97 comments

[ 294 ms ] story [ 2213 ms ] thread
Voice to Text transcription is worth it in itself. I hate when people send me voice messages: it's slightly less effort for them in exchange for much more annoyance and wasted time for me.
There are bots like @transcriber_bot that fix this.
(comment deleted)
My VoIP provider offers this (voip.ms) and I love it.

I rarely listen to voicemail anymore (not that I get many, but say, some voicemail from kids school, or a client who didn't get the memo not to call me). And less errors because I'm always distracted when listening to voicemail (what a waste of time).

I wish whatsapp had this feature, some clients seem to only send audio messages, it's terrible when I want to get some information, then I have to check a few audio to find what I want, instead of searching for a keyword.
Or: an option to turn off support for audio messages. Disabling the send audio message button.
I believe everyone would disable (even those who insist in sending voice messages) and the feature would die.
If a (mis)feature gets disabled by many users, it gets removed from the app. With time, apps accumulate features and get bloated. This actually is a mechanism to allow cleaning up features users so not want.
That'd be great, but I'm sure there are some "metrics" that would not benefit from disabling the audio feature.
Is this text-transcription working offline? Or it's sending everything to the servers?
I remember for a brief moment when facebook messenger had this feature. It was awesome! IIRC they took it away because it turned out they had some humans listening to some of the messages to help with transcription and that got them some bad press.
I apparently exist in a parallel universe: never received any. My partner does sometimes, it's really befuddling why anyone would do that. I suppose they can't dictate messages.
> Changes in WhatsApp’s privacy policy had directed users to use Telegram.

This is quite ironic. Telegram managed to sell itself as a more private Whatsapp while in reality it is WAY worse in this area.

Amazing and sad.

Both are equally bad, for different reasons. As a user, one might be more worried of having their identity tied to their Facebook account (and therefore advertising/tracking), than about their government spying on them.

Having worked with people in totalitarian countries, it's surprising how much protesting people can do in plain sight. Until the regime decides they went too far, and it won't matter what proofs or chats they have on their devices, they'll just randomly arrest a bunch of people and release them after a week of horrible prison conditions. It's usually good enough to scare everyone.

I use Signal 95% of the time, but I understand the appeal of Telegram. The UX is better, it allows pseudonyms, has huge communities in group chats. In a sense, it feels more private than Signal because of the pseudonyms. And for people in non-Western countries, well, Telegram might seem like the only option.

signal and telegram are a no brainer when it comes to totalitarian regimes. i live in Kashmir which has historically and continues to hunt down dissidents with agility. i cannot imagine being tied to my "mobile number" when the government has that data by law, tying a telegram/signal account to it is a gone case by that point.

people who go with signal call it "better whatsapp without facebook tracking" but just like telegram, its Achilles heel is mobile number requirement. matrix has that from the start so its better in that respect. sure, matrix does not have "social graph" out of the box but in a "totalitarian regime", that is precisely what you want.

besides, you can set up your own matrix server, something whatsapp/telegram/signal simply cannot do so its 100% more secure in that sense

I think the bigger question is anti-spam in anonymous chatrooms, even with the mobile phone requirements spammers (in particular from Nigeria, why does this country have so many scammers in particular?) are everywhere and spamming all the time, I'm in 5 or so groups and every day 2-3 spam messages have to be deleted. There are millions of fake channels and I wouldn't be surprised if up to or over 10% of telegrams messages sent are spam/scams.

What does matrix do to prevent the tidal wave of spam hitting it?

I would say it's the same question as "what does IRC do?" as the general design is the same - maybe a bit more friction signing up with Matrix than IRC but at the end of the road they operate on the same trust model. The Matrix team blogged about a spambot attack last year on this very question: https://matrix.org/blog/2021/06/30/security-update-synapse-1...

Side comment: because my mobile number was leaked (breached) by T-Mobile which included my name, I get way, way way more spam via it than anything else. Lots of political spam, 95% or greater from the right/repub end of the spectrum.

Edit, side comment #2: I ported my secondary Google Voice number out to Tello (a low cost MVNO in the US) with a SIM in a spare phone, and all the spam I was getting every day to that number simply stopped instantly. I'm a little amazed to be honest, it's very interesting.

> The Matrix team blogged about a spambot attack last year on this very question: https://matrix.org/blog/2021/06/30/security-update-synapse-1...

