So I’m in a somewhat unfortunate situation. My circle of friends doesn’t want to switch to another messenger and we are currently stuck on the worst possible platform for security: Telegram.
The problem is that it is very hard to convince anyone to switch, if they are all perfectly fine and like Telegram. I mean I can get why they like it: The UX and UI of Telegram are amazing and there are well functioning clients available for any platform. It has more features and gimmicks than any other messenger I know BUT it lacks one mayor thing: E2EE. And that’s mostly what I care about. The second problem is that I was the person who recommended the switch to Telegram right after WhatsApp was bought by Facebook. I know, that was a bad recommendation, but back then I didn’t know shit about privacy or why E2EE mattered. I was just like “Hey, it’s not by Facebook, so it must be better”. And now everyone I know is there and won’t leave.
If - in the hypothetical situation of me setting an ultimatum and deleting my Telegram after that - I wanted to make them switch somewhere else: What messenger would that be? Currently I’m mostly thinking Signal. I know it’s not perfect either, it is centralized, and the servers are in the US, but it has a bigger user base already than most of its competitors like Threema or Matrix/Element and it is very easy to set up and use. I’m already a user of Signal, Threema, Matrix, WhatsApp and Telegram (every platform for some contacts, but most of them on Telegram sadly), so having yet another option is not a problem for me, as well as getting rid of one is also no problem. I’d love to delete both Telegram and WhatsApp in this move.
So, in conclusion, what I need is a messenger that has all or most of the following:
- best possible security (E2EE is minimum)
- easy to use (no complicated setup, simple UI)
- already has some users (not too niche)
- cross-platform and multi-device (should run on Android, iOS and Windows/Web)
- some flashy dumb features like stickers and so on to keep them entertained
My choice would be Signal. But I am unsure if that is the best choice or if I should just wait a bit and see what all of the new EU laws about messengers and gatekeepers bring to the game and if anything chances with that.
Signal does not support web app
deleted by creator
Telegram is absolutely not the worst one. Those are whatsapp, facebook messenger, and viber. Telegram is not good, but I think it’s an acceptable compromise
[This comment has been deleted by an automated system]
fb messenger has a hidden e2ee feature that probably nobody uses, like with telegram, that’s at most feature parity, not a pro compared to telegram. But then since fb apps are closed source and heavily obfuscated, you can’t check for messenger nor whatsapp whether it actually does what it says.
That was about trust in the available encryption and how the app handles your messages. So far I fail to see how fb messenger is better than telegram.
But that’s not the only relevant aspect in privacy. It’s also important what else the app is doing, and whether there are alternative clients if you don’t trust the official one. This is the reason why I won’t ever accept facebook solutions being described as private options. I’d be surprised if any of facebook’s apps wouldn’t be doing everything in their power to collect every kind of information the OS provides to it, while the telegram client is not exactly fixated on harvesting everything.
Telegram has much less tracking components in the app, but if even that amount bothers you, telegram foss from f-droid is absolutely clean. You’ll never get anywhere near with facebook services.And then also don’t forget that whatsapp somehow regularly has vulnerabilities that allow arbitrary code execution on your phone by an attacker. I don’t remember the last time there was such a problem with telegram, but probably is was many years ago, if it all.
[This comment has been deleted by an automated system]
but Signal occasionally stops publishing their source code for months at a time,
I did not tell about Signal. Never made them a good example.
I believe their tech is cryptographically sound, but they are doing things with their app and the service too that I don’t like, to put it that way. I want to switch from telegram, but signal is not an option to me as a primary messenger for several reasons.so what messengers are even left at that point.
Simplex, Matrix, Telegram. Or there’s Molly too, but it inherits some of the problems of Signal.
WhatsApp and Telegram are harvesting the exact same information (phone number, IP address, location, and shitty metrics like “how often did you click the new chat button this week”).
Are you sure whatsapp does not collect anything more than that? And if so, why?
Unlike Telegram, WhatsApp doesn’t put ads into their product.
I haven’t seen any ads so far, and I don’t pay for telegram. Yes there are channels that I follow.
I don’t know where this idea comes from that the WhatsApp client is somehow uploading a copy of your entire phone to Facebook,
That is obviously not possible without root access, unless someone snoops in a rootkit for your system through a specially cradted whatsapp voice call.
WhatsApp is better than Telegram and many other messengers because it’s using good encryption.
Hopefully they are doing that for every message, and hopefully they refrain from analyzing screen content or typing stats for “a better advertisement experience”.
And last but not least, hopefully they are not bundling such components that inspect the app memory contents, and neither do allow other processes to do that through them, unlike signal does. (Alternative source: drew devault’s take on the same problem (too, but it also covers more)). Oh wait, it does make use of google play services… what a pityTelegram releases plenty of vulnerable software but they don’t seem to get much media attention.
I call bullshit. That article is about the telegram proxy server, which is not even official Telegram software, it is made by a dude in their free time.
So far that isonezero software released by telegram, definitely nowhere near plenty.
Are there that many known vulnerabilities in the clients too?
Maybe you’re right and I just haven’t heard of them, but then please point to CVEs or something that demonstrates them. And don’t come with the issues of MtProto 1.0, that was ages ago and irrelevant today.Whatsapp is only more private compared to facebook’s other, less secure messenger.
Did facebook employees just raid lemmy or what the fuck is happening in this post?
[This comment has been deleted by an automated system]
DMA will only affect Whatsapp and Facebook Messenger from messengers, Apple’s iMessage manage to be excuded as they don’t have 45 million active users (10% of EU population).
Edit: I said Google Messenger when I meant Facebook.
