Oh and I also use it for messaging sometimes. But my main use case is participating in various groups, like in a forum way. And my peer group does the same and I have not met a single person that uses telegram mainly for messaging. Most also have signal or whatsapp for that.
"Same in the EU" - but you're actually make an opposite statement than the GP (GP said "everyone i know uses telegram" and you said "nobody uses telegram")
I use it since 2014 and have felt that it's very performant (more so than Signal or Whatsapp, Messenger, or Viber).
Also, it adds many useful features that other messengers didn't always have and many still don't have, for example Saved Messages, Scheduled Messages, Spoiler Messages, Reply to Message, message formatting (bold, monospace, etc), just to name a few off the top of my head.
Signal has "Scheduled Messages, Spoiler Messages, Reply to Message, message formatting (bold, monospace, etc)". I don't know what Saved Messages are, maybe it doesn't have those.
I don't get this. I'm in the EU and nearly everybody I know has Telegram.
Telegram has a huge advantage versus WhatsApp: it's not Meta. Then the Telegram UI is really excellent.
When you tell people all your friends and family are using it and that's it's not from Facebook, they usually install it on the spot. Then they're hooked.
I don't mind WhatsApp being Meta but Telegram is more lightweight and UI is far superior (for instance, ability to edit messages). Unfortunately, most people still use WhatsApp, you can't really avoid using it.
For Russian language content it feels a lot like pre-enshittification internet. You get blogs on all possible topics without ads or "Algorithm". Just read what you subscribed to, in whatever order you want.
I would never trust in with any confidential information though.
This is the most out of touch comment. Everybody is running after telegram, they are innovating all the time. If you want to see what Whatsapp will look like in a year, use telegram now.
* enough valid accounts. If the instance gets popular, you're going to need hundreds of them to get past rate limits according to the announcements some time ago (maybe the rate limits have changed though)
Signal's definition of "reproducible" meant for quite a while "download this binary docker image and build Signal inside of it". I don't know if that has changed since.
Signal rejects F-Droid for a different reason, though: They only want to distribute through channels where they get download statistics and control update rollouts.
I'm not sure what sort of "control" they have over the Play Store compared to f-droid, but I'd rather have a trusted 3rd party do the building transparently and verifyable.
F-Droid uses a package maintainer-esque process where the maintainers of F-Droid can intervene and prevent an update to an app from reaching users if it's deemed to be malicious or to add anti-features.
It's of particularly high need on mobile since popular apps, even those who were originally FOSS, are sold to scummy publishers who fill it with ads and subscription schemes (oft called anti-features, since removing them could be seen as a feature in and of itself), ruining the original. You can't really trust mobile app devs because the track record is downright awful. Recently that happened with the "Simple" collection of apps, where the Play Store version got filled with junk but the F-Droid maintainer froze the version and marked the apps as outdated since nobody could conceivably want the new versions.
Of course, that strokes poorly with developers who a. don't want to deal with potential third parties in their distribution chain rejecting their updates or b. are planning to add anti-features to their apps later down the line. With signal, I'm gonna guess it's mainly a; the Play Stores checks and balances are much less invasive than the sort of thing an F-Droid maintainer might check for. (As I understand it, Google Plays checks mostly are anti-exploit and keyword scans.)
> where the maintainers of F-Droid can intervene and prevent an update to an app from reaching users if it's deemed to be malicious
That sounds like a feature you want when using FOSS.
Imagine distros wouldn't have been able to intervene quickly and malicious xz would be still deployed through their channels just because the authors want to.
Oh yeah, it's an absolutely wonderful feature. F-Droid is pretty much the main app store I'd recommend to get "the basics" from if you're ever in the unfortunate position of having to manage the mobile devices of family members. Having a maintainer "on the lookout" gives so much peace of mind. Not suddenly having the gallery app turn into a data collection machine and baiting less tech-savvy people into vaguely defined subscriptions is a value that's too good not to pass up on.
FOSS isn't really the important part for me there; it's nice, but the real value is that F-Droid is pretty much the only app store that has some reckoning on how the relationship between mobile devs and mobile customers should be far more adversarial than on any other platform due to the poor track record of mobile devs and empowers users to be able to deal with that in a way that restores some degrees of trust.
It's a fucking shame there's not an equivalent on iOS where you can just say "yeah, what you find here can be trusted" and then not have that gets polluted a year down the line. Apple used to somewhat police the App Store back in the early 2010s for similar peace of mind, but that's not the case anymore.
> With signal, I'm gonna guess it's mainly a; the Play Stores checks and balances are much less invasive than the sort of thing an F-Droid maintainer might check for. (As I understand it, Google Plays checks mostly are anti-exploit and keyword scans.)
It might have been b as well – Signal did keep their server code proprietary for many months to add their custom cryptocurrency to it, and added this cryptocurrency for microtransactions into the app as well. There may be many more features like this planned, some of which F-Droid might oppose.
