this post was submitted on 05 Mar 2024
98 points (95.4% liked)

The Signal messenger and protocol.

1639 readers
1 users here now

https://signal.org/

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] rdri@lemmy.world 1 points 8 months ago (2 children)

Is there a purpose for such chats? Even if they are non-public as long as they have more than 1 people someone will leak your messages if they wanted. Same as in public chats.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

That’s a strange argument. I want my group chats with friends and family to be private. Why should Telegram or Meta be allowed to spy on my private conversations just because there are more than two people?

[–] rdri@lemmy.world 0 points 8 months ago* (last edited 8 months ago) (1 children)

Look, I too love privacy and serverless software but give me a break. Complaining about your family group chats "not being private" (it's not exactly true) is like complaining why you can't host your cat photos on a TOR website (you can do that in fact).

In Telegram, chats (groups really) are called private if they are invite-only, and otherwise they are public.

When you create a group chat, even with just 2 people it's not e2e encrypted. Secret chats are, and they only work with 2 ends. You could create a group chat and selectively use secret chat with each member to share private stuff, but that would be quite a chore.

Chats are hosted on servers for the same reason why you host your (cat photos filled) homepage outside of your house. Just because stuff is hosted elsewhere doesn't mean it's being spied on.

From what I understand, there was no evidence that Telegram spies on your private chats. There are cases where Telegram is asked to take measures against certain person based on their activity in public chats ...by government of authoritarian regimes ...after Telegram tries and fails to oppose that request ...and it probably doesn't involve Telegram looking into messages made by the person in question in groups not mentioned in the original request (which would mean that person's family chats remain private).

So, if you live under an authoritarian regime and like discussing protest activities in your family group chat before some of your family members decides to report on you or share one of your messages in another public chat - the one who puts you in danger is yourself. And I doubt that chat not being hosted somewhere would save you from danger in that case.

Otherwise, your private groups are private and it's safe to chat with your family through Telegram.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

Why would I use non encrypted group chat when I can just use Signal. Why use a product with bad security?

It doesn’t matter if there is evidence of Telegram spying or not. They have the capability to do it. And with all the companies selling customers data to train AI, I don’t want to risk it. And the best part is, that I don’t have to, because there is Signal and all my friends already use it.

I don’t mind things being hosted elsewhere as long as it’s encrypted and the host provider do not have the keys. That is not the case with Telegram. If you like Telegram, sure use it. But don’t use Telegram if you value privacy, use it because you like its user experience and know that you are sacrificing privacy. That might be fine for you, but not for me.

[–] rdri@lemmy.world 0 points 8 months ago (1 children)

I don’t mind things being hosted elsewhere as long as it’s encrypted and the host provider do not have the keys. That is not the case with Telegram.

So you would prefer a platform to not have the keys to hosted content but allow that to every group member? That's not much different from sharing your credit card details with your friends.

People hate telegram for wrong reasons.

Problem is that "bad security" is a misleading description of how telegram handles data. I see, people like to say these words when they fear that "my text is going to be fed to AI" or "my files are going to be hosted on a hardware not under my control" and I disagree that these are security issues. The moment you allow someone else to host your content (even text) you should raise an alarm if you are so careful about those things. But you allow that with signal.

If someone wanted to report on you with signal, they still could. It may fail, not because its chats are e2e encrypted, but because they don't keep stuff on servers.

Hosting allows telegram have public communication features. You can basically use it to read news and comment on them. You can save your content, share it with your group and not worry that it will expire at some point or that new members of your group will not be able to see it. You can organize with other people for any activity, public or not.

So, Telegram provides features that are incompatible with privacy aspects some people want. Signal provides features that prevent it from becoming a platform for mass communication and communities. Both are fine. It's a mistake to compare them by the same standards.

[–] DaseinPickle@leminal.space 2 points 8 months ago (1 children)

So you would prefer a platform to not have the keys to hosted content but allow that to every group member? That's not much different from sharing your credit card details with your friends.

That is not how encryption works. Not even remotely. You only share your public key with people you communicate with not your private key. This is not comparable with sharing credit card information. You need to read up on how encryption work.

And there is no reason Telegram could not host information and still encrypt it. Lots of services do that.

Look at ProtonMail/ProtonDrive they host mails and files without having any access to it. Look at Keybase, they host all kind of encrypted communications services without having access. Telegram could do it, they choose not to, and that should be a concern.

[–] rdri@lemmy.world 0 points 8 months ago (1 children)

This is not comparable with sharing credit card information.

How so? Your family would have the same access to your private chats and nothing would stop them from using it with malicious intent.

How encryption works is not the issue. The issue is with people expecting it to protect content shared with a group.

Maybe read about how telegram handles data. It's encrypted.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

What’s your point? The same goes for 1-1 chats. If you don’t trust the people you are communicating with encryption is not going to help you. It just happens that I do trust my friends and family. And it’s not about sharing specific sensitive information, it’s about using technology that prevents mass surveillance. And Telegram is just a bad tool for that. You might as well use Instagram.

