Signal will also lose all your messaging history and kick you out of all your group conversations if your phone breaks or you lose it. It also has no usable automated backup solution or sync.
It's also completely unable to work on multiple devices. Not really comparable in usability.
I don't think OP was recommending Signal / Tutanota as alternative apps to use, just showing that you can have your cake (E2E encryption) and eat it too (client-side search).
>Signal will also lose all your messaging history and kick you out of all your group conversations if your phone breaks or you lose it. It also has no usable automated backup solution or sync.
Depending on one's threat model, this could be considered a feature.
Oh, please. If Mossad really wants my messages, they're not going to give up at the "Oh no, he uses Signal!" step. They're going to go full knee-wrench if they have to. And considering they have a habit of forging my country's passports, don't pretend that me living in another country is a barrier to that. The same goes for my country's government. Our laws are chock-full of "throw him in jail until he gives up the password" allowances to law enforcement. And that's not even getting into the fact that Signal's owners, OWS, are located within the jurisdiction of the "we'll star-chamber NSL you on a moment's notice" US government.
But Signal is perfect to stay private against non-nation-state actors. If I want to make sure that my ISP, mobile carrier, etc. can't snoop on my messages, Signal is my phone messenger of choice. Until and unless Facebook is demonstrated to not be on the level regarding Whatsapp's implementation of the Signal protocol, then I'll keep Whatsapp on the list as well.
Telegram is not on that list. If my threat model consisted solely of "that guy with the manbun and macbook working on his novel in the coffeeshop", then maybe Telegram would be acceptable. Let me know when Telegram has default and mandatory end-to-end encryption, using a properly-implemented and proven-secure protocol like Signal's, on all clients both mobile and desktop. Until then I'll consider it to be about as secure as SMS - "hilariously not".
You don't seem to realize this, but your argument is essentially "I trust Signal more", a purely authoritative one. And I don't think there even exists a threat model where anything that Signal offers over competition is important, especially given their obsession with control.
I'm glad you picked up on that, because yes, I DO trust Signal more than Telegram. I trust Signal and distrust Telegram for many solid technical reasons. If you want to misinterpret that as "appeal to authority", then go nuts. But frankly, your own argument reeks of government-friendly "If you're not doing anything wrong, you have nothing to hide" nonsense.
So long as Telegram's developers refuse to implement mandatory-and-default end-to-end-encryption with a properly audited protocol and implementation in all clients, I will not use it. And I will discourage friends and family from using it.
> I trust Signal and distrust Telegram for many solid technical reasons.
Except there are no solid technical reasons, just trust and distrust, because security people really love to claim authority on how "solid" security things are. The last people on earth you should ask about security are those claiming authority on these issues.
It's not. I'm just not going to accept authoritative arguments on security, sorry. If you have actual technical reasons, please give them. If you don't, that's fine too.
>It's not. I'm just not going to accept authoritative arguments on security, sorry.
Wrong, you already do. You either don't realize it, or you're being disingenuous about it.
Did you write 100% of the code of the web browser you used to post your comments?
Did you write the OS that browser runs on?
Did you write the compiler used to build the OS, and did you provably avoid the sorts of issues brought up in "Reflections on Trusting Trust"?
Did you fabricate the chips your OS runs on?
Did you design the die mask for those chips?
Did you build the chip fab facility?
Did you design the locks on the front doors of the chip fab facility?
Did you stay awake 24/7 inside the chip fab facility to make sure no-one broke in to conduct an evil maid attack on the process?
Unless your answer to all of the above is an honest "yes", at some point in the chain of tech, you accepted an outside authority. So kindly knock it off with the "you're automatically wrong because that's appeal to authority!" nonsense.
Also, it will snark on you to all contacts whenever you move to a new device. And plead with you to let it handle your ordinary sms texting, then hold your text messages hostage, not exportable back to any other app.
Idle curiosity: The above is a report of fact as observed by me. It's not really up for discussion - this is what happened. Could someone for our edification explain a bit about the reasoning behing their downvotes? Other than my having sinned in the church of moxie and his true disciple tptacek.
It's also completely unable to work on multiple devices. Not really comparable in usability.