this post was submitted on 29 Jan 2025
90 points (96.9% liked)

Asklemmy

44617 readers
1011 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
90
What are the reasons to use Signal over Telegram (lemmy.ml)
submitted 1 day ago* (last edited 1 day ago) by [email protected] to c/[email protected]
77 comments fedilink hide all child comments
 

Greetings!

A friend of mine wants to be more secure and private in light of recent events in the USA.

They originally told me they were going to use telegram, in which I explained how Telegram is considered compromised, and Signal is far more secure to use.

But they want more detailed explanations then what I provided verbally. Please help me explain things better to them! ✨

I am going to forward this thread to them, so they can see all your responses! And if you can, please cite!

Thank you! ✨

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 20 hours ago (2 children)

It really depends on who your friend is, and who they are trying to defenf against.

If the US ( or Russian / Chinese) government really wants to access an internet-connected device, they can do it; what app you are using doesn't even matter. For example, most people use the default Google keyboard, which could be compromised.

If the concern is about local goons / employers / coworkers, then both Telegram and Signal are more than enough to stop them prying.

As for whether to use Signal or Telegram, Signal has end to end encryption enabled by default, while in Telegram you have to switch it on for each chat. On the other hand, Telegram has the best UI among messaging apps hands down.

[–] [email protected] 1 points 8 hours ago

Pegasus really negates a lot of security too.

[–] [email protected] 2 points 19 hours ago* (last edited 19 hours ago)

Even if you switch to an offline keyboard, the new "ai" assistants in Windows, iOS, and Android? Can read your screen, microphone, and etc. I'm not really sure what you should use unless you use coded language. Even then, there's just too much information about you out there anyway. Best bet would to be have conversations in private away from any electronic devices or use something like tails.

[–] [email protected] 8 points 23 hours ago (1 children)

Telegram is not end to end encrypted. Repeating it's not. Only private mode or something like that is.

[–] [email protected] 2 points 23 hours ago (1 children)

You don't say? A cloud-service I can access from all devices plus API and bots is not e2e-encrypted with zero knowledge? I'm shocked. That's what "secret chat" is for. Literally.

They chose this way as the regular Joe and Jane don't care for privacy but for comfort. You can never ever have both. Nowhere.

I love tgram for it being so open. And e2e when I need it. I don't need privacy for when my smarthome sends me notifications about a light I left on or something 😁

[–] [email protected] 1 points 20 hours ago (1 children)

Yep, and this allows for proper content moderation. Telegram can actually just find and report creeps to authorities

[–] [email protected] 1 points 14 hours ago (1 children)

That too. Sadly the restrictiveness was badly abused. Noone really wonders but...that's why we can't have nice things.

[–] [email protected] 1 points 14 hours ago (1 children)

Well then use the secret chat if you want your chat to be secret from any prying eyes

[–] [email protected] 1 points 13 hours ago (1 children)

I meant the restrictiveness towards governments. The pesos and Nazis fucked that up, tgram had to do something or have their ill repute grow even more.

[–] [email protected] 1 points 7 hours ago

Telegram seems to be a popular option for groups of such orgs. Other apps have the same risks tho. It's a bit if a mess

[–] [email protected] 15 points 1 day ago* (last edited 1 day ago) (2 children)

Telegram for random public chatter/file storage(with password lock), talking to strangers without giving them your number. Signal for personal/private conversations.

Spread your data (encrypted or not) around, so a single entity doesn't own your digital life. Your device can handle 2 apps and don't give them permissions willy nilly. Geez, every one of these posts just wants to start a flame war.

[–] [email protected] 1 points 13 hours ago

If you have a safe, but cannot open it, do you own the contents inside? Signal has no way of accessing your data, I would argue they don't own it.

[–] [email protected] 4 points 1 day ago (1 children)

Signal supports username based chatting.

[–] [email protected] 1 points 20 hours ago (1 children)

Behind those usernames, are phone numbers (meaning real identities) stored in signal's database.

[–] [email protected] 1 points 19 hours ago (1 children)

As far as I know telegram requires a phone number too.

And the conversation was about "talking to strangers without giving them your number", not without giving signal nor telegram your number.

