this post was submitted on 27 Feb 2026

951 points (98.4% liked)

Privacy

46709 readers

2257 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

951

Signal Founder Moxie Marlinspike: Telegram is not private. There is nothing private about it. They've done a really amazing job of convincing the world that this is an encrypted messaging app (cdn.imgchest.com)

submitted 1 day ago* (last edited 1 day ago) by Wudi@feddit.uk to c/privacy@lemmy.ml

323 comments fedilink hide all child comments

“Telegram is not a private messenger. There’s nothing private about it. It’s the opposite. It’s a cloud messenger where every message you’ve ever sent or received is in plain text in a database that Telegram the organization controls and has access to it”

“It’s like a Russian oligarch starting an unencrypted version of WhatsApp, a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. Somehow, they’ve done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives in Russia, and their families are there.”

" What happened in France is they just chose not to respond to the subpoena. So that’s in violation of the law. And, he gets arrested in France, right? And everyone’s like, oh, France. But I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn’t have access to the data and couldn’t respond to that same request. To me it’s very obvious that Russia would’ve had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment"

top 50 comments

sorted by: hot top controversial new old

[–] Krunchiebro@lemmy.world 9 points 4 hours ago (2 children)

Why don't we all just truly go FOSS and use matrix?

[–] punkisundead@slrpnk.net 5 points 1 hour ago

Matrix results in way more meta data and through federation those meta data could be stored jn way more places.

Besides their main developer (element messenger) are cop / military boot lickers.

Those are some examples for why you might not use it, but depending on you use case you might still prefer it over signal.

[–] ILikeBoobies@lemmy.ca 1 points 1 hour ago

Because it’s not p2p.

[–] sifar@lemmy.ml 8 points 6 hours ago* (last edited 6 hours ago) (3 children)

That's absurd coming from the founder of a FOSS messaging app who actively decided not to let Signal federate and rejected any other open source Signal client. Not only that, even now you can't truly use Signal's new "username" feature. If any of the recipients have your number stored in their phonebook, irrespective of whether you know them or not, the username goes for a toss. This was/is the problem with Telegram's username feature. Signal knew this and still decided to go ahead with it. Not to mention never doing anything about completely removing the phone number from the account after its creation. This has been, by design, a privacy and hence safety threat, and even after the username feature was implemented, this not getting implemented is very concerning.

[–] GreenShimada@lemmy.world 2 points 56 minutes ago

I'm sorry your free messaging app isn't perfect. /s

And I always assumed that nicknames was just as much to prevent screenshots from becoming a liability.

[–] paequ2@lemmy.today 1 points 1 hour ago

you can’t truly use Signal’s new “username” feature. If any of the recipients have your number stored in their phonebook, irrespective of whether you know them or not, the username goes for a toss.

Hm. I haven't interacted with a new Signal user in a while... but I do see in settings two knobs: "who can see my phone number" and "who can find me with my phone number". Both of these settings can be set to "nobody".

I'm guessing if I set "who can find me with my phone number" to "nobody", then even if someone has my phone number in their contacts, they wouldn't know I'm a Signal user?

[–] KyuubiNoKitsune@lemmy.blahaj.zone 1 points 3 hours ago

Don't forget not allowing you to sync historical messages between your phone and PC. Apparently somehow that's just too complicated.

[–] sqgl@sh.itjust.works 4 points 5 hours ago (1 children)

I don't understand his point about restoring your messages to a new phone. How does that prove it isn't encrypted? Couldn't Telegram store the encrypted data on their server, send the encrypted data back to you and then you automatically decrypt it because you have the key?

[–] malockin@lemmy.world 4 points 2 hours ago (1 children)

With my limited knowledge of cryptography, this is how I understand it:

The distinction to make is that the user's password is not the encryption key - it only gives access to the key. So even if the user has the same password on a new device, there would be no way to decrypt the data without the original key.

In order to maintain full privacy, data has to be encrypted on device before sending it through any server (whether to another participant in a chat, or for backup). This means that the encryption key has to be on device.

If that key was copied over to a location not controlled by the user (e.g. Telegram server), then that location would have access to the key and can decrypt any data encrypted by that key. In the same vein, if a user loses their phone then that encryption key must be lost, so encrypted data cannot be decrypted on a new phone.

Which means that the only way that Telegram can provide the chats on a new phone (when the user has no access to the old phone) is if they have access to the encryption key and can provide it to the new phone.

[–] punkisundead@slrpnk.net 1 points 1 hour ago

From my experience with that: Telegram restored all unecrypted chats when I swapped phones without asking me for any passwort / key. I literally just confirmed my phone number and all my chats / groups / contacts appeared.

[–] Duamerthrax@lemmy.world 6 points 6 hours ago* (last edited 5 hours ago)

You mean the messenger that requires you give them your phone number to make an account? Yeah, fuck that.

[–] herseycokguzelolacak@lemmy.ml 10 points 16 hours ago (1 children)

Unlike Signal, Telegram is successful in getting people to move away from Meta's Whatsapp.

[–] punkisundead@slrpnk.net 2 points 1 hour ago

Idk about that. Signal is the main alternative to WA in some parts of europe.

[–] blueberry_793@lemmings.world 30 points 1 day ago (4 children)

What is not mentioned... there's no privacy when the device itself is compromised. For instance, Android phones can read and phone home data from your notifications. In that case, any messenger app wouldn't be private from Google's eyes.

load more comments (4 replies)

[–] Kailn@lemmy.myserv.one 31 points 1 day ago (5 children)

As much as I'd like to favor foss and federated messenger apps, telegram isn't as much garbage as whatsapp:

1.The client is somewhat open source and have forks like Forkgram, Materialgram and unoffical clients like Telegrand.
2. Telegram isn't E2EE by default but at least it doesn't lie about it and have E2EE secret chat when nessesary, that means crucial chats stay on your device and the rest stay on their database recoverable and syncable across devices.
(Yes, whatsapp supposedly is E2EE but we can't know for sure, it's closed-source.)
3. You can use telegram as a cloud service with only 2GB per file limit, unlike whatsapp.
(There's even a third-party app that utilise this as a cloud gallery.)
4. Even tho telegram has ads in large channels, telegram isn't funded by a greedy big-corp and it doesn't datamine you, ads are based on the channel's topic.

Yes, in terms of privacy, telegram isn't the best option, Signal, Session, XMPP, Matrix, or SimpleX have better privacy features, less linkability and E2EE by default but telegram is very mainstream and got more publicity, making it the whatsapp alternative it advertises itself as-is.
Publicity doesn't make a better messenger app, but for what it tries to do, it's adoptable for simple users, doubles as cloud storage and is more secure than the garbage being whatsapp.

Immigrating users to different apps is a headache on it's own, but if they know of telegram and it's not privacy invasive, that's not bad.

load more comments (5 replies)

load more comments