Hacker News new | past | comments | ask | show | jobs | submit login
Telegram gets 3M new signups during Facebook apps’ outage (techcrunch.com)
370 points by Ours90 42 days ago | hide | past | web | favorite | 321 comments

I understand Telegram's appeal because of its high quality apps and big feature list, but articles such as this one really should be more nuanced when pushing Telegram's marketing message of "We have true privacy and unlimited space for everyone.".

Their default mode is not end-to-end encrypted [1] and as such the product is less private than WhatsApp. Even tech-savvy users in my social circles are not aware of this and blindly recommend Telegram as the more private option.

When talking about privacy these articles should at least mention Signal. I hope they will use their recent funding [2] to polish their apps and increase the speed of innovation.

[1] https://telegram.org/faq#q-so-how-do-you-encrypt-data [2] https://signal.org/blog/signal-foundation/

> When talking about privacy these articles should at least mention Signal. I hope they will use their recent funding [2] to polish their apps and increase the speed of innovation.

I keep repeating this often, but Signal is not a user friendly platform for average users. It is good for ephemeral chats and conversations that one wouldn't care about later. Signal actively blocks chats from being backed up (and restored) on iOS. So if you switch to a new device, you'd have to start afresh without any chat histories and also join all the groups once again. The fact that this issue was opened a long time ago on GitHub and responded to by saying it's a security issue to allow backups shows what audience Signal is focusing on (investigative journalists, dissidents and activists who use burner devices and don't need any traces of chats to linger around).

Telegram, on the other hand (even with the not-end-to-end-encrypted default), makes for easy moves between devices (supporting chat syncing across OSes and devices) and to newer devices, with every chat showing information shared as links, photos, etc., and very easy to get back to. Of course, since the chats are not stored encrypted on its servers, search is also blazingly fast.

One deficiency with Telegram is that the end-to-end encrypted chats ("secret chats") are tied to phones and can't be initiated from other devices or seen from other devices. Those also don't carry over to a new device. There is no technical reason for this, because Wire (which in my opinion is a better alternative to Signal and easier to sell others on) handles end-to-end encryption with syncing across devices.

> Signal actively blocks chats from being backed up (and restored) on iOS.

I don't think that's true. Signal's backups require you to copy a file from your old phone to your new phone's storage. It's possible on Android to mount your phone's filesystem on a PC. IIRC, Apple is the one that doesn't make that easy on iOS, not Signal.

Apple has backup and restore of device files and the keychain. You can explicitly mark files as "don't back up" and mark keychain items as "this device only" (those items will get backed up, but need a key from the security enclave of that specific device to restore).

It sounds like Signal is explicitly marking its data in this fashion on iOS. I don't know if Android has any options like this for securing data, I'd expect Signal to utilize those options if they were available.

What I said (specifically about iOS) is true and has been so since 2015 (or earlier).

See [1] and [2] that I linked in another comment here and check on backups explicitly being denied on iOS. This has nothing to do with Apple, and everything to do with the Signal team not willing to make it user friendly (for this case).

[1]: https://github.com/signalapp/Signal-iOS/wiki/FAQ

[2]: https://github.com/signalapp/Signal-iOS/issues/905

> See [1] and [2] that I linked in another comment here and check on backups explicitly being denied on iOS.

They apparently have an open issue for this (though it looks like it's locked to prevent people from endlessly complaining in their bug tracker).


It also sounds like they have a branch where they're working on this feature:


> This has nothing to do with Apple, and everything to do with the Signal team not willing to make it user friendly (for this case).

I'd be interested to know the precise reason they have for not implementing this. You seem to have a pretty negative opinion of Signal, but I doubt they've avoided implementing backups on iOS just because they're "not willing to make it user friendly" (which is really uncharitable take, btw). Perhaps there's some nuance to iOS that makes backups far more difficult to implement than on Android while providing the same security guarantees.

The reason given is “security”, or to copy paste from the link I have given: “iTunes backups are disabled to prevent plaintext leakage to iCloud or insecure systems.”

I have a negative opinion of Signal because they have not dealt with this for years and have been stubborn on that point. Please read the comments on the link I have given and also look at issues they have closed on the same topic. Their responses on the issue tracker don’t look user friendly. So I go with what I’ve seen (which is available for you to examine and make your own inferences too).

For a very long time, I’ve wanted to recommend Signal to others (I still use it, but not for anything that I’d want to save for longer). But this particular issue, introduced and imposed by the Signal team, is a deal breaker. Which average user would want to rejoin all groups or lose all chat history because they bought a new iPhone? If this self-imposed issue is not an example of being user unfriendly, then what is?

> I have a negative opinion of Signal because they have not dealt with this for years and have been stubborn on that point.

Why? It's their time and I doubt you're their boss.

> But this particular issue, introduced and imposed by the Signal team, is a deal breaker.

It seems like you just fundamentally disagree with their priorities, which is kind of a poor reason for having a negative opinion of them. It seems like they want to create the maximally secure yet reasonably usable chat app, and you want a maximally convenient yet reasonably secure chat app.

IMHO, Signal's priorities are far more unique and innovative, and that's why they have my support. Literally every other app out there decides to make the opposite trade offs.

I’m not their boss, but who says I can’t criticize it if it doesn’t meet my and others’ needs? If you observe all the discussions here on HN, you’d see that most of the criticisms and disagreements that people have with someone or some company relates to priorities not matching. Signal is not getting some special mistreatment here. In my other comments I have mentioned (that I have been) focusing on selling Signal to the average user. That doesn’t work well because of such issues (I have also listed other issues with Signal in some other comments here).

If Signal wants to become more popular, then it should also look at what average users need right now (the deal breakers) when prioritizing requirements and features. As I said in another comment, Signal seems focused on investigative journalists, dissidents and activists. Nothing wrong with that at all, but it reflects poorly on people who comment on HN recommending that everybody should use Signal.

> I’m not their boss, but who says I can’t criticize it if it doesn’t meet my and others’ needs?

Yeah, because doing that is kinda toxic. It's the kind of behavior that makes open-source project maintainers burn out and quit their former labor-of-love, because they're sick being dragged down by all of the negativity from the internet peanut gallery.

This is especially true since it appears they may actually be addressing your iOS backup concerns, just not with the urgency you demand.

> As I said in another comment, Signal seems focused on investigative journalists, dissidents and activists. Nothing wrong with that at all, but it reflects poorly on people who comment on HN recommending that everybody should use Signal.

No, it doesn't reflect poorly on them at all.

Signal requires a phone number that discloses your identity and location, they could have more privacy if they didn't require it.

I’ll have to check, but I’m pretty sure the Mac Cocoa version of Telegram (not the Mac Qt version) supports secret chat initiation.

Yes, it does.

> I keep repeating this often, but Signal is not a user friendly platform for average users.

That's not really true. Signal and WhatsApp are basically the same, and WhatsApp's massive popularity gives strong evidence for their user friendliness.

Whatsapps keys are stored on their servers, which Facebook owns. I don't consider WhatsApp anymore secure than Twitter DMs.

Are they? That seems like an extraordinary claim. Do you have a source?

it’s not quite that brazen, but from what i remember the whatsapp server can push a new public key for your contact/chat to the device, which means that they can MITM you. the chat shows that the key changed, but most users wouldn’t know what that means and ignore it

Isn't that how Signal works too? What else would it do, disallow you from continuing the chat if the key changes?

Until reverification? Sure.

In that case most users similarly won't know what reverification means and will just click through without verifying anything. It's not reasonable to say that that makes Whatsapp only as secure as Twitter DMs.

Just to throw in another alternative: Some might know XMPP [1] for being the IETF standardized instant messaging protocol and Conversations [2] as one of the modern XMPP clients.

Recently, the main author of Conversations created a new version of his app called 'Quicksy'. Quicksy is still an XMPP client but with the ease of use other messangers deliver. For example, you don't have to choose a provider. Yet you still have features like federation available. So a perfect solution to invite others to join the XMPP world.

- https://play.google.com/store/apps/details?id=im.quicksy.cli...

