Mastodawn

Finally got rid of telegram, congratulations to me

https://sh.itjust.works/post/15797275

Finally got rid of telegram, congratulations to me - sh.itjust.works

It was a many months transition, and it’s finally done Fun thing, you can actually make a backup of all* your messages, groups, contacts, etc. So before leaving you can have all of your data in case you need that one contact or something The final red flag was as that allegedly Russian authorities were messing with people’s deleted messages. Not for the first time there are news that they could read, modify, delete, see location, and etc. Screw it, this is unsafe, I’m out. Also, these days telegram is really at the state of a pile of garbage, bloated, buggy, and shady messenger.

mipadaitu Mar 6, 2024

Deleted the app and account recently as well. I’m hoping that having the account deleted means that people don’t try to use it to message me there.

kyle Mar 6, 2024

People who had you listed will just see “Deleted Account” instead of your name, and a little ghost as your avatar.

They will still see your chat history though.

LWD Mar 6, 2024

What happened with Telegram? I’m unfamiliar with those particular rumors.

… But also definitely not a fan of it in general. Their app has had terrible encryption (when it’s even used) for a long time.

BearOfaTime Mar 6, 2024

There have been rumors from its start. I have no idea of their validity. Like anything, it’s hard to find the truth.

As for its encryption, while I dislike it’s not open source, and it’s deserving of some criticism, there have been no reported cracks of it that I’m aware.

That said, it seems to store your public key on the server (though I’m not sure of this), which is not ideal, for sure.

ricecake Mar 6, 2024

What the issue with them storing the public key?

Aside from not storing anything you don’t absolutely need to store, there shouldn’t be an issue there.

BearOfaTime Mar 7, 2024

Typo

LWD Mar 6, 2024

The “no reported cracks” thing is a red herring. You can make an intentionally broken cryptography system and claim it’s unbroken too.

And even if it was sound, it doesn’t really matter because the messages are decrypted by the server for all desktop and group chats, and probably most one-on-one chats too.

Natanael Mar 7, 2024

There has been multiple breaks, like the good old 2^64 bruteforce attack when they used too short session identifiers, malleability issues that could let the server/hackers change your messages, reordering attacks, etc.

SnokenKeekaGuard Mar 6, 2024

Honestly, signal is the only thing I would ideally use. But whatsapp is still a better second messenger than telegram.

kratoz29 Mar 6, 2024

But whatsapp is still a better second messenger than telegram.

You didn’t mean that.

SnokenKeekaGuard Mar 6, 2024

I’m sorry. It might be meta owned, but its metadata theyre stealing. I still trust the e2e encryption. Naively perhaps

Vilian Mar 6, 2024

telegram e2e encryption is open-source, whatsapp not

Anamana Mar 6, 2024

Almost no one uses telegram e2e, because it’s not mandatory

pipariturbiini Mar 6, 2024

Also Telegram’s E2EE chats don’t work on desktop apparently, and you are not able to see message contents in the notification (which is a plus or minus depending on you)

Asked a friend earlier today if we could use secret chat. He declined because he mostly chats on desktop, and apparently wants to see messages from notifications while driving.

Anamana Mar 7, 2024

Jep, all of this is true. I have two chats with some people because of that.

Also you can’t search for words within e2e chats, which is a pain in the ass sometimes.

Natanael Mar 7, 2024

Whatsapp is built on the Signal E2EE protocol, Telegram has a terrible homebrew encryption protocol with a ton of weirdness and it has had a long history of weaknesses which they lied aggressively about

InternetCitizen2 Mar 6, 2024

Unpopular but true take.

Gooey0210 Mar 6, 2024

I didn’t use WhatsApp for the last like 3 years already

I have already got rid of the Sim card, but want to setup some sip Sim cards at home for package delivery and work

So like, using WhatsApp is pretty pointless at this point

billbasher Mar 6, 2024

I miss Wikr

Kiryu Mar 6, 2024

Why did Telegram get so popular in the privacy scene compared to Signal in the first place? To my knowledge Signal came out first and never had a history of breaches or leaks.

