Many people who focus on information security, including myself, have
long considered
Telegram suspicious and untrustworthy.
Now, based on findings
published by the investigative journalism outlet ISt
Telegram literally stores all your messages, metadata, etc. in plain text on their servers. This means that it provides considerably worse security than even proprietary messengers, such as WhatsApp and Facebook Messenger. Telegram has an option for encrypted chats, but it’s not available for groups, lacks support for voice and video calls, and Telegram deliberately goes out of their way to make the experience of using encrypted chats as painful as possible.
You’re even better off using WhatsApp, but if you actually want a good messenger, switch to Signal. It’s free and open source (both the clients and the backend server), developed by a nonprofit organization, and it’s basically the gold standard for encrypted communications.
You’re better off using WhatsApp compared to Telegram, but that’s a very low bar, and it absolutely doesn’t mean that anyone should use WhatsApp.
Signal, Threema, Wire and SimpleX are far better options. I prefer Signal, because it’s very easy to use, the UI/UX is basically the exact same as on WhatsApp. It’s also free, unlike Threema, and uses either phone numbers or user names as identifiers, unlike SimpleX, which requires you to share a QR code.
Signal is also the most popular of these messengers, so there’s a larger chance that someone is already using it.
As for F-Droid: It’s not a good way of distributing such privacy/security-relevant apps like Signal. F-Droid doesn’t have certificate checks built in, thus the APK could easily be modified without the user ever noticing. Again, I don’t like Google, but you’re better off downloading Signal from the Play Store.
The best option is to use Obtainium and automatically fetch the latest version of the Signal APK directly from their website https://signal.org/android/apk/
That way, you’re at least getting the app from an official source, built and signed by the Signal developers, not a random third party.
You can use AppVerifier to verify the integrity of the downloaded app aginast the certificate fingerprint on the website.
No, but an app like Signal claiming to care about privacy should at least make an effort to be on the largest open source appstore. The fact they don’t, despite very loud complaints from the community, makes me question their commitment to privacy and security.
Again, I just explained to you that the “largest open source app store” is an insecure mess and isn’t suited for apps like Signal. You don’t need to use Google Play, you can find the APK on GitHub, or the Signal website, together with the certificate fingerprint.
makes me question their commitment to privacy and security.
That doesn’t make sense. F-Droid neither secure nor trustworthy. Signal not being on F-Droid is a good security choice. I recommend reading through this thread.
Telegram literally stores all your messages, metadata, etc. in plain text on their servers. This means that it provides considerably worse security than even proprietary messengers, such as WhatsApp and Facebook Messenger. Telegram has an option for encrypted chats, but it’s not available for groups, lacks support for voice and video calls, and Telegram deliberately goes out of their way to make the experience of using encrypted chats as painful as possible.
You’re even better off using WhatsApp, but if you actually want a good messenger, switch to Signal. It’s free and open source (both the clients and the backend server), developed by a nonprofit organization, and it’s basically the gold standard for encrypted communications.
nothing you say will make me use a closed source app like whatsapp.
Literally no one here is advocating for the use of WhatsApp. Stop making up straw man arguments.
Just above you said “You’re even better off using WhatsApp”.
I will use Signal if Signal devs get over their hate of F-Droid.
You’re better off using WhatsApp compared to Telegram, but that’s a very low bar, and it absolutely doesn’t mean that anyone should use WhatsApp. Signal, Threema, Wire and SimpleX are far better options. I prefer Signal, because it’s very easy to use, the UI/UX is basically the exact same as on WhatsApp. It’s also free, unlike Threema, and uses either phone numbers or user names as identifiers, unlike SimpleX, which requires you to share a QR code. Signal is also the most popular of these messengers, so there’s a larger chance that someone is already using it.
As for F-Droid: It’s not a good way of distributing such privacy/security-relevant apps like Signal. F-Droid doesn’t have certificate checks built in, thus the APK could easily be modified without the user ever noticing. Again, I don’t like Google, but you’re better off downloading Signal from the Play Store. The best option is to use Obtainium and automatically fetch the latest version of the Signal APK directly from their website https://signal.org/android/apk/ That way, you’re at least getting the app from an official source, built and signed by the Signal developers, not a random third party.
You can use AppVerifier to verify the integrity of the downloaded app aginast the certificate fingerprint on the website.
I don’t trust an app that tells me to download from Google Play. Sorry, not going to happen. Signal has too many red flags.
So almost any Android app in existence?
No, but an app like Signal claiming to care about privacy should at least make an effort to be on the largest open source appstore. The fact they don’t, despite very loud complaints from the community, makes me question their commitment to privacy and security.
Again, I just explained to you that the “largest open source app store” is an insecure mess and isn’t suited for apps like Signal. You don’t need to use Google Play, you can find the APK on GitHub, or the Signal website, together with the certificate fingerprint.
That doesn’t make sense. F-Droid neither secure nor trustworthy. Signal not being on F-Droid is a good security choice. I recommend reading through this thread.