F-Droid with reproducible builds signed by both parties seems the best of both worlds to me, now I don't understand why Signal is so stubborn about this.
> This way F-Droid could potentially insert a backdoor in an update.
Google requires app developers on play store to give goole the keys that enable google to insert backdoors in any release. I can't trust anything on the play store for this reason. There is no way to tell which apps have been backdoored by google for whatever reason (the usual reason is a NSL).
Telegrams Encryption is off most of the time. They have serverside access to messages. The optional E2E is annoying to use and isnt even available on every platform. For example Tdesktop afaik still has no E2E support. (And has a very brittle software architecture.) You can't register Telegram accounts with the open source client anymore.
This should be a non-Discussion.
MG implying that just because other messengers like Whatsapp use Signals encryption scheme does not make them more more trustworthy.
Yes you can verify in a binary if the stuff is implemented well. But if a vendor has control over the update channel or beta rollout features its kinda easy to hide targeted features. Wasn't Whatsapp caught exfiltrating chats in ways that don't involve the normal channel bypassing E2E?
Btw there is no Signal in Fdroid but nowadays there is an accepted by upstream third party implementation.
You could separate software and infra vendor. Look at Molly.im
Better to bring non tech folk to Signal than to other messengers that do the same but less protected.
You can buy "anonymous number" on fragment without using any client and without providing any personal information and use it as much as you can
When signal becomes at least remotely as popular as telegram it will implement same protection to fight against spammers because you can't have free unrestricted registrations and don't drown in spam
Telegram currently makes it as accessible as possible: either use it freely but register using phone number and official app or pay and use anonymously as you want
I just looked at the fragment.com site to see how much such a number costs.
The lowest possible bid you can currently make, and that is for an auction that has six days to go, so probably not even the final price, is over 100$.
That is an unacceptable price for basic privacy.
Signal is already extremely popular, their anti-spam by default is that you need to get matched to the user's local contact list or the spam becomes an allow/deny prompt. They also require a confirmed phone number and handle registration throttling.
Both services are relatively insecure because they require phone authentication. In the EU at least the number can always be traced back to you if you don't buy specific burner phones.
The level of encryption isn't as important anymore at that point. It is less probable you get into problems by using a service that doesn't know your identity.
> but your phone number isn't visible to anyone you chat with.
That's irrelevant - the phone number is known to Signal and can be request by law enforcement. And, since it's been made pretty much impossible to buy a SIM in the EU without showing identification [0], this will allow law enforcement to link the account to you.
[0] IIRC the Netherlands is the only country left where you can buy SIMs without ID.
> Law enforcement asks signal if they have an account for a phone number, signal saying "yes, here's when they created it".
Law enforcement says that the suspect chatted with some username/told people to contact him by his Signal username, then they go to Signal and request the linked phone number, which is then linked to the ID shown when the card was bought.
This only works as long as the username is active/unchanged. It would probably be better if usernames were never linkable to phone numbers, but if your threat model requires a persistent, non-ephemeral username to remain anonymous when targeted by law enforcement that has access to your telecom records and warrants... that's going to require a pretty high level of opsec.
The UX on usernames in Signal might be non-ideal. It might be helpful to have a toggle that regularly cycles your username if that's important for your threat model.
> [0] IIRC the Netherlands is the only country left where you can buy SIMs without ID.
As far as I know, in Romania you can still buy and activate a prepaid SIM card without having to show your ID. There was an attempt a few years ago to make it mandatory to tie the phone number to an ID, but it was overruled by the Constitutional Court.
I am in a Signal group which has an invite link discoverable on public internet (it's a local OpenStreetMap group). From time to time, a bot joins and proceeds to spam the group's members one-on-one.
The same happens on the Telegram OSM group. Now, the easy and 99% effective mitigation is to make a "bridge group" where you need to click something to join the real deal but changing that would invalidate any existing links.
Isn't it an expected issue with popular services, particularly ones with proper e2e encryption?
Things like WhatsApp and iMessage get scam messages too, and the less visibility the operators have for contents of messages the harder it is to proactively filter out spam.
It feels like any platform that allows for one-way initiation of a conversation is bound to increase in spam as the platform grows in usage (phone calls, email, SMS, various social media, various messengers, etc.).
Do any platforms require that both parties add one another? (And/or allow for restricting an account to such a mode)
e.g. if user123 and user789 wish to communicate, then user123 must add/contact user789 AND user789 must add/contact user123. Until both do so, then nothing happens.
It's more work to legitimately establish contact with someone, but that seems like it pales in comparison to the effort produced by spam/scams.
Same thing with verifying identities. In order to actually establish proper contact with someone, you need to communicate with them via some outside means (ideally in person) in order to establish the connection. Requiring both parties to enter/scan some ID/code/whatever seems like it would only facilitate proper verification (though not guarantee it, of course).