Quintus Mar 6, 2024

I can’t speak for the privacy scene but in my country it’s pretty popular merely because of anonimity (which boils down to not having to use a phone number) and Discord-like server/groups. For porn and other NSFW content, it is pretty popular.

Kiryu Mar 6, 2024

Ah I did not know Signal required a phone number compared to Telegram not requiring one. Thanks.

Matt Mar 6, 2024

Telegram still requires a phone number to sign up, but they have had usernames that can be used to contact people without needing their phone number. Signal is only now finally rolling out usernames.

shadycomposer Mar 6, 2024

And they still want your phone number.

agent_flounder Mar 6, 2024

At least they have usernames now…

Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private

We tested the end-to-end encrypted messenger’s new feature aimed at addressing critics’ most persistent complaint. Here’s how it works.

WIRED

Scolding7300 Mar 6, 2024

An update just got released. Still requires a phone number for registration but you can now share your username with others to chat (instead of them needing your phone number)

Gooey0210 Mar 6, 2024

Telegram came out a year earlier in that signal, and because immediately popular amongst young people and drug dealers in Russia

catculation Mar 6, 2024

Telegram got its popularity because of piracy and having your chats on cloud. It was never intended to give privacy to user but due to WhatsApp breaches they started promoting telegram as a secured chat app which is a toatal joke till this day.

rdri Mar 6, 2024

Maybe because it offers public chats and channels? Something other apps lack.

KyuubiNoKitsune Mar 7, 2024

Honestly, UI and PC client experience.

I find the UI in signal a bit off putting. Telegram grabs you with their funky stickers, clean UI and dumb features. I alps hate that Signal won’t bother copying the messages to a new client… Like, I have a 1Gbps connection, surely we can copy my chat histories from my phone to my PC? Nope, gotta start fresh on every new client…

If they did less dumb shit like adding statuses, and put some more effort into making the UI nice, more people would use it.

And I get these are dumb reasons, but they’re real none the less

Scirocco Mar 7, 2024

I think Signal shot themselves squarely in the dick by removing SMS functionality.

Previously, you could use Signal as the primary SMS/messenger app. Any conversations with other Signal clients secure. Conversations in SMS/MMS? Marked as not-secure.

But, out of some purity concerns, SMS functionality was removed and the dev team focused on adding useless shit like “stickers” and then the pin-code harassment.

Signal adoption plummeted as intended (?)

ccx Mar 7, 2024

Honestly it was mostly a Discord competitor if anything. One with FOSS clients for desktop and Android.

The private chat is baseline implementation just to tick a box rather than anything practically useful.

Natanael Mar 7, 2024

By lying aggressively.

Lying about being the first phone app with E2EE (they’re not even close, by over a decade if we count J2ME apps) because Signal was called TextSecure back when telegram didn’t even exist yet. Lying about their protocol, lying about their backup system (if you’re using group chats or regular chats which are backed up they are visible to the admins and any other claim is a lie), bullshit propaganda against Signal, etc…

Oh and by the way, Signal has now finally launched usernames, so you don’t have to share your phone number to use it anymore.

EngineerGaming Mar 7, 2024

I assumed the popularity was not in the privacy scene, but rather in general population, just because of usability. It is just a more usable alternative to Whatsapp or VKontakte. It is pretty much the default messaging platform for young people like Whatsapp is for older ones.

PotatoesFall Mar 7, 2024

in some circles yeah.

In Germany it actually became famous because it allowed for huge groups and it’s where covid misinformation breeding grounds took off. People thought you were a nutjob if you had telegram lol.

