Their default mode is not end-to-end encrypted  and as such the product is less private than WhatsApp. Even tech-savvy users in my social circles are not aware of this and blindly recommend Telegram as the more private option.
When talking about privacy these articles should at least mention Signal. I hope they will use their recent funding  to polish their apps and increase the speed of innovation.
I keep repeating this often, but Signal is not a user friendly platform for average users. It is good for ephemeral chats and conversations that one wouldn't care about later. Signal actively blocks chats from being backed up (and restored) on iOS. So if you switch to a new device, you'd have to start afresh without any chat histories and also join all the groups once again. The fact that this issue was opened a long time ago on GitHub and responded to by saying it's a security issue to allow backups shows what audience Signal is focusing on (investigative journalists, dissidents and activists who use burner devices and don't need any traces of chats to linger around).
Telegram, on the other hand (even with the not-end-to-end-encrypted default), makes for easy moves between devices (supporting chat syncing across OSes and devices) and to newer devices, with every chat showing information shared as links, photos, etc., and very easy to get back to. Of course, since the chats are not stored encrypted on its servers, search is also blazingly fast.
One deficiency with Telegram is that the end-to-end encrypted chats ("secret chats") are tied to phones and can't be initiated from other devices or seen from other devices. Those also don't carry over to a new device. There is no technical reason for this, because Wire (which in my opinion is a better alternative to Signal and easier to sell others on) handles end-to-end encryption with syncing across devices.
I don't think that's true. Signal's backups require you to copy a file from your old phone to your new phone's storage. It's possible on Android to mount your phone's filesystem on a PC. IIRC, Apple is the one that doesn't make that easy on iOS, not Signal.
It sounds like Signal is explicitly marking its data in this fashion on iOS. I don't know if Android has any options like this for securing data, I'd expect Signal to utilize those options if they were available.
See  and  that I linked in another comment here and check on backups explicitly being denied on iOS. This has nothing to do with Apple, and everything to do with the Signal team not willing to make it user friendly (for this case).
They apparently have an open issue for this (though it looks like it's locked to prevent people from endlessly complaining in their bug tracker).
It also sounds like they have a branch where they're working on this feature:
> This has nothing to do with Apple, and everything to do with the Signal team not willing to make it user friendly (for this case).
I'd be interested to know the precise reason they have for not implementing this. You seem to have a pretty negative opinion of Signal, but I doubt they've avoided implementing backups on iOS just because they're "not willing to make it user friendly" (which is really uncharitable take, btw). Perhaps there's some nuance to iOS that makes backups far more difficult to implement than on Android while providing the same security guarantees.
I have a negative opinion of Signal because they have not dealt with this for years and have been stubborn on that point. Please read the comments on the link I have given and also look at issues they have closed on the same topic. Their responses on the issue tracker don’t look user friendly. So I go with what I’ve seen (which is available for you to examine and make your own inferences too).
For a very long time, I’ve wanted to recommend Signal to others (I still use it, but not for anything that I’d want to save for longer). But this particular issue, introduced and imposed by the Signal team, is a deal breaker. Which average user would want to rejoin all groups or lose all chat history because they bought a new iPhone? If this self-imposed issue is not an example of being user unfriendly, then what is?
Why? It's their time and I doubt you're their boss.
> But this particular issue, introduced and imposed by the Signal team, is a deal breaker.
It seems like you just fundamentally disagree with their priorities, which is kind of a poor reason for having a negative opinion of them. It seems like they want to create the maximally secure yet reasonably usable chat app, and you want a maximally convenient yet reasonably secure chat app.
IMHO, Signal's priorities are far more unique and innovative, and that's why they have my support. Literally every other app out there decides to make the opposite trade offs.
If Signal wants to become more popular, then it should also look at what average users need right now (the deal breakers) when prioritizing requirements and features. As I said in another comment, Signal seems focused on investigative journalists, dissidents and activists. Nothing wrong with that at all, but it reflects poorly on people who comment on HN recommending that everybody should use Signal.
Yeah, because doing that is kinda toxic. It's the kind of behavior that makes open-source project maintainers burn out and quit their former labor-of-love, because they're sick being dragged down by all of the negativity from the internet peanut gallery.