Signal fits all of your criteria.
- Has E2EE by default
- Has most generic UI possbile that just works
- Has a bunch of users
- Has clients for Android, iOS, Windows, macOS, Linux
- Has flashy features like stickers and stories
- Run by a non profit foundation instead of a single developer or for profit corporation
[This comment has been deleted by an automated system]
First Telegram isn’t the “worst possible option for privacy” and second, as you pointed out, Telegram is largely superior to others when it comes to usability and cross planform support.
I never understood these arguments for Telegram. Sure, it does have more features. It’s not better in terms of usability and cross platform support though. I use Signal desktop everyday. It’s a great experience. Cross platform… The only platform Signal doesn’t support is Web. Which… if there are mobile apps and desktop apps. Web is an insecure redundant need IMO. For the argument that web is good for scenarios where you can’t install desktop apps: I would flip the question to… why would you give a platform you have 0 control, permission to access your secure & private messaging? It just comes down to threat modelling. Telegram is neither secure, nor private. It shouldn’t even be in the same conversation unless talking about FB Messenger, messaging on Instagram or DMing on Twitter/X.
I use Signal desktop everyday. It’s a great experience. Cross platform…
Not it isn’t. It fails do sync messages, its an electron app that is slower than anything else native.
That’s not my experience. I use it on macOS. My messages are always synced. Super fast and runs smooth.
So you’re the 1% of people for for which Signal does work. Nice to know it does to someone.
So smooth it lag whenever you send a message comparing to others. Oh wait you must be comparing to iMessage and the plethora of visual animations Apple has on their messaging App. Telegram works very fast with animations disabled handles group chats with hundreds of people no problem and syncs instantaneously. The state of software development is just amazing, people don’t even notice how slow web apps are because they add aminations on top of it.
Anyways Signal might be CIA funded so… Let’s just say if you’re willing to put up with electron apps you may as well use Matrix.
Speaking about threat modelling, Telegram has one very good thing going on for them: they aren’t dicks with you want to delete messages. You have options that are very clear on what they do and allow you to delete messages in both sides. Other platforms are just shit when it comes to this and frankly that’s a privacy nightmare. What does it serve you do delete a message in your side if the platform doesn’t remove it from everywhere?
Most people I chat with on Signal uses desktop too, I’ve never heard complaints. Most of my contacts use it now. There were hiccups in the earlier months but now it’s smooth and works great.
I use Telegram every now and then. It’s has some nice features. But it’s not secure. The reason the messages “sync” fast there… is because it’s all plain text and on the server. For everyone to read. This is an undisputable fact about Telegram. The nature of the large channels you mentioned requires this insecure mode of storing chat histories, so that everyone can access. Where as with Signal, everything is E2EE. Except a tiny bit of metadata. Telegram everything is unencrypted until you use secret chats. Again. Different threat models. You can’t really compare it to Signal. It’s more akin to FB messenger. Which is not secure. Or private.
Messages being deleted for everyone is a pretty common feature across all the platforms now. I’m not sure what you’re getting at. Arguably, chat history being stored plain text is much more a privacy nightmare (it’s literally the reason people want E2EE) than anything else.
The reason the messages “sync” fast there… is because it’s all plain text and on the server.
Yes, I’m aware but it comes down to having something that really sync well 100% of the time, very quickly and without having to constantly dealing with errors such as this https://twitter.com/signalapp/status/1350631024351346689 or “signal can’t display this message”.
Messages being deleted for everyone is a pretty common feature across all the platforms now. I’m not sure what you’re getting at.
I’m getting at the fact that most platforms do stupid shit like “this message might not be deleted if the receiver already saw it” like WhatsApp does and/or replacing messages with placeholders saying “this message was deleted”. Telegram can be plain-text and can have a lot of issues but it guarantees that stuff is actually removed without trying to bullshit you like other do.
Eventually Signal might be funded by the US/CIA so who says it is as secure as they advertise it? If we assume that your privacy / security is broken (because it is) I might as well use the platform that provides the best desktop and mobile experience with fast syncs, ability to disable animations, have real desktop apps and not electron shit.
I’m getting at the fact that most platforms do stupid shit like “this message might not be deleted if the receiver already saw it” like WhatsApp does and/or replacing messages with placeholders saying “this message was deleted”. Telegram can be plain-text and can have a lot of issues but it guarantees that stuff is actually removed without trying to bullshit you like other do.
There’s absolutely 0 guarantee that what you’ve “deleted” is deleted. On any platform really. But what you can rely on is the fact that the E2EE is there to make sure things are only readable by whoever the messages were intended for (barring being hacked and compromised keys etc). The message can say whatever it wants, doesn’t mean a lot if you can’t trust the source. Again, we’re just talking about different threat models. With Telegram, it’s not meant for secure and private communication. It has a different audience. And to push Telegram as a private or secure communication, you’re actively doing the public a disservice.
If we assume that your privacy / security is broken (because it is) I might as well use the platform that provides the best desktop and mobile experience with fast syncs, ability to disable animations, have real desktop apps and not electron shit.
If you can’t trust even open source technology that you can review and build yourself. And trust renowned cryptographers reviews of this technology… then why are you in a privacy community telling people their experiences aren’t true to what they’re telling you?
Yeah but… Thet are not E2E encrypted by default. That shows how little they care about privacy.
The worst thing about Telegram is the false sensation of security and privacy it gives to unaware people (most of them).
Not just “by default”. It also cannot encrypt group chats and - most importantly - does not allow this on desktop clients.
Yeah but groups are never private, even with encryption.
