Analytics request

The analytics will make Airikr Blog better. If you accept the analytics request, the following data will be stored about you:

  • The device's IP address
  • Browser's user agent
  • What pages you visit
  • A timestamp when you agreed to the analytics
  • A timestamp for each page you've visited

Read more on how the website uses your data.

Telegram vs. Signal

_
Cover
The blog post hasn't been corrected yet. Spelling errors, missing sources, and other stuff can occur.

I saw a post on Lemmy 2 days ago (Wednesday) regarding the security of Telegram. The linked article in that post tells the readers that Telegram does not store cloud data encrypted. I don't like when people (especially not professional companies like WIRED) lies to other people, so I will tell all my readers the truth in this post.

There are people who state that Telegram are worse than WhatsApp regarding security (at least Nadim Kobeissi in this article) only because the default communication method in Telegram are not end-to-end encrypted (which means that your data "never" leaves your device). In order to enable end-to-end encryption in Telegram, you have to start a secret chat with someone.

All data on Telegram are stored encrypted

But the thing is that the encryption for both cloud chats and secret chats are the same! The only difference is that the data stays on the servers in cloud chats (hence the name). All data from cloud chats are in fact encrypted (source 1, source 2) with Telegram's own home-brewed encryption method called MTProto. And because the source code of MTProto are not open sourced yet (for a (to me) valid reason too), privacy oriented people say that Signal are much safer because Signal uses end-to-end encryption only.

But apparently, Signal has added a feature that offers server-side groups that uses the same technique (the same function, not the same encryption) as cloud chats on Telegram. Signal stores the chat data encrypted on their servers (important fact: in the US) just like what a reddit user stated: "Signal 'has' that information, but it's just gibberish to them." Same shit, different service.

Signal are no good privacy-wise

Signal share your phone number with third-party providers, but they do not tell us with whom (a big no-no in my eyes, especially when it comes to the US). And if the person you talk to are offline, or you are in a group chat that stores the data in the cloud, it will be stored encrypted on a server that Amazon owns. And because Signal are 100% based in the US, that data will only be safe until someone has cracked Signal Protocol's encryption and if that happens... well, everyone knows that USA have big privacy flaws. Telegram logs everything when using cloud chats (plus data via secret chat when someone is offline), but all my data are stored in Europe.

Humongous difference!

When I tried Signal once a more few months ago and added a person from Fosstodon, I immediately reacted negatively when I was forced to add that person with his/hers phone number! You should not add people with their phone number! However, Signal are working on adding usernames, a feature Telegram have had since 2013 or 2014: the option to add your own username, like t.me/edgren (which by the way is my username on Telegram). If no username is specified, you add people with their phone number (this also includes Telegram).

Telegram log metadata about its users and despite they do not tell us where this metadata is located, we can only assume that your metadata are also stored in the same data centers as what your data are stored in. Signal only logs when a user created the account and when the user was last seen.

Signal are based in the USA, Telegram's not

Adding usernames to Signal doesn't change Signal's privacy to the better if they add support for usernames because of user data. All data will be stored in the US and shared to third-parties even if you will be able to add a username to your Signal account. Meanwhile, at Telegram, the chat service have servers all over the world where your data are stored encrypted in different jurisdictions based on where you live. I live in Sweden, so my data are located in the Netherlands, a country known for its strict privacy laws.

Final thoughts

  • If you don't want to share your phone number to any company, choose XMPP or Matrix or Jami.
  • If you are okay with sharing your phone number with a company, but...
    • ...wants to control how and when people can see your private information, choose Telegram.
    • ...are okay with a company founded in the US and runs in the US and uses servers from Big Brother companies like Google, choose Signal.
  • If you don't care about your privacy at all and thinks "I have nothing to hide" despite privacy doesn't apply to it at all, choose WhatsApp, Messenger, Skype, Discord, etc.
Have you for an example found a spelling error? Make a correction.

Comment the post

The comment was published over 2 weeks ago and can therefore not be edited (read more). But you can still delete the comment, if you have the password.

Your name
Your URL
Your comment (min. 10 chars, max. 1000 chars.)
You can use Markdown in your comment.
The password for this comment
Loading the comments - please wait

Webmention

You can share this post to any popular social network. When you get any sort of response, it will show here.

@ezrayun Yeah. I haven't digged as deep as when the encryption takes affect on Telegram and Signal, but I do know that they both encrypts in-transit. Signal are E2EE only while Telegram are server-client by default which I find very good (after all, all your data are stored heavily encrypted).

@edgren Hmm those are strong arguments. I don't know. How essential is the security to the overall effect on the network of people who use it? Maybe they're both ok. (This is confusing)