This is especially true since it appears they may actually be addressing your iOS backup concerns, just not with the urgency you demand.
> As I said in another comment, Signal seems focused on investigative journalists, dissidents and activists. Nothing wrong with that at all, but it reflects poorly on people who comment on HN recommending that everybody should use Signal.
No, it doesn't reflect poorly on them at all.
That's not really true. Signal and WhatsApp are basically the same, and WhatsApp's massive popularity gives strong evidence for their user friendliness.
Recently, the main author of Conversations created a new version of his app called 'Quicksy'. Quicksy is still an XMPP client but with the ease of use other messangers deliver. For example, you don't have to choose a provider. Yet you still have features like federation available. So a perfect solution to invite others to join the XMPP world.
I'm a little confused by this path. What would make Quicksy users go to Conversations?
Actually, I don't think the primary reason for Quicksy is to increase the sales of the Conversations app. I think it is more about to get more people in contact with the XMPP ecosystem, without asking them to pay for an app like Conversations up front. After all, the ones who are doing XMPP nowadays are fighting for the cause and not for the cash.
It's secure, but it seems like a niche product targeting those who really care about security and aren't able to use iMessage.
Seems fair to me -- some people do want some archive of their conversations but the option to limit the storage duration of those conversations. Secret chat is a heavily promoted feature -- it's not some hidden mode just because it's not the deafult.
i downloaded all the history, put it into a markov chain library and now we have a bot that can generate random phrases (some, absurdly hilarious) based on our own conversations.
Me and a bunch of other people met online and talked about programming, hacking, etc. All of us were teenagers at the time. One of the people, who I considered a good friend, turned out to be this guy:
They found the logs of our IRC conversations over a period of 5 years and found a bunch of incriminating stuff (just teenagers shooting the shit, trashing people, and talking about hacking and stuff)
It's unpleasant to know a bunch of people read your private stuff.
TBH, the username is pretty similar
To the point that the major players mostly fail at doing it well enough to achieve a good UX.
WhatsApp doesn’t allow you to sync conversation history between devices, even though this is technically possible. It’s just hard, so they don’t do it. Instead, they require you to have a single device (e.g. your phone) acting as a secure conversation-history database, which other devices (e.g. your laptop) can then interact through WhatsApp “thin clients.”
iMessage manages to sync conversation history between devices while also being E2E-encrypted, but it’s the exception (and also unavailable to non-Apple users.)
Given that 1. it's owned by FB and 2. FB's plan is to move towards FB/Messenger/WhatsApp/Instagram grand messaging unification (in spite of them promising they would not) we can reasonably assume they won't keep E2E for long (because chat in the browser). Also, it's FB. Even if it's E2E, FB control the apps at both 'E's and I would not trust them with anything privacy related.
Edit: I'd also like to add that maybe we need to make a distinction between the notions of privacy and secrecy. Privacy as understood by the majority of people is a broader concept than what more technically inclined people associate with the matter. I believe that then Telegram's decisions and use case can become clearer.
I recall the anger is not about any trade off. It is that they rolled their own poor crypto instead of using battle-tested crypto. There’s no convenience factor or trade off here, they just literally did the thing the textbooks tell you not to do, and have ignored the industry’s calls to use strong crypto.
I come across this a lot about Telegram and while I do agree, I think there have been no reports so far about hacks in Telegram's service, and it's online since 2013 or so.
"Even worse, security doesn't provide immediate feedback. A dead patient on the operating table tells the doctor that maybe he doesn't understand brain surgery just because he read a book, but an insecure cryptosystem works just fine. It's not until someone takes the time to break it that the engineer might realize that he didn't do as good a job as he thought. Remember: Anyone can design a security system that he himself cannot break. Even the experts regularly get it wrong." -- Bruce Schneier
 - https://en.wikipedia.org/wiki/Viber#Market_share
 - https://techcrunch.com/2016/04/20/viber-defends-new-end-to-e...
India, Russia, and Brazil isn't the target market for people like Schneier. If you narrow the market to the US, Statista reports that Telegram has twice as many users in the US as Viber.
I'm from one of those countries where Viber is hugely popular (by far more popular than WhatsApp and Telegram), and I hate it with passion. Kind of like Telegram, its end-to-end encryption was also home-made last time I've checked, but at least it's turned on by default.