I'm sure that I'm missing something, though. I assume I'm just not familiar enough with these platforms and that some/all of them provide such a feature. It's just odd to me that spam sounds like such a problem when it feels like the above solution would be highly effective and simple to include.
Not a huge fan of Signal (phone number requirement [0], crypto push a while ago), but there are worlds between those two, and every time the Telegram CEO makes a post it looks more like a scam than before.
[0]: Yeah, might be changing or has already. Now, after ages.
> phone number requirement. Yeah, might be changing or has already. Now, after ages.
A phone number is still required for registration. As of a few weeks, it's not necessarily communicated to your contacts anymore, which solves a few concerns (but not all).
> crypto push a while ago
I was worried about this, but I use Signal daily and I haven't even noticed anything in the UI about this, it seems like a non event in the end.
- "Elon Musk said so", which does not matter.
- Signal attachments can be viewed by an attacker with local access to the client. This is not Signal's job to protect against.
- Signal offers an optional `--no-sandbox` flag which only has security options if enabled on Linux.
- Weaknesses in sealed sender. This is the only one that might be an actual problem (two theoretical and one empirical attack, but the latter comes from an 18 page paper that I have not read). But this does not compromise the integrity of the chats, and is not something Telegram improves on.
Given how the posted described the optional `--no-sandbox` flag as "no sandbox on Linux", it's clear that they don't understand anything they're sharing, and they just want to spread FUD.
---
edit: Per discussion below, I was wrong about the `--no-sandbox` flag. It's enabled by default. The risk is that an attacker could figure out how to use Signal to run arbitrary JavaScript. I take back my insult- it was I who did not understand the linked issue.
I still stand by Signal > Telegram. The risk here is that an attacker could figure out how to abuse Signal to run arbitrary Javascript, e.g. through a specially crafted message.
>Given how the posted described the optional `--no-sandbox` flag as "no sandbox on Linux", it's clear that they don't understand anything they're sharing, and they just want to spread FUD.
Could you elaborate as you seem to be more "knowledgeable". This flag is clear at what it does and shouldn't be shipped into production. https://no-sandbox.io/
You're right. It seems I am eating my words on that item, the `--no-sandbox` flag does seem to be on in most Linux installs. From context and search, it looks necessary for it to work on Debian.
Can confirm with `cat /usr/share/applications/signal-desktop.desktop`.
This still would require a pretty sophisticated attack to take advantage of, but I wouldn't rule it out as an attack surface. (We regularly see iPhone exploits that attack font and image rendering, after all.)
I don't trust either side and having a cryptography expert located in Baltimore, MD trying to prove that the other side is wrong seems just as off as a Russian owner trying to prove the opposite.
In the end it doesn't matter if you are using a smart phone from Apple or Google as your soft-keyboard is such an easy target there is no need to decrypt anything.
Yes, afaik the whole point of all this tech is that it is compromised by design and intended to allow agencies/governments/corporations fine grained access to each individual.
I use both these apps fwiw. I'm under no illusions that anything is really private online.
Would make more sense if it is reproducible builds. Shouldn't we just all switch to matrix clients which use Olm and Megolm cryptographic ratchets and it doesn't rely on one server/one entity.
To follow on, it turned out not only did that stunningly milquetoast comment I made get flagged, but after I made it someone tried to DDoS everything associated with me.
I mean, do these people not know their Shakespeare?
Given the location of Telegram's servers (Dubai), and the nature of the government (neutral dictatorship) and the lack of encryption, my default assumption would be that not only are they selling access to your data to major governments, they've probably even streamlined the bidding process.
Yep. The magic of "you could turn on encryption" is that nearly all people using it won't.
"Ah, but if you need encryption then you'll..." - well, two things now. Suddenly you're the person who has encryption switched on. And also more likely, someone they talk to will forget to switch it on and just blab everything into cleartext anyway.
The entire importance of Signal's model is that it is always encrypted. It's why LetsEncrypt is also important: to have effective security you need to be able to hide in the crowd. If encryption usage is rare, then who's using it itself (or suddenly starts using it) becomes an extremely valuable datapoint.
(so I'd add: Telegram absolutely sell timeline details of which user accounts change their frequency of encrypted chat usage).
Last I used Telegram, creating an e2ee chat with someone added an encrypted chat in addition to the unencrypted chat. This means if your not careful in which chat with a single person a message is sent to it's easy to accidentally send unencrypted data.
I'd guess this is possible because Telegram e2ee chats aren't multi-device capable, so it's necessary to be able to use unencrypted chats while using Telegram on something else than the phone with e2e.
Both Russians and Ukrainians use Telegram, including confidential messaging with their agents on the foreign territory. So that's a prove enough for me, that it's safe enough.
"including confidential messaging with their agents on the foreign territory"
Possible, as many ridiculous things happened around the whole war. (Recently german generals on a video chat were targeted by the russians, wasn't too hard, they did not use any encyption at all)
Sources would be nice though.
