Phone number privacy and usernames are now rolling out to everyone using Signal version 7.0! Update your app to take advantage of these new features 🎇
https://signal.org/blog/phone-number-privacy-usernames/
Telegram is only slightly more private than Facebook Messenger. Not only can they link a username to a phone number, but they can link a phone number to a username too.
Meanwhile, Signal did it right.
And that’s before we start talking about all the problems made in Telegram, from rolling their own encryption to telling their users not to use it.
Is there a purpose for such chats? Even if they are non-public as long as they have more than 1 people someone will leak your messages if they wanted. Same as in public chats.
I don’t think that’s a valid argument. Even in a one-on-one encrypted chat, the person you are chatting with could leak the chat. Having more users doesn’t change that.
That’s exactly my argument though. Problem is not how to protect the data but the malicious intent of chat members.
Telegram secret chats aren’t kept in history so there will be nothing to leak though. Forked clients can’t have this functionality I think but then again, nothing stops them from taking photos of your messages in secret chat with another phone.
That’s a strange argument. I want my group chats with friends and family to be private. Why should Telegram or Meta be allowed to spy on my private conversations just because there are more than two people?
Look, I too love privacy and serverless software but give me a break. Complaining about your family group chats “not being private” (it’s not exactly true) is like complaining why you can’t host your cat photos on a TOR website (you can do that in fact).
In Telegram, chats (groups really) are called private if they are invite-only, and otherwise they are public.
When you create a group chat, even with just 2 people it’s not e2e encrypted. Secret chats are, and they only work with 2 ends. You could create a group chat and selectively use secret chat with each member to share private stuff, but that would be quite a chore.
Chats are hosted on servers for the same reason why you host your (cat photos filled) homepage outside of your house. Just because stuff is hosted elsewhere doesn’t mean it’s being spied on.
From what I understand, there was no evidence that Telegram spies on your private chats. There are cases where Telegram is asked to take measures against certain person based on their activity in public chats …by government of authoritarian regimes …after Telegram tries and fails to oppose that request …and it probably doesn’t involve Telegram looking into messages made by the person in question in groups not mentioned in the original request (which would mean that person’s family chats remain private).
So, if you live under an authoritarian regime and like discussing protest activities in your family group chat before some of your family members decides to report on you or share one of your messages in another public chat - the one who puts you in danger is yourself. And I doubt that chat not being hosted somewhere would save you from danger in that case.
Otherwise, your private groups are private and it’s safe to chat with your family through Telegram.
Why would I use non encrypted group chat when I can just use Signal. Why use a product with bad security?
It doesn’t matter if there is evidence of Telegram spying or not. They have the capability to do it. And with all the companies selling customers data to train AI, I don’t want to risk it. And the best part is, that I don’t have to, because there is Signal and all my friends already use it.
I don’t mind things being hosted elsewhere as long as it’s encrypted and the host provider do not have the keys. That is not the case with Telegram. If you like Telegram, sure use it. But don’t use Telegram if you value privacy, use it because you like its user experience and know that you are sacrificing privacy. That might be fine for you, but not for me.
I don’t mind things being hosted elsewhere as long as it’s encrypted and the host provider do not have the keys. That is not the case with Telegram.
So you would prefer a platform to not have the keys to hosted content but allow that to every group member? That’s not much different from sharing your credit card details with your friends.
People hate telegram for wrong reasons.
Problem is that “bad security” is a misleading description of how telegram handles data. I see, people like to say these words when they fear that “my text is going to be fed to AI” or “my files are going to be hosted on a hardware not under my control” and I disagree that these are security issues. The moment you allow someone else to host your content (even text) you should raise an alarm if you are so careful about those things. But you allow that with signal.
If someone wanted to report on you with signal, they still could. It may fail, not because its chats are e2e encrypted, but because they don’t keep stuff on servers.
Hosting allows telegram have public communication features. You can basically use it to read news and comment on them. You can save your content, share it with your group and not worry that it will expire at some point or that new members of your group will not be able to see it. You can organize with other people for any activity, public or not.
So, Telegram provides features that are incompatible with privacy aspects some people want. Signal provides features that prevent it from becoming a platform for mass communication and communities. Both are fine. It’s a mistake to compare them by the same standards.
So you would prefer a platform to not have the keys to hosted content but allow that to every group member? That’s not much different from sharing your credit card details with your friends.
That is not how encryption works. Not even remotely. You only share your public key with people you communicate with not your private key. This is not comparable with sharing credit card information. You need to read up on how encryption work.
