What are the reasons to use Signal over Telegram

patatahooligan@lemmy.world

Do you have access to Signal servers to verify your claims by any chance?

That's not how it works. The signal protocol is designed in a way that the server can't have access to your message contents if the client encrypts them properly. You're supposed to assume the server might be compromised at any time. The parts you actually need to verify for safe communication are:

• the code running on your device
• the public key of your intended recipient

apotheotic@beehaw.org

Does it though? I have used both and I vastly prefer my experience on signal. I don't really engage with the like, "communities" aspect of telegram though so perhaps thats what I'm missing?

hadriscus@lemm.ee

it's open source

aria@lemmygrad.ml

Sure. You can trust your own fork. Just don't use the official repos or their servers. The client isn't where the danger is.

gazby@lemmy.dbzer0.com

Nope, see my reply to sibling for a more complete example

tartas1995@discuss.tchncs.de

Signal supports username based chatting.

dengtav@lemmy.ml

This is unfortunately completely wrong, since you can learn from the homepage of matrix very own client Element, that its supported an trusted by a whole bunch of NATO Armys, including the US of course...

I don't mean by that you shouldnt use matrix, but arguing against signal with matrix is, in so many means, hilarious.

The arguable, but professional cryptographer soatok discribes from a mathematical/cryptographical point of view, what it needs to be a Signal competitor, where matrix (and others) dont catch up (unfortunately)

apotheotic@beehaw.org

I can't see anyone else on this comment thread so I guess I must be defederated with whatever user you replied to

aria@lemmygrad.ml

Used by a bunch of NATO armies isn't the same as promoted by or made by. It just means they trust Element not to share their secrets. And that blog post is without merit. The author discredits Matrix because it has support for unencrypted messaging. That's not a negative, it's just a nice feature for when it's appropriate. Whereas Signal's major drawback of requiring your government ID and that you only use their servers is actually grounds to discredit a platform. Your post is the crossed arms furry avatar equivalent of "I drew you as the soyjack". The article has no substance on the cryptographic integrity of Matrix, because there's nothing to criticise there.

hadriscus@lemm.ee

There's a server side and it is secret ?

stomata@sh.itjust.works

Telegram is not end to end encrypted. Repeating it's not. Only private mode or something like that is.

thehobbyist@lemmy.zip

If you open the latest instance, from August 2024, you will find a California government request, for a number of phone numbers.

The second paragraph of that very page says:

Once again, Signal doesn’t have access to your messages; your calls; your chat list; your files and attachments; your stories; your groups; your contacts; your stickers; your profile name or avatar; your reactions; or even the animated GIFs you search for – and it’s impossible to turn over any data that we never had access to in the first place.

They respond to the request with the following information:

6. The responsive information that Signal possessed was:

a. REDACTED: Most Recent Registration: 2023-01-31 T19:42:10 UTC; Most Recent Login: 2023-01-31 T00:00:00 UTC.

b. REDACTED: Most Recent Registration: 2022-06-01 T16:30:01UTC; Most Recent Login: 2022-12-12 T00:00:00 UTC.

c. REDACTED: Most Recent Registration 2021-12-02T03:42:09 UTC; Most Recent Login: 2022-12-28 T00:00:00 UTC.

The redacted values are the phone numbers.

That is the full extent of their reply. No other information is provided, to the government request.

dyskolos@lemmy.zip

You don't say? A cloud-service I can access from all devices plus API and bots is not e2e-encrypted with zero knowledge?
I'm shocked. That's what "secret chat" is for. Literally.

They chose this way as the regular Joe and Jane don't care for privacy but for comfort.
You can never ever have both. Nowhere.

I love tgram for it being so open. And e2e when I need it. I don't need privacy for when my smarthome sends me notifications about a light I left on or something

aria@lemmygrad.ml

We can't verify that. They have a vested interest in lying, and occasionally are barred from disclosing government requests. However, using this as evidence, as I suggested in my previous comment, we can use it to make informed guesses as to what data they can share. They can't share the content of the message or calls -- This is believable and assumed. But they don't mention anything surrounding the message, such as whom they sent it to (and it is them who receives and sends the messages), when, how big it was, etc. They say they don't have access to your contact book -- This is also very likely true. But that isn't the same as not being able to provide a social graph, since they know everyone you've spoken to, even if they don't know what you've saved about those people on your device. They also don't mention anything about the connection they might collect that isn't directly relevant to providing the service, like device info.

Think about the feasibility of interacting with feds in the manner they imply. No extra communication to explain that they can't provide info they don't have? Even though they feel the need to communicate that to their customers. Of course this isn't the extent of the communication, or they'd be in jail. But they're comfortable spinning narratives. Consider their whole business is dependant on how they react to these requests. Do you think it's likely their communication of how they handled it is half-truths?

aria@lemmygrad.ml

Your client talks to their server, their server talks to your friend's client. They don't accept third party apps. The server code is open source, not a secret. But that doesn't mean it isn't 99% the open source code, with a few privacy breaking changes. Or that the server software runs exactly as implied, but that that is moot since other software also runs on the same servers and intercepts the data.

dessalines@lemmy.ml

California does not issue NSLs, the US federal government does. And those come with gag orders that means you will go to federal prison if you tell anyone that you've been asked to spy on your users.

dessalines@lemmy.ml

They have to. They can't route your messages otherwise.

dessalines@lemmy.ml

There was also no proof that a ton of US companies were spying on their users, until the global surveillance disclosures. Crypto AG ran a honeypot that spied on communications between world leaders for > 40 years until it got exposed.

dessalines@lemmy.ml

On by default, and just works.

emergencyfood@sh.itjust.works

It really depends on who your friend is, and who they are trying to defenf against.

If the US ( or Russian / Chinese) government really wants to access an internet-connected device, they can do it; what app you are using doesn't even matter. For example, most people use the default Google keyboard, which could be compromised.

If the concern is about local goons / employers / coworkers, then both Telegram and Signal are more than enough to stop them prying.

As for whether to use Signal or Telegram, Signal has end to end encryption enabled by default, while in Telegram you have to switch it on for each chat. On the other hand, Telegram has the best UI among messaging apps hands down.