The fact that its default chats are not end-to-end encrypted and are stored in plaintext on its servers is a concern. Everyone who talks about this as a huge deficiency should also consider that this applies to email too, unless one always uses encryption (like GPG/PGP or S/MIME). Sharing personal photos and such may have shifted from emails and websites to chat platforms, but email is still a place where the most sensitive of information tends to be exchanged. That said, the UX of end-to-end email encryption in a federated and widespread way is not yet a solved problem (without kludges, like for example, hosting the encrypted email on a site and sending the link across if the email is sent to a user on another provider), whereas key end-to-end encryption on chat apps is a (mostly/completely?) solved problem.
"Concern"? This is a deal-breaker.
> Everyone who talks about this as a huge deficiency should also consider that this applies to email too, unless one always uses encryption (like GPG/PGP or S/MIME).
The contenders here are Signal and WhatsApp, not email.
Having better UX and safer defaults than email is nothing to be proud of - it is the bare minimum.
Anyone who finds themselves using email disagrees in practice. Plain text on the servers are no practical deal breaker to the vast majority of people, not even the majority of HNers.
> The contenders here are Signal and WhatsApp, not email.
This is the problem:
Stop recommending WhatsApp and we are a little closer.
Many of us can agree that Signal is probably more secure, even after the horrible bug they had in their desktop client not that long ago.
But WhatsApp is nothing but a metadata collection engine for Facebook.
I'm not too happy with the saying about not paying meaning you are the product, but in this case it fits perfectly:
1. Facebook buys WhatsApp, makes it free, promisese they can't combine it.
2. Turns out Facebook is too greedy to even pretend it wants to keep its promises, and goes on to update Terms Of Service, adding a default opt-in.
Can we stop recommending WhatsApp now?
Signal exists critical stuff.
For everything else, use something that works: Telegram, email, whatever, -even WhatsApp.
For me it's a concern, not a deal breaker. Whenever another app with end-to-end encryption comes close to Telegram on features, speed and UX, I'll switch to it completely. Currently Wire seems closest, but it still has quite a bit of catching up to do.
is it as safe as end-to-end? no. but the convenience is just too great.
I tried to use iMessage the other day and I'm extremely surprised that a product that is used that broadly in the US is that shitty. Downsides around sending voice messages (which I do frequently):
- You must hold the stupid button to record
- If you record and turn your phone, the recording button gets obviously relocated away from your thumb and the entire message is just discarded. Gone. How such a bug could escape Apple is beyond me.
- There is no way to scroll through a voice message. I send and receive 10 minute messages occasionally and if you interrupt the listening, you have to start all over again.
WhatsApp's UI is aweful compared to telegram. So if threema "isn't as perfect as WhatsApp", I'm a bit scared.
Personally I prefer text. Telegram’s voice message support is much better, but without fail when someone sends me one I end up listening to it 2-3+ times to make sure I heard/understood it correctly. Never have that problem with text.
Maybe it's also about language - easier to speak Mandarin than type or draw it on a touchscreen? I don't know.
I'd respect Telegram more if I had to pay for it from the start.
3.50€? Seriously, people use more on coffee.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." - Benjamin Franklin
Seriously, at least for westerners, if we cannot pay the same for a secure messaging app as for a coffee then we don't deserve secure messaging.
(That said, I'm in no position to say if this IM app is good or bad, just reflecting on the general idea.)
plus I don't really spend money on unnecessary things or pleasures, at least not regularly as your typical daily coffee drinker
Telegram has made very dubious privacy claims, but even if you trust the company, Signal has a far superior user experience. Telegram’s private messages are not enabled by default, and when you are using private messaging, numerous other features are disabled defeating the point.
No. It doesn't.
If you're going to advocate for an open alternative, at least be intellectually honest about it's pros/cons. You might have gotten used to Signal, and be unfamiliar with Telegram (and sure, much of usability has an element of subjectivity to it), but... the above statement simply isn't true in the general sense.
Personally, I tend to try and advocate for Riot.im over Signal when trying to push friends to an alternative platform—it's preferable from an openness perspective for a lot of reasons. I am however well aware that Signal (along with most things) has a better user experience than Riot.im does currently.