- https://quicksy.im

[1] https://en.wikipedia.org/wiki/XMPP

[2] https://conversations.im

I just bought the Conversations app a couple days ago. It looks like, from the Quicksy.im site, that Quicksy is meant to eventually funnel users into Conversations.

I'm a little confused by this path. What would make Quicksy users go to Conversations?

Well, I think this is more like a newcomer vs. power user scenario. If you are new to XMPP, Quicksy gives you a decent messenger without requiring you to know how everything works. After a while though, you might learn that you can host your own server or use your own domain and want to do that. At that point, however, you would have to switch to Conversations as Quicksy allows only Accounts on Quicksy servers (AFAIK).

Actually, I don't think the primary reason for Quicksy is to increase the sales of the Conversations app. I think it is more about to get more people in contact with the XMPP ecosystem, without asking them to pay for an app like Conversations up front. After all, the ones who are doing XMPP nowadays are fighting for the cause and not for the cash.

Gotcha. Thanks for the clarification.

The only problem with XMPP is that there is no iOS app that's as good as Conversations.

It is kinda hard to be as good as Conversations ;-) But you have a point. ChatSecure [1] became usable in the last two years and Monal [2] is another young project aiming to close the iOS client gap. Nevertheless, while there are still some bugs in both clients, I am expecting that those bugs will get fixed in the next months.

[1] https://chatsecure.org

[2] https://monal.im

Yep. It's interesting that a paid open source app such as Conversations is available on Android and not on iOS. I thought iOS users are more likely to pay for software.

I love Signal, but it has issues. It _feels_ slow. I've had messages appear out of order, I've had the desktop app suddenly stop sending messages while simultaneously spamming my contacts (https://i.imgur.com/QDR22xl.png). I don't love that they refuse any discussion about federation. They don't implement fun features that my friends or family want to use.

It's secure, but it seems like a niche product targeting those who really care about security and aren't able to use iMessage.

Signal all the way down. It's the only viable solution we have now on a compromise level between security, usability and user base.

or Wire if you don't want to use your phone number

but also you can remove your phone number after you sign up. unsure how that’s handled though, so could provide nothing extra if they still allow searching of it, or continue to store it?

Wire is the way to go.


>Secret chats are meant for people who want more secrecy than the average fella. All messages in secret chats use end-to-end encryption.

Seems fair to me -- some people do want some archive of their conversations but the option to limit the storage duration of those conversations. Secret chat is a heavily promoted feature -- it's not some hidden mode just because it's not the deafult.

There is literally no downside to end-to-end encrypting text messages. So it should be default. It is just harder to implement technically.

That's not a very good use of "literally", because searching through encrypted messages will certainly be slower, and on mobile devices, this will have a bigger impact on responsiveness and battery life. That is a big downside on mobile (not desktop). Create similar chats that are long (like tens of thousands of messages) on different apps and compare Telegram's search speed with others'.

Keeping a long history is almost always a bad idea because something you have written a year ago and have forgotten can be used against you. Keeping messages for just about a week is much better idea.

For you. Some people like having records.

Which is why we have other communication channels for that type of thing. Instant messaging should be ephemeral.

Why should it matter which medium is used? I have some conversations I want to keep forever. Some I treat as ephemeral. This should be a per-conversation setting.

Not always, I have my emails on Gmail since 2010 & WhatsApp chats since beginning and through multiple device changes.

I partially agree with you on the point that we should be cautious with not storing any and all communications "forever", but messages among friends, relatives, etc., and on groups focused on specific topics can be very nice to look back on (or even get inspired by). The same goes for photos shared in the past too.

Reading old IRC or ICQ logs from 2001 can be quite fun though, brings back some memories.

my group of friends have a 4 year old telegram group chat.

i downloaded all the history, put it into a markov chain library and now we have a bot that can generate random phrases (some, absurdly hilarious) based on our own conversations.

Sounds interesting. Is your bot available for others to use (source or orherwise)?

Mine got me interviewed by the FBI. So there are some downsides :p

I'd love to know more about this story! Care to elaborate?

Fortunately my name isn't associated with this HN account. So I suppose I can comment about the situation.

Me and a bunch of other people met online and talked about programming, hacking, etc. All of us were teenagers at the time. One of the people, who I considered a good friend, turned out to be this guy:


They found the logs of our IRC conversations over a period of 5 years and found a bunch of incriminating stuff (just teenagers shooting the shit, trashing people, and talking about hacking and stuff)

EDIT: domain removed

It's unpleasant to know a bunch of people read your private stuff. TBH, the username is pretty similar

I have several 10,000+ message chat logs in signal. Searching is pretty much instantaneous even on a 3 year old device.

You can search on your device. One could implement filters like "last week, last month ..." to make searching faster. If that is even relevant.

Oh, it's okay, you can use it as a generic intensifier now, even though it's confusing and there are much better ones.

So, you can use it, but you shouldn't.

I should have added a /seething tag.

There is, you can only access them on the devices you sent them from or receive them from. If you add another client weeks down the line, you cannot access these messages anymore

not entirely true... you can pair a new device which shares the decryption key. hell, you could even do a p2p sync so the server stores nothing... there are plenty of options that get technically harder with each increment (perfect forward secrecy gives you some limitations), but you can absolutely backup and restore, or even live sync conversations between multiple devices even if it’s e2e

> It is just harder to implement technically.

To the point that the major players mostly fail at doing it well enough to achieve a good UX.

WhatsApp doesn’t allow you to sync conversation history between devices, even though this is technically possible. It’s just hard, so they don’t do it. Instead, they require you to have a single device (e.g. your phone) acting as a secure conversation-history database, which other devices (e.g. your laptop) can then interact through WhatsApp “thin clients.”

iMessage manages to sync conversation history between devices while also being E2E-encrypted, but it’s the exception (and also unavailable to non-Apple users.)

1) yes, harder/costlier to implement 2) maintaining security is an issue - losing security can cause outage or trust 3) patents are a thing.

> and as such the product is less private than WhatsApp

Given that 1. it's owned by FB and 2. FB's plan is to move towards FB/Messenger/WhatsApp/Instagram grand messaging unification (in spite of them promising they would not) we can reasonably assume they won't keep E2E for long (because chat in the browser). Also, it's FB. Even if it's E2E, FB control the apps at both 'E's and I would not trust them with anything privacy related.

And they rolled their own encryption. It's a false sense of security.

Agree, that the arguable best option Signal should be at least be mentioned. Also, unlikely at that if Telegram had an drastic increase in users that it would be similar for Signal.

They also aggressively reject certain phone numbers.

I cannot understand why people insist on hating Telegram for their choice of tradeoff between convenience and privacy. People who care enough about the subject should know when and whether to use it for their communications. For everyone else, it's an outstanding alternative to Messenger/WhatsApp and Viber.

Edit: I'd also like to add that maybe we need to make a distinction between the notions of privacy and secrecy. Privacy as understood by the majority of people is a broader concept than what more technically inclined people associate with the matter. I believe that then Telegram's decisions and use case can become clearer.

> I cannot understand why people insist on hating Telegram for their choice of tradeoff between convenience and privacy.

I recall the anger is not about any trade off. It is that they rolled their own poor crypto instead of using battle-tested crypto. There’s no convenience factor or trade off here, they just literally did the thing the textbooks tell you not to do, and have ignored the industry’s calls to use strong crypto.

> It is that they rolled their own poor crypto instead of using battle-tested crypto.

I come across this a lot about Telegram and while I do agree, I think there have been no reports so far about hacks in Telegram's service, and it's online since 2013 or so.

6 years is a short time in cryptography. That isn't battle-tested.

"Even worse, security doesn't provide immediate feedback. A dead patient on the operating table tells the doctor that maybe he doesn't understand brain surgery just because he read a book, but an insecure cryptosystem works just fine. It's not until someone takes the time to break it that the engineer might realize that he didn't do as good a job as he thought. Remember: Anyone can design a security system that he himself cannot break. Even the experts regularly get it wrong." -- Bruce Schneier

Source: https://www.schneier.com/crypto-gram/archives/2009/0915.html

Yep, I'm familiar with Schneier's comments. I still find the whole thing funny though. For example, services like Viber seem to have 260 mil. active monthly users [1] which is a tad more than Telegram's 200 mil. on monthly basis, however, I don't hear people bashing Viber that much even though it practices security through obscurity [2]. Hats off to Telegram for at least publishing their stuff and I remain curious as to how it will all unfold in the future.

