There’re reasons for that (because their security threat are human right activists in dangerous countries):
Briar doesn’t use Gobble’s push notification service (FCM), the only one not boycotted in Android. That’s the one Signal, Telegram, and Conversations use (last two when gotten from Play Store, but not when gotten from F-Droid), and why Briar needs a permanent notification.
Briar routes all connections through the Tor anonimity network.
Briar is a standalone client. That means all processing is made exclusively on the phone: there are no central or federated servers to call, so it need to “discover” where to send data. I’m not sure about this, honestly, but I think it could be another battery-hungry process.
I distrust Telegram because EE2E is not on by default and because the fail to fulfill their initial promise of releasing server source code. If it’s opaque and has unencrypted data =
P.S.: Thanks @Winfried for your pretty useful reply and personal experience.
You can use Conversations without Google Cloud Messaging, like I do. It runs remarkable good like that and doesn’t hog your battery, but there are two things needed for that: you must allow it to run as background process and your XMPP server must support some of the extensions for mobile devices (see the Conversations documentation).
Last time I tried Briar, some months ago, it was still a battery hog. I guess it is inherent on running over Tor.
The article of gizmodo is misleading and wrong, please read this.
You can read here about the choice of telegram regarding e2ee.
Furthermore, a detailed article that compares whatsapp, signal, telegram and wire:.
Is signal still a good choice after SVR and PIN features?
No one think so except its founder Moxie. SVR and PIN invalidate e2ee by moving the trust from your device to signal servers.
Greene security expert.
SVR is based on flawed technology.
I wonder to know what is the thought of Snowden and Schneier.
This recent article shows that username support is a mandatory feature for every service, signal included. Moreover, it shows that telegram is better than signal and whatsapp, with the default settings too, about the mitigations on adding random contacts while leaving some personal information visible (online status, profile data, etc.).
Last year, after the Hong Kong protest, telegram allows to hide all your personal information even phone number to your contacts. So, at the moment, you can protect yourself in the protest and in this scenario is better than signal.
Also im Vergleich zur WA ist Telegram zumindest client-seitig OpenSource. Wieso ist die Datensicherheit bei Telegram nicht gewährleistet ist mir auch ehrlich gesagt unklar.
Mir persoenlich ist Telegram sehr szmpatisch, weil sie keine Angst haben sich mit den Grossen und Starken dieser Welt anzulegen. (Russland und Iran). Allein schon deswegen hat es meine Unterstuetzung.
Also auch Signal wird von Rechtsradikalen genutzt, du kannst es so nicht pauschalisieren.
ich aboniere nur die kanäle, die ich will. und kommuniziere nur mit menschen, die mir sympatisch sind.
aber zu sagen, das der messenger Telegram scheisse ist, nur weil es von rechtsradikalen genutzt wird ist naja. Das ist wie zu sagen: ich Trinke kein Bier, weil rechtsradikale Bier trinken.
Ich habe nicht pauschal gesagt, dass Telegram scheiße sei, sondern mir suspekt. Und warum, das habe ich im Gegensatz zu dir belegt. Natürlich ist jede Technik ein zweischneidiges Schwert und wird immer auch missbraucht – bei Telegram hat das aber m. E. längst überhand genommen.
Klar kann man nicht ganz ausschliessen, dass es auch bei Signal einigige Rechtsradikale und Verschwörungserzähler*innen hat.
Die Struktur von Signal jedoch eignet sich weniger dazu, grosse Netzwerke aufzubauen. So gibt es bei Signal keine Channels, die in diesen Kreisen eine grosse Rolle spielen.
Die ganzen Verschwörungs- und Nazi-Gruppen und -Channels sind im übrigen bei Telegram öffentlich einsehbar und bekannt (!) - die Entwickler**innen hätten sehr wohl die Möglichkeit, solche demokratieunterwandernden Gruppen und Channels zu löschen, wollen sie aber nicht. Dies empfinde ich persönlich als sehr problematisch…
Ganz abgesehen davon, dass Ende-zu-Ende-Verschlüsselung bei Telegram lediglich ein optionales Feature ist, welches manuell aktiviert werden muss und wodurch die Chats dann nur auf dem Mobiltelefon zugänglich sind: Auf dem PC-Client sucht man die Möglichkeit nach einer Ende-zu-Ende-Verschlüsselung vergeblich.
Etwas, das Signal problemlos auf die Reihe kriegt - sogar bei Gruppenchats!
WhatsApp im übrigen setzt seit einigen Jahren auch die als Open Source verfügbare Verschlüsselungstechnologie von Signal ein
Daneben setzt Telegram - anders als Signal - auf eine Cloud-Lösung, wodurch die Chats nicht lokal gespeichert werden.
Ich habe persoenlich nichts gegen Signal. Eine sehr gute technologie, die ich auch gerne verwende. Allerdings: Aus meinen knapp 2000 kontakten sind bei Signal ca. 10 Leute, bei Telegram dagegen knapp 700. Bei Signal, habe ich niemandem, mit dem ich kommunizieren kann. Ansonsten nichts gegen diesen Messenger. Die von euch erwaehnten Telegram-Kanaele, die rechtsradikales Kontent anbieten… klar, so etwas gibt es. Auch Kanaele o man Waffen und Drogen kaufen kann. Da mich es aber nicht interessiert, habe ich auch keine Beruehrungspunkte mit diesen Menschen, und es stellt keinen Problem fuer mich dar. Ich habe lediglich Telegram mit Whatsapp verglichen. Und wenn man diese beiden Messenger vergleicht - finde ich persoenlich, das Telegram um Welten besser ist als Whatsapp. Meine persoenliche Meinung. Ich will hier niemandem bekehren. Jeder soll das nutzen, was er mag.
