That's nice, but all of those features, such as usernames, make me understand how Telegram was so well-planned from scratch. Everybody has been catching up since. Telegram is really an impressive piece of software.
That's nice, but all of those features, such as usernames, make me understand how Telegram was so well-planned from scratch. Everybody has been catching up since. Telegram is really an impressive piece of software.
> Telegram was so well-planned from scratch
Uhm what? It's 2023 and they still don't do e2e encryption by default. Building a chat application without e2ee is orders of magnitude easier than with. And let's not talk about MTProto…
because there's real usability tradeoffs. Signal's local encryption means there's no history sharing on new devices and essentially loss of the data should you ever lose the device/key, and that for many people is a deal breaker.
It doesn't help that the non-security aspects of Signal are garbage. I have several years of data in my phone that I want to backup, but it's a painful process because Ihave to export every media file manually and then transfer it over to an SD card. My phone is low on internal storage space, but Signal won't let you choose where exported media get saved to, so I have to play Towers of Hanoi shuttling media files in and out of my limited vacant space and then deleting them in Signal after they've been safely copied to the SD card.
The app is full of tiny annoyances like this. For sending photos there are some editing/cropping tools - a fun and somewhat useful innovation, but while the crop handles work from the corners of an image they don't work properly from the sides. I was a busy evangelist for the product in its early days, now I hate using it.
> Signal's local encryption means there's no history sharing on new devices and essentially loss of the data should you ever lose the device/key
To be clear, Signal now allows secure backups to the cloud. If you don't use a strong password, and much as the public won't, it's not perfect but they maximize the security. (And you can always choose to not use the backup.)
Do they? On Android all it does is backup to another directory on my phone.
Hmmm ... looking around, isn't the following implemented?
https://signal.org/blog/secure-value-recovery/
(It's also relevant to the OP.)
SVR doesn't do full backups (yet?)
> To be clear, Signal now allows secure backups to the cloud.
No, it doesn’t, at least on iOS. There is no backup option on iOS. The only way to retain information when using a new device is to have the old device close by and transfer it by running Signal on both of them. Anyone who loses their device or does not have it with them when getting and setting up a new device will lose all the messages from the older/previous device.
Oh, does it work for desktop?
I know only enough about crypto to be dangerous, but it's never been clear to me why that's such a hard technical limitation. my password manager is very easy to set up on a new device if I have another authenticated device on hand. if not, it's still not too onerous to set up the first sync. why wouldn't the same approach work for signal?
Indeed it's possible, though judging by the release dates, it's not trivial to do right:
- Apple implemented iMessage E2EE sync across devices back in 2011. But be careful not to save your chat keys in iCloud backups (local backups are fine), unless you enable E2EE for iCloud backups as well, which is an option rolled out in 2023.
- WhatsApp appears to have rolled out a form of E2EE device sync in 2023 as well. WhatsApp Web complicates the question of how secure is the E2EE though.
It does, if you set up Signal Desktop it involves scanning a QR code. It doesn't sync old messages, theoretically they could do that over a local network transfer.
You could reimplement all the rest in a couple of weekends, is that what you're trying to say? Only e2e is real work, the rest is easy?
It's not just content inside messages, Signal actually knows nothing. The metadata about your user, your contacts, every group, and who is in a group, or who sent a message, all encrypted. The only thing Signal knows about a user is when they registered and their last login time.
Telegram just stores everything on their servers in Dubai, in the clear.
> The only thing Signal knows about a user is when they registered and their last login time.
Really? Why do I need to provide a phone number in order to register for the username test?
Well yes, obviously your phone number since it's how they handle accounts. Their argument is that it makes you the owner of your social graph because it uses the existing contact list on your device.
https://signal.org/bigbrother/cd-california-grand-jury/
Because your account is currently your phone number, so if they want to open the service to a limited number of power users, it makes sense to restrict it to folks who already are signal users, IMO.
As I understand it, the phone number requirement won't be going away - it's just the requirement to share it with your contacts that they're abolishing.
Seems like the right level of tradeoff to prevent abuse and enabling privacy, did you have a different expectation in terms of balance?
No, that's perfectly fine for me too, just wanted to be accurate and manage expectations :)
(In fact, I do still expect public phone numbers to be the "default", i.e. encouraged, experience, because of its viral properties. This is also fine by me, as I want Signal to be used by as many people as possible.)
You don't see any conflict between that and the claim "The only thing Signal knows about a user is when they registered and their last login time"?
Not at all, a user is a phone number.
Do you have a recommendation on how they would prevent fraud and abuse w/o using a phone number while also maintaining the same level of low friction?
What fraud and abuse? They can prevent fraud and abuse by doing anything, including by doing nothing, because those aren't concepts that apply to their product.
Spam is one kind of abuse.
So? What's the threat model? How does having phone numbers help?
You're making assertions about what Signal needs, and you're doing it without knowing their threat model.
s/user/phone number/
Signal claims to know nothing. However, for a few years now users' contact lists are uploaded to Signal's servers with the notoriously insecure Intel Secure Enclave being the only protection. It is likely that a state actor has access to that, which is already highly desirable information for mass surveillance.
Is it really?
