Finally got rid of telegram, congratulations to me
It was a many months transition, and it's finally done
Fun thing, you can actually make a backup of all* your messages, groups, contacts, etc. So before leaving you can have all of your data in case you need that one contact or something
The final red flag was as that allegedly Russian authorities were messing with people's deleted messages. Not for the first time there are news that they could read, modify, delete, see location, and etc. Screw it, this is unsafe, I'm out.
Also, these days telegram is really at the state of a pile of garbage, bloated, buggy, and shady messenger.
316
Comments139
I don't know about "Russian authorities", but the fact remains that if you can login anywhere and see your messages, then your
publicprivate key is stored in the server.Since Telegram requires authorization from an extant connection, I don't know if that means your public key isn't stored on the servers and it's being sent from the authorizing device, or if that device is merely authorizing the Telegram servers to transmit that key to the new device.
Since they have a full e2e chat feature (Private Chats), I'm going to assume the latter.
So anyone who can get those keys can gain access to your chats.
I still say Telegram is far superior to anything from Fuckbook/Meta, because it's not integrated into everying you do (even those of us who've never once been on Facebook, and yet have ghost profiles), not to mention the Facebook app integrated into Android on many vendor phones.
Even so, know Telegram for what it is - not ideal, just better than WhatsApp, and a step along the path to moving to more secure and privacy-respecting apps.l
Did you mean private key?
I automatically read it as private key, good catch
Comparing telegram to WhatsApp is something really 2015 😅
Now we have many alternatives, and let's just switch, fb and telegram both suck compared to signal, simplex, session, or even matrix (wait for the new matrix' update where they add some new encryption stuff)
Session was at first a fork of Signal without usernames.
Now by design it uses their own custom tor-like service (instead of just... using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.
Regarding Australia's 2018 bill...
Regarding the 'vulnerability or cracking them later' bit...
From Session's own FAQ:
I wouldn't touch it with a 12ft ladder.
Session does use the Oxen network which is the renamed Lokinet, unless they made a change I'm wholly unaware of.
You're not wrong. Lokinet and Session are both products from the same parent company. Lokinet was renamed to the Oxen protocol, and they run all the servers AFAIK, so it would be like tor, if tor ran every guard, entry, and exit node. AKA worthless. So you're spot on, it's a joy to the intelligence community and after the Encrochat debacle and Session stopped using Signal's encryption algorithms and code, I would suggest no one use it for anything sensitive.
i use telegram, but i agree that signal and matrix is superior from both(i don't about the others)
Why did Telegram get so popular in the privacy scene compared to Signal in the first place? To my knowledge Signal came out first and never had a history of breaches or leaks.
I can't speak for the privacy scene but in my country it's pretty popular merely because of anonimity (which boils down to not having to use a phone number) and Discord-like server/groups. For porn and other NSFW content, it is pretty popular.
Ah I did not know Signal required a phone number compared to Telegram not requiring one. Thanks.
Telegram still requires a phone number to sign up, but they have had usernames that can be used to contact people without needing their phone number. Signal is only now finally rolling out usernames.
And they still want your phone number.
At least they have usernames now..
Telegram got its popularity because of piracy and having your chats on cloud. It was never intended to give privacy to user but due to WhatsApp breaches they started promoting telegram as a secured chat app which is a toatal joke till this day.
Honestly, UI and PC client experience.
I find the UI in signal a bit off putting. Telegram grabs you with their funky stickers, clean UI and dumb features. I alps hate that Signal won't bother copying the messages to a new client.. Like, I have a 1Gbps connection, surely we can copy my chat histories from my phone to my PC? Nope, gotta start fresh on every new client..
If they did less dumb shit like adding statuses, and put some more effort into making the UI nice, more people would use it.
And I get these are dumb reasons, but they're real none the less
I think Signal shot themselves squarely in the dick by removing SMS functionality.
