this post was submitted on 29 Jan 2025
115 points (97.5% liked)

Asklemmy

44661 readers
826 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
mekhos@lemmy.ml
tmpod@lemmy.pt
14specks@lemmy.ml
115
What are the reasons to use Signal over Telegram (lemmy.ml)
submitted 3 days ago* (last edited 3 days ago) by doomsdayrs@lemmy.ml to c/asklemmy@lemmy.ml
135 comments fedilink hide all child comments
 

Greetings!

A friend of mine wants to be more secure and private in light of recent events in the USA.

They originally told me they were going to use telegram, in which I explained how Telegram is considered compromised, and Signal is far more secure to use.

But they want more detailed explanations then what I provided verbally. Please help me explain things better to them! โœจ

I am going to forward this thread to them, so they can see all your responses! And if you can, please cite!

Thank you! โœจ

top 50 comments
sorted by: hot top controversial new old
[โ€“] qpsLCV5@lemmy.ml 81 points 3 days ago (1 children)

In my view, by far the biggest reason to switch is that Telegram doesn't end-to-end encrypt chats by default.

Yes you can start encrypted chats specifically, but i'll bet 99% of chats on telegram aren't encrypted - meaning whoever has access to the telegram servers can read all the messages.

Signal claims to end-to-end encrypt all chats by default, and if you want to be 100% sure you can in theory read the source code and compile the app yourself. this means signal cannot read any of your messages, even if police asks them to or servers get seized. That's a massive advantage in privacy.

[โ€“] 2xsaiko@discuss.tchncs.de 25 points 3 days ago (1 children)

Additionally, E2E chats don't sync between devices (and iirc you can't use them on desktop at all), and group chats can't be encrypted at all.

[โ€“] ParetoOptimalDev@lemmy.today 19 points 3 days ago (4 children)

Signal very recently made syncing between devices possible:

https://signal.org/blog/a-synchronized-start-for-linked-devices/

[โ€“] 2xsaiko@discuss.tchncs.de 16 points 3 days ago (1 children)

I was talking about Telegram. Syncing messages between devices has always been possible on Signal, just not the ones from before you connected the extra device.

load more comments (1 replies)
load more comments (3 replies)
[โ€“] emergencyfood@sh.itjust.works 12 points 2 days ago (2 children)

It really depends on who your friend is, and who they are trying to defenf against.

If the US ( or Russian / Chinese) government really wants to access an internet-connected device, they can do it; what app you are using doesn't even matter. For example, most people use the default Google keyboard, which could be compromised.

If the concern is about local goons / employers / coworkers, then both Telegram and Signal are more than enough to stop them prying.

As for whether to use Signal or Telegram, Signal has end to end encryption enabled by default, while in Telegram you have to switch it on for each chat. On the other hand, Telegram has the best UI among messaging apps hands down.

[โ€“] Wahots@pawb.social 2 points 2 days ago (1 children)

Pegasus really negates a lot of security too.

[โ€“] Cysioland@lemmygrad.ml 1 points 1 day ago

Compromising one of the devices is always game over. The only way to be Pegasus-proof is to not communicate digitally.

[โ€“] GrumpyDuckling@sh.itjust.works 4 points 2 days ago* (last edited 2 days ago)

Even if you switch to an offline keyboard, the new "ai" assistants in Windows, iOS, and Android? Can read your screen, microphone, and etc. I'm not really sure what you should use unless you use coded language. Even then, there's just too much information about you out there anyway. Best bet would to be have conversations in private away from any electronic devices or use something like tails.

[โ€“] Stomata@sh.itjust.works 12 points 3 days ago (9 children)

Telegram is not end to end encrypted. Repeating it's not. Only private mode or something like that is.

load more comments (9 replies)
[โ€“] absGeekNZ@lemmy.nz 28 points 3 days ago (9 children)

While there may be better options out there, from a purely security standpoint.

The real world, with non-tech people needs solutions that are easy, fast and as close to foolproof as possible.

I choose Signal, because my mum, my sisters and brothers (none of which are tech people) can all go to their app stores and install Signal, it works and it is easy. Signal is private BY DEFAULT, I don't have to remind them to turn on security for each chat, there is voice and video chat for individuals and groups, I can use it to send files. It is really good. Secure communication is their primary goal.

I have been using Signal since it was called TextSecure and I only had one contact using it.

Yes it sucked when they dropped SMS support; but these days about 98% of my messaging goes through Signal. Any SMS is usually from my doctor/dentist/bank.

I never really trusted Telegram, too many compromises. Secure communication is not their primary goal.

load more comments (9 replies)
[โ€“] wildbus8979@sh.itjust.works 32 points 3 days ago* (last edited 3 days ago) (4 children)

Telegram doesn't even encrypt group chats. And it doesn't encrypt private convos by default.

[โ€“] logging_strict@lemmy.ml 1 points 1 day ago* (last edited 1 day ago) (1 children)

Then talk about coding. Non-techies curl up into a ball and die slightly inside as they run for the exits.

Highest form of encryption possible.