But it really would not be a reason for me to trust telegrams security.
Rather a confirmation again, that also secret services can show great incompetence.
It can use encryption. But they choose not to for probably lazy reasons. Which is bad for normal persons, even worse for generals who should lead by example - and ridiculous for generals with an background in IT who really should know better. But as far as I know, there were no real consequences so apparently it was not such a big deal.
> Ukrainian artillery targets Russian soldiers by pinpointing their phone signals. Despite the deadly results, Russian troops keep defying a ban on cellphone use near the front.
I mean, the Russian Ministry of Defense admits it.
> “It is already clear that the main reason of what took place included the massive use, contrary to the ban, of personal mobile phones in the range of enemy weapons,” the Russian Defense Ministry said in a statement. The cellphone data allowed Ukraine, it said, to “determine the coordinates of the location of military service members to inflict a rocket strike.”
It's not about ordinary soldiers. It's about special services agents contacting their "partisans" agents, while other side special services trying to catch them. They're supposed to apply best security possible in the given circumstances.
If you claim that neither Russian, nor Ukrainian special services are competent, I'd disagree with you.
I would guess that those two would turn encryption on?
IDK, the whole anti-Signal post really makes me suspicious of Telegram whereas I wasn't really before. Are trying to be the universal honeypot for agencies?
If you follow the discourse, the crypto quality is no longer brought up in factual Telegram-to-Signal comparisons, except as low-effort swipes at Telegram's general credibility.
Because saying "AES" is enough to talk about encryption ? Nothing else is involved ? Because if we're going in this direction everyone should just use XORs for encrypting and everything would be fine, and the rest would be implementation details.
It's not just opt-in, it's a non-default option you have to actively seek out and enable with every new conversation you start. So yes, by default, without additional steps taken, telegram is not e2e encrypted.
The non-standard crypto was also problematic, at least initially. Furthermore, as outlined, the claims on reproducible builds vis-a-vis Signal are debatable - both provide them on Android, neither satisfactorily on iOS.
I'd guess telegram can be secure if used correctly but the fact that their desktop client doesn't support secret chats at all feels weird. It has been one of the most requested features but they seem to have no interest in implementing it and have closed the issue on github.
Life will be much more boring if we cannot find humour even in the most boring things.
So, it's good that the personal involvement of the illustrious Elon turns even obvious political influence operations into a circus with talking horses and scary clowns.
- "I don't like where one of their board worked" (find someone high up in the cryptography ecosystem who hasn't been involved in this sort of thing somewhere in their career)
- "I don't like where their funding comes from" (US govt regularly funds secure software because they depend on it for their own operations, see: Tor)
- "An alarming number of people think their chats were leaked". It's easy to state things without sources. Also an alarming number of people think Facebook listens to them through their phones' mic. People are bad at opsec. Not news.
- "No reproducible builds. They closed a GitHub request from the community." Well, except Android is reproducible, and they explicitly state on that closed issue that they don't do feature requests via GitHub and asked the reporter to raise in the proper channel.
- "Telegram is the only service with reproducible builds". Telegram barely has encrypted chats, reproduce all you like, that doesn't make the chats secure. Signal has E2E encryption and verifiable builds for Android, that's a strictly better security position.
There seems to be a concerted effort to discredit Matthew's claims. Even here on HN. I find this suspicious. The Signal protocol has been heavily audited by many different people from many different countries. It's usually found to be sound. The telegram protocol has been found to have issues that are, if not malicious, amateur level mistakes.
Once again, this is not my opinion. This is the result of independent auditors who have no affiliation with either the USA or Russia.
There are positives to the UI of Telegram, there are negatives to the UI of Signal. None of these has much to do with the underlying protocol of either.
Personally I'd rather we all put our collective efforts into something like the protocol suggested by Matrix, but if only given the choice of Telegram or Signal, I'd avoid Telegram like the plague. They are either malicious or amateur. Either one isn't a good choice for security.
Eh, split any important message into pieces, put a piece each in Signal, WhatsApp, Telegram, Threema, Line, and then the Americans, Russians, Swiss, and Koreans will each have some parts, but if you're lucky, nobody has all...
You can have a secure verified protocol but an insecure implementation of the protocol (the app). Note though that Im not saying that Signal the app is insecure. However I do think that Signal can certainly do more to make itself more transparrent and to accomodate libre 3rd party implementations of their protocol
> The telegram protocol has been found to have issues that are, if not malicious, amateur level mistakes.
Please provide evidence of such issues. Because at most, the issues with MTProto were at the level of "we are not familiar with this, but seems ok". Which seem to be inflated by Signal activists into maliciousness.
> Recently, in [MV21 ] MTProto 2.0 (the current version) was proven secure in a symbolic model, but assuming ideal building blocks and abstracting away all implementation/primitive details.
Translation: it is secure, except for bugs, if any.