Ah sorry that's a spambot attack, the spam on telegram is 99% Indian/Nigerian origin of people literally just signing up to go into group channels and spam whatsapp channels/msg me for how to make riches/join this trading signals channel you'll make millions.

If you're lucky they'll personally message you with something like 'hey' and then wait for you to respond, initiate a convo and try and get you to fall for their classic HYIP: https://en.wikipedia.org/wiki/High-yield_investment_program

Searching for Ban on a random group channel this is how common it is: https://imgur.com/kOtilgL

the tidal wave of spam? interesting.

i am member of a group, public, 876 users as of right now, another openstreetmap india group and that one has 1350.

only the osm-in has some sort of "spam" where i see occasional crap thrown on but that gets flagged and removed quickly.

i don't know about telegram but my matrix account(s) are pretty public but i have basically never gotten a stray spam. as i said, one group has a "couple of spam messages occasionally" but i can "report" the user and check tickbox

"Ignore user Check if you want to hide all current and future messages from this user." which should be good.

the more public group that i am in, i leave "mentions and keywords only" notifications on so it does not bother me with every buzz. that way, only groups that i know are "relevant" can notify me, these groups i can browse later when i get the time
You can't have a Telegram account without a phone number, can you?

So the difference is merely whether it's your user identifier?

that is what i wrote. matrix does not by design force users to submit a mobile number while everyone else does because they want to use that for social graph, etc etc.
> you can set up your own matrix server

Synapse is still one of the worst installation processes[1] I've gone through. I'm extremely comfortable with Ansible and Docker but their install process sucks if you aren't exposing your Matrix instance to the world and don't have a domain pointing at it. On top of that, there are so many moving pieces to it if you want to bridge it to other services.

I got it all installed but ended up dumping it because I felt the complexity wasn't worth it. There are so many moving pieces imo.

Are there alternatives to Synapse for homeserver software? Or is there a less complex deployment method for a homeserver and bridges that I am not aware of?

[1] https://matrix-org.github.io/synapse/latest/setup/installati...

https://github.com/YunoHost-Apps/synapse_ynh

you do have stuff like yonohost that make it much easier, maybe try that?

Oh cool, I had never heard of YunoHost before this.

After my comment, I decided to give Matrix a try again and setup a fresh Arch Linux VPS for it. I didn't run into any snags but it took quite some time to get everything configured. It probably took me a solid 2 hours just to get everything up and running (Synapse + bridges for iMessage, Signal, Discord and IRC).

Not many applications I self host require as much setup as Synapse!

Thanks for giving it another go. Setting up Synapse itself should be super easy though - it’s just an https listener pointed at by an srv record or .well-known uri. We don’t need weird certificates or reverse proxy contortions these days (since Matrix left beta in 2019); it really should be a few minutes max to do it from git or pip, or a few seconds via apt or similar.

Now, setting up a bunch of bridges is indeed harder, but they are deliberately entirely separate apps, each with their own foibles. But just like you wouldn’t blame Apache httpd for some fiddly 3rd party Apache module, I wouldn’t blame Synapse for the complexities of running bridges.

Good perspective -- you are completely right, my perspective was totally off. Part of that reason is probably my only reason for using Matrix is for the bridging as I don't have friends or family who actually use Matrix, unfortunately, so I pretty much just use it for myself to bridge to other messengers.

But again, I appreciate you putting that into perspective. Synapse by itself really isn't too bad. But for it to be actually useful for myself takes a lot of work.

hey... glad you did that... i have been a matrix user for a few years but i have only heard about "bridges" but never really understood it. does a discord bridge mean i give my login/oath to matrix bridge from my discord and i can access those contacts in matrix without having 2 apps? that is my general assumption.

what about whatsapp for example? do i have to have an existing whatsapp account which constantly remains online and interacts on behalf of my matrix?

Bridges allow you to use other external accounts through your Matrix Homeserver. So with the Discord Puppet Bridge[1] I am using I can log into my Discord account from Matrix and handle all my Discord DMs and group chats using a Matrix client. So yes, bridges allow you to use Matrix for all your other chat applications.

The general workflow is after you install bridges that you configure your bridge to your existing account on the other platform. So for Signal, you open a chat with the Signal Bridge bot and issue a command to link to your account and then it walks through that process. Once the bridge is configured with your external account any new DMs and group chats from those external accounts will show up as DMs in Matrix.