Which, while that is the dumbest reason to reject a chat app, at least meant that Signal was able to get more popular with uhhh smarter folks.

southsamurai Mar 7, 2024

Telegram, while often hyped as high privacy/security got popular because it was/is fully featured and isn’t Google or Facebook. That’s it

It’s less invasive, less annoying, and can do all the stuff like gifs and stickers. So it was very easy to get people onto compared to pretty much anything that was actually private or secure.

Once enough people started using it, it snowballed into its own monolith of bloat.

LWD Mar 7, 2024

It was also very fast and transparent – not a lot of stuff separating somebody from the other people in their conversations, which was pretty solid even compared to other messaging apps of its day. Most people didn’t feel the need to fact-check its privacy and security claims because it worked good enough for them!

Wahots Mar 7, 2024

It’s popular with furries because of sticker support. Furries are an anchor population for the larger world of IT/etc. It was never really about privacy, or signal would have taken off.

spaduf Mar 7, 2024

I think the big reason that nobody’s mentioned yet is simply that they were earlier. Back when projects like Tox and Matrix were first starting to pop up, telegram was already fully formed. Signal didn’t come till several years later.

BearOfaTime Mar 6, 2024

The final red flag was as that allegedly Russian authorities were messing with people’s deleted messages.

I don’t know about “Russian authorities”, but the fact remains that if you can login anywhere and see your messages, then your public key is stored in the server.

Since Telegram requires authorization from an extant connection, I don’t know if that means your public key isn’t stored in the ver and it’s being sent from the authorizing device, or if that device is merely authorizing the Telegram servers to transmit that key to the new device.

Since they have a full e2e chat feature (Private Chats), I’m going to assume the latter.

So anyone who can get those keys can gain access to your chats.

I still say Telegram is far superior to anything from Fuckbook/Meta, because it’s not integrated into everying you do (even those of us who’ve never once been on Facebook, and yet have ghost profiles), not to mention the Facebook app integrated into Android on many vendor phones.

Even so, know Telegram for what it is - not ideal, just better than WhatsApp, and a step along the path to moving to more secure and privacy-respecting apps.l

Gooey0210 Mar 6, 2024

Comparing telegram to WhatsApp is something really 2015 😅

Now we have many alternatives, and let’s just switch, fb and telegram both suck compared to signal, simplex, session, or even matrix (wait for the new matrix’ update where they add some new encryption stuff)

Vilian Mar 6, 2024

i use telegram, but i agree that signal and matrix is superior from both(i don’t about the others)

Synnr Mar 7, 2024

Session was at first a fork of Signal without usernames.

Now by design it uses their own custom tor-like service (instead of just… using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.

I wouldn’t touch it with a 12ft ladder.

LWD Mar 7, 2024

Between forking Signal to make their desktop and mobile clients, and forking Monero to make their cryptocurrency…

… What are the chances their Tor-like product isn’t a fork of something else too, that was done better elsewhere (in addition to, you know… Tor).

Synnr Mar 7, 2024

Session does use the Oxen network which is the renamed Lokinet, unless they made a change I’m wholly unaware of.

LWD Mar 8, 2024

I must have been thinking of their past implementations. Their FAQ says things were different:

Proxy routing was an interim routing solution which Session used at launch while we worked to implement onion requests. When proxy routing was in use, instead of connecting directly to an Oxen Service Node to send or receive messages, Session clients connected to a service node which then connects to a second service node on behalf of the Session client… The proxy routing system has now been replaced by onion requests.

It was even less clear to me because this is what it says in the app itself:

Session hides your IP by bouncing your messages through several Service Nodes in Session’s decentralized network.

Not “the Oxen network” but “Session’s network.”

And then it has a graph of

• You

• Entry Node

• Service Node

• Service Node

• Destination

Synnr Mar 8, 2024

You’re not wrong. Lokinet and Session are both products from the same parent company. Lokinet was renamed to the Oxen protocol, and they run all the servers AFAIK, so it would be like tor, if tor ran every guard, entry, and exit node. AKA worthless. So you’re spot on, it’s a joy to the intelligence community and after the Encrochat debacle and Session stopped using Signal’s encryption algorithms and code, I would suggest no one use it for anything sensitive.

bleistift2 Mar 6, 2024

then your public key is stored in the server

Did you mean private key?