[1] - https://en.wikipedia.org/wiki/Viber#Market_share [2] - https://techcrunch.com/2016/04/20/viber-defends-new-end-to-e...

It's a simple problem of where the market is.

India, Russia, and Brazil isn't the target market for people like Schneier. If you narrow the market to the US, Statista reports that Telegram has twice as many users in the US as Viber.

I'm from one of those countries where Viber is hugely popular (by far more popular than WhatsApp and Telegram), and I hate it with passion. Kind of like Telegram, its end-to-end encryption was also home-made last time I've checked, but at least it's turned on by default.

I recalled leaking phone number for user's handle or vice versa, and while searching for the source found few more security issues.

It's not the tradeoff that makes people hate it. It's the fact that it is regularly marketed/presented as the "most private/secure" option, which leads to many people having no idea they're even making that tradeoff.

Telegram is a fantastic app and platform in the IM/chat space. The feature set, speed and pace of development are far ahead of any others I've seen.

The fact that its default chats are not end-to-end encrypted and are stored in plaintext on its servers is a concern. Everyone who talks about this as a huge deficiency should also consider that this applies to email too, unless one always uses encryption (like GPG/PGP or S/MIME). Sharing personal photos and such may have shifted from emails and websites to chat platforms, but email is still a place where the most sensitive of information tends to be exchanged. That said, the UX of end-to-end email encryption in a federated and widespread way is not yet a solved problem (without kludges, like for example, hosting the encrypted email on a site and sending the link across if the email is sent to a user on another provider), whereas key end-to-end encryption on chat apps is a (mostly/completely?) solved problem.

> The fact that its default chats are not end-to-end encrypted and are stored in plaintext on its servers is a concern.

"Concern"? This is a deal-breaker.

> Everyone who talks about this as a huge deficiency should also consider that this applies to email too, unless one always uses encryption (like GPG/PGP or S/MIME).

The contenders here are Signal and WhatsApp, not email.

Having better UX and safer defaults than email is nothing to be proud of - it is the bare minimum.

> "Concern"? This is a deal-breaker.

Anyone who finds themselves using email disagrees in practice. Plain text on the servers are no practical deal breaker to the vast majority of people, not even the majority of HNers.

> The contenders here are Signal and WhatsApp, not email.

This is the problem:

Stop recommending WhatsApp and we are a little closer.

Many of us can agree that Signal is probably more secure, even after the horrible bug they had in their desktop client not that long ago.

But WhatsApp is nothing but a metadata collection engine for Facebook.

I'm not too happy with the saying about not paying meaning you are the product, but in this case it fits perfectly:

1. Facebook buys WhatsApp, makes it free, promisese they can't combine it.

2. Turns out Facebook is too greedy to even pretend it wants to keep its promises, and goes on to update Terms Of Service, adding a default opt-in.

Can we stop recommending WhatsApp now?

Signal exists critical stuff.

For everything else, use something that works: Telegram, email, whatever, -even WhatsApp.

> "Concern"? This is a deal-breaker.

For me it's a concern, not a deal breaker. Whenever another app with end-to-end encryption comes close to Telegram on features, speed and UX, I'll switch to it completely. Currently Wire seems closest, but it still has quite a bit of catching up to do.

It's a fantastic service from an engineering perspective. Fast, lightweight, reliable, simple, with low battery drain and data usage, and open source clients. A real joy to use.

Also it works under Windows XP unlike most of the competitors with poor quality Electron apps.

and the clients are not electron (QT on linux and works super well!).

is it as safe as end-to-end? no. but the convenience is just too great.

Telegram's clients are nominally open source.

What more could you want?

Clients that are actually open source, updated on time, and have source code that actually builds?

I guess nobody knows Threema (threema.ch) outside of Central Europe. The UI isn't as perfect as Whatsapp's, but close enough.

I tried to use iMessage the other day and I'm extremely surprised that a product that is used that broadly in the US is that shitty. Downsides around sending voice messages (which I do frequently):

- You must hold the stupid button to record

- If you record and turn your phone, the recording button gets obviously relocated away from your thumb and the entire message is just discarded. Gone. How such a bug could escape Apple is beyond me.

- There is no way to scroll through a voice message. I send and receive 10 minute messages occasionally and if you interrupt the listening, you have to start all over again.

> The UI isn't as perfect as Whatsapp's, but close enough.

WhatsApp's UI is aweful compared to telegram. So if threema "isn't as perfect as WhatsApp", I'm a bit scared.

Anecdotally, iMessage’s voice feature doesn’t get much use. Everybody I know uses it text only and opts for dictation over voice messages.

Personally I prefer text. Telegram’s voice message support is much better, but without fail when someone sends me one I end up listening to it 2-3+ times to make sure I heard/understood it correctly. Never have that problem with text.

I think Chinese people do, at least that was my experience of peers at university (in the UK) - many would wonder around either holding phone perpendicular to face, or with an earphone wire microphone strapped around their mouth having essentially asynchronous telephone conversations. Best of both, in a way?

Maybe it's also about language - easier to speak Mandarin than type or draw it on a touchscreen? I don't know.

they are just lazy or too old, actually typing simplified Chinese it's faster than English, amount of characters you have to type/swipe to deliver same content it's much lower than with latin languages due to length of words and primitive grammar (even more primitive than English and that's already something compared to European languages with tons of grammatical cases and forms for each word and multiple plurals and genders, heck Chinese doesn't even have singular, if they would switch to pinyin they could conquer the world)

Maybe the feature doesn’t get much use because it’s shit in iMessage? Also sound quality is horrible compared to WhatsApp. In my case: I dictate up to 10 seconds. I use voice messages for everything longer.

Closed-source client apps? Bye, have a great time!

Hard to get people to switch if it's £3 though :(

Love threema.

3.50€ for an IM app when there are dozens that are free? Yeah, no.

I loved WhatsApp when I had to pay for it.

I'd respect Telegram more if I had to pay for it from the start.

3.50€? Seriously, people use more on coffee.

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." - Benjamin Franklin

Seriously, at least for westerners, if we cannot pay the same for a secure messaging app as for a coffee then we don't deserve secure messaging.

(That said, I'm in no position to say if this IM app is good or bad, just reflecting on the general idea.)

I never get coffee argument, if I can choose between coffee for 3.5€ or coffee for free in cup plastered with ads I ain't spending the money

plus I don't really spend money on unnecessary things or pleasures, at least not regularly as your typical daily coffee drinker

The argument is that it's an amount many people can and do trivially spend on a whim.

Please, please, please use Signal instead. And tell your friends!

Telegram has made very dubious privacy claims, but even if you trust the company, Signal has a far superior user experience. Telegram’s private messages are not enabled by default, and when you are using private messaging, numerous other features are disabled defeating the point.

> Signal has a far superior user experience

No. It doesn't.

If you're going to advocate for an open alternative, at least be intellectually honest about it's pros/cons. You might have gotten used to Signal, and be unfamiliar with Telegram (and sure, much of usability has an element of subjectivity to it), but... the above statement simply isn't true in the general sense.

Personally, I tend to try and advocate for Riot.im over Signal when trying to push friends to an alternative platform—it's preferable from an openness perspective for a lot of reasons. I am however well aware that Signal (along with most things) has a better user experience than Riot.im does currently.

Telegram and WhatsApp are quite close in usability (they've each copied quite a few UI features back and forth, so there's a lot of familiarity in switching). And unfortunately not many alternatives really come close to either of them.

Having just installed Signal yesterday, in what respect is it worse than Whatsapp (from a UI pov)? The only thing I found so far is the bad integration with contacts.

I mostly use it on desktop and the clients feels like 10 years ago.

- Doesn't go in to system tray (unless you fiddle with command line arguments).