Hopefully that makes sense! :)

[1] https://gitlab.com/mx-puppet/discord/mx-puppet-discord

Wait for evangelists to come and say that it's simply out of their threat model for Signal, it's actually just no-Facebook Whatsapp with Mobilecoin, you're a 0.0001% privacy geek whose needs are totally irrelevant to 99% of the actual userbase whose requirements are stories and, surprisingly, usernames which are coming the next day, pinky promise! That's what always is being heard in response to unorthodox requests wrt Signal development, chinese users case shining there especially so. But yeah, some people gotta bring some bread to their tables and other to get memed into "use Signal, use TOR".
For people looking for privacy: Briar is where it's at. A bit clunky UI (e.g. inviting someone isn't easy) but otherwise really well built client, and top notch network protocol and cryptographic features.

[1] https://briarproject.org/

I've also heard good things about https://cwtch.im/
I hate to say it, but if the product/service name immediately evokes a "how do I pronounce this" feel, and actually has an entry in the FAQ about it, its facing an uphill battle with mass adoption.
I want to like Briar and Cwtch but neither of them have iOS clients which really breaks the whole friendly to people who use other platforms covenant. If a client doesn't have apps for both of the big mobile platforms I'd say it's very unfriendly because you by omission are creating exclusionary silos.

There's Session, which is iOS and Android friendly and doesn't burn down your battery as messages are privately routed through zero-knowledge nodes: https://getsession.org

How is it worse? Besides chats beung unencrypted by default
Telegram has a great thing working in its favor: it is mostly free of censorship, particularly of the kind that reacts to Western do-gooder sensibilities. I have learnt more about the Ukraine war from Telegram channels (Gruz 200, Truha, some local ones) than from all of the Western press combined. Analysts like Bellingcat, CIT and ISW keep citing Telegram channels as sources. Both DNR/LNR "separatists" and Ukrainian regular and irregular fighters are putting out a lot of unfiltered info on TG.

The idea that Telegram is in any way safer than the other platforms, I really don't see much to speak for it.

It's similar to ProtonMail: you get it as a backup in case you get locked out of your googlemail; you don't get it to conspire.

That's not because of its policies, it's just that Telegram is very popular in Eastern Europe/post-USSR land, network effects and such.
Twitter and Youtube are a censorship minefield as it comes to war footage. Russian trolls have been known to mass-report pro-Ukrainian accounts for posting "NSFL" material (and much of the interesting material from the front is NSFL). If you are famous and know the right people in the West, you can get unbanned through your connections, but this is a lot harder for the local sources.
It's not worse, aside from chats being unencrypted by default.

I've had suggestions on Instagram of people who I never got in touch with, only because my wife, who has no FB account, is in the same WhatsApp group as these people. They mixed in a bunch of other "you may know" people to make it less obvious, but when comparing her groupchat and my suggestions, it's clear they made links via IPs and phone numbers. At least Telegram isn't big enough (not yet, anyway) to cross correlate data to ID users like that to create such privacy concerns. FB? No, thanks.

> It's not worse, aside from chats being unencrypted by default.

That is not a side point though. It's a major, major difference.

Chats are encrypted. The question who can decrypt them by default.

It is a trade-off between security and usability. By default, you get usability (e.g., you can chat across devices easily). But you think it is worth the cost, you can make encryption keys unavailable without corresponding devices (create secret chat).

My guess, most telegram users prefer usability or don't care/ignorant. It would be a mistake to make the experience worse (that people would notice ignorant or not).

> Chats are encrypted.

Not end to end. Let's not sell SSL connections as encryption please.

It is false that chats are "unencrypted" (I know, it is repeated on every submission about Telegram here but it does not make it true whatever Goebbels said). Here's a quote from the FAQ: "The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data." https://telegram.org/faq#q-do-you-process-data-requests
That is only true for the End 2 End encrypted chats, which are a separate and not very user friendly thing. Regular chats and group chats/channels are by design unencrypted.
It is false. Click the link to the FAQ. The paragraph for the quote begins with "To protect the data that is not covered by end-to-end encryption"
Then it is not correct. A security analysis of Telegram has raised doubts about their e2e before. They have (had?) a blogpost up where they pontificate about how it not necessary and would put a burden on their channel feature anyway.
The security analyses I am aware of target MTProto 1 which is not MTProto 2 used for quite a number of years now. MTProto 2 uses standard security primitives.

You cannot say "it is not correct" without proof. We know all messages not just E2EE are wrapped in encryption on their way out a Telegram client and we know they are decrypted on their way in because client source code is available.