That's a generous translation! They were shown to be double-encrypting, using nonces where they weren't required, and generally making a bunch of mistakes that would be fine if they were writing a student level implementation of a secure messenger protocol, but not one that went on to be tacitly endorsed by a bunch of nation states!
It's like a clunkier version of the backdoor in Dual EC DRBG. When problems like this are found, you can either assume deliberate malice (as in the case of NIST) or accidental incompetence. Either should be immediate grounds for not using the software. This isn't Flappy Bird. This is meant to be secure comms. The "This Is Fine" mentality doesn't cut it.
> The meaning of "bear's service" originally comes from a fable about a man and a bear. The bear wanted to help the man by killing a gnat which sat on his forehead. As a result both the gnat and the man died.
Basically, by being proactive you do more damage as if you didn't do anything.
Ok, apparently I can now reply to this comment... Weird HN delays aside.
I don't care if the people who can decrypt Telegram chats are allied with any one side or another. I believe the idea of "Class enemy" to be abhorrent, and the moral / social threats of "the overall impact" to be negligible when compared to the fact that using compromised communications platforms will inevitably lead to greater problems than the act of calling them out.
This is the equivalent of "You'll keep quiet if you know what's good for you".
If Telegram is broken, certain people need to stop using it. The socio-political climate of the areas most likely to be using Telegram just makes this more urgent. This applies independent of if / how / why it's broken, and who, if anyone, may benefit from this.
Replying to this, as I can't reply to your down-thread reply for some reason.
What if the gnat isn't a gnat? What if the gnat is another man who now knows the communications of the first man? I'm not saying the Bear should kill both, but I'm pointing out that the analogy falls apart when the gnat isn't just a mildly annoying third party.
Or a Polish one. (I guess the expression will be popular across Eastern Europe)
It's funny to see the basic cultural stuff float to the surface in comments like that. Like when there was a large number of "American" accounts some time ago on Twitter responding to financial news, but putting USD after the numbers... (To be clear, I'm not suggesting anything specific about the author here, just that sometimes you see enough opinions about something with the origin "leaking" through the side channel and wonder how organic it is)
This just seems like a knee-jerk reaction to Durov promoting his own platform as usual, what does Elon Musk have to do with this for example? Is there any evidence that the authorities have ever had access to private conversations? At the end of the day, the issue comes down to the fact that Telegram is such a superior messaging app compared to anything else.
500 comments
[ 3.0 ms ] story [ 312 ms ] threadOh and I also use it for messaging sometimes. But my main use case is participating in various groups, like in a forum way. And my peer group does the same and I have not met a single person that uses telegram mainly for messaging. Most also have signal or whatsapp for that.
Yeah, plenty have accounts, but nobody uses it to actually chat.
Also, it adds many useful features that other messengers didn't always have and many still don't have, for example Saved Messages, Scheduled Messages, Spoiler Messages, Reply to Message, message formatting (bold, monospace, etc), just to name a few off the top of my head.
Oh, and it's end-to-end encrypted by default.
Everyone in my friend group is using it.
In terms of functionality, speed, fluidity of the interface everyone is trying to catch up to Telegram. And doing a half-assed job of it
Telegram is often praised here for their features that helped them to grow and made people keep using it. Something that Signal should consider doing.
They have 900million monthly active users.
Telegram has a huge advantage versus WhatsApp: it's not Meta. Then the Telegram UI is really excellent.
When you tell people all your friends and family are using it and that's it's not from Facebook, they usually install it on the spot. Then they're hooked.
Except the government, as reported in the news.
Actually the only time I used it it's because I needed to chat with a Russian SaaS personnel.
I would never trust in with any confidential information though.
Signal rejects F-Droid for a different reason, though: They only want to distribute through channels where they get download statistics and control update rollouts.
I'm not sure what sort of "control" they have over the Play Store compared to f-droid, but I'd rather have a trusted 3rd party do the building transparently and verifyable.
It's of particularly high need on mobile since popular apps, even those who were originally FOSS, are sold to scummy publishers who fill it with ads and subscription schemes (oft called anti-features, since removing them could be seen as a feature in and of itself), ruining the original. You can't really trust mobile app devs because the track record is downright awful. Recently that happened with the "Simple" collection of apps, where the Play Store version got filled with junk but the F-Droid maintainer froze the version and marked the apps as outdated since nobody could conceivably want the new versions.
Of course, that strokes poorly with developers who a. don't want to deal with potential third parties in their distribution chain rejecting their updates or b. are planning to add anti-features to their apps later down the line. With signal, I'm gonna guess it's mainly a; the Play Stores checks and balances are much less invasive than the sort of thing an F-Droid maintainer might check for. (As I understand it, Google Plays checks mostly are anti-exploit and keyword scans.)
That sounds like a feature you want when using FOSS.
Imagine distros wouldn't have been able to intervene quickly and malicious xz would be still deployed through their channels just because the authors want to.