Synnr Mar 7, 2024

I automatically read it as private key, good catch

Cătă 🇷🇴🇺🇦🇲🇩🇪🇺Mar 7, 2024

@BearOfaTime Secret chats are tied to a specific device afaik tho.

Edit: yes!

Secret chats are meant for people who want more secrecy than the average fella. All messages in secret chats use end-to-end encryption. This means only you and the recipient can read those messages — nobody else can decipher them, including us here at Telegram (more on this here). On top of this, Messages cannot be forwarded from secret chats. And when you delete messages on your side of the conversation, the app on the other side of the secret chat will be ordered to delete them as well.

You can order your messages, photos, videos and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then disappear from both your and your friend's devices.

All secret chats in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret chat from their device of origin. They are safe for as long as your device is safe in your pocket.

(from their FAQ)

Telegram FAQ

This FAQ provides answers to basic questions about Telegram. Check out our Advanced FAQ for more technical information.…

Telegram

progettarsi Mar 6, 2024

tg premium user here, WTF? i tought telegram was privacy respectfull and pretty secure, what changed/happened? that’s not the first post i saw abt It. also, any alternatives? with almost same features and as many channels/groups as telegram ofc like don’t suggest me signal or Matrix nobody Is on that platforms…

EDIT: lmao people Just downvoted me for asking… what a world

LWD Mar 6, 2024

Telegram hasn’t been secure since basically day 1. IIRC it went something like

Security experts: Never roll your own cryptography.
Telegram: We rolled our own cryptography!
Security experts: Don’t. And it’s broken.
Telegram: uhhhh… We fixed it.
Security experts: It still looks really bad. Stop doing that. Telegram: says nothing

Operational Telegram - thaddeus t. grugq - Medium

Telegram, the encrypted messaging app loved by terrorists, has been in the news lately. Terrorists have long used existing commercial and public communications infrastructure to send commands and…

Medium

myplacedk Mar 7, 2024

Security is a spectrum. Telegram has never been the most secure alternative, but that doesn’t mean it doesn’t have any security.

LWD Mar 7, 2024

From my first link

The safest way to use Telegram would be not to. However, if you have no other choice, the best approach would be to use a clean burner phone to communicate with another clean burner phone. Change them regularly.

…

In short, for better protection, use anything else.

nivellian Mar 7, 2024

Telegram is still the best alternative despite whatever some russia-phobics in this comment section fantasize about. Anything only remotely russia related raises maximum skepticism and paranoia, like seriously wtf. Telegram is better than whatsapp in e.g.features, and more popular than element or signal so anyhow is the best all around messaging app at the moment.

Gooey0210 Mar 7, 2024

Dude, are you even Russian yourself to claim this?

As a Russian person, Russian oppositionist, and formerly a drug dealer, I can say that you wouldn’t use telegram for anything that needs security, since like the start of tg

Just come to Russia, register with your name two Sim cards, create telegram accounts, and message yourself that you want to blow up Kremlin. You will have FSB standing behind your door very shortly

For the very brave, no VPN, no secret chats, see ya

nivellian Mar 9, 2024

Hi there, tbh I forgot what my comment was before I deleted it. You probably just answered yourself in this post :)

But yeah for security I don’t prefer Telegram or any Android app and I use Telegram the most on Android because I like the way it is. No Secret Chat really, you sure about that lol

FunnyFondue576 Mar 6, 2024

Good for you. I’m still don’t know how to move my friends and relatives to Signal. Any tips with that?

Tywèle [she|her]Mar 6, 2024

One day I said that in the future I will only be available via Signal. If not there then there is still SMS. And so far everyone I have contact with regularly installed it eventually.

youmaynotknow Mar 6, 2024

That’s exactly right.