this post was submitted on 20 Dec 2024
271 points (97.2% liked)

Technology

60085 readers
3114 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
top 47 comments
sorted by: hot top controversial new old
[–] [email protected] 68 points 5 days ago* (last edited 5 days ago) (8 children)

Nothing new here. E2E is only available in one on one chats and is disabled by default. Dont use Telegram if privacy is your main concern.

At least it has an open-source client. Very few messaging platforms can say that, and fewer have a decent UX.

It's not perfect, but it's got a good combination of features and multi-platform availability. None of the other messaging apps support all of my devices except Matrix, and ~~Matrix doesn't have stickers~~

Edit: Signal doesn't support all my devices but maybe someday! The network effect is also big. None of my family and friends are on Signal, but most have Telegram. A few have Matrix.

Also Signal is a US-based company.

Edit 2: Matrix does have stickers, i guess I'm switching

[–] [email protected] 69 points 5 days ago (4 children)
[–] [email protected] 33 points 5 days ago

Yeah, the glaring problem of having to share your phone number is gone too:
https://support.signal.org/hc/en-us/articles/6712070553754-Phone-Number-Privacy-and-Usernames

[–] [email protected] 6 points 5 days ago (1 children)

They still don’t have backups on iOS which is a deal-breaker for me.

[–] [email protected] -1 points 4 days ago (1 children)

Why would you use iOS if you care about privacy?

[–] [email protected] 1 points 3 days ago (1 children)

Why would you use iOS if you care about privacy?

Because it’s far better for privacy than any Google-Play-Services-ridden version of Android, and sometimes in life you don’t want to have to deal with custom ROMs anymore.

But also that’s an exceptionally dumb question, because the implication is that privacy can’t matter to people who don’t go to the same precise lengths someone else does.

[–] [email protected] 1 points 2 days ago (1 children)

Honestly, my problems with Apple go beyond just the privacy issues.

[–] [email protected] 1 points 2 days ago

Fair enough, Apple has some pretty fucking terrible anti-consumer behavior. Privacy is just one of the few things they do well.

[–] [email protected] 3 points 5 days ago (1 children)

I couldnt find a working Ubuntu touch app last i tried to use it

[–] [email protected] 2 points 4 days ago (1 children)

Ubuntu touch is dead. Are there at least native browsers for it?

[–] [email protected] 2 points 4 days ago (1 children)

Is it? I still get regular updates. Yes there are a few, i use Morph

https://www.ubuntu-touch.io/

[–] [email protected] 2 points 3 days ago

For some reason, I thought Ubuntu touch was EOL. Probably because I tried it on a Redmi 5 and it was an unofficial 2018 build. Is the Morph browser still supported? I checked the Github page and the last changes were 3 years ago.

[–] [email protected] -2 points 5 days ago (3 children)

After Signal's lie about dropping SMS support because of "engineering costs", I really can't believe anything else they say.

Plus the app experience sucks, it's no better than SMS.

[–] [email protected] 4 points 4 days ago

Are you talking about the signal from five years ago or something?

[–] [email protected] 5 points 4 days ago

Wasn't another explanation people mistakenly sending SMS and getting fucked when they meant to send a Signal message?

[–] [email protected] 6 points 5 days ago

it’s no better than SMS

That's not true, but even so, the whole point is to be an alternative to SMS. It provides that experience, so I'm happy.

[–] [email protected] 33 points 5 days ago (2 children)

A platform that values my privacy? Or stickers? Tough choice, I guess, except Signal has both.

[–] [email protected] 7 points 5 days ago

Doesn't have unlimited storage though. It's really nice being able to jump to any of the 15,000+ images shared with a single person dating back to like 2015 within a couple seconds. I know that's a privacy concern but nothing comes close to telegram's searchability and the unlimited storage.

[–] [email protected] 4 points 5 days ago* (last edited 4 days ago) (1 children)

It's a messaging app, it's useless if there is nobody to message. I dont have any friends using signal yet.

Also it doesnt work on my phone (Ubuntu touch). There used to be a community app but it's not currently working.