Telegram and WhatsApp are quite close in usability (they've each copied quite a few UI features back and forth, so there's a lot of familiarity in switching). And unfortunately not many alternatives really come close to either of them.
- Doesn't go in to system tray (unless you fiddle with command line arguments).
- can't search messages
- overall unpolished (e.g. saving a file has no "show in folder" option afterwards)
I use Signal and Telegram both - it's clear to me that Telegram provides the better user experience. I like Signal from the privacy standpoint though.
If you're using Android then I think that Signal is kind of a no-brainer to use because it doubles as your SMS client, so if a contact is a Signal user you get the privacy you want, but if they aren't at least you can still text them.
This was really jarring for me the first time I used Signal Desktop on Windows. I clicked on the close button and then realized that the app had terminated instead of minimizing to the tray (as such apps would be expected by many users to behave).
Thanks, I didn't know about command line arguments for that. I'll check it out.
Than edit the target to add the argument:
This is huge to me. I spend a large portion of my day in front of computers, so messaging services that take the desktop seriously are much more likely to catch my attention.
It doesn't always deliver messages, and it more frequently doesn't deliver them in a timely fashion.
In my experience, Signal delays delivery of messages about 5% of the time -- which is actually huge and makes it unusable for reliable chats.
The story which made me never trust Signal again: I was out of town and trying to coordinate with a backup pet sitter, because my original pet sitter became unavailable. I sent them a message via Signal (their preferred chat), heard nothing for a day, and started frantically calling around to everyone I knew who had a key to my place to please take care of a pet.
Several days later, I got a reply from them..."Hey, I just got this. Did you need me to take care of your pet?"
Over the course of several months of regular chatting with my then-significant otter, I also noticed once or twice in every two week period we'd have a half-day delay on messages...just...silence from one of us or the other, followed by, "Where were you? I texted you hours ago." from one or the other of us.
I know not everyone has these problems with Signal, but I've also seen enough other people on here alone complain about this that I know it's not just my hardware or network setup (this was across both Android and IOS devices).
For that alone, I will try to deflect away from Signal for anyone who's got any other chat methods set up.
Telegram, on the other hand, has been absolutely reliable, both in regular and secure chats. Never a lost message, never a delayed message.
Same for Whatsapp.
Signal also has the worst UI of all of them, and it comes down to all the polish that free software almost always lacks. On Signal on Android, you can select different colored themes (I like night mode for everything); on IOS, you're stuck with white. The chat bubbles are very plain on Signal, on Telegram they're a little fancier. You can set a chat background on Telegram; Signal, it's a plain white chat. Telegram? You can add sticker packs and use stickers in chats. No stickers in Signal. Attaching photos is cruder in Signal. Group chats are weirder in Signal.
If the visual flair doesn't matter to you, then fine, I get it, you don't need to tell me it's not important -- it's important to me.
And one more thing that isn't really 100% Signal's fault but absolutely drove me mad when I used it on Android as a replacement to the default SMS app: there's no real way to know when someone sets up Signal and then uninstalls it, and Signal defaults to sending secure messages every time. So, there were a few people I'd text who, I'd send them a text (which Signal sent over its own network), hear nothing for a few hours, then remember that they were one of the people who had uninstalled Signal, and I'd resend the message via non-encrypted SMS and receive an instant reply.
No way to tell Signal, "never send to these people via Signal, only use SMS with these people," which adds a tremendous friction to a chat app that really shouldn't be there. Not 100% Signal's fault (those people arguably should be "deregistering" from Signal) but absolutely within their ability to build a fix for it.
> Same for Whatsapp.
what's disturbing to me (from a relatively naive perspective -- I'm familiar with terms like PSTN and MVNO and the general system, but I havn't worked in telecom): you've described what would be exactly how a nation state would kill a superior and more secure messaging app. Compel telcos to drop/delay GCM of websocket/GCM push notifications for a small minority of device IDs, so that the userbase rotted away...
There've been several state actors that have done this to both Telegram and Signal already -- both of these apps employ different ways of avoiding it but this is already one of the arms races in the world of secure chats.