Previously, you could use Signal as the primary SMS/messenger app. Any conversations with other Signal clients secure. Conversations in SMS/MMS? Marked as not-secure.
But, out of some purity concerns, SMS functionality was removed and the dev team focused on adding useless shit like "stickers" and then the pin-code harassment.
Signal adoption plummeted as intended (?)
Telegram, while often hyped as high privacy/security got popular because it was/is fully featured and isn't Google or Facebook. That's it
It's less invasive, less annoying, and can do all the stuff like gifs and stickers. So it was very easy to get people onto compared to pretty much anything that was actually private or secure.
Once enough people started using it, it snowballed into its own monolith of bloat.
Maybe because it offers public chats and channels? Something other apps lack.
Also the best desktop experience out of all apps I've tried.
in some circles yeah.
In Germany it actually became famous because it allowed for huge groups and it's where covid misinformation breeding grounds took off. People thought you were a nutjob if you had telegram lol.
Which, while that is the dumbest reason to reject a chat app, at least meant that Signal was able to get more popular with uhhh smarter folks.
Telegram came out a year earlier in that signal, and because immediately popular amongst young people and drug dealers in Russia
It's popular with furries because of sticker support. Furries are an anchor population for the larger world of IT/etc. It was never really about privacy, or signal would have taken off.
Honestly it was mostly a Discord competitor if anything. One with FOSS clients for desktop and Android.
The private chat is baseline implementation just to tick a box rather than anything practically useful.
I think the big reason that nobody's mentioned yet is simply that they were earlier. Back when projects like Tox and Matrix were first starting to pop up, telegram was already fully formed. Signal didn't come until at least a year later and didn't have feature parity until several years later. Telegram by contrast was a much closer experience to WhatsApp and Messenger, making the transition much easier, particularly for low-tech knowledge users.
By lying aggressively.
Lying about being the first phone app with E2EE (they're not even close, by over a decade if we count J2ME apps) because Signal was called TextSecure back when telegram didn't even exist yet. Lying about their protocol, lying about their backup system (if you're using group chats or regular chats which are backed up they are visible to the admins and any other claim is a lie), bullshit propaganda against Signal, etc...
Oh and by the way, Signal has now finally launched usernames, so you don't have to share your phone number to use it anymore.
Nobody in this entire thread of FUD has posted a single link to support any claim of Russian data intrusion.
Here's a recent article, Telegram’s Connection to the Kremlin.
I mean from what I gather e2ee is not on by default (and unsuppoeted in group) and is proprietary.
The link below talks about why that is; Telegram focuses on features over maximize privacy.
https://www.wired.co.uk/article/telegram-encryption-end-to-end-features
I posted this down below in a comment thread but I'm afraid it won't be seen and not enough people know about this.
Session was at first a fork of Signal without usernames.
Now by design it uses their own custom tor-like service (instead of just... using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.
Regarding Australia's 2018 bill...
Regarding the 'vulnerability or cracking them later' bit...
From Session's own FAQ:
I wouldn't touch it with a 12ft ladder.
FYI, regular Signal now has usernames available with the option to hide your phone number switched on by default (you may still need tithe beta release for the next few months since it's staggered rollout)
Signal still requires a SIM card & an Android or iOS primary device. Usernames here just let you cloak your phone number, not keep it a secret from the service.
As an Australian, either.do I. They are in Mastodon and I have pointed out that being in Australia should make them a no go for anyone.
I'm gonna need a source on that, since the creator himself was persecuted and telegram had layers of fake companies to stop Putin from getting to it.
Here's what I found:
https://www.wired.com/story/the-kremlin-has-entered-the-chat/
I never got with these russian authority claims. Telegram is not based in russia, sure its founders are born in russia but they have taken citizenship of France for a long time now, its based in saudi arabia. I never saw a single proof of them giving data to russian authorities, they were banned in russia for that iirc but eventually got unbanned due to mass adoption. At this point these russian claims just seem racism to me.