Yes, well, I find proper E2EE and proper permissions of application far more important than what you mentioned. Telegram has no E2EE in group chats, and 1on1 it only applies it when explicitly enabled. Nice default settings…
They also insist(ed) on their homebrew crypto, which is incredibly amateurish and arrogant to say the least.
Furthermore, doesn’t Telegram also use SMS to verify phone number?
You are right, cloud chats of telegram are not e2ee while signal chats are e2ee (telegram is working on e2ee group chat link).
However, you have to consider the whole setting.
Signal as the majority of e2ee protocol (wire, whatsapp, telegram secret chat, etc.) is Trust On First Use (TOFU) with a centralised server and therefore, in the absence of verification (via a secure channel, by person) of the public encryption keys of your partners (practically impossible for groups, especially if N is large and users live in distant areas), it still requires you to trust the message delivery server.
Telegram MTproto v2.0 is formally verified as signal protocol. The MTproto v1.0 had some theoretical weaknesses (hashing primitive SHA1 and the absence of the IND-CCA criterion) that were not practically exploitable link.
Telegram apps are fully open source and reproducible while on signal android app only is reproducible. Telegram is available as FOSS on f-droid while signal not.
Telegram server is closed source while signal server is open source (even if the repository is not up to date). This is a false sense of security since you cannot verify which is the code that is running on the server. Moreover, signal does not support server federation and if you want to install your own private instance, you need amazon, google, apple and twilio account.
Telegram own its server infrastructure and servers are geographically distributed around the world in various jurisdictions to protect data from mass control by government authorities. Moreover, data, without end-to-end encryption, is protected by its distribution on servers located around the world in various jurisdictions and by their separation from the respective decryption keys. Telegram allows you to delete for all and for an unlimited time the data sent and received.
Signal claims to store little data and metadata. Signal is based in USA and on AWS. The data is stored on their servers with SVR technology that relies on flawed SGX. The operators of the servers, amazon, can obtain data and metadata by exploiting the vulnerabilities (at the request of the US cloud act (CLOUD Act - Wikipedia)). Fortunately, the content of chats is not copied to the cloud for now.
So, I agree that in theory signal is better in terms of trust, but in practice the difference is very small.
P.S. the article about contacts discovery is this.
Signal not being perfect does not diminish Telegrams flaws and does not make the lack of end-to-end-encryption acceptable, respectively the difference very small.
Anyways, I have discovered Matrix/Element.
Gives cloud chats with federation, end-to-end-encryption, arbitrary many devices and does not require phone numbers or a phone.
Prospectively, it’ll provide a P2P-mode as well.
Hi all.im not sure if this is the right plàce for me to be asking this question/questions,.I’ve got a friend who is abroad at the moment and has their SIM compromised
Someone is able to see everything being said over the phone on messenger and àll the other apps …I’ve suggested telegram but I’m concerned that the confirmation code could be intercepted and be use to clone the account and be back to square one…so my main question is…can a telegram account be set up and be safe on secret conversation for secure conversation even if the other person has a clone of the phone/SIM.any other suggestions to getting a secure channel set up in this situation would be welcome too.cheers.jim.
Right, but again, signal is not so good compared to telegram. At first glance, it is better, after a detailed analysis is not.
There are two projects that analyse terms of service and privacy policy of software and services:
PrivacySpy: most people don’t have the patience to read privacy policies. But privacy is important, and we shouldn’t just trust that products are treating our data right. PrivacySpy uses a consistent rubric to grade privacy policies on a ten-point scale.
ToS;DR: terms of service are often too long to read, but it’s important to understand what’s in them. Your rights online depend on them. We are a user rights initiative to rate and label website terms & privacy policies, from very good Class A to very bad Class E.
Does the service allow you to permanently delete your personal data?
Yes, by contacting someone
“For more information about these rights, please see the guidance provided by the ICO. If you have any questions or are unsure how to exercise your rights, please contact us at dpo@element.io.”
Find the mistake.
At first glance, it is better, after a detailed analysis is not.
Do you want to show us your detailed analysis? I hope you are not referring to the erroneous ToS analysis, which in addition is only one of many aspects relevant for the evaluation of your options. I stick to:
Signal not being perfect does not diminish Telegrams flaws and does not make the lack of end-to-end-encryption acceptable, respectively the difference very small.
I read the review and I did not find any mistake. The privacy policy does not say how to express the right of erasure as required by art. 17 of GDPR.
At the moment, data request (deletion is missing) is done manually as wrote below to your quote.
“If you are a user of the Element chat app you can request a copy of your data by emailing dpo@element.io. We are working on a solution which will allow you to download the data automatically.”
However, if you think that there is a mistake in this or other review, please open an issue on github project page.
Do you want to show us your detailed analysis? I hope you are not referring to the erroneous ToS analysis, which in addition is only one of many aspects relevant for the evaluation of your options. I stick to:
Again, I repeat that at first glance signal appears to be superior to telegram in terms of trust required. However, after a detailed analysis (the devil is into details) available here and here you will find that the difference is not so big. Please read it properly, not as you have read ToS and privacy policy reviews :).
To be clear, I am not here to convince you, I am just reporting evidence based on facts. Personally, I really like element/matrix since it is supports federation, however, according to it it ToS and privacy policy it requires more trust than other. The great advantage is that you can self-host your server (not on AWS as element) and remove and trust from any third party. In the future, it would support p2p.
