What are the reasons to use Signal over Telegram

dessalines@lemmy.ml

They have to. They can't route your messages otherwise.

dessalines@lemmy.ml

There was also no proof that a ton of US companies were spying on their users, until the global surveillance disclosures. Crypto AG ran a honeypot that spied on communications between world leaders for > 40 years until it got exposed.

dessalines@lemmy.ml

On by default, and just works.

emergencyfood@sh.itjust.works

It really depends on who your friend is, and who they are trying to defenf against.

If the US ( or Russian / Chinese) government really wants to access an internet-connected device, they can do it; what app you are using doesn't even matter. For example, most people use the default Google keyboard, which could be compromised.

If the concern is about local goons / employers / coworkers, then both Telegram and Signal are more than enough to stop them prying.

As for whether to use Signal or Telegram, Signal has end to end encryption enabled by default, while in Telegram you have to switch it on for each chat. On the other hand, Telegram has the best UI among messaging apps hands down.

dessalines@lemmy.ml

They have your phone number (meaning your full identity, and even current address), and as the primary identifier, it means they have message timestamps and social graphs.

Its impossible to verify what code their server is running. You should never rely on someone saying "just trust us". Truly secure systems have much harder verifiability tests to pass.

boomkop3@reddthat.com

Yep, and this allows for proper content moderation. Telegram can actually just find and report creeps to authorities

dessalines@lemmy.ml

The server is supposedly open source, but they did anger the open source community a few years back, by going a whole year without posting any code updates. Either way that's not reliable, because signal isn't self-hostable, so you have no idea what code the server is running. Never rely on someone saying "just trust us."

thehobbyist@lemmy.zip

They have to know who the message needs to go to, granted. But they don't have to know who the message comes from, hence why the sealed sender technique works. The recipient verifies the message via the keys that are exchanged if they have been communicating with that correspondent before or else it is a new message request.

So I don't see how they can build social graphs if they don't know who the sender if all messages are, they can only plot recipients which is not enough.

thehobbyist@lemmy.zip

Are you implying that Signal is withholding information from the Californian Government? And only providing the full extent of their data to the government?

This comes back to the earlier point that there is no proof Signal even has more data than they have shared.

dessalines@lemmy.ml

If you don't know what an NSL is, then you definitely shouldn't be speaking about privacy.

dessalines@lemmy.ml

But they don't have to know who the message comes from, hence why the sealed sender technique works.

Anyone who's worked with centralized databases can tell you that even if they did add something like that, with message timestamps, it'd be trivial to find the real sender of a message. You have no proof that they even use that, because the server is centralized, and closed source. Again, if their response is "just trust us", then its not secure.

dessalines@lemmy.ml

Behind those usernames, are phone numbers (meaning real identities) stored in signal's database.

tartas1995@discuss.tchncs.de

As far as I know telegram requires a phone number too.

And the conversation was about "talking to strangers without giving them your number", not without giving signal nor telegram your number.

9tr6gyp3@lemmy.world

Right but Signal has been audited by various security firms throughout its lifetime, and each time they generally report back that this messenger has encryption locked down properly.

dessalines@lemmy.ml

There are far better privacy alternatives to both: matrix, xmpp, simplex all work well and don't require phone numbers or US-based hosting.

grumpyduckling@sh.itjust.works

Even if you switch to an offline keyboard, the new "ai" assistants in Windows, iOS, and maybe Android? Can read your screen, microphone, and etc. I'm not really sure what you should use unless you use coded language. Even then, there's just too much information about you out there anyway.

thehobbyist@lemmy.zip

It's unfortunate that you react like this. I don't claim to be an expert, never have. I've only been asking for evidence, but all we get to are assumptions and they all seem to stem from the fact that allegedly the CIA has indirectly funded Signal (I'm not disputing nor validating it).

The concern is valid, and it has caused a lot of distrust in many companies due to the Snowden leaks, but that distrust is founded in the leaks. But so far there is no evidence that Signal is part of any of it. And given the continued endorsement by security experts, I'm inclined in trusting them.

hotcoffee@lemm.ee

Hmmm the Signal users sure like it, will have to take off my tinfoil data hat and give it a try

thehobbyist@lemmy.zip

From what I understand, sealed sender is implemented on the client side. And that's what's in the github repo.

krash@lemmy.ml

I really like this explanation. Not many are aware of how telegram was designed to make it as cumbersome for authorities as possible by splitting their data across different nations.