It's the usual foreign fearmongering. It's never phrased this way if the subject is a western company (even though we know they cooperate with the US government).
Specially since we know for a fact that Meta hands over any and all information the US government wants from all their apps.
I only use it for porn groups🗿
Porn groups are good indeed!
critical damage to the “privacy-conscious people are not freaks” message
Eww, disgusting!
Where?
I thought furry groups use discord?💀
Nu uh, I aint no furry❌🗣️
Porn groups? What do you do in those groups? Exchange porn? Is there not enough on the internet?
CC BY-NC-SA 4.0
I have been living under a rock, what happened to Telegram?
It is not considered a good alternative as a messaging app for privacy folks and because the source code is not open, it is not E2E encrypted by default (you need to start a secret chat or something to make your conversation encrypted) if I remember correctly.
You remember incorrect. All Clients are open source:
In Fdroid there are also forks. But yes, their servers are closed source and centralized.
Still its not recommended. It requires Phone number and as you said its E2ee is not on by default and is not soooo good.
I must agree on the bloated part. Telegram was awesome before Pavel got greedy and added more and more stuff that are just not related to any chat service, for an example payments and crypto.
I installed Snikket on my server few weeks ago and are now trying to move everyone to it. It seems to be a very slow process, though.
But I might keep Telegram only for the porn channels. Mighty good stuff!
By the way. Do you have the source for your claim that Russian authorities were messing with people's deleted messages?
Oh, yeah, the porn channels are really good indeed
I'm thinking if I can access them from some telegram channel mirror
Well, Telegram already have a preview feature for every public channels. Just copy the direct link to the channel and add
/saftert.me/(or choose "Previous channel" without opening the link in Telegram) and you're good to go. If only Pavel will add an RSS feed to that feed. That would be mighty-mighty awesome!More work to save the media files, though. You have to inspect the element and get the direct link to the image through
background-imagefor thetgme_widget_message_photo_wrapclass. Much easier and takes less time to just save it inside Telegram, as of now.Good advice, but I will look into converting some to RSS and read in an RSS reader
I just one a solution for that: RSS-Bridge. Just tried it through one of their instances and it works really well. At least for some of the channels.
XMPP, 🙂
Good for you. I still don't know how to move my friends and relatives to Signal. Any tips with that?
One day I said that in the future I will only be available via Signal. If not there then there is still SMS. And so far everyone I have contact with regularly installed it eventually.
That's exactly right.
Easy! Just replace their usual SMS app with Signal, and then every contact they have that does use Signal is private and secure!
Oh. Wait. That's exactly the functionality that Signal removed in their effort to ensure that Signal is never widely adopted.....
I didn't agree with their decision at all at the time, but now that I realize they made it a little while after it gained widespread adoption and people stopped using it because "Signal isn't actually secure!" ... seems like people were expecting a secure messenger to be, well, secure. So they would chat about anything and everything thinking "I am using a secure messenger, these messages can't be read..." and tech ignorance is a dangerous thing if you're trying to be secure. I would've preferred a colored window and un-closable message for SMS chats, but oh well. I like that they've introduced usernames so you don't have to give out your real number.
And that irony now is that messenger on Android is RCS compliant and currently has this exact functionality, except it's less trustworthy.
Once again I'm using one messenger and everyone else who's using an RCS messenger gets encrypted, but SMS (clearly marked as such) is a viable fallback.
Keep bugging them. I almost exclusively use signal for messaging these days and it's fantastic. It took longer to convince some people than others
Do what I did. Let everyone you care about on TG that you're closing that crap, with your reasons for doing so. Inform them of your moving to signal, session, whatever. Be clear that, otherwise, they can try calling you and wish them good luck. Close TG on the day you set as deadline. I did that and whomever didn't get a Signal or Session account has to call me. I've never looked back.
My family is all on iMessage. I told them if they didn't install Signal I wouldn't reply to their texts.
At first, whenever they texted I would just reply with something that looked automated like "This user is no longer available via text message. Please install Signal if you wish to communicate."
