Why don't we all just truly go FOSS and use matrix?
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
Matrix results in way more meta data and through federation those meta data could be stored jn way more places.
Besides their main developer (element messenger) are cop / military boot lickers.
Those are some examples for why you might not use it, but depending on you use case you might still prefer it over signal.
Because it’s not p2p.
That's absurd coming from the founder of a FOSS messaging app who actively decided not to let Signal federate and rejected any other open source Signal client. Not only that, even now you can't truly use Signal's new "username" feature. If any of the recipients have your number stored in their phonebook, irrespective of whether you know them or not, the username goes for a toss. This was/is the problem with Telegram's username feature. Signal knew this and still decided to go ahead with it. Not to mention never doing anything about completely removing the phone number from the account after its creation. This has been, by design, a privacy and hence safety threat, and even after the username feature was implemented, this not getting implemented is very concerning.
I'm sorry your free messaging app isn't perfect. /s
And I always assumed that nicknames was just as much to prevent screenshots from becoming a liability.
you can’t truly use Signal’s new “username” feature. If any of the recipients have your number stored in their phonebook, irrespective of whether you know them or not, the username goes for a toss.
Hm. I haven't interacted with a new Signal user in a while... but I do see in settings two knobs: "who can see my phone number" and "who can find me with my phone number". Both of these settings can be set to "nobody".
I'm guessing if I set "who can find me with my phone number" to "nobody", then even if someone has my phone number in their contacts, they wouldn't know I'm a Signal user?
Don't forget not allowing you to sync historical messages between your phone and PC. Apparently somehow that's just too complicated.
I don't understand his point about restoring your messages to a new phone. How does that prove it isn't encrypted? Couldn't Telegram store the encrypted data on their server, send the encrypted data back to you and then you automatically decrypt it because you have the key?
With my limited knowledge of cryptography, this is how I understand it:
The distinction to make is that the user's password is not the encryption key - it only gives access to the key. So even if the user has the same password on a new device, there would be no way to decrypt the data without the original key.
In order to maintain full privacy, data has to be encrypted on device before sending it through any server (whether to another participant in a chat, or for backup). This means that the encryption key has to be on device.
If that key was copied over to a location not controlled by the user (e.g. Telegram server), then that location would have access to the key and can decrypt any data encrypted by that key. In the same vein, if a user loses their phone then that encryption key must be lost, so encrypted data cannot be decrypted on a new phone.
Which means that the only way that Telegram can provide the chats on a new phone (when the user has no access to the old phone) is if they have access to the encryption key and can provide it to the new phone.
From my experience with that: Telegram restored all unecrypted chats when I swapped phones without asking me for any passwort / key. I literally just confirmed my phone number and all my chats / groups / contacts appeared.
You mean the messenger that requires you give them your phone number to make an account? Yeah, fuck that.
Unlike Signal, Telegram is successful in getting people to move away from Meta's Whatsapp.
Idk about that. Signal is the main alternative to WA in some parts of europe.
What is not mentioned... there's no privacy when the device itself is compromised. For instance, Android phones can read and phone home data from your notifications. In that case, any messenger app wouldn't be private from Google's eyes.
As much as I'd like to favor foss and federated messenger apps, telegram isn't as much garbage as whatsapp:
1.The client is somewhat open source and have forks like Forkgram, Materialgram and unoffical clients like Telegrand.
2. Telegram isn't E2EE by default but at least it doesn't lie about it and have E2EE secret chat when nessesary, that means crucial chats stay on your device and the rest stay on their database recoverable and syncable across devices.
(Yes, whatsapp supposedly is E2EE but we can't know for sure, it's closed-source.)
3. You can use telegram as a cloud service with only 2GB per file limit, unlike whatsapp.
(There's even a third-party app that utilise this as a cloud gallery.)
4. Even tho telegram has ads in large channels, telegram isn't funded by a greedy big-corp and it doesn't datamine you, ads are based on the channel's topic.
Yes, in terms of privacy, telegram isn't the best option, Signal, Session, XMPP, Matrix, or SimpleX have better privacy features, less linkability and E2EE by default but telegram is very mainstream and got more publicity, making it the whatsapp alternative it advertises itself as-is.
Publicity doesn't make a better messenger app, but for what it tries to do, it's adoptable for simple users, doubles as cloud storage and is more secure than the garbage being whatsapp.
Immigrating users to different apps is a headache on it's own, but if they know of telegram and it's not privacy invasive, that's not bad.