- can't search messages

- overall unpolished (e.g. saving a file has no "show in folder" option afterwards)

I'd also like to mention that you can't use the desktop client standalone and Signal requires a phone number to sign up. It would be nice if they got rid of these requirements.

I use Signal and Telegram both - it's clear to me that Telegram provides the better user experience. I like Signal from the privacy standpoint though.

If you're using Android then I think that Signal is kind of a no-brainer to use because it doubles as your SMS client, so if a contact is a Signal user you get the privacy you want, but if they aren't at least you can still text them.

Only problem: if a user (A) signs up for signal and then uninstalls, the phone number is still tied to the signal app. This means that a signal user (B) now can't get messages to user A. The messages gets delivered to a dead signal account. User A must manually deactivate her account, which she is not even informed about when deleting. Also: if user A has her number trabsferred too somebody else (which is often the case with e g work phones) her account is now owned by a random person.

Whatsapp doesn't operate as a standalone client either.

The parent talked about signing up for Signal requiring a phone number. The following point is tangential from that after the signup is completed using a phone number. Signal Desktop is a standalone client that can be launched and used without having one's phone nearby or available or connected to the net. WhatsApp, however, requires the phone to be around and connected for the desktop app to send the chats through. From that perspective, WhatsApp actually offers a worse user experience than Signal.

I never said it did, but I don't use Facebook properties to begin with.

> - Doesn't go in to system tray (unless you fiddle with command line arguments).

This was really jarring for me the first time I used Signal Desktop on Windows. I clicked on the close button and then realized that the app had terminated instead of minimizing to the tray (as such apps would be expected by many users to behave).

Thanks, I didn't know about command line arguments for that. I'll check it out.

Put a link to the exe somewhere (e.g. the start-up folder in the start menu).

Than edit the target to add the argument:

C:\Users\[your_username]\AppData\Local\Programs\signal-desktop\Signal.exe --start-in-tray

Signal’s desktop client is barely good enough to check a box while Telegram’s desktop clients are as good or better than its mobile clients. Furthermore, its desktop clients are native and reasonably efficient.

This is huge to me. I spend a large portion of my day in front of computers, so messaging services that take the desktop seriously are much more likely to catch my attention.

For me synchronization between desktop and mobile client is a big issue. Some messages simply don't appear on one device and vice versa. Don't know why, though.

No live location sharing as one. This is a killer feature for my friends and I.

Having used Signal, Telegram, and Whatsapp heavily (friends on all three, natch), here's my one absolutely critical beef with Signal:

It doesn't always deliver messages, and it more frequently doesn't deliver them in a timely fashion.

In my experience, Signal delays delivery of messages about 5% of the time -- which is actually huge and makes it unusable for reliable chats.

The story which made me never trust Signal again: I was out of town and trying to coordinate with a backup pet sitter, because my original pet sitter became unavailable. I sent them a message via Signal (their preferred chat), heard nothing for a day, and started frantically calling around to everyone I knew who had a key to my place to please take care of a pet.

Several days later, I got a reply from them..."Hey, I just got this. Did you need me to take care of your pet?"

Over the course of several months of regular chatting with my then-significant otter, I also noticed once or twice in every two week period we'd have a half-day delay on messages...just...silence from one of us or the other, followed by, "Where were you? I texted you hours ago." from one or the other of us.

I know not everyone has these problems with Signal, but I've also seen enough other people on here alone complain about this that I know it's not just my hardware or network setup (this was across both Android and IOS devices).

For that alone, I will try to deflect away from Signal for anyone who's got any other chat methods set up.

Telegram, on the other hand, has been absolutely reliable, both in regular and secure chats. Never a lost message, never a delayed message.

Same for Whatsapp.

Signal also has the worst UI of all of them, and it comes down to all the polish that free software almost always lacks. On Signal on Android, you can select different colored themes (I like night mode for everything); on IOS, you're stuck with white. The chat bubbles are very plain on Signal, on Telegram they're a little fancier. You can set a chat background on Telegram; Signal, it's a plain white chat. Telegram? You can add sticker packs and use stickers in chats. No stickers in Signal. Attaching photos is cruder in Signal. Group chats are weirder in Signal.

If the visual flair doesn't matter to you, then fine, I get it, you don't need to tell me it's not important -- it's important to me.

And one more thing that isn't really 100% Signal's fault but absolutely drove me mad when I used it on Android as a replacement to the default SMS app: there's no real way to know when someone sets up Signal and then uninstalls it, and Signal defaults to sending secure messages every time. So, there were a few people I'd text who, I'd send them a text (which Signal sent over its own network), hear nothing for a few hours, then remember that they were one of the people who had uninstalled Signal, and I'd resend the message via non-encrypted SMS and receive an instant reply.

No way to tell Signal, "never send to these people via Signal, only use SMS with these people," which adds a tremendous friction to a chat app that really shouldn't be there. Not 100% Signal's fault (those people arguably should be "deregistering" from Signal) but absolutely within their ability to build a fix for it.

> Telegram, on the other hand, has been absolutely reliable, both in regular and secure chats. Never a lost message, never a delayed message.

> Same for Whatsapp.

what's disturbing to me (from a relatively naive perspective -- I'm familiar with terms like PSTN and MVNO and the general system, but I havn't worked in telecom): you've described what would be exactly how a nation state would kill a superior and more secure messaging app. Compel telcos to drop/delay GCM of websocket/GCM push notifications for a small minority of device IDs, so that the userbase rotted away...

State actors have a much more direct route to killing secure chats like Telegram and Signal: they firewall the servers at the national level.

There've been several state actors that have done this to both Telegram and Signal already -- both of these apps employ different ways of avoiding it but this is already one of the arms races in the world of secure chats.

FWIW, my problems with Signal losing/delaying messages are all US-based, which AFAIK has never been accused of doing any sort of state-level firewalling of secure chat apps.

Yes but that's very obvious, the route just discussed is subtle and difficult to detect.

I just don't think state actors need to go that far. They can shut it down more easily than slowly trying to sink it through attrition.

And besides, if I were a state actor and I wanted to sink a program like Signal through such subversive means, I'd probably have someone start contributing to the project, and then start arguing in favor of bad UX choices; make it harder to use, not just unreliable, in favor of "security". Push it out of the realm of what a normal user could conceivably make use of.

That's the kind of long con I'd play -- play on techies' love of doing things on principle and for theoretical purposes, and general disinterest in UX.

I really wish I could see this visual flare you are talking about as in if you could post some images I would buy it. I am honestly sitting here and thinking about what exactly flare might look like in a messaging app and I can’t really come up with an answer. Is it a color scheme? The layout of the buttons? Signal to me seems like many of the other messaging apps all much the same maybe slightly different in layout. I go to my messaging app to send a message. What is this flare you say is important to you? Genuine question here. Thanks

Again, if visual flair isn't important to you, then fine, it isn't important to you. It's important to me -- I like my stuff to look subjectively "nice" and

Here's Signal:


And Telegram:


Signal is white (and no night mode on IOS), the bubbles are undecorated rounded rectangles, there's no background and no option to set one, no stickers, no option to set disappearing messages on the fly, no indicator of when the person was last online. It looks plain.

Telegram has a night mode, options to set background colors, chat messages. It doesn't look plain.

As I've said, if you don't care whether something looks plain, then that is absolutely great and entirely up to you. Lots of people don't care about lots of things and there's really nothing wrong with that.

I like my apps to look nice (and I can, within broad strokes, define what "looks nice" is) and I know this isn't a unique position I occupy.

> Signal is white (and no night mode on IOS)

In Settings, there's a moon in the top right which toggles light/dark modes. This is v2.37.1.0 but the release notes list dark mode as appearing in v2.30.2 which is about 4 months ago.

Thank you for taking the time to reply. That definitely helps show what you mean. I think for me the biggest issue lately has been I use a night mode and never really noticed signal is missing it though I only use signal with one contact but if I did use it more I think it would have come to my attention. I have always been a kind of minimalist with themes but in the examples you provided I definitely feel the one with trees is easier on my eyes. Thanks again.

You're welcome, and I apologize for being a bit tetchy.