I did something similar and just sent a link to Signal when IPhone friends and family SMS'd me, worked....eventually :) (am on Android)
That's freaking epic. Love it.
Like that, also, a few months prior to the deletion turn off the notifications, and come there every few days, so people need to wait for your reply for days, and when you come you say "oh, I'm not using tg, I switched to signal/session/simplex/bird mail"
These are allngreat suggestions. Another huge advantage is that this help detoxify from the constant pinging with others.
"Hey, Telegram got fucked up for me so I moved to an app called Signal. If you want to contact me, do that, or just use your old normal texting."
start a meme group. People may not want to install a chat app to talk to you, but they don't want to miss out on juicy memes.
this strategy worked for a few of my friends at least.
Install a family XMPP server like Snikket or otherwise. Show them the benchmarks of how little battery & data plan drain is used from Conversations forks. Explain how bloated Electron apps are & how you don’t wish that on your loved ones vs. Dino, Gajim, or a TUI client. Sidecar a Movim server so y’all can share long-lived, non-ephemeral posts instead of losing memories like photos in some long group thread. Let them know their data is safe with you as the operator instead of some massive for-profit corporation—and if they don’t trust you, they are empowered to start their own server to interop.
(This tactic has yet to work for me, but I will keep running into that wall til it breaks 😃)
Russian authorities usually just hijack login sms confirmation codes. This is a common practice in Russia. Not denying that something else shady might be going on, but I do know mobile providers there don't even bother to ask why - they just provide shit on demand.
Probably this might be related to why tencent removed cloud backups from WeChat. It used to be like telegram, when you login it loaded all the previous messages, now when you login using the sms confirmation code you need to ask (with a different chat app!) three friends to send you a session specific passcode and then all the previous chat history is wiped clean.
(It was a problem to login back to me as I didn't have three friends)
Am i the only one who doesnt use telegram for porn
Nah.
I use it for drugs.
A lot of speculation that does end with this in the article:
"After discussing her case with experts, Matsapulina now believes her Telegram messages may have been compromised by a form of spyware. When she was told that a hacking device would need to be physically nearby to infiltrate her phone, a memory resurfaced: At times before her arrest, she had noticed an unmarked truck with a dome on its roof parked outside her building. She had even jokingly mentioned it to friends on Telegram. Now, she remembered, as the police were banging on her door that morning, she’d spotted the same mystery vehicle parked outside. By the time the police stormed her home, the vehicle was gone.
Matsapulina has since started using Telegram again."
Most messaging apps are vulnerable on the client side with spyware, no matter what E2EE exists along the way.
You forget to mention they gave informations to german police, seems like they forget the point of the app
Back to Facebook messenger?
The only private one
what's wrong with session?
https://lemmy.world/comment/8193613
Oooh. I was pretty sure they used to just use tor directly... Weird.
Session is better than Facebook by a long shot. The issues many people have with it seem pretty minor compared to me. At least compared to Signal.
Please enlighten me
Doesn't require a phone number
where did you moved to? i tried matrix but their android client (element) is terrible compare to telegram's.
Try schildichat it seems more polished
Schildi is planning to be based on Element X later.
It aldready is . But it don't matter
Try checking out Element X. It's made to replace Element stable once it's complete.
Does it handle the battery usage better? I had to remove Element because it was killing my battery.
There have been rumors from its start. I have no idea of their validity. Like anything, it's hard to find the truth.
As for its encryption, while I dislike it's not open source, and it's deserving of some criticism, there have been no reported cracks of it that I'm aware.
That said, it seems to store your
publicprivate key on the server (though I'm not sure of this), which is not ideal, for sure.There has been multiple breaks, like the good old 2^64 bruteforce attack when they used too short session identifiers, malleability issues that could let the server/hackers change your messages, reordering attacks, etc.
What the issue with them storing the public key?
Aside from not storing anything you don't absolutely need to store, there shouldn't be an issue there.