Why don't you have a look for yourself then let us know if you've confirmed your suppositions?

> There simply isn't any encryption besides SSL for all the rest, which at one point they were boasting is the cause for their generally excellent performance (no distribution of keys etc). They didn't change that unless they ware uncharacteristically quiet about such a major new feature. It would run counter to their motivation for not doing it in that earlier blogpost. It also doesn't make sense to then have MTproto in parallel especially since they apparently solved key exchange and so on.

At this point you are just willfully throwing around misinformation. A number of commenters have tried to point you directly to the docs to which you've just said, "it's wrong".

> talking about MTproto, which is only used for their e2e chats.

This is also misinformation. [1] Please stop.

I only flag as an absolute last resort here on HN but you are actively harming discourse at this point.

[1] https://core.telegram.org/mtproto/AJiEAwIYFoAsBGJBjZwYoQIwFM...

Please project elsewhere.
Sure, they're encrypted with a key that they have.

They have complete access to the data.

To me a chat app not reading my messages is way more important than a chat app will not use my phone number for advertisement. Ideally I'd have both, but given a choice, the first one is way way more horrific than the other.

Though, for some cases Telegram is definately better, Groups, work related chats don't really need to be private as much and that's where telegram really shines for me. Specially since I can use it without giving my phone number away.

> is way more important than a chat app will not use my phone number for advertisement.

My profile being shown on a different platform to people that I might be close to (co-workers, in-laws, friends of friends) but I'm not interested in having on social media is pretty damn concerning, regardless of ads.

Anything Facebook-made and “privacy” doesn’t belong in the same sentence.

And yet it’s top comment at the moment in the HN of all places.

Talk about irony.

Join up to 1000 channels

Not sure if I would want that life.

Bots will like it, especially crypto scam bots.
Telegram channels are broadcast groups.
I know several ppl who need to use several devices because of that limit.
The moment they shove in tracker stuff, it’s goodbye telegram. Non premium users don’t seem to really get stumped by this at least, but still sad to see after them promising “free forever”.
I think this kind of premium feature is to make sure that the basic services will be free forever. Many people arguably will prefer this approach that allows them to fund the services to go live further.
I love Telegram. Their desktop client is just a million times better than WhatsApp. Everything business I do with Telegram. Everything personal goes through WhatsApp.

Privacy, encryption, tracking etc. I don't care about. All the messengers suck in this perspective..

Only just the word "Premium" in the title confirms my (totally unfounded because I didn't read much about nor try it) scepticism towards Telegram.

I have an automatic aversion against the principle of two class services where the provider can over time tighten the screws and urge more people towards their premium offer.

I'd prefer a service that just has one package an everyone pays the same. It's more transparent and cannot as easily be misused in obscure ways to game more profit out of its customers.

Running servers and developing apps isn't free. I'd rather they sell their premium service to some users than sell data.
I should have made more clear that I'm absolutely pro paying for the service. So much so that it makes me suspicious that Telegram has been free so long.

I don't use gmail, I paid for my IM app, ... and I sure try to avoid services that pay for themselves by selling my data.

I just see the distinction between normal and premium as some lever they can push more in the future to generate more revenue.

Let's just wait and see how it'll work out.

It has been running completely free for users for years on end, and the only thing changing now is some minor convenience features in exchange for a subscription. For regular users basically everything will remain the same.
The issue I see with that is that messengers (platforms) have a strong network effect - it becomes useful to you if you can reach your contacts there.

Making it paid creates an inconvenience even if the price extremely low, if you don't even know if your friends are on there (= if it's useful to you) even more so. If your target group is worldwide you need regional pricing (and payment methods) to not exclude economically disadvantaged regions. And even then it might have selective effects towards people who can afford the service more easily.

For a case study of a paid messenger see Threema, though it is probably difficult to measure the impact of its payment model on its success.

> Making it paid creates an inconvenience even if the price extremely low, ...

Buying ... isn't it always "inconvenient"?

Shopping for groceries, what an inconvenience.

I get your point: not having to do something to get something is always easier. But when you're literally paying for soooo many other things every day .. where's the proportionality? When in this case of instant messaging app you'd have to buy it once.

> If your target group is worldwide you need regional pricing (and payment methods) to not exclude economically disadvantaged regions.

