits/13243
-
Signal absolutely can does provide social graphs, message frequency, message times, message size.
Do you have anything to back this up?
-
Your link lists all the things they don't share. The only reasonable reading is that anything not explicitly mentioned is shared. It's information they have, and they're legally required to share what they have, also mentioned in your link in the documents underneath their comment.
-
Do you have access to Signal servers to verify your claims by any chance?
That's not how it works. The signal protocol is designed in a way that the server can't have access to your message contents if the client encrypts them properly. You're supposed to assume the server might be compromised at any time. The parts you actually need to verify for safe communication are:
- the code running on your device
- the public key of your intended recipient
-
Does it though? I have used both and I vastly prefer my experience on signal. I don't really engage with the like, "communities" aspect of telegram though so perhaps thats what I'm missing?
-
it's open source
-
Sure. You can trust your own fork. Just don't use the official repos or their servers. The client isn't where the danger is.
-
Nope, see my reply to sibling for a more complete example
-
Signal supports username based chatting.
