WTF, Telegram's security & privacy propaganda seems to make ppl recommend it over Signal in here.

I don't currently have the spoons to go interact with that directly, but y'all might want to know that:

  • both have an open-source, reviewable client, and a proprietary, centralised server;

  • Signal provides confidentiality/encryption end-to-end for everything, by default (meaning that your device and the one of whoever you talk too see the communication content, but nothing else)

  • Telegram claims to provide e2ee, but does everything it can through its UX to make people communicate in the clear (i.e. without encryption, where they can read all messages); it also uses dangerously-incompetent cryptographic design, but that's almost the lesser problem.

  • both try pretty hard to get you to grant access to your contacts, and share some personal profile details with your contacts (who use the app) ;

  • Signal requires sharing your number (or rather, the one attached to your Signal acct) with your contacts;

  • Telegram defaults to sharing it, and they made it opt-out; of course, in less than a minute between the update and me finding the opt-out, it was capable of sharing my number with all my contacts (and there's no unsharing it).

TL;DR: Both kind-of suck at privacy, but at least Signal's devs can't read your msgs.

@kellerfuchs signals devs force it to be released with Google spyware in it so I just don't even consider it an option despite the technical advantages. Its preferable not having a backdoor if possible.

@kellerfuchs The signal server isn't proprietary, I don't think?

Also last I checked telegram had some weird roll your own crypto going on. This may have changed.

I would be great if people used something decentralised that doesn't want your number, but as they say, perfect can be the enemy of good.

@kellerfuchs Also, Telegram's crypto is a joke among cryptographers. Nobody cares enough to actually break it because they know it'll just be met with an ineffective patch that addresses the specific avenue they used but leaving other holes. Or not addressed at all except with a pile of bullshit words.