FWIW, my problems with Signal losing/delaying messages are all US-based, which AFAIK has never been accused of doing any sort of state-level firewalling of secure chat apps.
And besides, if I were a state actor and I wanted to sink a program like Signal through such subversive means, I'd probably have someone start contributing to the project, and then start arguing in favor of bad UX choices; make it harder to use, not just unreliable, in favor of "security". Push it out of the realm of what a normal user could conceivably make use of.
That's the kind of long con I'd play -- play on techies' love of doing things on principle and for theoretical purposes, and general disinterest in UX.
Signal is white (and no night mode on IOS), the bubbles are undecorated rounded rectangles, there's no background and no option to set one, no stickers, no option to set disappearing messages on the fly, no indicator of when the person was last online. It looks plain.
Telegram has a night mode, options to set background colors, chat messages. It doesn't look plain.
As I've said, if you don't care whether something looks plain, then that is absolutely great and entirely up to you. Lots of people don't care about lots of things and there's really nothing wrong with that.
I like my apps to look nice (and I can, within broad strokes, define what "looks nice" is) and I know this isn't a unique position I occupy.
In Settings, there's a moon in the top right which toggles light/dark modes. This is v184.108.40.206 but the release notes list dark mode as appearing in v2.30.2 which is about 4 months ago.
And you said it perfectly -- it's easier on the eyes, and I don't think it's one single thing, but several little touches.
Reliability trumps security for near 100% of usecases.
As a side note: We switched form slack to teams which has features no end but chat is't reliable as well.
I'm using https://silence.im/ - A Signal fork - instead of Signal for this exact reason.
I agree with the SMS replacement for Android and uninstalling causing woes trying to send secure messages, have been bitten by that one on several occasions. Thankfully most people I talk to have multiple apps installed.
Also, apart from what I mentioned above, I've also found out that with Signal it's very hard to transfer your chat history to another phone. (involves manually copying over a backup, entering 30 char key). I can't in good conscience recommend an app like that as a replacement to anyone, so I guess my Signal experiment will be short-lived.
Obviously my experience probably doesn't reflect everyone's, so hopefully whatever stability issues others are experiencing can be resolved soon, but from my own perspective having it on-by-default would be pretty seamless at the moment.
So, it's getting close...
Open Whisper Systems is a company that uses "open-source" as a marketing term while bullying the people who choose to take advantage of it.
You can build your own client, but if you start to distribute it, they'll ban you from using their servers, with an explanation plain ridiculous for a company that took thousands of dollars from various open source foundations. The server is open source, but again, you have no guarantee that the official (and only) signal server is anything close to the software they published as open source.
Telegram at least publishes libraries that you can actually use with their official service . You still have to „trust the company” to a certain degree: you'll never get proper security without something like Matrix or XMPP where you can be in control over both ends of the communication. Still, a company like OWS or Telegram can do more or less to put users more in control over their end: and I'd argue that OWS is doing way less for that than Telegram does.
EDIT: removed "dishonest" – I wish I had strikethrough to use :)
The internet is full of half-baked "secure" and "private" chat clients and servers. Security is hard to get right. I'm guessing they don't want the reputation of Signal muddled up with some other random client. IIUC anyone can run their own network, and make it as open as they like, using their code, they just can't call it Signal. Much like how Firefox and RedHat use their trademarks.
For all we know, both the Signal network and its client are a half-baked "secure" and "private" chat, and the source code they publish is an elaborate decoy (though probably a subset of the real underlying code, for obvious reasons).
That's a valid question which used to bug me about open source projects. But apparently they finally figured out that the output of the source needs to be deterministic and match the binaries they ship. This property is called "reproducible builds". Signal claims to have them (modulo some third party libraries), though I haven't personally verified it: https://signal.org/blog/reproducible-android/
Honestly though, trust boils down to trusting people. I trust Signal because I trust Moxie, and I trust Moxie because of his reputation among the prominent security experts publicly active on the internet, at least the ones that I find convincing. As a security layman, that's the best I can do.
Your "problem" wouldn't be solved by allowing third-party clients. You still don't know what the server source is.
I don't think I'm the only one though, at least to a degree. When the only thing you allow your users is to read the source code, you are technically open-source, but it's the kind of openness that doesn't guarantee anything. More and more often companies use the term "Open source software" because they know that people will walk around the internet and say "it's safe and secure: after all, it's open source!"