And there is no reason Telegram could not host information and still encrypt it. Lots of services do that.
Look at ProtonMail/ProtonDrive they host mails and files without having any access to it. Look at Keybase, they host all kind of encrypted communications services without having access. Telegram could do it, they choose not to, and that should be a concern.
Telegram doesn’t have this to such an extent. If someone has your number in their contacts and you join Telegram they see you whether you want it or not. Signal (now) hides that too.
This is a fairly easy answer. Signal refuses to take shortcuts that others are happy to use.
You may find this virtuous, but I’ll argue that it isn’t.
It’s much better to start by having windows that don’t lock than to keep holes in your walls all year while waiting for windows that are insulated, lockable and can be cleaned from the inside.
Signal leaves the holes until they finish the insulated window that also creates electricity.
Telegram uses encryption that allows themselves to read your messages. This shortcut allows them to restore messages, outside of secret chats, when you install the app on a new device. It also makes distribution of your messages to large groups much easier for themselves.
Another shortcut Telegram took was to hide your phone number only when it wasn’t in the contacts already. There are a limited number of possible phone numbers, so discovering a “hidden” one is possible.
Another shortcut Telegram took has to do with the default settings they chose.
Rather than defaulting to using secret chats, they chose to default to not secret chats for every new discussion and group. This isn’t in the users’ best interests, so Signal encrypted everything and doesn’t offer non-secret chatting.
Regarding SMS, Signal had made this mistake for a while too, because they chose to drop encrypted SMS, then dropped SMS entirely later. Signal let perfect be the enemy of good.
Thanks. I knew they had some questionable default settings, but haven’t heard (or read in, really) their encryption being entirely backdoored when needed, rather than the usual “well, better KGB than FBI can read it” conspiracy talk.
Signal sill implemented better than any other. They can’t link your username to phone number, the others can. So maybe other are faster on a superficial level, but the implementation is trash.
Telegram had this for a long time. Why is Signal always behind on privacy features?
Telegram is only slightly more private than Facebook Messenger. Not only can they link a username to a phone number, but they can link a phone number to a username too.
Meanwhile, Signal did it right.
And that’s before we start talking about all the problems made in Telegram, from rolling their own encryption to telling their users not to use it.
Does Telegram still not have end-to-end encrypted group chat?
No, and (I really can’t stress this enough) they really want their unpaid interns to tell you to stop asking for it.
I see. Telegram seems to be a privacy theatre.
Telegram lies about privacy and security the same exact way that Facebook does!
More people need to understand this before recommending any messenger app.
@DaseinPickle
@LWD
Is there a purpose for such chats? Even if they are non-public as long as they have more than 1 people someone will leak your messages if they wanted. Same as in public chats.
I don’t think that’s a valid argument. Even in a one-on-one encrypted chat, the person you are chatting with could leak the chat. Having more users doesn’t change that.
That’s exactly my argument though. Problem is not how to protect the data but the malicious intent of chat members.
Telegram secret chats aren’t kept in history so there will be nothing to leak though. Forked clients can’t have this functionality I think but then again, nothing stops them from taking photos of your messages in secret chat with another phone.
That’s a strange argument. I want my group chats with friends and family to be private. Why should Telegram or Meta be allowed to spy on my private conversations just because there are more than two people?
Look, I too love privacy and serverless software but give me a break. Complaining about your family group chats “not being private” (it’s not exactly true) is like complaining why you can’t host your cat photos on a TOR website (you can do that in fact).
In Telegram, chats (groups really) are called private if they are invite-only, and otherwise they are public.
When you create a group chat, even with just 2 people it’s not e2e encrypted. Secret chats are, and they only work with 2 ends. You could create a group chat and selectively use secret chat with each member to share private stuff, but that would be quite a chore.
Chats are hosted on servers for the same reason why you host your (cat photos filled) homepage outside of your house. Just because stuff is hosted elsewhere doesn’t mean it’s being spied on.
From what I understand, there was no evidence that Telegram spies on your private chats. There are cases where Telegram is asked to take measures against certain person based on their activity in public chats …by government of authoritarian regimes …after Telegram tries and fails to oppose that request …and it probably doesn’t involve Telegram looking into messages made by the person in question in groups not mentioned in the original request (which would mean that person’s family chats remain private).
So, if you live under an authoritarian regime and like discussing protest activities in your family group chat before some of your family members decides to report on you or share one of your messages in another public chat - the one who puts you in danger is yourself. And I doubt that chat not being hosted somewhere would save you from danger in that case.
Otherwise, your private groups are private and it’s safe to chat with your family through Telegram.
