People in the US prefer Signal over Telegram because Signal was created by people who took security seriously, and Telegram wasn't.

People outside the US prefer telegram because they assume that Signal is probably compromised, or at least highly vulnerable to compromise, by US intelligence - they trust Pavel Durov's history of expropriation and arrest more than they trust some nerds who claim that our product is secure.

As someone that uses Telegram almost every day, the sad true is that most messages are not private. Most people simply don't use "secure chats". Not only it's not the default, but encrypted chats also don't work across devices.

So it shouldn't be a surprise that Signal users speak against Telegram. It's simply not private for most people. It's like recommending using Facebook Messenger (pre-E2EE)... privacy minded people won't do that. Signal itself is criticised by other more privacy minded users because it requires a phone number.

Signal doesn't have the best call quality (voice/video) especially on slow connections, sending media can be a pain in the rear, their desktop client is way too simple, they move slowly, etc. Telegram beats them in almost everything, but not privacy...

Between having to trust Durov forever with our texts and system that uses e2ee by default and may or may not (no proof) have some flaw, I think most people that want privacy will use the option that uses e2ee for everything.

I like how you sandwiched "the encryption story is bad" between two irrelevant social claims.

D) They don't enable E2EE for groups at all

E) (I believe) don't enable E2EE with more than one device

F) They added a third-party verification so that Russian authorities can add an "A+" mark to channels who are complying with the new law and are registered (social network channels/blogs with more than 10K subscribers must be registered with the government now and have the owner identified).

D) True aside from group calls afaik

E) Neither does Whatsapp/Signal; they rely on a backdoor interface to your phone to send messages.

Signal desktop can send & receive messages while your phone is off, so that doesn't seem correct.

Oh, hey, TIL: https://news.ycombinator.com/item?id=15596980

Wonder how that works then? Weird.

Signal very definitely does multiparty end-to-end secure messaging.

Weird, every time I mention Signal on HN tptacek responds.

But I'm having trouble discerning what you mean.

Either you're saying group chats are encrypted E2EE - which, I never claimed.

Or, you're mentioning that you can have multiple phones/devices on the same account, which doesn't work the last time I checked.

You replied to a claim that Telegram doesn't do E2EE for groups saying 'Neither does Whatsapp/Signal'.

That's wrong as `tptacek noted. If you meant something else, that wasn't clear.

> E) (I believe) don't enable E2EE with more than one device

my response was:

> E) Neither does Signal/Whatsapp.

The thread of the "E" topic is relevant here, i'm not claiming that Signal/Whatsapp support (or do not support) encryption for group chats.

Sorry that it wasn't clear, I thought referring to them directly by letter would make it easier to differentiate.

It does work. How do you think Signal desktop works?

I thought it worked the same as Whatsapp, whereby there's a sort of backdoor connection to the app running on your phone to send messages.

However, after doing a smidge more research it seems like somehow Signal is sharing it's key with the desktop app and only syncing history of messages directly: https://news.ycombinator.com/item?id=15596980

I'm not 100% sure how it works as the server is fake-open-source and not actual open-source.

Whatsapp doesn't need a connection to your phone anymore either. It used to be the case until a few years ago though.

E) Yet it works fine on Matrix.

I've tried to use Matrix a few times and eventually end up leaving. The idea is good, but it's just missing so many nice features that it kinda isn't worth the pain. Features that Telegram just keeps dropping like candy.

Your complains are quite vague. It seems to be working fine for me.

Just got inspired to try it again after not touching it for at least a year. I login with Element and am hit with a notification to verify my session with another device to access my encrypted history. I have no other sessions. Does this mean I've irrevocably lost access to said data? This is unacceptable if I'm to use this service regularly; I'd rather have encryption off by default so I opt into the potential loss of data, instead of having to remember to opt out. The only really nice thing so far compared to Telegram is my account still exists with the chats I'd joined, while Telegram allows a year maximum inactivity before it totally deletes an account.

Too much candy is unhealthy.

Yeah that's why I don't have too much of it. But it's nice to know it's there so I can choose to indulge.

F) They don't allow E2EE on GNU/Linux, including phones and desktop.

I mean Durov is going down the deep end in the last few weeks. Messaging all Telegram user with an Emergency feature with a doomer manifest.

https://t.me/durov/452

This really bugged me. I led adoption of Telegram as our family-internal standard chat tool several years ago because I was more anti-Zuck than I was concerned about backdoors or overt politicization of Telegram. Since the Ukraine war began, there has been literally no positive news about Telegram and Durov has become increasingly political (especially since his arrest in France) in his all-users blasts.

With the amount of known use of Telegram by unsavory actors, combined with Durov's own leveraging of his platform for activism, I've been using Whatsapp more and more lately, and don't feel bad about that.

I respect Signal, but it's missing too many product features and it doesn't have the reach Whatsapp does, so it's not compelling as a switching option at this point, even for family use.

I was pretty ticked off about this. I don't disagree with the message content itself, but having political content pushed to me is a big no-no. If this kind of thing keeps up I'll be dropping my premium sub.

> with a doomer manifest

Can you point at anything in his message that's not factually correct?

One factual thing that looks off is "the UK is imprisoning thousands for their tweets". I'm not in the UK and not following closely the situation there, but "thousands", really? Genuine doubt, would love to see some evidence.

Otherwise, the "doomer manifest" is OK, but the comically inflated ego of Durov is annoying, him thinking that such banal and commonplace sentiments are worth pushing as an alert message to all users, wrapping everything into announcing his birthday (that he doesn't want to celebrate, oh no).

>Can you point at anything in his message that's not factually correct?

He also got involved in Romanian and Moldovan elections, by sending a message to target users in the day of the elections( when doing campaign is illegal) with claims he presented no evidence for, basically the bastard works for Ruzzia, he might be forced to but the facts do not lie.

It's not about the content IMO; it's about the principle. Should not be sending content to users, unless they opted into said content being sent to them.

There is a grossly sexist omission in "built by our fathers"

Seems pretty cognizant of the modd of entire HN front page past few weeks honestly

I don't care I didn't subscribe to anything from him. I'd rather take a Coldplay album than political opinions.

D) They moved to the enshittification phase and started displaying ads