I sincerely wish them success, but it's hard to have faith that a US-based company will actually protect your privacy. Not that Telegram does either. I dont know what information they do even collect.

[–] [email protected] 7 points 5 days ago* (last edited 5 days ago) (2 children)

It's hard to have faith that a US-based company will actually protect your privacy.

You don't have to, though? 1) The E2EE Signal protocol is well-audited to be robust. 2) The app itself is FOSS, and there are a lot of eyes on it. 3) The server code is FOSS. Even if they're lying about what code they use, it doesn't matter because it's E2EE. 4) If you think Signal might be bait-and-switching by building from different source code, you'd be provably wrong. They have reproducible builds, so were they to actually try this, it would be like sending up a flare to the entire security community. 5) Literally every single time OWS has been subpoenaed, the only information they've been able to provide is extremely basic metadata like server connection times.

You have no idea what you're talking about, I'm sorry. There's functionally less "trust" here than any messaging application on the planet. The network effect remark is at least valid and can be debated (although I personally have zero friends who use Telegram and at least several who use Signal). This one is just so, so wrong that it's not even up for debate.

[–] [email protected] 1 points 2 days ago
  1. Not just that, but also it's small in description. If you read their papers, they are very easy to understand. I suppose that's intentional, clarity and simplicity are among the main criteria of anything intended for security.

  2. "A lot of eyes" is overvalued. There are a lot of eyes on every nation-state in history too, you tell me how that works.

  3. It doesn't matter because of protocol design. They've solved very complex problems and have not stopped doing that. E2EE is the wrong buzzword, zero-knowledge is the right one. No, I'm not remotely qualified enough to explain what that is.

  4. Still supply chain attack on clients is the most probable, but not much they can do with it. It's similar to fearing trojans on user devices. Yes, 3-letter agencies and such most likely will do that, not bother with pressuring Signal developers. And no, there's not much you can do to defend against a targeted attack, if it's targeted, then you've already bothered people you shouldn't have.

  5. Well, it's not as if one could avoid that. It all lies in the area of smart contracts and distributed computing then, and see point 1, right now Signal's protocol can be in general strokes understood by someone like me. If they make something like that, it won't be. Everything is a compromise.

There’s functionally less “trust” here than any messaging application on the planet.

I think Wire and maybe Session use slightly modified Signal protocol. But Signal itself is the thing, made by people with clear vision of the whole architecture, model, which is not limited to protocols, but also to sociology, human psychology, politics. And they've explained literally every architectural decision of theirs in articles.

[–] [email protected] 1 points 5 days ago* (last edited 5 days ago) (1 children)

Thanks for the elaboration. I'm not familiar with how Signal works.

[–] [email protected] 2 points 4 days ago

Educating yourself on topic is a good idea BEFORE you plan on arguing about it online.

[–] [email protected] 17 points 5 days ago* (last edited 5 days ago)

Matrix does have stickers

[–] [email protected] 0 points 2 days ago

E2E is only available in one on one chats and is disabled by default.

Considering that there's no technical problem with enabling it for all one-on-one chats, this tells a lot.

Also no E2EE on desktops.

I hate TG's UX. It's atrocious. WhatsApp is the closest to something normal, but imperfect too.

At least it has an open-source client.

Chromium is an open-source browser.

OK, more specifically - what matters is that TG's protocol is a big ugly target moving fast. So its official client with released sources is in practice the only one. There are things like libpurple plugin and some python TUI client and an emacs one, but they are all lagging behind. And I think they are all using official tdlib.

This tells something too, that their talk about possibility of alternative clients is of the same kind as their talk about privacy.

About the network effect - bring your family and friends to Signal one by one. Of course it won't happen overnight.

[–] shortwavesurfer 4 points 5 days ago (1 children)

I am enjoying SimpleX chat

[–] [email protected] 1 points 4 days ago (1 children)

I tried it, and it looks decent, but there wasn't a single person I know around.

[–] shortwavesurfer 1 points 4 days ago

I'm not surprised due to my involvement in the Monero community, at least some people I know from previous online chat rooms are there, but I don't know anybody directly in person like from my day-to-day life that uses it.