Why would I use non encrypted group chat when I can just use Signal. Why use a product with bad security?
It doesn’t matter if there is evidence of Telegram spying or not. They have the capability to do it. And with all the companies selling customers data to train AI, I don’t want to risk it. And the best part is, that I don’t have to, because there is Signal and all my friends already use it.
I don’t mind things being hosted elsewhere as long as it’s encrypted and the host provider do not have the keys. That is not the case with Telegram. If you like Telegram, sure use it. But don’t use Telegram if you value privacy, use it because you like its user experience and know that you are sacrificing privacy. That might be fine for you, but not for me.
So you would prefer a platform to not have the keys to hosted content but allow that to every group member? That’s not much different from sharing your credit card details with your friends.
People hate telegram for wrong reasons.
Problem is that “bad security” is a misleading description of how telegram handles data. I see, people like to say these words when they fear that “my text is going to be fed to AI” or “my files are going to be hosted on a hardware not under my control” and I disagree that these are security issues. The moment you allow someone else to host your content (even text) you should raise an alarm if you are so careful about those things. But you allow that with signal.
If someone wanted to report on you with signal, they still could. It may fail, not because its chats are e2e encrypted, but because they don’t keep stuff on servers.
Hosting allows telegram have public communication features. You can basically use it to read news and comment on them. You can save your content, share it with your group and not worry that it will expire at some point or that new members of your group will not be able to see it. You can organize with other people for any activity, public or not.
So, Telegram provides features that are incompatible with privacy aspects some people want. Signal provides features that prevent it from becoming a platform for mass communication and communities. Both are fine. It’s a mistake to compare them by the same standards.
That is not how encryption works. Not even remotely. You only share your public key with people you communicate with not your private key. This is not comparable with sharing credit card information. You need to read up on how encryption work.
And there is no reason Telegram could not host information and still encrypt it. Lots of services do that.
Look at ProtonMail/ProtonDrive they host mails and files without having any access to it. Look at Keybase, they host all kind of encrypted communications services without having access. Telegram could do it, they choose not to, and that should be a concern.
How so? Your family would have the same access to your private chats and nothing would stop them from using it with malicious intent.
How encryption works is not the issue. The issue is with people expecting it to protect content shared with a group.
Maybe read about how telegram handles data. It’s encrypted.
Telegram doesn’t have this to such an extent. If someone has your number in their contacts and you join Telegram they see you whether you want it or not. Signal (now) hides that too.
This is a fairly easy answer. Signal refuses to take shortcuts that others are happy to use.
You may find this virtuous, but I’ll argue that it isn’t.
It’s much better to start by having windows that don’t lock than to keep holes in your walls all year while waiting for windows that are insulated, lockable and can be cleaned from the inside.
Signal leaves the holes until they finish the insulated window that also creates electricity.
@turkishdelight
@celmit
I agree 100% with what you said.
Can you name some shortcuts that Telegram uses, but Signal doesn’t?
Sure.
Telegram uses encryption that allows themselves to read your messages. This shortcut allows them to restore messages, outside of secret chats, when you install the app on a new device. It also makes distribution of your messages to large groups much easier for themselves.
Another shortcut Telegram took was to hide your phone number only when it wasn’t in the contacts already. There are a limited number of possible phone numbers, so discovering a “hidden” one is possible.
@breden
Another shortcut Telegram took has to do with the default settings they chose.
Rather than defaulting to using secret chats, they chose to default to not secret chats for every new discussion and group. This isn’t in the users’ best interests, so Signal encrypted everything and doesn’t offer non-secret chatting.
Regarding SMS, Signal had made this mistake for a while too, because they chose to drop encrypted SMS, then dropped SMS entirely later. Signal let perfect be the enemy of good.
Thanks. I knew they had some questionable default settings, but haven’t heard (or read in, really) their encryption being entirely backdoored when needed, rather than the usual “well, better KGB than FBI can read it” conspiracy talk.
I would say Signal should not be slow on the things they are proud the most. SimpleX still better on this.
Signal sill implemented better than any other. They can’t link your username to phone number, the others can. So maybe other are faster on a superficial level, but the implementation is trash.
Try putting a Signal username and a SimpleX username in the same bio and see which one fits 😉
SimpleX all the way. For apps with phone number required I prefer Telegram.
Telegram offers no privacy improvement over Signal and many downsides
For privacy I only use SimplexX even Telegram secret chats. For everything else Telegram.
I prefer not using any messenger app that requires a phone number.
@guts
@LWD