Typo
Every messenger is.
Honestly, signal is the only thing I would ideally use. But whatsapp is still a better second messenger than telegram.
You didn't mean that.
I'm sorry. It might be meta owned, but its metadata theyre stealing. I still trust the e2e encryption. Naively perhaps
telegram e2e encryption is open-source, whatsapp not
Almost no one uses telegram e2e, because it's not automatically activated. Also group chats are not e2e.
I still like to use telegram tho.
Also doesn't Whatsapp just use the signal protocol for e2e?
Also Telegram's E2EE chats don't work on desktop apparently, and you are not able to see message contents in the notification (which is a plus or minus depending on you)
Asked a friend earlier today if we could use secret chat. He declined because he mostly chats on desktop, and apparently wants to see messages from notifications while driving.
Jep, all of this is true. I have two chats with some people because of that.
Also you can't search for words within e2e chats, which is a pain in the ass sometimes.
Whatsapp is built on the Signal E2EE protocol, Telegram has a terrible homebrew encryption protocol with a ton of weirdness and it has had a long history of weaknesses which they lied aggressively about
Unpopular but true take.
I didn't use WhatsApp for the last like 3 years already
I have already got rid of the Sim card, but want to setup some sip Sim cards at home for package delivery and work
So like, using WhatsApp is pretty pointless at this point
I miss Wikr
Deleted the app and account recently as well. I'm hoping that having the account deleted means that people don't try to use it to message me there.
People who had you listed will just see "Deleted Account" instead of your name, and a little ghost as your avatar.
They will still see your chat history though.
I deleted telegram long ago, but not my account, just the apps.
As of recent, I wanted to log back in and actually delete my phone number from there, so there's no more association.
I can't login. I download the app, and it sends a verification code through Telegram and won't do SMS, but I'm not logged in at all so I can't get the code.
I'm stuck there. I contacted support and they're yet to respond. :p
It happened too many times already, telegram has a very bad record at this point, some security mistakes happen every month, c'mon, this is a really bad idea to use telegram at this point
It happened too many times but I can't find a single case, please enlght me. I will use telegram because it have a lot of features, good ui and easy to use
You should really search, I tried to compile all I could find, but I'm here to stop using tg, not going back to tg and scroll Russian opposition channels for all the mentions of stuff like that
There are some articles in English that describe the events, but most of them are in Russian
Also, from the search it's really hard to find anything because a lot of stuff about the war
Here are a few topics:
Compilation of different technical vulnerabilities and issues of telegram(in Russian):
And in general, Russian government unbanned tg after it realized it can read it. I wouldn't trust anything that was unbanned in Russia or China
And one more article that lists issues of telegram: https://emisare.medium.com/так-ли-безопасен-telegram-f5a3128a1311
I'm already tired of doing this, I didn't even start on activists and how they get hacked and stuff
There was just a fine on telegram yesterday for not "complying" with Russian authorities which is another proof they are doing great. https://tass.ru/obschestvo/20188921
I'm glad I never used it
I will probably up this one, it's really a lot of materials, and articles, and news if you read behind all this war and politics stuff
You should really search, I tried to compile all I could find, but I'm here to stop using tg, not going back to tg and scroll Russian opposition channels for all the mentions of stuff like that
There are some articles in English that describe the events, but most of them are in Russian
Also, from the search it's really hard to find anything because a lot of stuff about the war
Here are a few topics:
Compilation of different technical vulnerabilities and issues of telegram(in Russian):
And in general, Russian government unbanned tg after it realized it can read it. I wouldn't trust anything that was unbanned in Russia or China
And one more article that lists issues of telegram: https://emisare.medium.com/так-ли-безопасен-telegram-f5a3128a1311
I'm already tired of doing this, I didn't even start on activists and how they get hacked and stuff
So what do you use to send, receive and store 2GB ish files to other people?
Edit: Would be great if some non-selfhosting solution was suggested here.