And you said it perfectly -- it's easier on the eyes, and I don't think it's one single thing, but several little touches.

I personally put most trust in signal. But i have had reliability issues with all of my (few) signal contacts.

Reliability trumps security for near 100% of usecases.

As a side note: We switched form slack to teams which has features no end but chat is't reliable as well.

> And one more thing that isn't really 100% Signal's fault but absolutely drove me mad when I used it on Android as a replacement to the default SMS app: there's no real way to know when someone sets up Signal and then uninstalls it, and Signal defaults to sending secure messages every time.

I'm using https://silence.im/ - A Signal fork - instead of Signal for this exact reason.

Weird, several friends and I have more or less this exact same issue with messages not being delivered for hours with WhatsApp, but never with Signal.

I agree with the SMS replacement for Android and uninstalling causing woes trying to send secure messages, have been bitten by that one on several occasions. Thankfully most people I talk to have multiple apps installed.

I've had the same delayed send issue recently with signal. Its not a deal breaker for me, but I am open to other apps if they were comparably secure..

Bad integration with contacts sounds pretty serious.

Well yeah but it's not the mess the gp alludes to.

plus Signal doesn't store all your contacts on their server as Telegram and WhatsApp do

Do you mean that as a positive or a negative thing?

Also, apart from what I mentioned above, I've also found out that with Signal it's very hard to transfer your chat history to another phone. (involves manually copying over a backup, entering 30 char key). I can't in good conscience recommend an app like that as a replacement to anyone, so I guess my Signal experiment will be short-lived.

Seconding the Riot.im/Matrix recommendation. It checks all the right boxes: federated, multiple FOSS clients, multiple FOSS servers, no phone/email requirement, etc.

I'm just waiting for end-to-end encryption to be available, stable and be the default on Matrix.

FWIW, I've been using it and had zero issues.

Obviously my experience probably doesn't reflect everyone's, so hopefully whatever stability issues others are experiencing can be resolved soon, but from my own perspective having it on-by-default would be pretty seamless at the moment.

The only things blocking it on by default now are: * Implementing interactive key verification on mobile (happening right now) * Cross-signing, so you don't have to keep verifying devices but can transitively trust them. This is designed and we demoed an initial implementation at FOSDEM in Feb; we're doing the final implementation now. * E2E capable search. We have a PoC solution for this already, but want to rework it - work should start on this next week. * Providing an E2E daemon so that non-E2E-capable clients aren't locked out when we turn it on by default. This is being done in combination with the search work and should start next week.

So, it's getting close...

Please, please don't.

Open Whisper Systems is a company that uses "open-source" as a marketing term while bullying the people who choose to take advantage of it.

You can build your own client, but if you start to distribute it, they'll ban you from using their servers[1], with an explanation plain ridiculous for a company that took thousands of dollars from various open source foundations. The server is open source, but again, you have no guarantee that the official (and only) signal server is anything close to the software they published as open source.

Telegram at least publishes libraries that you can actually use with their official service [2]. You still have to „trust the company” to a certain degree: you'll never get proper security without something like Matrix or XMPP where you can be in control over both ends of the communication. Still, a company like OWS or Telegram can do more or less to put users more in control over their end: and I'd argue that OWS is doing way less for that than Telegram does.

[1] https://github.com/LibreSignal/LibreSignal/issues/37#issueco... [2] https://github.com/tdlib/td

EDIT: removed "dishonest" – I wish I had strikethrough to use :)

"Open source" means the SOURCE CODE is OPEN. Which it is.

The internet is full of half-baked "secure" and "private" chat clients and servers. Security is hard to get right. I'm guessing they don't want the reputation of Signal muddled up with some other random client. IIUC anyone can run their own network, and make it as open as they like, using their code, they just can't call it Signal. Much like how Firefox and RedHat use their trademarks.

Sure it is: but how do you know if it really is the source code of Signal?

For all we know, both the Signal network and its client are a half-baked "secure" and "private" chat, and the source code they publish is an elaborate decoy (though probably a subset of the real underlying code, for obvious reasons).

but how do you know if it really is the source code of Signal?

That's a valid question which used to bug me about open source projects. But apparently they finally figured out that the output of the source needs to be deterministic and match the binaries they ship. This property is called "reproducible builds". Signal claims to have them (modulo some third party libraries), though I haven't personally verified it: https://signal.org/blog/reproducible-android/

Honestly though, trust boils down to trusting people. I trust Signal because I trust Moxie, and I trust Moxie because of his reputation among the prominent security experts publicly active on the internet, at least the ones that I find convincing. As a security layman, that's the best I can do.

Interesting whether apple's bitcode and app thinning breaks "reproducible builds". Also I'm not sure you still can get IPA file (app binary) from appstore/iphone.

That's surely the case with absolutely every (iOS, at least) app? I'm not sure how anyone would ever get around it.

Signal is completely "open-source", but that doesn't mean their chat network is open. How can you even confuse those things?

I don't think I'm confusing them – but I do think that their "open-source"-ness is virtually worthless, as the only thing you're allowed to do is read the source yourself and hope that it's the same thing that you're getting from the official packages and servers.

That's a totally different aspect that reproducible builds are supposed to solve.

Your "problem" wouldn't be solved by allowing third-party clients. You still don't know what the server source is.

That's not dishonest. You might not like their policy (I'm not a fan of it either), but it's clearly stated, based on consistent logic and not at odds with the software being open-source.

Fair point; I guess too often I expect "free software" when I see "open-source".

I don't think I'm the only one though, at least to a degree. When the only thing you allow your users is to read the source code, you are technically open-source, but it's the kind of openness that doesn't guarantee anything. More and more often companies use the term "Open source software" because they know that people will walk around the internet and say "it's safe and secure: after all, it's open source!"

OWS is aware of this, which is especially valuable when you brag about privacy as a communications network, but they deliberately chose to limit what you can do with said "open source" – to a degree that's quite ridiculous for a company that calls themselves "Open (...) Systems" :)

They don't just allow you to read the source. You can start a competitor to them, using their own source code! The software is under (A)GPL, how is it not "Free Software"?

You're mixing up rights to the software with rights to Signal's name and infrastructure.

Telegram is far from being "open-source", either–they reap the benefits of being associated with GPLv2 but fail to publish their code in a timely manner, and appear to be infringing on a number of third-party licenses: https://github.com/overtake/TelegramSwift/issues/163

I've never used Telegram but I do use Signal daily and if it really offers a "far superior experience" then Telegram must be akin to connecting to an IRC server with telnet as a client.

Seriously though, Signal's UI is pretty terrible and they go out of their way to discourage third party clients. It's fine as a replacement for SMS (the way I use it) but if you're used to more fully featured web messengers it's a pretty big leap backwards.

Which features are missing? I text and call through Signal and I've not felt like there is anything missing.

For a while they didn't have support for front-facing cameras, but that was added some time in the last year. Only other problem I've had is that on some Android phones the "voicemail" feature (or w/e it's called) wasn't working well, but not sure if it's still a thing.

The desktop app is electron junk that lacks basic features like changing spellchecking language and there's no pure web client like Whatsapp for instance. I also think it lacks some features of the mobile client like creating new groups and adding new contacts (or at least I haven't figured out how to do it). When I install the client on a new computer I can't access the history of the messages from the phone for a reason that eludes me.

Frankly 90% of my frustrations with Signal come from this client, the experience on mobile is better, although still far from perfect. I'm not a fan of pure web clients but web.whatsapp.com is lightyears ahead of Signal's electron bloated and under-featured mess.

The Android client crops the image when I take a picture through the app. No other application does that so I don't really know why it does it. I suspect it's a bug or maybe a bad setting I flipped by mistake but I can't figure out what's going on.

As far as I can tell when you get a new phone the only way to synchronize message history is to create a local backup on one phone, write down the ~24 digit passphrase, transfer the backup by yourself on the new phone then load it from there. If there's a simpler way I haven't found it.

Also I don't think you can move your "secret key" to the new phone, so you have to re-validate your safety number with them. Maybe there's a way to do all that but if I as a technical user wasn't able to figure it out while actively looking for it I have little hope for the average Facebooker.