Try it

And if that is not enough to kill someones spirit and make them beg for mercy, recite random sections of the GNU Make documentation out of context and watch them go into convolutions.

load more comments (3 replies)
[โ€“] juli@lemmy.world 16 points 3 days ago* (last edited 3 days ago) (3 children)

Telegram for random public chatter/file storage(with password lock), talking to strangers without giving them your number. Signal for personal/private conversations.

Spread your data (encrypted or not) around, so a single entity doesn't own your digital life. Your device can handle 2 apps and don't give them permissions willy nilly. Geez, every one of these posts just wants to start a flame war.

[โ€“] logging_strict@lemmy.ml 2 points 1 day ago* (last edited 1 day ago) (1 children)

In Telegram, you never have to expose your phone number. If you like walking into traps then of course you can.

But can make minimal efforts to not be a degenerate avoiding this obvious easily avoidable trap.

How to avoid exposing your phone number

Make a group called i'm not a complete utter idiot. Whenever you have a friend wanting to connect, make a group link, send it to them, have them join. After joining have them send a message in the group. Just, "Hi". Nothing more. Less is more.

Look for that message and click on the person's name. You are now connected. Send them a personal message, "Hi!".

You can also add them as a contact without sharing your phone number.

Your friend will probably be a degenerate and expose their phone number. Teach them how to go into settings to always hide it.

Try not to call them a degenerate, degenerates hate that.

Also try not to think of them as a degenerate, they will already know that and be proud of it and not understand why you don't share their enthusiasm.

So control what thoughts you project into the ether. If you have to change the topic in your mind to something involving flowers singing birds and clouds.

[โ€“] AnarchistArtificer@lemmy.world 2 points 1 day ago (1 children)

That's a neat trick, thanks for sharing

[โ€“] logging_strict@lemmy.ml 1 points 1 day ago

Your welcome. Use it in good health. And please excuse my colorful prose.

There is many many comments on Telegram bleeding the phone number. And only one comment saying that doesn't have to be the case.

[โ€“] Tartas1995@discuss.tchncs.de 6 points 3 days ago (1 children)

Signal supports username based chatting.

[โ€“] dessalines@lemmy.ml 6 points 2 days ago (4 children)

Behind those usernames, are phone numbers (meaning real identities) stored in signal's database.

load more comments (4 replies)
load more comments (1 replies)
[โ€“] zzx@lemmy.world 17 points 3 days ago (5 children)

Telegram rolls their own crypto. That should be the biggest red flag by far. I say this as a telegram user

[โ€“] logging_strict@lemmy.ml 1 points 1 day ago

Signal pretends not to.

I prefer Telegram's honesty.

We are Telegram and we are here to help. And to make it more fun we will send all your communications to Russia for a change.

Oh man! Where do i sign up /nosarc

load more comments (4 replies)
[โ€“] dessalines@lemmy.ml 21 points 3 days ago* (last edited 3 days ago) (32 children)

I can't speak about telegram, but signal is absolutely not secure to use. Its a US-based service (that must adhere to NSLs), and requires phone numbers (meaning your real identity in the US).

Matrix, XMPP, or SimpleX are all decentralized, and don't require US hosting.

[โ€“] logging_strict@lemmy.ml 1 points 1 day ago

You are right but

we like doing the wrong thing over and over again. And being surprised, each and every time, when it turns out to be wrong. Never picking up onto the repeating simple pattern.

1111111111111 what's the next number ... errrr Signal! That's it you got it. Good job.

Embrace the idiocracy!

This is why Telegram is awesome.

Eventually you will come around and realize how hopeless humanity is and embrace that it is well beyond hope.

And then you will have a larger network and enjoy each and every one of them.

[โ€“] 9tr6gyp3@lemmy.world 19 points 3 days ago (5 children)

This entire article is guessing at hypothetical backdoors. Its like saying that AES is backdoored because the US government chose it as the standard defacto symmetrical encryption.

There is no proof that Signal has done anything nefarious at all.

load more comments (5 replies)
[โ€“] flux@lemmy.world 16 points 3 days ago (1 children)

So if I understand it Signal has your phone number but only logs sign up date and last activity date. So yes they can say this person has Signal and last used it on date X. Other than that no information.

Matrix doesn't require a phone number but has no standard on logging activity so it's up to the server admin what they log, and they could retain ip address, what users are talking in what, rooms, etc. and E2EE is not required.

I think both have different approaches. I'm just trying to understand. On one hand you have centralized system that has a standard to minimize logs or decentralized system that must be configured to use E2EE and to remove logs.

load more comments (1 replies)
[โ€“] doomsdayrs@lemmy.ml 12 points 3 days ago* (last edited 3 days ago) (6 children)

Thank you for your post!

I want you to know your effort and knowledge is appreciated, this will help future readers make better decisions.โœจ

But the situation stands that my friend and their friends are not as technologically literate as we are, and I would rather have them on something easy and secured than unsecured at all, especially from my experience with getting communities to use such decentralized platforms you mentioned.

load more comments (6 replies)
load more comments (28 replies)
load more comments
view more: next โ€บ