this post was submitted on 18 Sep 2023
55 points (89.9% liked)

Privacy

31991 readers
544 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

So I'm in a somewhat unfortunate situation. My circle of friends doesn't want to switch to another messenger and we are currently stuck on the worst possible platform for security: Telegram.

The problem is that it is very hard to convince anyone to switch, if they are all perfectly fine and like Telegram. I mean I can get why they like it: The UX and UI of Telegram are amazing and there are well functioning clients available for any platform. It has more features and gimmicks than any other messenger I know BUT it lacks one mayor thing: E2EE. And that's mostly what I care about. The second problem is that I was the person who recommended the switch to Telegram right after WhatsApp was bought by Facebook. I know, that was a bad recommendation, but back then I didn't know shit about privacy or why E2EE mattered. I was just like "Hey, it's not by Facebook, so it must be better". And now everyone I know is there and won't leave.

If - in the hypothetical situation of me setting an ultimatum and deleting my Telegram after that - I wanted to make them switch somewhere else: What messenger would that be? Currently I'm mostly thinking Signal. I know it's not perfect either, it is centralized, and the servers are in the US, but it has a bigger user base already than most of its competitors like Threema or Matrix/Element and it is very easy to set up and use. I'm already a user of Signal, Threema, Matrix, WhatsApp and Telegram (every platform for some contacts, but most of them on Telegram sadly), so having yet another option is not a problem for me, as well as getting rid of one is also no problem. I'd love to delete both Telegram and WhatsApp in this move.

So, in conclusion, what I need is a messenger that has all or most of the following:

  • best possible security (E2EE is minimum)
  • easy to use (no complicated setup, simple UI)
  • already has some users (not too niche)
  • cross-platform and multi-device (should run on Android, iOS and Windows/Web)
  • some flashy dumb features like stickers and so on to keep them entertained

My choice would be Signal. But I am unsure if that is the best choice or if I should just wait a bit and see what all of the new EU laws about messengers and gatekeepers bring to the game and if anything chances with that.

you are viewing a single comment's thread
view the rest of the comments
[–] quaff@lemmy.ca 2 points 1 year ago (1 children)

I'm getting at the fact that most platforms do stupid shit like "this message might not be deleted if the receiver already saw it" like WhatsApp does and/or replacing messages with placeholders saying "this message was deleted". Telegram can be plain-text and can have a lot of issues but it guarantees that stuff is actually removed without trying to bullshit you like other do.

There's absolutely 0 guarantee that what you've "deleted" is deleted. On any platform really. But what you can rely on is the fact that the E2EE is there to make sure things are only readable by whoever the messages were intended for (barring being hacked and compromised keys etc). The message can say whatever it wants, doesn't mean a lot if you can't trust the source. Again, we're just talking about different threat models. With Telegram, it's not meant for secure and private communication. It has a different audience. And to push Telegram as a private or secure communication, you're actively doing the public a disservice.

If we assume that your privacy / security is broken (because it is) I might as well use the platform that provides the best desktop and mobile experience with fast syncs, ability to disable animations, have real desktop apps and not electron shit.

If you can't trust even open source technology that you can review and build yourself. And trust renowned cryptographers reviews of this technology.. then why are you in a privacy community telling people their experiences aren't true to what they're telling you?

[–] TCB13@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

There’s absolutely 0 guarantee that what you’ve “deleted” is deleted. On any platform really. But what you can rely on is the fact that the E2EE is there to make sure things are only r

You're avoiding the hard reality of “this message might not be deleted if the receiver already saw it” that WhatsApp created for all of us. It works in Telegram, doesn't complain / gets the job done.

And btw, we only have those somewhat deleted messages in WhatsApp and other places because Telegram was doing it and people were moving to it. Market pressure and all, still they've implemented in convoluted half baked and useless ways.

And to push Telegram as a private or secure communication, you’re actively doing the public a disservice.

I'm not doing that, I clearly stated that Signal might be funded by the US/CIA (...) If we assume that your privacy / security is broken (because it is) I might as well use the platform that provides the best desktop and mobile experience.

All my messages aren't about saying Telegram is private or secure, are about saying it delivers a vastly superior experience and that if your threat comes down to making sure when you delete a message it is actually deleted on the other side without BS then Telegram is most likely the best option for you.

All things considered Matrix might be the way. Frankly I'm not pushing people to use Signal anymore as their Apps still suck, there's zero investment to make them more usable and to fix the things that are half broken. To make it even better their open-source is very questionably, their server code went for an year without updates.

Why would I use something that lags, underperforms, has questionable open-source practices and might be funded by the CIA / influenced in some way then?