There's also no support for WhatsApp-style stickers, URL preview, Youtube embedding and all these bells and whistles that I personally don't care for but I'm sure would be missed by many WhatsApp/messenger users.

> As far as I can tell when you get a new phone the only way to synchronize message history is to create a local backup on one phone, write down the ~24 digit passphrase, transfer the backup by yourself on the new phone then load it from there. If there's a simpler way I haven't found it.

You're lucky in this case to be on Android. On iOS, Signal blocks any kind of data backups (both on iTunes or on iCloud). [1] So a new iPhone means starting with no chat histories at all. This was requested a long, long time ago (late 2015) and denied stating security as the reason. [2]

[1]: https://github.com/signalapp/Signal-iOS/wiki/FAQ

[2]: https://github.com/signalapp/Signal-iOS/issues/905

I agree that the desktop app is much worse than the mobile client.

But they've been steadily adding features to both. URL previews were recently added, for instance.

Also, I never take pictures in-app, but I just tried it and I can't reproduce your problem with the Android client: there is no cropping on my phone. Maybe an issue with your phone?

>Also, I never take pictures in-app, but I just tried it and I can't reproduce your problem with the Android client: there is no cropping on my phone. Maybe an issue with your phone?

It's possible of course but this is a fully updated Nokia 6.1 (running stock Android One) and all other apps work without a hitch. So it's either a setting I flipped somewhere in Signal and I can't find (arguably a symptom of a bad UI), a bug in Signal or a bug in my phone only triggered by Signal.

Feature wise I feel Signal has all the stuff I want in a messenger now. I use it on many different platforms and still experience a few too many bugs. I report them, but it breaks in subtle ways that are hard to reproduce.

I think Telegram still has a better user experience.

Seriously, you have to realise this is about migrating from Messenger. Messenger, from Facebook. Any doubts about the "dubious claims" of Telegram are completely overshadowed by the definitive certainty that Messenger is extremely privacy invasive.

Also, the Telegram experience is simply stellar throughout, performing brilliantly even under harsh network conditions. Signal just offers an insanely bad user experience.

> Signal just offers an insanely bad user experience.

I don't agree with the claim that Signal has superior UX over Telegram, but it's definitely not insanely bad either. It has some rough edges, and it's desktop client is not that fully featured and doesn't look that great, but otherwise it's a perfectly fine app that my mother can use without problems and without specific instructions.

That's leagues above, say, Riot, or IRC, and I feel that "insanely bad UX" really paints the wrong picture.

The user experience of Telegram is by far the best of all apps with the sleekest ui's and the native (electron) apps for all platforms. Moreover because of the lack of e2e encryption (on standard chat) all your messages are just there when you log in and are easily searchable. Telegram also has very nice channels and some excellent bots and a very nice feature to send yourself stuff you want accessible anywhere... But imo Signal is superior and has my preference due to its privacy focus. It also has a desktop app by the way and it works ok.

Of course Signal's server implementation is still closed but something like Matrix/Riot is too much to ask from "normal people" (like my mother and father who I got onto Singal with ease...).

It is Qt-based, not electron

At least on Mac, Telegram has mysteriously two apps in Mac App Store, one is Electron and one is native. I never know which is which

One is named "Telegram" and one is "Telegram for Desktop" and they have exactly the same icon, but different sets of features.

edit: I was wrong, neither of the two is Electron, see below

Telegram for Desktop is https://github.com/telegramdesktop/tdesktop (Qt, open source stuff)

Telegram is https://github.com/overtake/TelegramSwift (Swift, Core* libraries)

Both are native.

Calling either of those "native" is a bit of a conceit, since both reimplement standard system controls and eschew the use of system frameworks such as Cocoa.

The Swift app and the original Objective-C app are native.

Again, they are native only in that they run native code and use the bare minimum Cocoa (Touch) controls that they are required to do by the system. Everything else is reimplemented, rather poorly IMO.

>they are native only in that they run native code

so... native. I'm glad everyone agrees then.

> so... native.

No. You're missing the bit where "native" means different things in different contexts; for code it means that the code ends up being compiled for the architecture it's running on, but for UI it means that you're using the platform APIs and following system conventions, which Telegram does not.

I'm not missing it, I just don't care. The only think of interest to me is whether its a shitty memory hog like Teams or other electron programs or not. I don't think I use a single program that uses Cocoa aside from Activiy Monitor.

Oh. In that case, I was wrong. I still don't understand the need for two official apps though

If I recall correctly one was created by a non-Telegram dev as a bit of a fanproject, and eventually adopted by the company as a pseudo-official app. At some point actual Telegram devs decided to create (I think) Telegram for Desktop based on native stuff like Swift. But both applications get bugfixes and updates because it's easy enough to maintain both.

Telegram at least used to support a second non-official client.

Lately, IIRC, they have made huge chunks of their core app available as a library to simplify the creation of more clients.

My not-so-tech-savvy relatives use matrix. It's as easy as opening a web page.

> something like Matrix/Riot is too much to ask from "normal people"

I disagree. It's no harder to grasp than email:

- You go to a website and create an account

- Your share your address with others and they can send mail to you

- Given someone's address, you can send mail to them

I have my (quite technologically challenged) wife using it on mobile and desktop quite happily.

> Signal has a far superior user experience.

Why? I think Telegram is cool, not because of privacy but because of overall UX (speed, battery usage, reliability, etc.) Is Signal way superior in anything apart from privacy?

Can't agree more. Have been using Telegram since I quit using Facebook, and it proved to be far more reliable then even whatsapp. The only problem is that most of people I know prefer and use whatsapp and it's been challenging fo me to maintain all the contacts in one app.

Telegram wins because it has a usable Desktop Client

So true. People still sit in front of desktop SO much. Why can't whatsapp come out with a client that is not total crap and linked to a phone?

In my experience Telegram has an outage every couple of months, while WhatsApp only drops dead once a year or so.

I wasn't really implying that whatsapp is in any way better. I personally enjoy using Telegram. I just expressed my frustration, because I'd really like to have only one app in my phone with all the contacts in it instead of 3 or 4.

Same for me. I want end-to-end-encryption by default, bot integration and all people in one place. Would even pay monthly for that.

Since we're talking personal experience, Signal has never had an outage (that I was aware of).

In my experience, signal doesn't have reliable push notifications and sometimes takes a while to deliver group messages. Sometimes my friends send me messages on WhatsApp asking me to check Signal and the message hasn't arrived yet. I do prefer signal though because there is less chance that one of my contacts has backed up our conversation to Google Drive.

Group chats have been quite unreliable at times, although probably not due to outages, but bugs.

I mean, say Telegram is bad, but don't hype up Signal as the pariah to this peril.

It is open source in the sense that you can read the source of the project, but can't really build it and use it for yourselves or verify the build you get via the App Store is the same as open source project. Practically open source as a marketing strategy.

Secondly, it needs a phone number all the time to use, which ties in with personal identity. Why? A better alternative would be a project that allows someone to choose a username and be done with it! Like HN!

The true danger of security is the false sense of it. It makes you feel okay to share personal and sensitive information. ️

I'd love for the Mattix project and riot.im to take off. Hopefully the government of France can throw its weight behind it for good causes.

> Secondly, it needs a phone number all the time to use, which ties in with personal identity. Why? A better alternative would be a project that allows someone to choose a username and be done with it! Like HN!

Thousand times this! And it is actually a problem both with Signal and Telegram. In the latter case, I managed to avoid installing Telegram app on the phone, by using Android emulator and registering from that, but why forcing users to use such workarounds, instead of simply allowing to register without any ties to the telephone. I'd be willing to pay for a messenger which provides privacy and is not tied to the phone.

>A better alternative would be a project that allows someone to choose a username and be done with it! Like HN!

Like Riot!

It's on fdroid

> Telegram has made very dubious privacy claims

My love for the word "dubious" cannot be overstated. While there's been a lot of solidly-seeming (I am not a security researcher) criticism of TG security infrastructure, I don't recall a single instance of chats or metadata being actually compromised so far.