[–] rdri@lemmy.world 0 points 8 months ago* (last edited 8 months ago) (1 children)

The same goes for 1-1 chats

Exactly.

it’s about using technology that prevents mass surveillance. And Telegram is just a bad tool for that.

You did not read, sigh.

What’s your point?

Already stated above. People put themselves in danger by using public groups to discuss dangerous stuff. You prefer using an app that doesn't give you such a possibility and call it "secure". It doesn't make sense if you never wanted to discuss dangerous stuff or use public groups in the first place.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

I dont know why you keep arguing that encryption should only be used to discuss dangerous stuff. It should be used to discuss private stuff. Like when I sit with my friends and talk, I want it to be private, not recorded in clear text and saved on some server. Not because it’s illegal or sensitive, but because it’s fucking private. And I can’t do that with Telegram, because it’s doesn’t encrypt my information.

[–] rdri@lemmy.world 0 points 8 months ago* (last edited 8 months ago) (1 children)

ಠ_ಠ

Maybe read about how telegram handles data. It's encrypted.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)
[–] rdri@lemmy.world 0 points 8 months ago (1 children)

Could you just read the thing? Private and group chats are called cloud chats and the image above describes them. Below is a graph for secret chats.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

Yes “cloud chat” is not end to end, but only encrypted to the server. That’s what all services to including Facebook and Instagram. If it’s not end to end it’s useless.

[–] rdri@lemmy.world 0 points 8 months ago (1 children)

Now you're just denying the obvious. You complained chats on telegram are not encrypted, and that's false.

That’s what all services to including Facebook and Instagram.

Since both Facebook messenger and Instagram messenger use e2e you seem to really mean just Facebook and Instagram websites. And I wonder how could they be functional if they used e2e.

If it’s not end to end it’s useless.

It's not and you probably realize that much.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

No I'm being serious here.If it's not end-to-end encryption in groupchat, it's not private. And Telegram does not provide e2ee in groupchat. Thats the whole issue. Signal does that. Even iMessage does that.If it's not e2e somebody else does have access to your chats. In this case everybody with access to Telegrams servers, can read your group chats. And that makes it useless IMO. That is not the case with Signal.

[–] rdri@lemmy.world 0 points 8 months ago (1 children)

Well then it really is "hey one company decided to do it this way so anything less than that is no longer acceptable" for you. For me, it's not all about absolute security. From my experience, people seeing my messages through the app and people accessing my phone is much more dangerous than people seeing my messages on a server used by the service. I know roughly what e2e for group chats implies and reasons why it's not implemented everywhere asap. We'll see where this leads Signal, maybe we'll also see cases of someone accessing data on Telegram servers etc.

For now, I mainly use my PC, so not going to infect it with another electron app, or recommend it among friends.

Even iMessage does that.

Seems false as I didn't find confirmations for that.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

I know roughly what e2e for group chats implies and reasons why it’s not implemented everywhere asap

It's not implemented because it requires more resources and Telegram is too cheap to offer that. The same reason Telegram does not encrypt chat by default, but you have to actively choose secret chats. It's a way for Telegram to save money on server ressources. Both Signal and iMessage can provide e2e encryption for 1-1 messages and group messages and sync across devices.

Seems false as I didn’t find confirmations for that. All messages between iMessage clients are end-to-end, also groups, it has been so for years, it's not news. iMessage has other problems, mainly that the private key is synced in iCloud by default (you can turn this off), and that Apple save a bit too much meta data. So iMessage is not perfect. It is still better than Telegram. As you can see here https://security.apple.com/blog/imessage-pq3/ Telegram have not even implemented a post-quantum cryptographic protocol, both Signal and iMessage have that.

For now, I mainly use my PC, so not going to infect it with another electron app, or recommend it among friends

We can agree that the Signal desktop app is kind of clunky, and I do hope it gets better in the future. Telegram might provide some usability, but it's not much better than using Facebook, if your concern is privacy. Mainly because the lack of e2ee in default chats and group chats.

[–] rdri@lemmy.world 0 points 8 months ago* (last edited 8 months ago) (1 children)

because it requires more resources

Not just more. Exponentially more, if one is going to host the data on server.

Telegram is too cheap to offer that

It's dumb to call telegram cheap at this point. User base is too large and it handles it relatively well.

Signal, however, chose to not keep almost anything on servers, which mean it's literally cheap to serve, and it's very easy to call them cheap for not offering more features.

Telegram does not encrypt chat by default, but you have to actively choose secret chats

This is false. Again, "not using e2e" is not the same as "not encrypting".

Both Signal and iMessage can provide e2e encryption for 1-1 messages and group messages

Again, I have yet to see proofs of iMessage using e2e for group chats. Rather, things I read suggest the opposite.

but it's not much better than using Facebook, if your concern is privacy

Arguable due to many differences. But not going to waste our time on this. Though if your only concern is privacy better don't use the internet in the first place.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

It’s dumb to call telegram cheap at this point. User base is too large and it handles it relatively well.