FOSS isn't really the important part for me there; it's nice, but the real value is that F-Droid is pretty much the only app store that has some reckoning on how the relationship between mobile devs and mobile customers should be far more adversarial than on any other platform due to the poor track record of mobile devs and empowers users to be able to deal with that in a way that restores some degrees of trust.
It's a fucking shame there's not an equivalent on iOS where you can just say "yeah, what you find here can be trusted" and then not have that gets polluted a year down the line. Apple used to somewhat police the App Store back in the early 2010s for similar peace of mind, but that's not the case anymore.
It might have been b as well – Signal did keep their server code proprietary for many months to add their custom cryptocurrency to it, and added this cryptocurrency for microtransactions into the app as well. There may be many more features like this planned, some of which F-Droid might oppose.
https://community.signalusers.org/t/signal-android-app-on-f-...
F-Droid with reproducible builds signed by both parties seems the best of both worlds to me, now I don't understand why Signal is so stubborn about this.
Google requires app developers on play store to give goole the keys that enable google to insert backdoors in any release. I can't trust anything on the play store for this reason. There is no way to tell which apps have been backdoored by google for whatever reason (the usual reason is a NSL).
Telegrams Encryption is off most of the time. They have serverside access to messages. The optional E2E is annoying to use and isnt even available on every platform. For example Tdesktop afaik still has no E2E support. (And has a very brittle software architecture.) You can't register Telegram accounts with the open source client anymore. This should be a non-Discussion.
MG implying that just because other messengers like Whatsapp use Signals encryption scheme does not make them more more trustworthy.
Yes you can verify in a binary if the stuff is implemented well. But if a vendor has control over the update channel or beta rollout features its kinda easy to hide targeted features. Wasn't Whatsapp caught exfiltrating chats in ways that don't involve the normal channel bypassing E2E?
Btw there is no Signal in Fdroid but nowadays there is an accepted by upstream third party implementation. You could separate software and infra vendor. Look at Molly.im
Better to bring non tech folk to Signal than to other messengers that do the same but less protected.
Matrix? Lol!
When signal becomes at least remotely as popular as telegram it will implement same protection to fight against spammers because you can't have free unrestricted registrations and don't drown in spam
Telegram currently makes it as accessible as possible: either use it freely but register using phone number and official app or pay and use anonymously as you want
The level of encryption isn't as important anymore at that point. It is less probable you get into problems by using a service that doesn't know your identity.
That hasn't been the case for Signal for some months: https://signal.org/blog/phone-number-privacy-usernames/
You still require a phone number for sign up for Signal, but your phone number isn't visible to anyone you chat with.
That's irrelevant - the phone number is known to Signal and can be request by law enforcement. And, since it's been made pretty much impossible to buy a SIM in the EU without showing identification [0], this will allow law enforcement to link the account to you.
[0] IIRC the Netherlands is the only country left where you can buy SIMs without ID.
Maybe I'm missing something here, but if usernames are treated as ephemeral, what's the threat model here?
So how does this work? Law enforcement asks signal if they have an account for a phone number, signal saying "yes, here's when they created it".
Then what?
You won't get the actual plaintext messages, but the contact graph + metadata (timestamps) are pretty sensitive.
Law enforcement says that the suspect chatted with some username/told people to contact him by his Signal username, then they go to Signal and request the linked phone number, which is then linked to the ID shown when the card was bought.
The UX on usernames in Signal might be non-ideal. It might be helpful to have a toggle that regularly cycles your username if that's important for your threat model.
As far as I know, in Romania you can still buy and activate a prepaid SIM card without having to show your ID. There was an attempt a few years ago to make it mandatory to tie the phone number to an ID, but it was overruled by the Constitutional Court.
Wrong. Because:
> You still require a phone number for sign up for Signal
So, they have your phone number. What is displayed is irrelevant.
If they have your phone number (which they do), they will have to disclose it for any subpoena/NSL, so they do.
> you need a jailbroken (old) iPhone. And at the end you still can’t verify the whole app. Some files stay encrypted
So basically, it works you just have to bend over backwards to verify that it's truly reproducible.
Things like WhatsApp and iMessage get scam messages too, and the less visibility the operators have for contents of messages the harder it is to proactively filter out spam.
Do any platforms require that both parties add one another? (And/or allow for restricting an account to such a mode)
e.g. if user123 and user789 wish to communicate, then user123 must add/contact user789 AND user789 must add/contact user123. Until both do so, then nothing happens.
It's more work to legitimately establish contact with someone, but that seems like it pales in comparison to the effort produced by spam/scams.
Same thing with verifying identities. In order to actually establish proper contact with someone, you need to communicate with them via some outside means (ideally in person) in order to establish the connection. Requiring both parties to enter/scan some ID/code/whatever seems like it would only facilitate proper verification (though not guarantee it, of course).
