What are the reasons to use Signal over Telegram
-
On by default, and just works.
-
It really depends on who your friend is, and who they are trying to defenf against.
If the US ( or Russian / Chinese) government really wants to access an internet-connected device, they can do it; what app you are using doesn't even matter. For example, most people use the default Google keyboard, which could be compromised.
If the concern is about local goons / employers / coworkers, then both Telegram and Signal are more than enough to stop them prying.
As for whether to use Signal or Telegram, Signal has end to end encryption enabled by default, while in Telegram you have to switch it on for each chat. On the other hand, Telegram has the best UI among messaging apps hands down.
-
They have your phone number (meaning your full identity, and even current address), and as the primary identifier, it means they have message timestamps and social graphs.
Its impossible to verify what code their server is running. You should never rely on someone saying "just trust us". Truly secure systems have much harder verifiability tests to pass.
-
Yep, and this allows for proper content moderation. Telegram can actually just find and report creeps to authorities
-
The server is supposedly open source, but they did anger the open source community a few years back, by going a whole year without posting any code updates. Either way that's not reliable, because signal isn't self-hostable, so you have no idea what code the server is running. Never rely on someone saying "just trust us."
-
They have to know who the message needs to go to, granted. But they don't have to know who the message comes from, hence why the sealed sender technique works. The recipient verifies the message via the keys that are exchanged if they have been communicating with that correspondent before or else it is a new message request.
So I don't see how they can build social graphs if they don't know who the sender if all messages are, they can only plot recipients which is not enough.
-
Are you implying that Signal is withholding information from the Californian Government? And only providing the full extent of their data to the government?
This comes back to the earlier point that there is no proof Signal even has more data than they have shared.
-
If you don't know what an NSL is, then you definitely shouldn't be speaking about privacy.
-
But they don't have to know who the message comes from, hence why the sealed sender technique works.
Anyone who's worked with centralized databases can tell you that even if they did add something like that, with message timestamps, it'd be trivial to find the real sender of a message. You have no proof that they even use that, because the server is centralized, and closed source. Again, if their response is "just trust us", then its not secure.
-
Behind those usernames, are phone numbers (meaning real identities) stored in signal's database.
-
As far as I know telegram requires a phone number too.
And the conversation was about "talking to strangers without giving them your number", not without giving signal nor telegram your number.
-
Right but Signal has been audited by various security firms throughout its lifetime, and each time they generally report back that this messenger has encryption locked down properly.
-
There are far better privacy alternatives to both: matrix, xmpp, simplex all work well and don't require phone numbers or US-based hosting.
-
Even if you switch to an offline keyboard, the new "ai" assistants in Windows, iOS, and maybe Android? Can read your screen, microphone, and etc. I'm not really sure what you should use unless you use coded language. Even then, there's just too much information about you out there anyway.
-
It's unfortunate that you react like this. I don't claim to be an expert, never have. I've only been asking for evidence, but all we get to are assumptions and they all seem to stem from the fact that allegedly the CIA has indirectly funded Signal (I'm not disputing nor validating it).
The concern is valid, and it has caused a lot of distrust in many companies due to the Snowden leaks, but that distrust is founded in the leaks. But so far there is no evidence that Signal is part of any of it. And given the continued endorsement by security experts, I'm inclined in trusting them.
-
Hmmm the Signal users sure like it, will have to take off my tinfoil data hat and give it a try
-
From what I understand, sealed sender is implemented on the client side. And that's what's in the github repo.
-
I really like this explanation. Not many are aware of how telegram was designed to make it as cumbersome for authorities as possible by splitting their data across different nations.
-
Same with telegram though
-
Where do you want to place the goal post?
We talked about comparing 2 applications. Commenter wasn't up-to-date and implied a falsehood, I corrected it as it is important for the discussion. Then you talk about something completely else and in context, implied a falsehood, I corrected that as it is important for the discussion. And now you are talking about something completely else again.
Please express your opinion. You can do it in this thread, even if it is off-topic, I don't care, but please stop acting like you are responding to me.