Apple does it.

Again, I have yet to see proofs of iMessage using e2e for group chats. Rather, things I read suggest the opposite.

It's on iMessage wiki and on the first page that comes up when you Google it:

We designed iMessage to use end-to-end encryption, so there’s no way for Apple to decrypt the content of your conversations when they are in transit between devices. Attachments you send over iMessage (such as photos or videos) are encrypted so that no one but the sender and receiver(s) can access them. These encrypted attachments may be uploaded to Apple. To improve performance, your device may automatically upload attachments to Apple while you are composing an iMessage. If your message isn’t sent, the attachments are deleted from the server after 30 days. When a passcode or password is set on your iOS, iPadOS, visionOS, or watchOS device, stored messages are encrypted on your device so that they can’t be accessed unless the device has been unlocked.

https://www.apple.com/legal/privacy/data/en/messages/

But do you have sources that proof that Apple is lying?

Though if your only concern is privacy better don’t use the internet in the first place.

Nah, I will just use services that use e2e encryption for my private conversations. There are plenty of services that do that, not just Signal. But if you want to use a service that require access to your private conversations, you are free to do that. But why use a sketchy service with headquarters in Dubai that is like "trust us bro, we need access to your private conversations for totally legit technical cloud reasons, we totally wont look or share that information with anyone, pinky promise."

[–] rdri@lemmy.world 0 points 8 months ago (1 children)

It's on iMessage wiki

It doesn't say it works for group chats.

But do you have sources that proof that Apple is lying?

I got some complaints from people unable to leave conversations if they have less than 3 or 4 people, which suggests there are technical differences in how they work with many people. It's logical to suggest the switch from e2e to shared keys happens there.

Also no credible source suggests what you suggest

Also trusting apple is not a good thing in my book.

But why use a sketchy service with headquarters in Dubai that is like "trust us bro, we need access to your private conversations for totally legit technical cloud reasons, we totally wont look or share that information with anyone, pinky promise."

Apple is more sketchy for me lol.

You choose to rely on a service's promise that it doesn't host your data. I prefer relying on my experience which says dangers from individuals and conversations are more grave and more likely to be triggered than dangers from services those are being hosted on. I can't imagine anyone would benefit from spending time on reading or processing my conversations anyway. My messages can get long and it's not optimal for my devices to spend resources on constantly re-encrypting them for every chat member.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

It doesn’t say it works for group chats. It says all messages send between iMessage users are end to end encrypted. That, of cause, also goes for group chats. It is only the Telegram marketing machine that act that group chats is some special edge case.

But if you must have it spelled out, here it is: https://support.apple.com/en-gb/guide/security/sec70e68c949/web

I got some complaints from people unable to leave conversations if they have less than 3 or 4 people, which suggests there are technical differences in how they work with many people. It’s logical to suggest the switch from e2e to shared keys happens there.

Now you are just making things up. Apple explicitly write in their documentation, that this is not the case. So again, you suggest they are lying without any proof.

You choose to rely on a service’s promise that it doesn’t host your data. I prefer relying on my experience which says dangers from individuals and conversations are more grave and more likely to be triggered than dangers from services those are being hosted on. I can’t imagine anyone would benefit from spending time on reading or processing my conversations anyway.

I see, you don't understand the nature of mass surveillance and surveillance capitalism. It's not really about individuals reading specific conversations..

[–] rdri@lemmy.world 0 points 8 months ago* (last edited 8 months ago)

It is only the Telegram marketing machine that act that group chats is some special edge case.

It is a case that doesn't fall into "end to end" definition by default because in group chats there are more than 2 ends. Any implementation of group chat like that would be structurally nonstandard.

But if you must have it spelled out, here it is:

Thanks.

Now you are just making things up.

Just google "can't leave group chat" or something.

I see, you don't understand the nature of mass surveillance and surveillance capitalism. It's not really about individuals reading specific conversations..

It is exactly about that, otherwise I don't see why would anyone care. Having grown up under a police state regime I live under assumption that the surveillance is everywhere anyway. Don't mind feeding surveillance capitalists with my messages, knowing how many options I have to make them choke. I know that if someone wants to cause me any problems, neither Telegram nor Signal would prevent that.

[–] SatyrSack@lemmy.one 1 points 8 months ago (1 children)

I don't think that's a valid argument. Even in a one-on-one encrypted chat, the person you are chatting with could leak the chat. Having more users doesn't change that.

[–] rdri@lemmy.world 0 points 8 months ago

That's exactly my argument though. Problem is not how to protect the data but the malicious intent of chat members.

Telegram secret chats aren't kept in history so there will be nothing to leak though. Forked clients can't have this functionality I think but then again, nothing stops them from taking photos of your messages in secret chat with another phone.