Some people say it’s really privacy-giving and that you should use it as a privacy alternative. Others say it’s alao on the big tech side. What’s going on with telegram, really?
You must log in or # to comment.
Every text you send through Telegram is stored in plaintext. Telegram and authorities can access that without your knowledge. Also it will get leaked in a breach someday.
Now you decide for yourself if it’s private.
Woah, thanks.
What should I use, then? Because, from what I seen, Signal is US hosted, and this isn’t very good to privacy.
Signal is well designed enough that Jurisdiction doesn’t matter much. The only things you’ll find that can br arguably better than signal are fully decentralized apps that go over TOR like Briar or Simplex but these have a lot less usage because they’re so slow and terrible for your battery.
So, no Whatsapp alternative? Sorry, I’m kinda slow.
If you don’t understand the cryptography enough that you have to ask about telegram, just use Signal. It’s the best designed app for the security of most people, it doesn’t have any privacy/security footgun, and has a pretty good threat model while not cutting corners on usability.
Oh, thanks.
Signal or SimpleX.
Thanks.
Telegram talks a pretty big privacy game, but consider that the feature that actually enables end-to-end encryption, called “Secret Chats” in the app, is OFF by default. Couple that with everything else said in this thread and you start to see a picture forming. And it’s not pretty.
Use Forkgram off of F-Droid. Its an open source app with extra features. You have to have the regular app to verify the login on forkgram. Then just uninstall the regular app. I only use it for news channels and mod’d app channels. I don’t use it for communications. Its not good for that.
Just another application owned by multi miliionaire
It depends. By default, it uses a weaker encryption than WhatsApp. You can turn on e2e encryption, but not in group chats.
On the other hand, it has multiple FOSS clients, will work on pretty much any platform, and has a great UI.
If you want a fairly secure chat app that your grandparents can use, then Telegram is perfect. If you’re sending highly confidential stuff, then no.
It’s also suitable for project groups, because of the better tools (and moderation bots) available to the mods.
Its main “security” feature is that they are uncooperative towards most governments. If a government makes a legally binding request to signal, they recieve IP, Account creation date and other unavoidable stuff and signal is transparent about that. If telegram gets that request, they probably ignore it, but maybe they don’t and there is no way to know as a user.
Also telegram is the platform of drug dealers, nazis and conspiracy theorists. So even if it had e2e by default, I would still prefer using another platform.
The only reason people think it is private is because for a long time it refused to corporate with governments (which is why plenty of criminal activity happens there)
It is about the least private option of all modern messaging apps (literally not e2ee, which means that the server owners have potentially full access to all chat content)
The only thing that makes it special is the bot support.
Telegram allegedly complied with a government to give them user data, and their e2e encryption was switched to be off by default. I know because when I started the chat with someone we raved about how it says ‘end to end encrypted’ before sending a message. Well, between then and when I decided to migrate off it, that private one-to-one chat’s encryption was switched off.
I say it’s okay, but only ensure that e2ee is on
its not private, but its FOSS, it has great mobile&desktop client
Telegram is not FOSS. The client is, but the server-side implementation is not, which is important if you consider the fact that encryption is turned off by default.
I don’t think that is disqualifying, because you can’t control what is running on someone’s else machine anyway. It’s centralization that is the problem.
If it was impossible for the other side to read the content of the messages, I’d agree. Hence, why it is less problematic that Signals server software is closed source.
There’s a FOSS version of signal called molly that’s opensource.
That’s a signal client, not server. While I think there are reimplementations of the signal server that you can theoretically use, you’ll be bound to only communicating with people also connecting through that server (ie no federation)
You are 100% correct.