[–] [email protected] 4 points 5 days ago (1 children)

Can you elaborate on your last sentence? Is the US more or less trustworthy than alternatives?

[–] [email protected] 17 points 5 days ago (1 children)

Less than some. The US gov has a history of forcing US-based corporations to disclose private data regardless of their policies or the law.

I can't give you a good alternative though. I'm sure the same thing happens in many countries

[–] [email protected] 2 points 5 days ago (2 children)

A good alternative is a federated, selfhosted solution hosted in a jurisdiction unfriendly to yours.

[–] [email protected] 4 points 5 days ago

in a jurisdiction unfriendly to yours

Doesn't need to be unfriendly, just needs to not kow-tow to your jurisdiction.

[–] [email protected] 2 points 4 days ago (1 children)

If you want to self-host chat, Conduit (implementation of a Matrix server) is really nice. Much better than the official Matrix implementation (Synapse).

[–] [email protected] 2 points 4 days ago

Yes!! I hosted it, indeed much lighter on resources! Broke encrypted rooms a few times, but overall was fine. However, it lacks deletion of old media and messages, so I broke it while trying to delete big media one by one (it broke displaying of ALL media). And when I reinstalled, a reinstall just didn't launch. So... While it is 100% on me, feels like it's still not the optimal solution if you're constrained on disk space.

[–] [email protected] 2 points 4 days ago

Problem I have with matrix is that, afaik, does not currently support temporal or self destructing messages. Which is a big no-no for privacy conscious usage.

[–] [email protected] 2 points 5 days ago

Stickers are pointless if I have no one to send them to. So I stay in telegram.

[–] [email protected] 22 points 5 days ago (1 children)

Signal didn't work for some back in 2021/2020 and wasn't supported on old devices, now I'm stuck with Telegram.

At least I'm not part of FB's social graph and have some friends that now use something other than WhatsApp

[–] [email protected] 5 points 5 days ago (2 children)

Who didn't it work for? I switched to Signal in about 2016 or so, and haven't had a problem with it. Admittedly I'm a software developer, and typically use high-end devices, so my knowledge is severely lacking.

[–] [email protected] 4 points 5 days ago

I used it on lower-end devices around that time, but not bottom-of-the-barrel (Motorola smartphones). I had a Moto x4 then Moto G Power, and Signal worked fine on them. When Signal stopped working for SMS, I stopped using it, but I think I got my SO on board, so I'm back to using it for messaging.

[–] [email protected] 1 points 4 days ago

There was a surge of signups when WhatsApp changed its ToS to allow businesses to record/save conversations. Signal had issues with signing up. At that time it also didn't support LG G4 phones anymore.

[–] [email protected] 1 points 4 days ago

Enshitification in action. During 2024, Telegram declared war on rooted Android alongside WhatsApp and Viber. This means you can't log in to your account if you have root access or if you don't have Google services.

[–] [email protected] 0 points 4 days ago (1 children)

I wish people at least pretended to care about Catalan language and culture when they bought a .cat domain.

[–] [email protected] 2 points 4 days ago* (last edited 4 days ago) (1 children)

~~.cat is owned by an American company named Doughnuts. I like how Catalonia is using it but it's not a two letter country TLD~~

[–] [email protected] 9 points 4 days ago (1 children)

It was sponsored by a foundation for this very specific purpose, and when you get a domain you agree to use it for content in Catalan or about Catalan culture and language but a lot of people just don't comply. It's not a 2-letter TLD because Spain won't let Catalonia have a country code.

https://en.m.wikipedia.org/wiki/.cat

[–] [email protected] 8 points 4 days ago (1 children)

Well I'm fucking wrong. Sorry.

[–] [email protected] 1 points 4 days ago (1 children)

No worries, I was a bit whaaaaat with the doughnuts thing because I had never heard about that.

[–] [email protected] 2 points 4 days ago* (last edited 4 days ago)

~~They control (apparently hundreds of other domains like .business or .cookie or .fruit and and words like that. (Not necessarily real examples)~~

That is also false what the fuck was I smoking?

https://en.m.wikipedia.org/wiki/Donuts_(company)