Depends what people
For family and friends I have nextcloud, many of them are using it (yes, i'm that one out of a million people who made their friends and family use selfhosted stuff and be happy)
Magic wormhole, Bitorrent
How do you share using BitTorrent. I had a lot of problem sharing with BT, especially on tracker choosing reasons and port problems.
I use Pingvin Share to share one or more files. Have set the max limit for each share to 4 GB. All files will be stored temporary which is awesome privacy-wise.
Gonna have to disagree. Telegram is the ONLY chat app with ACTUALLY NATIVE code clients on desktop and mobile. Its the only one that isn't website in a box trash that's slow heavy and buggy. I use discord mostly because it's where everyone is but i fucking hate everything about it and wish people would use telegram.
If you think other chat apps don't read/process metadata from your dms and such your an idiot. Nothing is safe short of self hosted matrix with full E2E encryption or similar and ain't nobody doing that.
Well, I'm doing that. But I'm nobody, so I guess your point still stands 😅
But also, I don't judge the chats mainly by their client, but the protocol. Telegram is not open and so can't be audited properly, that's my concern.
Afaik the protocol is documented[1] and the clients are open source[2].
No code available for the backend though.
[1] https://core.telegram.org/mtproto
[2] https://telegram.org/apps#source-code
Ah well, my bad, things have changed since last time I checked.
So better of what I thought, but still not great. Also the fact that it's a Saudi Arabia company now (where they are not exactly famous for their human rights protections) does not bode well.
I up this one, there are many messengers, all have different clients, just choose one, or make? I like the UI of WeChat, should I use it then?
signal has e2ee and so does proton mail with other protonmail Users
My brother, XMPP existed before Web 2.0 where after the cost-cutting way to ship an app was a browser option (browser options help accessibility tho)—where Electron was the most egregious RAM stealer. OMEMO has been around for multi-client double ratchet e2ee since 2015. An ejabberd server can be tuned to handle 2 million simultaneous connects—Synapse folds over like lawnchair at a single user joining a room with a medium-length history.
tg premium user here, WTF? i tought telegram was privacy respectfull and pretty secure, what changed/happened? that's not the first post i saw abt It. also, any alternatives? with almost same features and as many channels/groups as telegram ofc like don't suggest me signal or Matrix nobody Is on that platforms...
EDIT: lmao people Just downvoted me for asking... what a world
Security is a spectrum. Telegram has never been the most secure alternative, but that doesn't mean it doesn't have any security.
Dude, are you even Russian yourself to claim this?
As a Russian person, Russian oppositionist, and formerly a drug dealer, I can say that you wouldn't use telegram for anything that needs security, since like the start of tg
Just come to Russia, register with your name two Sim cards, create telegram accounts, and message yourself that you want to blow up Kremlin. You will have FSB standing behind your door very shortly
For the very brave, no VPN, no secret chats, see ya
Edit: this was your third comment on Lemmy, and only one post, so I really doubt that you will ever do something. Also, comparing tg and wa is so Durov
Hi there, tbh I forgot what my comment was before I deleted it. You probably just answered yourself in this post :)
But yeah for security I don't prefer Telegram or any Android app and I use Telegram the most on Android because I like the way it is. No Secret Chat really, are you sure about that lol
Is it even possible to get a telegram account these days? I heard their SMS service was down or something making it impossible to sign up and they don't support email.
CC BY-NC-SA 4.0
Stop it with the creative commons link in your comments.
Also, there is nothing wrong with Telegram logins or new accounts.
No.
Just gave it a shot. Doesn't work.
CC BY-NC-SA 4.0
I get notifications of new contacts that join Telegram so it does. I don't need to try it myself.
And I don't understand your cc link and your down votes speak for themselves so stop the silliness.
Do you fear what you don't understand? "I don't understand it, so stop".
And I don't care about downvotes. Go on, downvote. It has no real life effect.
CC BY-NC-SA 4.0
Your link also has no real life effect.