OWS is aware of this, which is especially valuable when you brag about privacy as a communications network, but they deliberately chose to limit what you can do with said "open source" – to a degree that's quite ridiculous for a company that calls themselves "Open (...) Systems" :)
You're mixing up rights to the software with rights to Signal's name and infrastructure.
Seriously though, Signal's UI is pretty terrible and they go out of their way to discourage third party clients. It's fine as a replacement for SMS (the way I use it) but if you're used to more fully featured web messengers it's a pretty big leap backwards.
For a while they didn't have support for front-facing cameras, but that was added some time in the last year. Only other problem I've had is that on some Android phones the "voicemail" feature (or w/e it's called) wasn't working well, but not sure if it's still a thing.
Frankly 90% of my frustrations with Signal come from this client, the experience on mobile is better, although still far from perfect. I'm not a fan of pure web clients but web.whatsapp.com is lightyears ahead of Signal's electron bloated and under-featured mess.
The Android client crops the image when I take a picture through the app. No other application does that so I don't really know why it does it. I suspect it's a bug or maybe a bad setting I flipped by mistake but I can't figure out what's going on.
As far as I can tell when you get a new phone the only way to synchronize message history is to create a local backup on one phone, write down the ~24 digit passphrase, transfer the backup by yourself on the new phone then load it from there. If there's a simpler way I haven't found it.
Also I don't think you can move your "secret key" to the new phone, so you have to re-validate your safety number with them. Maybe there's a way to do all that but if I as a technical user wasn't able to figure it out while actively looking for it I have little hope for the average Facebooker.
There's also no support for WhatsApp-style stickers, URL preview, Youtube embedding and all these bells and whistles that I personally don't care for but I'm sure would be missed by many WhatsApp/messenger users.
You're lucky in this case to be on Android. On iOS, Signal blocks any kind of data backups (both on iTunes or on iCloud).  So a new iPhone means starting with no chat histories at all. This was requested a long, long time ago (late 2015) and denied stating security as the reason. 
But they've been steadily adding features to both. URL previews were recently added, for instance.
Also, I never take pictures in-app, but I just tried it and I can't reproduce your problem with the Android client: there is no cropping on my phone. Maybe an issue with your phone?
It's possible of course but this is a fully updated Nokia 6.1 (running stock Android One) and all other apps work without a hitch. So it's either a setting I flipped somewhere in Signal and I can't find (arguably a symptom of a bad UI), a bug in Signal or a bug in my phone only triggered by Signal.
I think Telegram still has a better user experience.
Also, the Telegram experience is simply stellar throughout, performing brilliantly even under harsh network conditions. Signal just offers an insanely bad user experience.
I don't agree with the claim that Signal has superior UX over Telegram, but it's definitely not insanely bad either. It has some rough edges, and it's desktop client is not that fully featured and doesn't look that great, but otherwise it's a perfectly fine app that my mother can use without problems and without specific instructions.
That's leagues above, say, Riot, or IRC, and I feel that "insanely bad UX" really paints the wrong picture.
Of course Signal's server implementation is still closed but something like Matrix/Riot is too much to ask from "normal people" (like my mother and father who I got onto Singal with ease...).
One is named "Telegram" and one is "Telegram for Desktop" and they have exactly the same icon, but different sets of features.
edit: I was wrong, neither of the two is Electron, see below
Telegram is https://github.com/overtake/TelegramSwift (Swift, Core* libraries)
Both are native.
so... native. I'm glad everyone agrees then.
No. You're missing the bit where "native" means different things in different contexts; for code it means that the code ends up being compiled for the architecture it's running on, but for UI it means that you're using the platform APIs and following system conventions, which Telegram does not.
Lately, IIRC, they have made huge chunks of their core app available as a library to simplify the creation of more clients.
I disagree. It's no harder to grasp than email:
- You go to a website and create an account
- Your share your address with others and they can send mail to you
- Given someone's address, you can send mail to them
I have my (quite technologically challenged) wife using it on mobile and desktop quite happily.
Why? I think Telegram is cool, not because of privacy but because of overall UX (speed, battery usage, reliability, etc.) Is Signal way superior in anything apart from privacy?
It is open source in the sense that you can read the source of the project, but can't really build it and use it for yourselves or verify the build you get via the App Store is the same as open source project. Practically open source as a marketing strategy.
Secondly, it needs a phone number all the time to use, which ties in with personal identity. Why? A better alternative would be a project that allows someone to choose a username and be done with it! Like HN!
The true danger of security is the false sense of it. It makes you feel okay to share personal and sensitive information. ️
I'd love for the Mattix project and riot.im to take off. Hopefully the government of France can throw its weight behind it for good causes.
Thousand times this! And it is actually a problem both with Signal and Telegram. In the latter case, I managed to avoid installing Telegram app on the phone, by using Android emulator and registering from that, but why forcing users to use such workarounds, instead of simply allowing to register without any ties to the telephone. I'd be willing to pay for a messenger which provides privacy and is not tied to the phone.
My love for the word "dubious" cannot be overstated. While there's been a lot of solidly-seeming (I am not a security researcher) criticism of TG security infrastructure, I don't recall a single instance of chats or metadata being actually compromised so far.
> Signal has a far superior user experience.
Not in this Universe, unfortunately. Signal is borderline unusable, and if I have the choice of pushing Signal vs pushing Telegram, I'll choose the latter - simply because it provides a much much better experience and will be able to retain the audience to a better degree, while people who install Signal will probably go back to Whatsapp/Messenger.
> When you are using private messaging, numerous other features are disabled defeating the point
Such as? The only feature that comes to mind is the absence of sync to other devices (which is kinda expected). Basically all one-on-one chat features are retained in Telegram's secret chats, and keep in mind that Signal doesn't offer these features to begin with.
Telegram delivers messages quickly. Signal...it's anyone's guess whether messages will be delivered or not and how long it may take. Many a times it can be quite slow.
Since Telegram is multi-device (including a web client), activating it on another device is quick. You either get the verification code by a push message on your current client or get an SMS. This happens within a few seconds (for push messages) and within a minute for SMS. Signal is quite flakey, and its verification code SMS may never arrive.
Telegram syncs chats across devices and anytime you switch to a new device and activate it, all your previous chats and groups and channel subscriptions are available on the new device immediately. Signal (this is specific to iOS) prevents backing up chats on iTunes and iCloud. So if you get a new iPhone, then you have to start afresh with no older chat history and have to rejoin groups again.
Telegram has many other features, of which a few are listed below (none of these are on Signal):
* You can set a username and share a https://t.me/<username> link to someone else to get in touch with you, without revealing your phone number to that person. In groups, if there are people who aren't in your contacts list, you would never see their phone number. In Signal, the phone number is shown everywhere, just like on WhatsApp. You cannot hide it from strangers.
* You can @mention people in chats using the username and they get appropriate notifications about the mention, taking them to that message.
* You can edit sent messages for a while (you don't have to send additional messages to correct typos).
* You can start anonymous polls (currently only from phones) in the chats and get responses.
* You can use bots for many different purposes.
* You can create broadcast "channels" that people subscribe to.
* In group chats, the administrators can decide if new members can see all messages from the time the group was started or only the recent 100 messages.
Edit: ok I launched Signal which was installed on my phone since forever but never saw any active use, and I must say I remember it to be much worse than it actually is. Either it's seen a lot of improvement, or my initial experience frustrated me away.
Still, this doesn't invalidate my question as of which other features are missing from TG secret chats; being an active Telegram user I can't put my finger on any.
I think it is pretty self-explanatory that in all these countries, governments haven't been exactly subtle when it comes to their efforts to intercept communications. In my mind, Telegram is the only software that resisted such interference in an almost heroic way and ended up having to move out of the country.
no, it's not. it was created by a russian (pavel durov) but it's developed by a company registered in london with servers all over the world
With Signal you have to use a cellphone. And that's so unsafe and against any reasonable definition of privacy.
Cellphones are tightly closed, data hungry, tracking devices. A IM that force the user to use a cellphone is a BAD at privacy.
Signal doesn't offer Groups, so it's not something people will switch to. (Signal has Group Chats however, which is something completely different)
I don't know if it is different in other markets but this seems to be common in my circles.
