this post was submitted on 27 Feb 2026

771 points (98.4% liked)

Privacy

46790 readers

1424 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

771

Signal Founder Moxie Marlinspike: Telegram is not private. There is nothing private about it. They've done a really amazing job of convincing the world that this is an encrypted messaging app (cdn.imgchest.com)

submitted 3 days ago* (last edited 3 days ago) by Wudi@feddit.uk to c/privacy@lemmy.ml

334 comments fedilink hide all child comments

“Telegram is not a private messenger. There’s nothing private about it. It’s the opposite. It’s a cloud messenger where every message you’ve ever sent or received is in plain text in a database that Telegram the organization controls and has access to it”

“It’s like a Russian oligarch starting an unencrypted version of WhatsApp, a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. Somehow, they’ve done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives in Russia, and their families are there.”

" What happened in France is they just chose not to respond to the subpoena. So that’s in violation of the law. And, he gets arrested in France, right? And everyone’s like, oh, France. But I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn’t have access to the data and couldn’t respond to that same request. To me it’s very obvious that Russia would’ve had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment"

you are viewing a single comment's thread
view the rest of the comments

[–] yogthos@lemmy.ml 30 points 3 days ago (4 children)

It really depends on your needs and what people you communicate with are willing to use. A few platforms that are notable in no particular order.

SimpleX Chat is probably the gold standard right now. It uses absolutely no user IDs such as phone numbers, no usernames, no random strings of text. Instead, it creates unique, pairwise decentralized message queues for every single contact you have. Because there is no global identity, there is no metadata connecting your conversations together.

Session is a popular Signal alternative. It doesn't require a phone number and routes your messages through an onion-routed decentralized network that's similar to Tor. Since your IP address is hidden and messages are bounced through multiple nodes, no single server ever knows who is talking to whom, stripping away metadata.

Jami is completely decentralized, open-source platform. It uses Distributed Hash Tables to connect users directly to one another without a central server. Notably, it supports high-quality voice and video calls.

[–] tracyspcy@lemmy.ml 17 points 3 days ago (1 children)

heard SimpleX is really good, the only thing that bothers me is their vc funding model. It makes me feel a bit suspicious.

[–] yogthos@lemmy.ml 10 points 3 days ago

Yeah, I'm leery about anything where vcs are involved as well for obvious reasons. The tech itself does seem solid though, and it is open source. If it does start moving in a sketchy direction at least it could be forked at that point.

[–] marcie@lemmy.ml 9 points 3 days ago* (last edited 3 days ago) (1 children)

I really want simplexchat to evolve and get more features. If they ever make a lot of mod tools and the possibility to make giant servers with thousands with chatrooms like discord I could see it having mass appeal due to the ease of "signup"

[–] yogthos@lemmy.ml 7 points 3 days ago

yeah it definitely has some promise

[–] Neptr@lemmy.blahaj.zone 5 points 3 days ago (1 children)

Session is a security downgrade. It doesnt support forward secrecy which is hella important.

[–] yogthos@lemmy.ml -1 points 3 days ago (1 children)

Session actually does implement a form of forward secrecy through the Session Protocol. https://getsession.org/blog/session-protocol-v2

[–] Neptr@lemmy.blahaj.zone 2 points 3 days ago (1 children)

It seems that forward secrecy is still in development from the blog you showed.

I still wouldnt use session for the reasons stated in this Soatok's (a cryptographer) blogs. Even if they fix(ed) these problems, I have no trust for their security implementations. Why use session instead of something like Briar?

https://soatok.blog/2025/01/14/dont-use-session-signal-fork/ https://soatok.blog/2025/01/20/session-round-2/

[–] yogthos@lemmy.ml 0 points 3 days ago (1 children)

I'm not advocating for using Session specifically, I just listed it as a viable alternative to Signal. Given that it's forked from Signal presumably it's an easier switch for people who like the general mechanics of Signal and its encryption system.

[–] Neptr@lemmy.blahaj.zone 1 points 3 days ago

Understood.

[–] Dialectical_Specialist@quokk.au 6 points 3 days ago (2 children)

I like your analysis, and would love your thoughts on matrix(assuming you have ofc)

[–] yogthos@lemmy.ml 7 points 3 days ago (1 children)

It's better than Signal since you don't have to disclose any personal info, but people have pointed out some issues with federation in it. Again, it's one of those things that may or may not matter based on your use case.

[–] Dialectical_Specialist@quokk.au 2 points 3 days ago

That link seems dated (Nov. 2024). If anyone finds a more current critique, pls send. I also get auto-kicked from HLC simplex group, so I'm not sure what to think of them but commando's matrix server was amazing befored abandoned

[–] Neptr@lemmy.blahaj.zone 3 points 3 days ago (1 children)

People keep finding significant vulnerabilities in its cryptography and the Matrix team tries to deflect or create strawmans for why it isnt actually a vuln. Soatok found a vulnerability in 2024 by just browsing the source code for tiny bit of time, and again just two weeks ago after looking for a couple hours. In both cases, Matrix then responded to his vuln report with hostility, saying it wasnt actually a vulnerability. He is sitting on another vulnerability.

Having a cleartext mode is a security downgrade and no secure messenger should support cleartext. It only barely got functional forward secrecy recently. VoIP in most Matrix clients (and servers) still use Jitsi backend which isn't E2EE, even with the release of the newer (secure) Element call protocol. Matrix leaks tons of metadata, such as usernames, room names, emoji reactions, generate URL embedded previews. Rooms arent encrypted by default. It is also a UX nightmare and often times you cant decrypt your messages.

Matrix is not secure. You'd be better off with XMPP and OMEMO which has its own problems and isn't secure either. Sill better than Matrix.

[–] Dialectical_Specialist@quokk.au 1 points 2 days ago

"sitting on a vulnerability" does this mean he's discovered another exploit but refuses to disclose it essentially?