> Signal has a far superior user experience.

Not in this Universe, unfortunately. Signal is borderline unusable, and if I have the choice of pushing Signal vs pushing Telegram, I'll choose the latter - simply because it provides a much much better experience and will be able to retain the audience to a better degree, while people who install Signal will probably go back to Whatsapp/Messenger.

> When you are using private messaging, numerous other features are disabled defeating the point

Such as? The only feature that comes to mind is the absence of sync to other devices (which is kinda expected). Basically all one-on-one chat features are retained in Telegram's secret chats, and keep in mind that Signal doesn't offer these features to begin with.

Signal is borderline unusable? I've never used Telegram but if that's your assessment of Signal, Telegram must be great. Can you tell me about it?

My "qualifications": I use Telegram, Wire, Signal and Matrix, in that order of volume and frequency of use.

Telegram delivers messages quickly. Signal...it's anyone's guess whether messages will be delivered or not and how long it may take. Many a times it can be quite slow.

Since Telegram is multi-device (including a web client), activating it on another device is quick. You either get the verification code by a push message on your current client or get an SMS. This happens within a few seconds (for push messages) and within a minute for SMS. Signal is quite flakey, and its verification code SMS may never arrive.

Telegram syncs chats across devices and anytime you switch to a new device and activate it, all your previous chats and groups and channel subscriptions are available on the new device immediately. Signal (this is specific to iOS) prevents backing up chats on iTunes and iCloud. So if you get a new iPhone, then you have to start afresh with no older chat history and have to rejoin groups again.

Telegram has many other features, of which a few are listed below (none of these are on Signal):

* You can set a username and share a https://t.me/<username> link to someone else to get in touch with you, without revealing your phone number to that person. In groups, if there are people who aren't in your contacts list, you would never see their phone number. In Signal, the phone number is shown everywhere, just like on WhatsApp. You cannot hide it from strangers.

* You can @mention people in chats using the username and they get appropriate notifications about the mention, taking them to that message.

* You can edit sent messages for a while (you don't have to send additional messages to correct typos).

* You can start anonymous polls (currently only from phones) in the chats and get responses.

* You can use bots for many different purposes.

* You can create broadcast "channels" that people subscribe to.

* In group chats, the administrators can decide if new members can see all messages from the time the group was started or only the recent 100 messages.

That sounds very good. Thanks.

Honestly I think the docs/official feature map at telegram.org would do a better job than me. I don't think you'd enjoy TG if none of your friends are using it, though [obviously].

Edit: ok I launched Signal which was installed on my phone since forever but never saw any active use, and I must say I remember it to be much worse than it actually is. Either it's seen a lot of improvement, or my initial experience frustrated me away.

There are some nice bots and channels, I often read hn via https://t.me/hacker_news_feed

What an underwhelming assessment.

> The only feature that comes to mind is the absence of sync to other devices (which is kinda expected). Why is that expected? Just because things are encrypted does not mean that they shouldn't be syncable. Signal offers this.

I stand corrected then: which was expected by me. It's awesome that Signal provides this feature, but I'm afraid it alone won't be sufficient to entice users to switch to Signal en masse.

Still, this doesn't invalidate my question as of which other features are missing from TG secret chats; being an active Telegram user I can't put my finger on any.

Signal on Android relies upon Google Play Services for the microphone and camera permissions, which can't be turned off. It is open-source [1] so one could install it without going through the Google Play Store (it's not on F-Droid though), but it's another case of Google's ever-expanding grasp over "interesting" (read: competing) Android apps.

[1] https://github.com/signalapp/Signal-Android

It only depends on GPS if you actually have that installed. I don't, and Signal works fine using an official package (which you install the first time from their website, after which it self-updates).

Wasn't the real reason that Moxie Marlinspike considered hosting with Google less questionable than allowing installing apps from third party sites?

Let's see, Signal is based in the US. Wechat is a Chinese system with a great UX that is based in China. Telegram used to be based in Russia. Whatsapp is owned by Facebook.

I think it is pretty self-explanatory that in all these countries, governments haven't been exactly subtle when it comes to their efforts to intercept communications. In my mind, Telegram is the only software that resisted such interference in an almost heroic way and ended up having to move out of the country.

>Telegram used to be based in Russia.

no, it's not. it was created by a russian (pavel durov) but it's developed by a company registered in london with servers all over the world[0]

[0] https://en.wikipedia.org/wiki/Telegram_(software)#Servers

Signal is in no way tied to the US government though, just because the developers are here doesn't mean anything. And if you are talking about the servers being here, everything is end to end encrypted, even if the government was to try to get useful data off signal servers, there is nothing to get.

Telegram is still banned in Russia.

Just saying: with Telegram you need a cellphone to open an account, but you don't need a cellphone to use Telegram.

With Signal you have to use a cellphone. And that's so unsafe and against any reasonable definition of privacy.

Cellphones are tightly closed, data hungry, tracking devices. A IM that force the user to use a cellphone is a BAD at privacy.

Telegram is used primarily as a replacement for Facebook Groups, not for one-to-one communication.

Signal doesn't offer Groups, so it's not something people will switch to. (Signal has Group Chats however, which is something completely different)

That's not true, at least not in areas where Telegram is prevalent (Eastern Europe). Here, it's quickly becoming the default 1-1 messenger.

Using Telegram heavily for both one-to-one, groups and channels.

I don't know if it is different in other markets but this seems to be common in my circles.

Oh, and BTW: The security situation around Telegram continues to confuse me so I'm personally only recommending it for postcard-style messaging.

>Telegram is used primarily as a replacement for Facebook Groups, not for one-to-one communication.

That's simply not true. People using it for group chat is a much more recent turn of events.

Telegram groups and Facebook Groups are incomparable. Facebook Groups is more like a forum with threaded discussions and Telegram groups is more like IRC channels with one realtime chat

What is the difference?

Neither Signal nor Telegram are acceptable communication systems. Both are isolated and fully controlled by a single company, both require mobile phone numbers and unduly trust mobile carriers for user authentication (at least by default), see https://www.bellingcat.com/news/2016/04/30/russia-telegram-h....

>Signal has a far superior user experience

Signal has no bots. [0] is terrible to use, since you need a new phone number for every new bot you make. (Of course you could all cram it into a single number)

0 https://github.com/AsamK/signal-cli

Both Signal and Telegram use SMS for authN tokens, enough said. Being secure and censorship proof while relying on mobile networks just doesn't compute. Correction: or at least they used to? Now I realize that I am not completely sure.

Signal is way worse because it requires you to have the cellphone always on.

With Telegram you need a phone number to sign-in and then you can forget about it, and use it just on desktop/laptop. You can set a password as a 2 factor authentication (1st: sms or code to another telegram client 2nd: password).

> Signal is way worse because it requires you to have the cellphone always on.

Bullcrap. Signal works fine on data alone. I have Tasker automatically turn on airplane mode when I'm on WiFi and it's never caused me to miss a Signal message.

No it doesn't. you only need the phone for the initial link.

so, yeah, every time you open your desktop you need a cellphone

Maybe you're thinking of WhatsApp, which requires the phone to be around. Signal Desktop doesn't need the phone to be around once you've finished linking the desktop to your account (which is one time). From the second time onwards, you could as well leave your phone turned off and/or in a different country and Signal Desktop would still work fine.

No. To set up Signal Desktop on a computer, you need a cellphone once.

Its funny how much drama you can stir up with that.

It seems it's more important to kids today to have stickers and all kind of fancy useless crap. So yeah, it is "borderline unusable" for them. I get this and I don't care.

I guess we have a way to filter out a certain audience with Signal ;)

Signal lacks a key feature that drives everyone I talk to regularly to use it: custom stickers. Maybe other chat platforms let people upload stickers, but Telegram already has them from hundreds of artists.

Signal requires a phone number which discloses your identity and location and doesn't allow any alternative options. If you could use it anonymously there would be more privacy.

Even cloud synced messages alone will be a better user experience for the majority of users.