I once worked for a company that happened to find itself in possession of a nearly complete social graph of one of the rich countries. The goal of the project was a different one, that graph was a kind of side effect. The graph was never actually used, but the company did have it.
Producing the graph was neither difficult nor expensive. I believe the complete project cost only a little over €1M.
If you want to gather data like that, you can do it without any expensive intelligence operations or attacks. You can spend a million on writing a desirable free smartphone app that needs contact permissions and another few hundred thousand on promoting the app, then sit back while the data is uploaded to your servers. To me that appraoch sounds a lot simpler and cheaper than breaking into Signal, Intel/SGX or a DC hoster.
I suggest that attacking anyone to get their contact data isn't really desirable.
> the notoriously insecure Intel Secure Enclave being the only protection
While I share your concerns about Intel SGX, your statement is not exactly true: SGX is only meant as an additional measure to secure insecure PINs.
I worked for a while at a company in this space. The chat part really is as easy as it looks. Any competent programmer absolutely could implement it in a couple of weekends. Hell, we used the hardest parts as interview questions.
Now making it into an actually viable business is very hard (I'm not sure we ever managed it), but the hard parts aren't the technical side of implementing a chat app.
Ummm, your message-at-rest inside a Telegram server remains ... unencrypted and is accessible by LEO.
That is, when you power of a Telegram server.
This is not what I said. Only because one thing is "orders of magnitude easier" than another (note the comparative), this doesn't mean it is easy and/or can be done in a weekend.
E2E makes all the other stuff more difficult.
Right. GP didn't say more difficult though, but "multiple order of magnitude", which is to say, at least 100 times more difficult.
Ten per cent more difficult, OK. But ten thousand per cent?
There are different sides to security.
Telegram openly does not have e2e by default.
What it also didn't have that I think Signal at some point had was:
- a bug that sent photos(?) to persons without you asking
- a rather nasty vulnerability that let people send you a message and pwn your desktop environment
For some reason a large subset of HN is like E2E or nothing. But I remind folks that except in very particular cases, all email is available to one email provider or the other.
Same goes for banking etc. But for some reason according to HN my postcard level communication with my family demands I use a system with a tenth of the usability of Telegram.
I agree that Telegram is an impressive piece of software, but it does not offer E2EE by default and the encryption model has been criticized in the past. Still, it is the best chat app in wide use anywhere in the world and this is a great achievement. Among other things, the client is open source and they don't ban unofficial clients, and they don't restrict you to a certain number of devices like some much worse apps. The channels is also a nice innovation, and Telegram has seemingly remained reasonably unwilling to comply on government encroachment (used by both sides in the Russo-Ukrainian war without too much suspicion). This is probably as well as a centralized chat app can ever do.
I wouldn't say it doesn't offer E2EE by default. It offers private chats, which are E2EE, right there and almost as easy to initiate as the regular chats.
I used Telegram in E2EE mode with someone initially, but later we decided the multi-device sync and web chat were so much more useful to us, it trumped the desirability of E2EE and we switched.
Those features together would be better of course.
Apps like Signal and Wire have shown that multi-device E2EE is possible with messages synced across. While I believe that Telegram is far ahead on a lot of features, the lack of multi-device sync for “secret chats” is mainly because Telegram hasn’t spent enough time or effort on it.
I was looking into (toying with) making a decentralized version of TDlib. Of course a lot of effort, but possible. Telegram has some of the best clients, and FOSS. Forking those with a new TDlib would be "best" of both worlds. Session did something similar with Signal clients as a base.
last i checked, Telegram was not end-to-end encrypted by default. has this changed?
HN doesn’t like hearing this, but e2e encryption is kind of an anti-feature for the vast majority of users. The usability tradeoff is real, and most folks don’t care at all about the privacy/security side.
Thing is, both can be achieved, but tg doesn't want to implement e2ee by default and signal doesn't want to implement a proper sync mechanism bc of some extra security(imo it's bs, extra security can be achieved with a proper implementation)
Telegram at least offers end-to-end encrypted “Secret Chats”
These are worse compared to signal chats. In signal, after login on say phone+ desktop, you'll have access to messages in secret chats on both devices(wish it would sync even if login on second device was later), on tg you are limited to only one
Nope.
My favorite feature of Telegram is that the default onboarding experience uploads your entire contact list to a server in Russia.
Telegram servers are hosted worldwide, mainly US and EU. With HQ in Dubai.
They still be shaddy, for example being persecuted by a government for your Faith. They turn over all your Contacts and ip addresses of your contacts so now all your friends can be persecuted... Substitute faith for: whatever...
Are these statements verifiable? Honestly interested to learn more about every argument against Telegram.
https://archive.is/oNfNo
https://archive.is/uE4ed
I won't give specific since I use my real name.
Telegram's "headquarters in Dubai" is just a legal fiction, a registered address only. A journalist who visited that supposed headquarters found no one at home.
Fine. But where is the truth in that it is sent to Russian servers? Perfectly open to any evidence.
Telegram is a Russian company in the sense that it's ownership is Russian and Putin could jail their family members at any time. I don't care what the paperwork says or where the servers are physically located. For all intents and purposes, they are Russian servers from a Russian company.