Meredith WhittakerAug 15, 2023

OK, real talk.

Telegram makes big proclamations about privacy, but their promises are mostly marketing.

The app collects a huge amount of data. And like all Big Tech, when pressed by governments, they ultimately comply.

This is why Signal goes to great lengths to NOT collect any data about you -- something that is ironically more expensive and more complex.

We do it because it's the only way to ensure we keep our privacy commitments to the people who rely on us.♥️

https://techcrunch.com/2023/08/14/iraq-lifts-ban-on-telegram-after-messaging-app-complies-with-authorities/

TechCrunch is part of the Yahoo family of brands

Show threadlobingeraAug 15, 2023

@Mer__edith
"This is why Signal goes to great lengths to NOT collect any data about you" - great.

So signing up without handing over the telephone number is working now? How to delete the telephone number from an account i already use?

Show threadMeredith WhittakerAug 15, 2023
@lobingera why did you write this so rudely? What are you hoping to communicate with this?
Show threadBill WoodcockAug 16, 2023
@Mer__edith @lobingera

Meredith, what are you hoping to communicate by saying "real talk" and then disingenuously implying that Signal doesn't "collect any data about you?" Particularly after slamming Telegram for exactly the same thing?

You could just stop collecting data, and then nobody would be rude to you when you say that you don't. Because then you wouldn't be lying.

And no, it is not more expense or complex to not collect data.
Show threadMeredith WhittakerAug 16, 2023

@woody @lobingera Oh hey Bill!

You know that there is NO comparison between Signal and Telegram when it comes to data collection, and claiming otherwise to score message board points is the kind of thing that misinforms people with less knowledge than you have.

You also know that there's a significant difference in complexity and computational expense between dumping everything plaintext in sql database and encrypting it rigorously, so I'm not sure why you're claiming otherwise.

Show threadBill Woodcock
@Mer__edith @lobingera

I was not the one who compared Signal to Telegram. You were.

My criticism was that you claimed not to collect data, when you do in fact collect phone numbers. This, when you're collecting and holding the data in a jurisdiction where you have no protection for the data, enables metadata collection by government, regardless of any peer-to-peer encryption of content. And metadata has always been the big issue.

Likewise, comparing encryption versus plain-text _for collected data_ is your straw-man, not mine. I compared collecting data to not collecting data.

Using phone numbers to "find friends" only works if you give code access to your address book, which is already a bad idea, compounded when that code can be configured to allow over-the-air updates.

And spam prevention, when new contacts have to be individually approved, has never been an issue in the real world.

Every last one of these issues was fully addressed in Jabber, with open standards and no centralization or data collection. Signal is, in every way save, arguably, some cryptographic specifics, a giant step backward from the state of the art. Just as Zoom and other proprietary walled gardens are.

If you wanted to advance the state of the art, rather than increasing walled gardens, you could be contributing to standards in the IETF, and implementing interoperable standards. Then you'd be receiving well-deserved accolades rather than well-deserved criticism.
Aug 17, 2023 at 6:58amWeb
Show threadDušan 🇷🇸⚛️Aug 18, 2023
@woody @lobingera @Mer__edith All fine and dandy, but here's a giant problem you're not talking about.

Number of my friends that use Signal: 20+
Number of my friends that use Jabber/XMPP: 0

Why?

People don't want to build their social graph all over again. Turns out Contacts are a quick, easy way to use the social graph all of us already have.

Signal is facing major engineering challenges and has to make giant trade-offs all without compromising E2EE which, unlike Telegram, is enabled by default and not touted as some "Secret chat" thing which automatically frames encryption as something nefarious.

Can Signal be improved? Of course it can! Usernames are a thing we've been asking for forever now.

Are you arguing in bad faith? I think so.

Using Signal is infinitely better for both Privacy & Security than using the more popular messaging apps like WhatsApp, Telegram or, God forbid, Messenger or Viber.

Again, close to zero of my friends have heard about Jabber/XMPP, a lot of them have heard about Signal.
Show threadBill WoodcockAug 18, 2023
@me @lobingera @Mer__edith

You're really asserting that your friends have phone numbers, which you and they don't mind sharing with the USG, but they _don't have email addresses_ or you _don't know their email addresses_?
Show threadDušan 🇷🇸⚛️Aug 21, 2023
@woody @lobingera @Mer__edith Signal doesn't store the actual phone numbers of your contacts, they hash them before uploading them to their servers. The only phone number they have is the one used for registration. This way they avoid accidentally leaking phone numbers of people not yet on Signal.

I have an email address, yes, so do my friends, but we don't share them amongst ourselves like we share phone numbers. Why would we? We already shared a unique identifier, we don't need another one that can't be used for calls.

You seem to have a fundamental misunderstanding of how people actually communicate. Some of them don't even have email addresses, but they do have a phone number.

As far as me being comfortable with the USG having my phone number, they already do, you'd be surprised how many telecom companies sell your phone number to advertisers and there's not much you can do about it other than complain.
Show threadBill WoodcockAug 21, 2023
@me @lobingera

Your priorities appear to be fundamentally different than mine. I am not an evangelist, so please feel free to live your life according to your priorities. I do not have any interest in trying to convince you to adopt mine.
Show threadDušan 🇷🇸⚛️Aug 21, 2023
@woody @lobingera Neither do I, but implying Signal isn't better for privacy and security than Telegram is disingenuous. The fact that it may not be good enough for *your* use case is down to your own preferences only.
Show threadBill WoodcockAug 22, 2023
@me @lobingera Again, if you think that's what I said, you weren't paying attention to what you read. It seems like you have an axe to grind, and I'm clearly not your audience.