Oh, and BTW: The security situation around Telegram continues to confuse me so I'm personally only recommending it for postcard-style messaging.
That's simply not true. People using it for group chat is a much more recent turn of events.
Signal has no bots.  is terrible to use, since you need a new phone number for every new bot you make. (Of course you could all cram it into a single number)
With Telegram you need a phone number to sign-in and then you can forget about it, and use it just on desktop/laptop. You can set a password as a 2 factor authentication (1st: sms or code to another telegram client 2nd: password).
Bullcrap. Signal works fine on data alone. I have Tasker automatically turn on airplane mode when I'm on WiFi and it's never caused me to miss a Signal message.
It seems it's more important to kids today to have stickers and all kind of fancy useless crap. So yeah, it is "borderline unusable" for them. I get this and I don't care.
I guess we have a way to filter out a certain audience with Signal ;)
Give me bots on Signal/WhatsApp and I'll begin paying attention. Before that, no thanks.
Compare this to anybody else and it is head and shoulders better. WhatsApp is launching bots, but they will be paid, they can reach out to you without you interacting with them and they will be heavily policed. (IE, you will need to get approval from WhatsApp to launch your bot)
They have also made hosting be a problem of aggregators like Nexmo, Twilio and Clicaktell. So you need to pay them as well. Clickatell is advertising over $1,000 a month to host a WhatsApp number.
Bananas and a total shame. This is the kind of walled garden bullshit that makes me sad for the internet.
It's a perfect vehicle for political stupidity too.
Here in Germany Telegram has a history of being the preferred nest for all kinds of fascist hate groups that have been banned on Facebook. Actually this is the only times I've heard/read about Telegram in the media here.
I admire the PR stunt.
3M in 24h is a lot of sign ups regardless (if they had 200M users a year ago, that's over a 1% jump in total number of users), but it would be interesting to know how many more than usual that is.
I believe that is precisely Signal's philosophy. Which is why for example it uses/requires a phone number instead of a username - which then people also complain about on HN and elsewhere. That it's less convenient than other messengers (which I don't dispute) is not for the lack of trying.
So I suspect the answer is the loudest users/commenters will "never" learn this.
This goes the other way around just as well.
No one will use them except you and some of your edgy young friends.
I mean...seriously...I don't see my mother using "custom made stickers" nor my wife or my co-workers who are not "tech". They are just older and need to send text and a picture from time to time.
Why isn't that used more?
I don't use it for privacy, as much as I would like that to be a more prominent feature.
It is my Facebook, and I hope to move to a more private platform eventually, but until then the features, usability, unobtrusiveness and solid clients on all my devices are the reason I'm staying.
I used Telegram too and I think its a good alternate to FB. Always stable and Has some great public and private channels. And doesn't drain battery like FB messenger does.
Isn't Telegram inherently unsafe/unsecure because all of its operations are in Russia?
When a Russian authority knocks on their doors, they would be forced to answer.
It's true that US would do the same thing. But I'd prefer US doing it over Russia or China doing it. Because, at least, transparency and justice system in US is a lot better than ones in Russia and China.
That aside, as an American, I feel like maybe there's some advantage to it being Russia rather than the US, as it's not your own country or an ally. Probably not enough of a reason to prefer Russia, but there is something to think about there. :)
Signal app itself is ok, it's a little....annoying as it requires a phone number and the UX needs some love.
Keybase is great, It has ways of verifying you across multiple services and has end-to-end encryption using PGP.
Also offers file storage.
IIRC, they didn't invent any crypto primitives (e.g. cyphers).
Many more try to invent new constructions on top of the primitives. That's where things go wrong, in practice.
(I fully trust in OWS here, but "don't invent crypto" is an unsuitable argument in a Signal-vs-Telegram discussion)
Things go wronger when non-cryptographers try to invent their own primitives, and that's what the saying "don't invent your own crypto" was invented to warn against.
Closed source (both in code and implementation) has no place in the security world and anything security related should always be open for anyone to scrutinize.
Love the unsecure TLRPC objects deserialization that actually makes the native client crash and to not verify what other clients have sent:
and the tons of magic and undocumented numbers in the code: