this post was submitted on 20 Dec 2024
270 points (97.5% liked)

Technology

73461 readers
5179 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Peasley@lemmy.world 65 points 7 months ago* (last edited 7 months ago) (8 children)

Nothing new here. E2E is only available in one on one chats and is disabled by default. Dont use Telegram if privacy is your main concern.

At least it has an open-source client. Very few messaging platforms can say that, and fewer have a decent UX.

It's not perfect, but it's got a good combination of features and multi-platform availability. None of the other messaging apps support all of my devices except Matrix, and ~~Matrix doesn't have stickers~~

Edit: Signal doesn't support all my devices but maybe someday! The network effect is also big. None of my family and friends are on Signal, but most have Telegram. A few have Matrix.

Also Signal is a US-based company.

Edit 2: Matrix does have stickers, i guess I'm switching

[–] candyman337@sh.itjust.works 69 points 7 months ago (4 children)
[–] anamethatisnt@lemmy.world 32 points 7 months ago (1 children)
[–] sunzu2@thebrainbin.org 11 points 7 months ago (4 children)

They still tie it to your ID since you need the phone number.

And we just trust them not to share your social map to NSA which they totally don't do. Trust me bro

[–] WhatAmLemmy@lemmy.world 7 points 7 months ago* (last edited 7 months ago) (1 children)

The NSA already has your social map from Apple, Google, Facebook/whatsapp, plus a hundred other sources you've given access to your contacts in the past decade.

Even if you've never used any of those, or given any app access to your contacts, 99% of your contacts have.

[–] sunzu2@thebrainbin.org 0 points 7 months ago (1 children)

Data is about as good as it is current though and many people are reducing their exposure to these parasites

A person can now pretty easily go without logging into any of these apps with a few adjustments.

Hence why signal relationship maps will be even more valuable going forward. Hence my theory about signal...

[–] rottingleaf@lemmy.world 1 points 7 months ago* (last edited 7 months ago)

I'm not getting you.

There's correspondence, there's metadata, and there's phone-ID relationship.

Signal still protects #1 and #2 better than #3. And the way it works, infrastructure load is much bigger than for most other messaging platforms. So it makes total sense they limit registration somehow .

I'm not sure I remember by now what I've read about Signal protocol, but I think the fact of who messages whom they don't have, so it's not just trust.

~~Anyway, if you've read about 90s' mixmaster servers for mail, while Signal developers don't approve of alternative clients, there are libraries and it's possible to make some kind of a mixmaster bot. ~~

I've left this, because it's funny as a good illustration of why they don't want alternative clients, among other things - because I've described a voluntary MITM.

[–] anamethatisnt@lemmy.world 3 points 7 months ago (1 children)

That they do, but your contacts doesn't have to get it anymore.
A self-hosted matrix stack built from source with matrix clients built from source with e2ee implemented that you yourself have the competence to verify the encryption and safety of would be the only secure communication I know of if you don't want to trust a third party.

[–] Kusimulkku@lemm.ee 2 points 7 months ago

I'm way more concerned about the privacy of what I say than who I say it to.

[–] prex@aussie.zone 0 points 7 months ago

Guess I better stick with Facebook messenger then.
/s Does that even exist still?

[–] explore_broaden@midwest.social 6 points 7 months ago (1 children)

They still don’t have backups on iOS which is a deal-breaker for me.

[–] toothpaste_ostrich@feddit.nl 0 points 7 months ago (1 children)

Why would you use iOS if you care about privacy?

[–] TheRealKuni@lemmy.world 1 points 7 months ago (1 children)

Why would you use iOS if you care about privacy?

Because it’s far better for privacy than any Google-Play-Services-ridden version of Android, and sometimes in life you don’t want to have to deal with custom ROMs anymore.

But also that’s an exceptionally dumb question, because the implication is that privacy can’t matter to people who don’t go to the same precise lengths someone else does.

[–] toothpaste_ostrich@feddit.nl 1 points 7 months ago (1 children)

Honestly, my problems with Apple go beyond just the privacy issues.

[–] TheRealKuni@lemmy.world 1 points 7 months ago

Fair enough, Apple has some pretty fucking terrible anti-consumer behavior. Privacy is just one of the few things they do well.

[–] Peasley@lemmy.world 3 points 7 months ago (1 children)

I couldnt find a working Ubuntu touch app last i tried to use it

[–] michael_palmer@lemmy.sdf.org 1 points 7 months ago (1 children)

Ubuntu touch is dead. Are there at least native browsers for it?

[–] Peasley@lemmy.world 2 points 7 months ago (1 children)

Is it? I still get regular updates. Yes there are a few, i use Morph

https://www.ubuntu-touch.io/

[–] michael_palmer@lemmy.sdf.org 1 points 7 months ago

For some reason, I thought Ubuntu touch was EOL. Probably because I tried it on a Redmi 5 and it was an unofficial 2018 build. Is the Morph browser still supported? I checked the Github page and the last changes were 3 years ago.

[–] BearOfaTime@lemm.ee -3 points 7 months ago (3 children)

After Signal's lie about dropping SMS support because of "engineering costs", I really can't believe anything else they say.

Plus the app experience sucks, it's no better than SMS.

it’s no better than SMS

That's not true, but even so, the whole point is to be an alternative to SMS. It provides that experience, so I'm happy.

[–] Kusimulkku@lemm.ee 5 points 7 months ago

Wasn't another explanation people mistakenly sending SMS and getting fucked when they meant to send a Signal message?

[–] dubyakay@lemmy.ca 4 points 7 months ago

Are you talking about the signal from five years ago or something?

[–] TheTechnician27@lemmy.world 33 points 7 months ago (2 children)

A platform that values my privacy? Or stickers? Tough choice, I guess, except Signal has both.

[–] reev@sh.itjust.works 7 points 7 months ago

Doesn't have unlimited storage though. It's really nice being able to jump to any of the 15,000+ images shared with a single person dating back to like 2015 within a couple seconds. I know that's a privacy concern but nothing comes close to telegram's searchability and the unlimited storage.

[–] Peasley@lemmy.world 4 points 7 months ago* (last edited 7 months ago) (1 children)

It's a messaging app, it's useless if there is nobody to message. I dont have any friends using signal yet.

Also it doesnt work on my phone (Ubuntu touch). There used to be a community app but it's not currently working.

I sincerely wish them success, but it's hard to have faith that a US-based company will actually protect your privacy. Not that Telegram does either. I dont know what information they do even collect.

[–] TheTechnician27@lemmy.world 6 points 7 months ago* (last edited 7 months ago) (1 children)

It's hard to have faith that a US-based company will actually protect your privacy.

You don't have to, though? 1) The E2EE Signal protocol is well-audited to be robust. 2) The app itself is FOSS, and there are a lot of eyes on it. 3) The server code is FOSS. Even if they're lying about what code they use, it doesn't matter because it's E2EE. 4) If you think Signal might be bait-and-switching by building from different source code, you'd be provably wrong. They have reproducible builds, so were they to actually try this, it would be like sending up a flare to the entire security community. 5) Literally every single time OWS has been subpoenaed, the only information they've been able to provide is extremely basic metadata like server connection times.

You have no idea what you're talking about, I'm sorry. There's functionally less "trust" here than any messaging application on the planet. The network effect remark is at least valid and can be debated (although I personally have zero friends who use Telegram and at least several who use Signal). This one is just so, so wrong that it's not even up for debate.

[–] Peasley@lemmy.world 1 points 7 months ago* (last edited 7 months ago) (1 children)

Thanks for the elaboration. I'm not familiar with how Signal works.

[–] Thetimefarm@lemm.ee 2 points 7 months ago

Educating yourself on topic is a good idea BEFORE you plan on arguing about it online.

[–] smiletolerantly@awful.systems 17 points 7 months ago* (last edited 7 months ago)

Matrix does have stickers

[–] r0ertel@lemmy.world 4 points 7 months ago (1 children)

Can you elaborate on your last sentence? Is the US more or less trustworthy than alternatives?

[–] Peasley@lemmy.world 17 points 7 months ago (1 children)

Less than some. The US gov has a history of forcing US-based corporations to disclose private data regardless of their policies or the law.

I can't give you a good alternative though. I'm sure the same thing happens in many countries

[–] shortwavesurfer@lemmy.zip 4 points 7 months ago (1 children)
[–] viking@infosec.pub 1 points 7 months ago (1 children)

I tried it, and it looks decent, but there wasn't a single person I know around.

[–] shortwavesurfer@lemmy.zip 1 points 7 months ago

I'm not surprised due to my involvement in the Monero community, at least some people I know from previous online chat rooms are there, but I don't know anybody directly in person like from my day-to-day life that uses it.

[–] jol@discuss.tchncs.de 2 points 7 months ago

Stickers are pointless if I have no one to send them to. So I stay in telegram.

[–] daniskarma@lemmy.dbzer0.com 2 points 7 months ago

Problem I have with matrix is that, afaik, does not currently support temporal or self destructing messages. Which is a big no-no for privacy conscious usage.

[–] rottingleaf@lemmy.world 0 points 7 months ago

E2E is only available in one on one chats and is disabled by default.

Considering that there's no technical problem with enabling it for all one-on-one chats, this tells a lot.

Also no E2EE on desktops.

I hate TG's UX. It's atrocious. WhatsApp is the closest to something normal, but imperfect too.

At least it has an open-source client.

Chromium is an open-source browser.

OK, more specifically - what matters is that TG's protocol is a big ugly target moving fast. So its official client with released sources is in practice the only one. There are things like libpurple plugin and some python TUI client and an emacs one, but they are all lagging behind. And I think they are all using official tdlib.

This tells something too, that their talk about possibility of alternative clients is of the same kind as their talk about privacy.

About the network effect - bring your family and friends to Signal one by one. Of course it won't happen overnight.