[–] [email protected] 2 points 19 hours ago (1 children)

There are far better privacy alternatives to both: matrix, xmpp, simplex all work well and don't require phone numbers or US-based hosting.

[–] [email protected] 2 points 17 hours ago

Where do you want to place the goal post?

We talked about comparing 2 applications. Commenter wasn't up-to-date and implied a falsehood, I corrected it as it is important for the discussion. Then you talk about something completely else and in context, implied a falsehood, I corrected that as it is important for the discussion. And now you are talking about something completely else again.

Please express your opinion. You can do it in this thread, even if it is off-topic, I don't care, but please stop acting like you are responding to me.

[–] [email protected] 74 points 1 day ago (1 children)

In my view, by far the biggest reason to switch is that Telegram doesn't end-to-end encrypt chats by default.

Yes you can start encrypted chats specifically, but i'll bet 99% of chats on telegram aren't encrypted - meaning whoever has access to the telegram servers can read all the messages.

Signal claims to end-to-end encrypt all chats by default, and if you want to be 100% sure you can in theory read the source code and compile the app yourself. this means signal cannot read any of your messages, even if police asks them to or servers get seized. That's a massive advantage in privacy.

[–] [email protected] 22 points 1 day ago (1 children)

Additionally, E2E chats don't sync between devices (and iirc you can't use them on desktop at all), and group chats can't be encrypted at all.

[–] [email protected] 16 points 1 day ago (4 children)

Signal very recently made syncing between devices possible:

https://signal.org/blog/a-synchronized-start-for-linked-devices/

[–] [email protected] 15 points 1 day ago

I was talking about Telegram. Syncing messages between devices has always been possible on Signal, just not the ones from before you connected the extra device.

load more comments (3 replies)
[–] [email protected] 14 points 1 day ago (1 children)

Telegram rolls their own crypto. That should be the biggest red flag by far. I say this as a telegram user

[–] [email protected] 2 points 13 hours ago

The encryption method they use was made up by them, and the chats aren't even end to end encrypted by default. Which I would argue is a larger red flag.

[–] [email protected] 23 points 1 day ago (7 children)

While there may be better options out there, from a purely security standpoint.

The real world, with non-tech people needs solutions that are easy, fast and as close to foolproof as possible.

I choose Signal, because my mum, my sisters and brothers (none of which are tech people) can all go to their app stores and install Signal, it works and it is easy. Signal is private BY DEFAULT, I don't have to remind them to turn on security for each chat, there is voice and video chat for individuals and groups, I can use it to send files. It is really good. Secure communication is their primary goal.

I have been using Signal since it was called TextSecure and I only had one contact using it.

Yes it sucked when they dropped SMS support; but these days about 98% of my messaging goes through Signal. Any SMS is usually from my doctor/dentist/bank.

I never really trusted Telegram, too many compromises. Secure communication is not their primary goal.

load more comments (7 replies)
[–] [email protected] 0 points 15 hours ago (1 children)

Telegrsm is not secure anymore. USA have all the keys of the encriptions of telegrsm.

[–] [email protected] 2 points 15 hours ago (1 children)

citation?

[–] [email protected] 4 points 13 hours ago

I wouldn't say USA has all the encryption keys, but the fact that it is actually possible to have a backdoor is reason enough for me to not use it. Signal complies with all search warrants, giving all the data they have to law enforcement. They have never given any data to law enforcement, because they do not have access to it. Telegrams approach is to simply to spread the data to several servers in different countries, so if law enforcement wanted access they'd have to submit requests to each country (some of which wouldn't comply).

[–] [email protected] 29 points 1 day ago* (last edited 1 day ago) (3 children)

Telegram doesn't even encrypt group chats. And it doesn't encrypt private convos by default.

load more comments (3 replies)
[–] [email protected] 20 points 1 day ago* (last edited 1 day ago) (8 children)

I can't speak about telegram, but signal is absolutely not secure to use. Its a US-based service (that must adhere to NSLs), and requires phone numbers (meaning your real identity in the US).

Matrix, XMPP, or SimpleX are all decentralized, and don't require US hosting.

[–] [email protected] 4 points 1 day ago

and requires phone numbers (meaning your real identity in the US).