I'm sure that I'm missing something, though. I assume I'm just not familiar enough with these platforms and that some/all of them provide such a feature. It's just odd to me that spam sounds like such a problem when it feels like the above solution would be highly effective and simple to include.
[0]: Yeah, might be changing or has already. Now, after ages.
A phone number is still required for registration. As of a few weeks, it's not necessarily communicated to your contacts anymore, which solves a few concerns (but not all).
> crypto push a while ago
I was worried about this, but I use Signal daily and I haven't even noticed anything in the UI about this, it seems like a non event in the end.
You can check this thread where his claims are debunked https://discuss.privacyguides.net/t/according-to-elon-musk-s...
Let's enumerate the purported problems:
- "Elon Musk said so", which does not matter. - Signal attachments can be viewed by an attacker with local access to the client. This is not Signal's job to protect against. - Signal offers an optional `--no-sandbox` flag which only has security options if enabled on Linux. - Weaknesses in sealed sender. This is the only one that might be an actual problem (two theoretical and one empirical attack, but the latter comes from an 18 page paper that I have not read). But this does not compromise the integrity of the chats, and is not something Telegram improves on.
Given how the posted described the optional `--no-sandbox` flag as "no sandbox on Linux", it's clear that they don't understand anything they're sharing, and they just want to spread FUD.
---
edit: Per discussion below, I was wrong about the `--no-sandbox` flag. It's enabled by default. The risk is that an attacker could figure out how to use Signal to run arbitrary JavaScript. I take back my insult- it was I who did not understand the linked issue.
I still stand by Signal > Telegram. The risk here is that an attacker could figure out how to abuse Signal to run arbitrary Javascript, e.g. through a specially crafted message.
Could you elaborate as you seem to be more "knowledgeable". This flag is clear at what it does and shouldn't be shipped into production. https://no-sandbox.io/
You can have a look where they specifically chose to force it https://github.com/signalapp/Signal-Desktop/commit/1ca0d8210...
Can confirm with `cat /usr/share/applications/signal-desktop.desktop`.
This still would require a pretty sophisticated attack to take advantage of, but I wouldn't rule it out as an attack surface. (We regularly see iPhone exploits that attack font and image rendering, after all.)
I'll amend my post given this.
There's an issue open to provide a flatpak for the app.
https://github.com/signalapp/Signal-Desktop/issues/1639
In the end it doesn't matter if you are using a smart phone from Apple or Google as your soft-keyboard is such an easy target there is no need to decrypt anything.
I use both these apps fwiw. I'm under no illusions that anything is really private online.
Telegram is shady, but the points made has a point. Not having reproducible builds on iOS is disappointing for such a security-critical product.
And looks like it is implemented in Rust:
https://github.com/matrix-org/vodozemac/
I mean, do these people not know their Shakespeare?
Edit to add: The fact my post got flagged and not merely downvoted is because it hits the nerve way too strongly.
But here, primary: https://christopherrufo.com/p/the-zen-koans-of-npr
> This week, I have been engaged in a campaign to expose NPR’s new CEO, Katherine Maher, and her anti-speech, anti-truth philosophy.
"Ah, but if you need encryption then you'll..." - well, two things now. Suddenly you're the person who has encryption switched on. And also more likely, someone they talk to will forget to switch it on and just blab everything into cleartext anyway.
The entire importance of Signal's model is that it is always encrypted. It's why LetsEncrypt is also important: to have effective security you need to be able to hide in the crowd. If encryption usage is rare, then who's using it itself (or suddenly starts using it) becomes an extremely valuable datapoint.
(so I'd add: Telegram absolutely sell timeline details of which user accounts change their frequency of encrypted chat usage).
> And also more likely, someone they talk to will forget to switch it on and just blab everything into cleartext anyway.
I expect that if you enable a Telegram Secret Chat with Bob, Bob cannot unilaterally un-secret it. I would be very surprised if that was the case.
Of course Bob can then share the contents with Carol via an un-encrypted channel. But every encrypted channel has that weakness.
I'd guess this is possible because Telegram e2ee chats aren't multi-device capable, so it's necessary to be able to use unencrypted chats while using Telegram on something else than the phone with e2e.
Possible, as many ridiculous things happened around the whole war. (Recently german generals on a video chat were targeted by the russians, wasn't too hard, they did not use any encyption at all)
Sources would be nice though.
But it really would not be a reason for me to trust telegrams security.
Rather a confirmation again, that also secret services can show great incompetence.
They used Webex. Doesn't Webex use any encryption at all?
https://en.m.wikipedia.org/wiki/German_Taurus_leak
https://www.nytimes.com/2023/01/04/world/europe/ukraine-russ...
> Ukrainian artillery targets Russian soldiers by pinpointing their phone signals. Despite the deadly results, Russian troops keep defying a ban on cellphone use near the front.
It's especially critical to drip-feed feel good news when you losing.
