Should it really be Telegram?

Provider@feddit.de to Technology@lemmy.world – 16 points –
tim.kicker.dev

Is Telegram really that bad and should i look more into it or is sticking to signal really the best option?

28

Telegram is very sketchy and I don’t trust it at all. I’d stick with Signal if you can get your network of people to use it.

How is it sketchy?

Encryption is self-made and they won’t let anyone audit it. Messages are stored on servers along with all the meta data (your phone number, location data, etc). There is no clear funding model to keep it up and running.

The whole org is murky/sketchy.

Doesn’t mean it has been hacked or their own employees able to unencrypted data. On the contrary, governments like Iran or Russia tried to ban telegram, since they wouldn’t unencrypt their data. You never hear any complaints from governments about WhatsApp for example, what has a much larger user base and is allegedly end to end encrypted. Yes, sending sensitive information should only be done via private chat, their end to end encrypted message tech. Storing the data in the server has its advantages like accessing all the data from multiple devices.

Up until some time ago, telegram has been funded by Pavel Durov, nowadays it’s funded by a premium tier that unlocks extra features.

It is the messenger with the most features that I know of, blowing everything else out of the water if you don’t care about end to end stuff. And I trust it more that’s WhatsApp or anything from Meta

All of your assertions would be easily provable if Telegram allowed audits and provided public financials. They do neither. In fact, they just try to talk in loops when it is brought up.

The whole operation is sketchy as hell. Anyone who provides their data to such an org is foolish. At least the Meta’s of the world have to declare their use and it is known and audited.

Telegram wouldn’t even provide a CUSIP or names of the firms that supposedly bought their corporate paper bond.

I’ll stick with Signal. An org whose funding is clear and who has their encryption and security audited by third parties.

What could be other reasons not to do an audit other than it being shady? Maybe they just don’t want to disclose their algorithm?

So far, I trust it more than WhatsApp.

But Signal is definitely the better choice. It’s just sad the people didn’t go with Signal instead of WhatsApp.

What could be other reasons not to do an audit other than it being shady? Maybe they just don’t want to disclose their algorithm?

So far, I trust it more than WhatsApp.

But Signal is definitely the better choice. It’s just sad the people didn’t go with Signal instead of WhatsApp.

What could be other reasons not to do an audit other than it being shady? Maybe they just don’t want to disclose their algorithm?

So far, I trust it more than WhatsApp.

But Signal is definitely the better choice. It’s just sad the people didn’t go with Signal instead of WhatsApp.

Doesn’t mean it has been hacked or their own employees able to unencrypted data. On the contrary, governments like Iran or Russia tried to ban telegram, since they wouldn’t unencrypt their data. You never hear any complaints from governments about WhatsApp for example, what has a much larger user base and is allegedly end to end encrypted. Yes, sending sensitive information should only be done via private chat, their end to end encrypted message tech. Storing the data in the server has its advantages like accessing all the data from multiple devices.

Up until some time ago, telegram has been funded by Pavel Durov, nowadays it’s funded by a premium tier that unlocks extra features.

It is the messenger with the most features that I know of

I did the mistake that I got a bunch of people into Signal which is obviously already really good, but just a couple of month later I switched to Matrix and can't get anyone to move other than my fiance and my dad.

Anyway, the Signal <-> Matrix bridge is quite solid.

Too bad Matrix clients are all kinda meh... Beeper is the only pretty solid one I've come across and it sadly isn't open-source.

But this bridge kills e2e encryption? And if you do not care about it telegram and WhatsApp are a better choice.

I have a video which explains it in detail: https://tube.jeena.net/w/rYhp4ZT5Ykw1aBGqMr62KG

But in short, yes, but that is only a problem if you don't host your own bridge, because you're in control of the whole chain and everything from the bridge to your client is still encrypted.

Let me guess: you host matrix server yourself, right? :)

Yes I do, everyone who can should for their friends and family ^^

just going to copy here something i wrote on reddit a few months almost a year ago^[context]

i've been using telegram since it was released and ...i don't think i'll be recommending it to new users anymore

it's not just this announcement, but in general they seem to be really pushing the web3/blockchain/nft angle; along with sign in with telegram, payments through telegram, they feel like they're trying to become the western wechat

but as for this in particular; obviously all of those usernames are going to be bought by scammers. why would a user trust them if they're being bought and sold all the time? and why would a legitimate business buy them if most users won't trust them? businesses want consistent branding, not ephemeral minutiæ

nobody is thinking "oh yeah, my bank is the best, it's @bank on telegram" or "i think i'll switch to a new bank, but i don't know which. i guess i'll just message @bank and see what happens" or "i just got a message from @gift! i must have won the lottery!"

plus, according to these messages, they're taking usernames off users that already used them

most of my contacts are on telegram now, so i'm going to continue using it. but even aside from the encryption and privacy issues, i wouldn't encourage anyone to switch to telegram

Honestly, there needs to be something completely open source, self-hosted, and non-corporate before I will do something like use a service anymore.

What you want then is SimpleX Chat Bonus that there are no identifiers and it's been audited by Trail of Bits. You can self-host or use their servers.

Don't know if I'm doing this right but !simplex@lemmy.ml

Just waiting for the same profile in multiple devices. I constantly use multiple computers and can't be locked out of chat unless I have a specific device on me.

Other than that, SimpleX Chat is really nice.

This depends. If you prioritize security over usability (like good multi-client, simple migration etc) AND you trust that signal server works as promised - then you can use signal or use secret chats in telegram. Otherwise, telegram is not that bad and even e2ee is not supported for usual chats, the history storage (according to dev claims) is spread over several legal areas what makes it harder for authorities to get access to it.

Yea, I don't use Telegram because of security, I use it because it has a very nice feature list and has the user base to go along with it. Anything that needs security I use Signal.