Yes, valid. Like with most other services/products all over the world, of course the messaging app as well would be priced according to the usual standards in the respective country. Food prices and all other prices vary from region to region, country to country.

So I didn't mean it should be priced the same in every country. Just that there better not be two different service levels. As I wrote, IMO this differentiation just enables gamification/maximisation of revenue.

> For a case study of a paid messenger see Threema, ...

Yes, Threema appears to move rather slowly. Of course they are, when all other apps offer even more shiny features and are free. That's just how most people decide: nice features, friends are there, free .. yep, I'll go with that.

My impression is that Threema is doing ok, considering the fact that it costs a few bucks.

And still no spell check...
What platform are you on, sorry? On android my keyboard takes care of it. On windows - spell check is also enabled in the input box area.
Can be enabled on Linux as well
Its available on the web versions as well (in addition to the Android/iOS and the desktop apps).
> Unique Badge and Reactions, Special Stickers and more

Yes, finally! That’s the good move to make the company sustainable. Let me pay for esthetic and goodies!

I simply want to appear offline permanently.

And my 'last seen' to be whatever I set it to.

Gimme these two and I'll pay $1 per year.

You can already do it via Settings -> Security -> Last Activity
I think it still shows a rough last seen (Recently, within a week, within a month) even with that off. Good enough for me.
Good!

I'd be happy to pay a small amount monthly for the service, its made my life as a furry and event planner much less complex, the ability to be able to quickly spin up a group chat with interested parties makes planning all manner of things easier.

What advantages does Telegram offer over other chat services that provide the ability to quickly spin up a group chat (e.g. discord, facebook messenger, whatsapp (I think), twitter, i.e. pretty much every chat service that people use these days)? I use Telegram among others but see its feature set as pretty much identical to all others. Just yet another chat app I have to lug around because of the 1 or 2 people who use it exclusively.
There are quite a few:

- free large file upload (max 2GB), - native (non-electron) app for all the desktop platforms, - custom stickers (and not so limited as reactions on Discord, anybody can use any sticker set anywhere) - nice bot api (discord offers quite good experience as well) - works well when on shaggy mobile network. Doesn't send duplicate messages/etc (Messenger does) - doesn't censor messages. I'm free to send link to any website, upload any file type (again, looking at you, messenger) - you can quickly summarize different media shared in a given conversation, view all photos, movies, files, URLs, etc - search actually finds stuff (looking at you again, messenger) - you can be logged in on any number of devices (phew, WhatsApp)

Probably there are more. I'm so happy that most of my friends switched.

* Low barrier to entry - Its easy to get people onboarded to, and it doesnt require another identity service (like facebook).

* Native Client Support - all of their clients are OS native, and perform quite well compared to their peers.

* Desktop and Mobile Parity - the desktop and mobile clients are equal quality, and functionality, which means it works just as well on my desktop as it does on my phone.

Shut up and take my money: I will be subscribing instantly.

(I want none of the features; supporting the software I love is a right thing to do)

If Telegram was E2EE by default then they have a stream of new subscribers. I am happt pay for it service anyways. Has the best UX/UI. Whats just ended up copying some features...
If Telegram have E2EE by default, it won't have fully synced history. This would be much less useful.
Could you explain why you think that would be the case?
Well It isn't necessarily impossible, but Multi-Device encryption can get complicated.

It all depends on how things are done, one way to approach e2e with multiple devices is, each device gets it's own key, and the sender encrypts the text to all the keys. (Or usually uses a symmetric session key, that is encrypted and sent). However what do you do when a new device joins in? Someone needs to rekey all the messages for the new device.

Another way to approach this might be share the encryption keys across all devices, and make adding a new device basically sharing that key. This obviously comes with it's own set of disadvantages.

And in the end, what do you do if someone loses all their devices? The encryption keys are just lost.

I guess telegram just doesn't want to deal with that, which is kinda sad since it's a really good app and multi device encryption support would just sell me on the app.

The search function could not be done server side and would be trash. See Keybase.

When I want to look up what I said to someone 5 years ago, fast search is priceless.

I don't know how the ads model can be sustainable, so far I only get baiting ads about shitcoins. It's great that it is not targeted and text only, I hope it will remain that way but I feel like it won't.

I hope they will manage to keep telegram great and not become the next tumblr/myspace whatever, because as a social media platform I actually quite enjoy it: Minimal censorship, seems to attract very diverse kind of people, It is fast and run on everything (like a decade old smartphone on sailfish OS)