> “It is already clear that the main reason of what took place included the massive use, contrary to the ban, of personal mobile phones in the range of enemy weapons,” the Russian Defense Ministry said in a statement. The cellphone data allowed Ukraine, it said, to “determine the coordinates of the location of military service members to inflict a rocket strike.”
If you claim that neither Russian, nor Ukrainian special services are competent, I'd disagree with you.
IDK, the whole anti-Signal post really makes me suspicious of Telegram whereas I wasn't really before. Are trying to be the universal honeypot for agencies?
https://words.filippo.io/dispatches/telegram-ecdh/
If you follow the discourse, the crypto quality is no longer brought up in factual Telegram-to-Signal comparisons, except as low-effort swipes at Telegram's general credibility.
[1] https://core.telegram.org/mtproto
If that's all there is to it, then the opinion is rather weak.
edit: maybe post a comment in addition to pressing the downbutton. I'm curious what's so problematic about what I've said.
So, it's good that the personal involvement of the illustrious Elon turns even obvious political influence operations into a circus with talking horses and scary clowns.
It's good :)
> Pavel Durov, the CEO of Telegram, has recently been making a big conspiracy push to promote Telegram as more secure than Signal..
https://t.me/durov/274
Jack Dorsey's Tweet: https://twitter.com/jack/status/1787895769183268948
https://t.me/durov/274
- "I don't like where their funding comes from" (US govt regularly funds secure software because they depend on it for their own operations, see: Tor)
- "An alarming number of people think their chats were leaked". It's easy to state things without sources. Also an alarming number of people think Facebook listens to them through their phones' mic. People are bad at opsec. Not news.
- "No reproducible builds. They closed a GitHub request from the community." Well, except Android is reproducible, and they explicitly state on that closed issue that they don't do feature requests via GitHub and asked the reporter to raise in the proper channel.
- "Telegram is the only service with reproducible builds". Telegram barely has encrypted chats, reproduce all you like, that doesn't make the chats secure. Signal has E2E encryption and verifiable builds for Android, that's a strictly better security position.
Easily explained by direct access to the phone or Pegasus (or Pegasus-like) spyware. Both of which Telegram is also vulnerable to.
Once again, this is not my opinion. This is the result of independent auditors who have no affiliation with either the USA or Russia.
There are positives to the UI of Telegram, there are negatives to the UI of Signal. None of these has much to do with the underlying protocol of either.
Personally I'd rather we all put our collective efforts into something like the protocol suggested by Matrix, but if only given the choice of Telegram or Signal, I'd avoid Telegram like the plague. They are either malicious or amateur. Either one isn't a good choice for security.
Please provide evidence of such issues. Because at most, the issues with MTProto were at the level of "we are not familiar with this, but seems ok". Which seem to be inflated by Signal activists into maliciousness.
You do make bear service here.
> Recently, in [MV21 ] MTProto 2.0 (the current version) was proven secure in a symbolic model, but assuming ideal building blocks and abstracting away all implementation/primitive details.
Translation: it is secure, except for bugs, if any.
It's like a clunkier version of the backdoor in Dual EC DRBG. When problems like this are found, you can either assume deliberate malice (as in the case of NIST) or accidental incompetence. Either should be immediate grounds for not using the software. This isn't Flappy Bird. This is meant to be secure comms. The "This Is Fine" mentality doesn't cut it.
I'm not sure what this means.
Basically, by being proactive you do more damage as if you didn't do anything.
There's another: proactive idiot is worse than the class enemy[1].
[1] "Class enemy" or "třídní nepřítel" (cz) might be an unknown term in itself - https://en.wikipedia.org/wiki/Enemy_of_the_people#Soviet_Uni...
I don't care if the people who can decrypt Telegram chats are allied with any one side or another. I believe the idea of "Class enemy" to be abhorrent, and the moral / social threats of "the overall impact" to be negligible when compared to the fact that using compromised communications platforms will inevitably lead to greater problems than the act of calling them out.
This is the equivalent of "You'll keep quiet if you know what's good for you".
If Telegram is broken, certain people need to stop using it. The socio-political climate of the areas most likely to be using Telegram just makes this more urgent. This applies independent of if / how / why it's broken, and who, if anyone, may benefit from this.
What if the gnat isn't a gnat? What if the gnat is another man who now knows the communications of the first man? I'm not saying the Bear should kill both, but I'm pointing out that the analogy falls apart when the gnat isn't just a mildly annoying third party.
It's funny to see the basic cultural stuff float to the surface in comments like that. Like when there was a large number of "American" accounts some time ago on Twitter responding to financial news, but putting USD after the numbers... (To be clear, I'm not suggesting anything specific about the author here, just that sometimes you see enough opinions about something with the origin "leaking" through the side channel and wonder how organic it is)
EDIT: discussed on HN: https://news.ycombinator.com/item?id=40315274
[1] https://news.ycombinator.com/item?id=40342204