This gets shared a lot as a major concern for all services requiring a phone number. It is definitely true that by definition, a phone number is linked to a person's identity, but in the case of signal, no other information can be derived from it. When the US government requests data for that phone number from Signal, like they occasionally do, the only information Signal provides them with is whether they do have a signal account and when they registered it last and when they last signed in. How is that truly problematic? For all other services which require a phone number, you would have much more information which is where it is truly problematic, say social graph, text messages, media, locations, devices etc. But none of that is accessible by Signal. So literally the only thing signal can say is whether the person has an account, that's about it. What's the big deal about it? Clearly the US government already has your phone number because they need it to make the request for Signal, but they gain absolutely no other information.

[–] [email protected] 15 points 1 day ago (1 children)

So if I understand it Signal has your phone number but only logs sign up date and last activity date. So yes they can say this person has Signal and last used it on date X. Other than that no information.

Matrix doesn't require a phone number but has no standard on logging activity so it's up to the server admin what they log, and they could retain ip address, what users are talking in what, rooms, etc. and E2EE is not required.

I think both have different approaches. I'm just trying to understand. On one hand you have centralized system that has a standard to minimize logs or decentralized system that must be configured to use E2EE and to remove logs.

[–] [email protected] 1 points 20 hours ago* (last edited 20 hours ago)

They have your phone number (meaning your full identity, and even current address), and as the primary identifier, it means they have message timestamps and social graphs.

Its impossible to verify what code their server is running. Or that they delete their logs, because they say they do? You should never rely on someone saying "just trust us". Truly secure systems have much harder verifiability tests to pass.

[–] [email protected] 14 points 1 day ago (4 children)

This entire article is guessing at hypothetical backdoors. Its like saying that AES is backdoored because the US government chose it as the standard defacto symmetrical encryption.

There is no proof that Signal has done anything nefarious at all.

[–] [email protected] 1 points 20 hours ago (1 children)

There was also no proof that a ton of US companies were spying on their users, until the global surveillance disclosures. Crypto AG ran a honeypot that spied on communications between world leaders for > 40 years until it got exposed.

[–] [email protected] 2 points 19 hours ago

Right but Signal has been audited by various security firms throughout its lifetime, and each time they generally report back that this messenger has encryption locked down properly.

load more comments (3 replies)
[–] [email protected] 11 points 1 day ago* (last edited 1 day ago) (6 children)

Thank you for your post!

I want you to know your effort and knowledge is appreciated, this will help future readers make better decisions.✨

But the situation stands that my friend and their friends are not as technologically literate as we are, and I would rather have them on something easy and secured than unsecured at all, especially from my experience with getting communities to use such decentralized platforms you mentioned.

load more comments (6 replies)
[–] [email protected] 10 points 1 day ago* (last edited 1 day ago) (1 children)

SimpleX is taking a lot of venture capital money which makes it just slightly suspect, imho. Those guys usually want a return of some kind on their investment. I simply don't trust the motives of technocrats like Jack Dorsey.

The Matrix Foundation, on the other hand, seems a lot more democratic in governance and stewardship of the protocol.

load more comments (1 replies)
load more comments (3 replies)
[–] [email protected] 6 points 1 day ago

There’s a lot of answers itt but heres a simpler one:

If you want to prevent people in power from having access to communications there are two methods employed, broadly speaking:

The first is to make a very secure, zero knowledge, zero trust, zero log system so that when the authorities come calling you can show them your empty hands and smirk.

Signal doesn’t actually do this, but they’re closer to this model than the second one I’m about to describe. Bear in mind they’re a us company so when the us authorities come to their door or authorities from some nation the us has a treaty with come to their door signal is legally required to comply and provide all the information they have.

The second is to simply not talk to the authorities. Telegram was closer to this model than signal, using a bunch of different servers in nations with wildly different extradition and information sharing mechanisms in order to make forcing them to comply with some order Byzantine to the point of not being worth it.

Eventually the powers that be got their shit together and put hands on telegrams owner so now they’re complying with all lawful orders and a comparison of the tech is how you’d pick one.

The technology behind the two doesn’t matter really but default telegram is less “secure” than default imessage (I was talking with someone about it so it’s on the old noggin’).

load more comments
view more: next ›