Telegram user here. For me, by far the best use case for it are the bots. I live in Brazil and can't stand my relatives barfing bullshit about that idiotic Bolsonaro on WhatsApp. A simple bot on Telegram is the perfect antidote against political stupidity. Bye, bye WhatsApp...

Give me bots on Signal/WhatsApp and I'll begin paying attention. Before that, no thanks.

Telegram has done an amazing job of this compared to basically everybody else. Anybody can create a bot in a few minutes and they are full featured. You have to initiate a chat with a bot for a bot to be able to interact with you and you can block them at any time. (I'm sure they have some internal metrics that also intervenes for bots that are getting blocked a ton)

Compare this to anybody else and it is head and shoulders better. WhatsApp is launching bots, but they will be paid, they can reach out to you without you interacting with them and they will be heavily policed. (IE, you will need to get approval from WhatsApp to launch your bot)

They have also made hosting be a problem of aggregators like Nexmo, Twilio and Clicaktell. So you need to pay them as well. Clickatell is advertising over $1,000 a month to host a WhatsApp number.

Bananas and a total shame. This is the kind of walled garden bullshit that makes me sad for the internet.

> A simple bot on Telegram is the perfect antidote against political stupidity.

It's a perfect vehicle for political stupidity too.

Here in Germany Telegram has a history of being the preferred nest for all kinds of fascist hate groups that have been banned on Facebook. Actually this is the only times I've heard/read about Telegram in the media here.

We should get Telegram to censor them too, that would definitely not make things worse.

Nice derailing.

Any generic (not region specific) bots that you use regularly? I've tried some bots (for polls and certain other things), but privacy with the bots is a concern for me.

... or so says Durov, CEO of Telegram, without providing any way to fact-check his affirmation.

I admire the PR stunt.

Also, the article doesn't mention how many users sign up in a regular 24 hour period (say on Wednesday a week ago).

3M in 24h is a lot of sign ups regardless (if they had 200M users a year ago, that's over a 1% jump in total number of users), but it would be interesting to know how many more than usual that is.

When will HN learn that convenience beats security every single time? All posts that mention Telegram get the same tiring comments about security and they're all utterly pointless and preaching to the choir. Yes, we know there are more secure messenger apps out there, thanks. But unless they offer at least the same convenience as Telegram does, no one will use them except you and some of your tech friends. If you want security and privacy to become mainstream, simply make it a boring, invisible implementation detail of your messenging platform which is superior in convenience.

If you want security and privacy to become mainstream, simply make it a boring, invisible implementation detail of your messenging platform which is superior in convenience

I believe that is precisely Signal's philosophy. Which is why for example it uses/requires a phone number instead of a username - which then people also complain about on HN and elsewhere. That it's less convenient than other messengers (which I don't dispute) is not for the lack of trying.

So I suspect the answer is the loudest users/commenters will "never" learn this.

> no one will use them except you and some of your tech friends.

This goes the other way around just as well.

No one will use them except you and some of your edgy young friends.

I mean...seriously...I don't see my mother using "custom made stickers" nor my wife or my co-workers who are not "tech". They are just older and need to send text and a picture from time to time.

Keybase is very convenient, same features and is based on known standards and has arguably as good a UX as telegram.

Why isn't that used more?

I hate the hassle of setting up Keybase on Mobile andDesktop so i have never bothered about it till now.

Hassle? It’s incredibly straightforward. Maybe 2 steps to login to an account on iOS that already exists on desktop (preferences add devise, scan QR code).

I use keybase too, but I don't know anyone else; even though I've invited them...

Telegram has become my social media mainstay. So much better than anything else, but maybe I just got lucky with the groups I am in.

I am in the same boat. I started using it around 4 years ago when the constant degration of Skype hit a point where I could no longer treat it as my main messenger. Since then, everyone I have regular contact with has become available there, and I haven't looked back. At all. In the last two years it has also become the main hub for a lot of crypto communities, which was very fortunate for me I guess.

I don't use it for privacy, as much as I would like that to be a more prominent feature. It is my Facebook, and I hope to move to a more private platform eventually, but until then the features, usability, unobtrusiveness and solid clients on all my devices are the reason I'm staying.

I think Signal is a good alternate to Whatsapp. I like the voice quality of Signal and it's privacy features.

I used Telegram too and I think its a good alternate to FB. Always stable and Has some great public and private channels. And doesn't drain battery like FB messenger does.

i am an early user of wire. Logged in few weeks ago just to find out they took my username. Support say non-sense and now they just ignore my messages.

If I could choose, it would be Wire for me, too. Unfortunately, it hasn't got real traction yet.

Wire is definitely my favourite of the secure IMs as far as UI/UX. It's also the one I've had most luck with when referring non-tech family and friends. They didn't like Signal or Riot (for a variety of reasons) but are happy to use Wire.

It looks like you have to pay for Wire. Is that right?

Free for personal account, paid for commercial use. Discounts for edu and NGO.

Also somewhat off-topic, their backend is written in Haskell and on GitHub. Not terribly relevant for the end user, but I found it an interesting choice.

The only reason I saw fb messenger as popular was because fb was. the chat heads are dumb ( Google is trying to copy that for some reason), it tried to replace basic features of a phone, it randomly dialed people ( in HD!). In 2019, is it really that difficult to design an app, list of contacts, list conversation, timed delete etc in a normal looking ux. The state of messenging apps is terrible. On sure Google will release a new one soon though

Honest question here.

Isn't Telegram inherently unsafe/unsecure because all of its operations are in Russia?

When a Russian authority knocks on their doors, they would be forced to answer.

It's true that US would do the same thing. But I'd prefer US doing it over Russia or China doing it. Because, at least, transparency and justice system in US is a lot better than ones in Russia and China.

Telegram moved out of Russia and has since been banned in the country.

That aside, as an American, I feel like maybe there's some advantage to it being Russia rather than the US, as it's not your own country or an ally. Probably not enough of a reason to prefer Russia, but there is something to think about there. :)

Ha, I see. It seems the founder already left Russia and can't go back.

I find it quite telling that a short outage does more damage to Facebook than any data breaches and mishandling of user data.

Telegram is scary and questionable. Inventing your own encryption is never the answer and reeks of horrible understanding of security, at this stage there is no reason they should not adopt a standard of communication like Signal protocol.

Signal app itself is ok, it's a little....annoying as it requires a phone number and the UX needs some love.

Keybase is great, It has ways of verifying you across multiple services and has end-to-end encryption using PGP. Also offers file storage.

Signal/RedPhone did invent its own crypto (the ratchet), didn't they?

> Signal/RedPhone did invent its own crypto (the ratchet), didn't they?

IIRC, they didn't invent any crypto primitives (e.g. cyphers).

Sure, but the primitives are pretty boring, anyway. Few people try to invent those.

Many more try to invent new constructions on top of the primitives. That's where things go wrong, in practice.

(I fully trust in OWS here, but "don't invent crypto" is an unsuitable argument in a Signal-vs-Telegram discussion)

> Many more try to invent new constructions on top of the primitives. That's where things go wrong, in practice.

Things go wronger when non-cryptographers try to invent their own primitives, and that's what the saying "don't invent your own crypto" was invented to warn against.

We still haven't seen any examples of Telegram being compromised.

That's the same as saying that a car model is safe because there have not been any crashes yet with this make and model. No cars are safe because there are industry standards that a manufacturer is tested to ensure they are following.

Closed source (both in code and implementation) has no place in the security world and anything security related should always be open for anyone to scrutinize.

Feel free to scrutinize Telegram's crypto and E2E implementation for secret chats. It's open source and you can find it here: https://github.com/tdlib/td

Yep, did it, not going to use Telegram now.

Love the unsecure TLRPC objects deserialization that actually makes the native client crash and to not verify what other clients have sent: https://raw.githubusercontent.com/DrKLO/Telegram/e397bd9afdf...

and the tons of magic and undocumented numbers in the code: https://github.com/DrKLO/Telegram/blob/master/TMessagesProj/...

Crashing in the face of invalid and likely malicious input is a secure approach (fail fast).

Depends on whether the crash is intentional :/

RSA encryption is potentially exploitable by quantum computing. Still people are using it everywhere.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact