How about not storing any information at all? Nothing to give, problem solved. Just like Signal.

I seriously don’t understand why people use Telegram instead of Signal. Any reason! The app doesn’t solve any privacy problem, default chats are unencrypted, keeps personal info. App should be dead already or turned into a dating app because it’s clearly not seriously privacy fucused.

Any reason? I’ll give you some serious ones.

Signal sucks really bad on user experience and features. If you try both for a week or two and learn about the features, you’d be able to conclude the same.

Signal does not care about users and prevents backups on iOS. Lose your device or delete the app due to some issues and reinstall? All your chats are gone!

Signal still has message delivery issues (like long delays)…it’s 2022!!!

Signal keeps pestering me to allow notifications and to allow contacts access. I can only choose “Not Now”, since there is no option that says “No”. When I choose “Not Now”, it will say “we’ll remind you later” and pester me again. I don’t understand why anyone would assume that this app cares about privacy or about users’ time.

Hm, for me Signal does all I need: Chat, voice chat, video chat, group chat, sending text, pictures, videos, whatever. All of that of course encrypted and not financed by a Russian millionaire/billionaire.

> Signal still has message delivery issues (like long delays)…it’s 2022!!!

Haven't noticed those. How sure are you, that your contacts are actually looking at Signal messages (two filled cirles checkmarks) or have network to receive the messages (two unfilled circles checkmarks)?

> Signal keeps pestering me to allow notifications and to allow contacts access. I can only choose “Not Now”, since there is no option that says “No”. When I choose “Not Now”, it will say “we’ll remind you later” and pester me again. I don’t understand why anyone would assume that this app cares about privacy or about users’ time.

OK, that's really annoying then. I usually use Signal on my computer, from which it works very nicely and never asks me any of those things.

When you’re knee deep in conversation with someone you’re probably not going to say, “oh hey we should switch to email so we can keep a record of this”. It might not even occur to you that the conversation could ever be of value.

There’s been several occasions when my life has been made much more easy for having been able to dig up some old message in iMessage, Telegram, etc from as far back as multiple years ago sometimes because the way things played out the pertinent info didn’t exist anywhere else simply because nobody involved could’ve ever guessed it had any importance.

Why do you think that? Did you lose any messages? 'cause I can scroll back months and still see all my messages there. Never noticed any loss.

> Signal does not care about users and prevents backups on iOS. Lose your device or delete the app due to some issues and reinstall? All your chats are gone!

Switching out devices is something that happens often enough for many users that transferring history should not be an ordeal. Even the most careful users will occasionally break their phones, and sometimes people need to switch platforms for whatever reason.

WhatsApp suffers from this issue too, at least when trying to migrate histories between platforms.

i think deltachat is possibly the only one that can transfer encrypted messages because you can copy the encryption keys and the messages are just mails, easy to copy (and usually stored on your mail server too)

i don't know how matrix handles this, but from the way verification works there, i am not confident.

https://support.signal.org/hc/en-us/articles/360007059752-Ba...

I think it has something to do that Signal won't trust iCloud as Backup target.

My chats being gone from new devices is one reason I use Signal over others.

> Signal still has message delivery issues (like long delays)…it’s 2022!!!

I've sent tens or hundreds of thousands of messages over the course of years and the only time i've had delays is when I had spotty service.

Signal cares about privacy (unlike Telegram) and the evidence is right there in their respective source repositories.

> The app doesn’t solve any privacy problem, default chats are unencrypted, keeps personal info.

I am using it for public chats.

--------------------

EDIT: this is inacurate, see replies

For example I get repeated "insert PIN password here to remember it".

I have a password manager. There is no way to get rid of it, even via deeply hidden settings. For example, what about disabling it for password with length over 40? Or something?

At least on iOS: Settings > Account > [ ] PIN Reminders. I would be very surprised if there isn't a similar way of disabling those reminders on Android.

telegram is the only chat app that offers Free Software clients, does not force me to share my phonenumber, is easy enough to use even for old people.

matrix is ok. but element is still buggy and the ux is complex and takes some learning.

another alternative is deltachat. it uses smtp as transport and works with an email account. the UX is also easy enough to use. easier than matrix/element.

I keep an eye on deltachat, hoping, that it might become a viable alternative to phone number associated chat solutions. Not sure how mature deltachat is already.

deltachat is pretty mature for the features that it has. one nice one is that the autocrypt feature works with some regular email clients, so you can exchange encrypted deltachat messages with people who don't have a deltachat client.

it handles groups, image sharing, and integrates videochat with a configurable url (so you can use any video chat that can be opened through a webbrowser)

For a lot of people, Telegram does a good job of being "less evil than Facebook Messenger", and private in ways that matter to them. I'm more worried about some nutcase from a video game meetup group getting hold of my phone number than I am law enforcement finding out I was in that video game group in the first place.

I have a Matrix server and an XMPP server for 'truly private' communication anyway.

https://yro.slashdot.org/story/22/08/31/2210240/court-orders...

the only thing annoying is that anyone can just talk to me, whereas eg. in wechat people have to make a contact request before they can talk to me directly. but i have the impression that wechat is the unusual one here, which a feature that i'd like to see adapted by other messengers too.

i also miss wechat's feature of being able to choose a custom name for myself in each group. but again, i don't know if any other messenger offers that.

That wouldn't work for groups. Abusers could then destroy the groups with impunity for the purpose of censorship. Telegram is mostly about groups. Telegram is often used for activism.

Signal claims to not store data about who is talking to who. That doesn't mean that they don't. If they were, say, a secret subsidiary of the CIA they would act exactly as they are acting now. In general you can't trust the providers of these sorts of things. See Crypto AG...

  * Time of account creation 
  * Date of the account’s last connection to Signal servers. 

[1] https://signal.org/bigbrother/cd-california-grand-jury/

You don't like that? Stop busting their balls and produce an alternative operating system and application update framework which is not vulnerable.

Signal doesn't claim cryptographic security against that metadata collection, but then there isn't currently any working system that can make such a claim, so why bust their balls over it?

Signal is a great alternative to WhatsApp. Not so much for Telegram.

I unfortunately have convinced some of my relatives to use Signal without me looking into it beforehand.

Now because of Signal’s moronic design I dread the day when something happens and I decide I want to save all our chats for posterity / memories, but wouldn’t be able to. There is simply no “export” button. There is some way to do it on Android but on iOS we are SOL.

> Migration Assistant and Time Machine for macOS are not supported.

"Change our data structure" sounds like they might just host the servers outside the country and use a "Telegram Deutschland Inc" company that doesn't have access to any user data to run the service.

If you want to make a protected application, don't tie it to any real world data. That is very easy.

Hilarious that you call it bullshit whilst spouting your own. https://signal.org/bigbrother/

Unless of course you have some documentation to back up what you're saying.

The last time I checked (a few years back) I only saw private groups and no way to hide phone numbers.

If that is still the case then there are less reason to have a warrant for you phone number as it is easier to access.

Yeah, give S̶i̶g̶n̶a̶l̶ Twilio your phone number instead. Problem solved.

> I seriously don’t understand why people use Telegram instead of Signal. Any reason! The app doesn’t solve any privacy problem, default chats are unencrypted, keeps personal info. App should be dead already or turned into a dating app because it’s clearly not seriously privacy fucused.

They don't care and Signal offers less that what Telegram has despite Telegram being less secure. Signal is bad at selling itself.

Maybe Signal needs to offer a better user experience, backup chats across all devices and offer more useful features; not less than their competitors rather than pushing a private cryptocurrency scam project useful for criminals, scammers and money launderers.

Telegram has a great bot feature, that you can use to do a bunch of stuff (from smart house notifications, to "uptime robot" tracking of services up/down states, build results, temperature alarms, server monitoring, etc. One curl oneliner, and you get a message on your phone with whatever data needed (even with an image/graph or a file attachment).

Also some kind of shared access policy.

Could even be a pro feature.

https://github.com/signalapp/Signal-iOS/issues/5294

Signal will send you a notification when updates are available, and self-update.

Moxie was against all these things because it would make new features more difficult to implement. But personally I care much more for an open infrastructure. Most of their new features weren't even useful.

I'm currently using a matrix bridge and I didn't get banned (officially that's a third party client too) so that's a good sign.

BTW reddit and Hackernews are E2EE, it's just that one E is public.

E2E means no intermediaries see the plaintext, only the original sender and ultimate recipient see the plaintext. HN is not the recipient of your message, it's an intermediary.

I think the better point to make is that we all collectively agree to refrain from using the term "end" (as in E2EE) in situations like the former, as it's misleading despite being accurate; please only use it for the latter.

Messenger like the telegram are something different than sites like HN.

I am aware that I send my messages to HN, they are not forwarded to you but you open the HN page to read my response. HN is more like a message board with message hierarchy. The communication is public, the transmission path is encrypted.

It's more like whispering in your friends ear and she/he writes in down and pins it to a public board. My communication was private, but he/she is a chatterbox and I'm well aware of that.

This doesn't change the fact that the transport as such is E2E.

Things like PGP help to maximize the endianness, since the human has a better sense that the crypto software is legitimate, and can read the code before executing it, although there's still plenty of points of compromise between that code and the human (compiler, Intel ME, etc.) so unless you're doing crypto with a pencil and paper, you're always putting your trust somewhere that isn't precisely the "end."

https://arstechnica.com/tech-policy/2021/08/zoom-to-pay-85m-...

>End-to-end encryption (E2EE) is a system of communication where *only the communicating users can read the messages*. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious actors, *and even the provider of the communication service* – from being able to access the cryptographic keys needed to decrypt the conversation.[1]

If the server can read the content, it isn't end-to-end encryption.

[1]: https://en.wikipedia.org/wiki/End-to-end_encryption

Even though I intend for you to read this message, I am sending it to the HN server to post publicly. My communication with HN is E2EE, my communication with you is not. This isn't meant to be useful information, and it certainly isn't advice. It's just an accurate nonstandard way of looking at things.

The people signing up for telegram in droves aren't looking for a replacement for signal or wickr or whatever "secure" messaging platform.

They're joining their friends' group chats and subscribing to their friends' channels. It's a replacement for twitter/facebook more than anything else.

just so you know, Signal does permanently store sensitive user data in the cloud. They collect your name, photo, phone number, and a list of every person you contact using Signal. That data is stored in your profile on their servers.

Signal really used to not store anything, but that hasn't been the case for a long time now and if this is the first you're hearing about that, it should tell you all you need to know about how trustworthy Signal is.

Acc to telegram:

> Telegram may disclose IP addresses and phone numbers

How do you propose this data is masked? You need a phone number to use Telegram (and Signal), and you need an internet connection, thus exposing your IP address.

I’m not sure why you think Signal does not have this information.

https://signal.org/bigbrother/cd-california-grand-jury/

> variety of information we don’t have, including the target’s name, address, correspondence, contacts, groups, calls.

This means no history sync, no seamless device switching, no contact discovery, no search. That's not what people want.

Matrix is decentralised open-source solution. I don't understand why people don't use it more instead of Signal or Telegram. Or Session, but it is not very user friendly.

Horrible UX compared to WhatsApp, no sync of messages between devices, walled garden like WhatsApp, you can't have your own custom client

only thing: not Facebook & open source

You can have all of that with a Matrix client (except good UX, that's unique to Telegram)

> Horrible UX

It got way better in the past few years. When I did the initial push with my friends, we failed. Mainly because the basic functionality was buggy at times, such as messages that would simply not be received. But now it's running real smooth imo. Sure, there are a few things I would like to see. Polls is a big one. Maybe a smooth gif creation like WhatsApp -- but those are fairly minor. My experience is that it gets pretty much the job done and that's all I want from it. What exactly is so horrible about it in your experience?

> only thing: not Facebook & open source

Those two are pretty big positives, at least for me. That's pretty much exactly what I'm looking for.

> You can have all of that with a Matrix client

Well ... unfortunately that's a bit much for your average Joe, simple as.

> not Facebook

Bingo!

Very easy to integrate custom notifications with bots. Signal is more like "maybe it works with this 3rd party tool". Also being able to use custom buttons with bots.

First it is just the IP and phone number. Then, it will be extended to contacts. Because, why not, that can be useful also for "terrorist investigations". Then it will be chat history,because it makes sense, the police has a warrant... And telegram is technically able to...

Also, clever poll tactic to put the option 1 as looking 'moderate' in front of other extreme options.

Also, for the fighting "terrorism" argument, just remember that we are all terrorists for Russia, and that even in Europe (Germany, France, ...), A lot of high ranking gov and police officials were found guilty of corruption or abusing the system for their own interests!

Anyway, “slippery slope” is an extrapolation and not an argument, cannot be used as such. You can naively extrapolate everything, e.g. I was too lazy to take out the trash today … and then I’ll try heroin. I couldn’t get a raise and switched jobs … and then I will be trafficking humans. I disagreed with my spouse … the divorce is imminent. I asked customers what they think of a complex issue … I will sell their laundry to everyone. This is all nonsense.

What are these other ways to investigate suspects you're thinking that are preferable to building out networks from Telegram metadata? Bugging houses? Threatening family members to rat people out? Deep cover covert agents? Are any of those less subject to abuse?

Do we only then use digital services to spy on those not savvy enough or careful enough to be private? What if everyone achieves Signal level privacy, or better? We end up having to answer the same question as before: what other methods are possible.

They get banned of it eventually, exactly the reason why this thread exists (telegram evaluates an idea of staying in Germany by relaxing some privacy rules, remember? It’s not their decision, but Germany’s). When reality changes, so do rules, they are not set in “capstone”. A couple of demolished buildings and the general public starts asking: why do we have so much of <whatever comes to mind> when it’s clearly dangerous.

Yes literally all the time in the United States.

The horseman of the privacy apocalypse is roughly - Terrorism, Drugs, and CP.

We live in a society, I don’t see how giving out basic information to law enforcement with a court order is somehow a fault of the company - first of all, your mobile service provider knows orders of magnitude more info on you (and quite likely sells it as well), second of all, your employer will do the same without a second thought as well as your bank, etc.

Then, just share a few of them, not a big step but it starts the machine of making it easy to share more and more little by little.

First IP, then IP and phone nb, then IP, phone nb, and connection log, then IP, phone, connection log, and geodata; then IP, phone nb, connection log, location data; then IP, phone nb, connection log, location data, contacts; Then IP, phone nb, connection lots, location data, contacts, chats ...

If you look at the "because terrorism" reason, it can apply at any of these data.

No one will say: we think they are terrorist, share their IP but not their location or their chat.

That is I imagine requests would be in the shape of "here is a username give us IP and phone number".

It is also relevant to know whether German courts can order to collect this information, it is also relevant that German courts apply German jurisdiction universally (an example there are African war lords convicted of war crimes that have no relation to Germany or German citizens).

Personally I would prefer privacy first companies to focus on lobbying the idea that these kind of court orders are to be used sparingly rather than enter an adversarial arm race with regulators.

At a minimum, users should be informed that their info was shared with government.

Option 1 is more strict in both ways. Only Terrorism (which is more serious than "just" crime) and even then only with a warrant. Option 2 is unacceptable (IMO). "serious crime" is too ambiguous and without a warrant prone to misuse.

At least that's what I'm reading into this. Picking option #2 was my personal "f..k y.." to them for this manipulation; not that it changes anything. (I really don't want to have a company share info without a warrant, but when a court warrant is issued they should comply).

It's worth noting that a lot of fringe extremists (but not necessarily terrorists) fled from WhatsApp to securer alternatives like Signal and Telegram, especially "COVID deniers" (which, to be clear, refers to a far-right political strategy). So blatantly ignoring warrants is probably good publicity for a vocal part of its userbase.

Wire and Threema are serious privacy-focused messengers. They have all things necessary for good privacy: full E2E, pseudonymous IDs not linked to phone numbers, multiple accounts, ephemeral accounts, side-channel authentication, etc.

Signal is something in between. It is not enough for state of the art privacy (as it is linked to phone numbers which are really tightly coupled to real-world identities), and it doesn’t provide a lot of features to be a good development platform. I think it is stuck in its current state, and no longer evolving.

Matrix offers all that, and bots and public channels

Well, obviously because Telegram officially allows and supports bots and WhatsApp doesn't and actively tries to ban them.

Thats more of a policy difference than a technical or conceptual difference IMO.

How to avoid this?

Don't store any data, as simple as that.

Use p2p E2EE services. The server will only orchestrate between connections but no actual data will pass through it, giving the cops absolutely nothing except connection logs! Sure, they can still see when you connected and who you requested to talk with, but there are many mitigations and (unless they actively sniff you) they won't even have a byte of data you actually sent to that person

41% OPTION 1: No changes. Telegram may continue to share IP addresses and phone numbers of terror suspects only based on a court decision

21% OPTION 2: Upon request by German police authorities, Telegram may disclose IP addresses and phone numbers of suspects of serious crimes, even if not supported by a court decision.

34% OPTION 3: Under no circumstances may Telegram share user information, including IP addresses and phone numbers of terror suspects.

4% No opinion / I am not from Germany

No, sorry, we are not. Not by a long shot. Most people here do not have a good understanding of these issues and "just want to live their life", meaning continue to be uninformed, as long as it is convenient.

It is quite difficult to even get people to try Signal or other option, to really give it a chance, because they are so prone to the network effect. They install all kinds of shit apps on their phones, but one more privacy friendly chat app? Nahhhh ...

Rather like ISP's today aren't responsible for the web pages they deliver - the HTTPS encryption means they couldn't scan or block them even if they wanted to.

ISP's can be required to in fact not deliver certain webpages, usually for copyright reasons. If Telegram redesigns its system like you suggested the courts may just shift to:

Do not broadcast, transmit or make available the channel with the ID XYZ. The channel might not be deleted of course, but if it's no longer accessible that would be essentially the same.

https://www.golem.de/news/an-die-polizei-telegram-bittet-nut...

Those are the things I gathered by lightly consuming news. Maybe this is some kind of preparation for winter, where COVID cases are expected to rise in combination with very high energy prices.

Telegram also has some ~700 million monthly active users - it seems unlikely to me that there are even 700 million alt-right people in the entire world.

https://www.cicero.de/innenpolitik/nancy-faeser-und-kommende...

So she's basically considering every upcoming protest against government due to exorbitant high energy price being anti-constitutional and undermined by violent right-wing extremists.

This is not somy dystopian future, this is Germany 2022.

"Telegram: An important opposition tool abroad, a radicalising cesspit at home."

https://twitter.com/argonerd/status/1296552428620451842?lang...

This is wrong. The German COVID policy is not strict at all. There is a 5 day isolation if you test positive, and you usually have to wear a mask on public transport. That's literally it.

Why should I do that?

Idk about you, but waving flags of the German Reich, following known Neo-Nazis and attending events of far-right organizations, while spreading lies and slogans that originate from right-wing conspiracy theorists, seems kinda right-wingy to me.

Some examples of mainstream media that emphasize the heterogeneous nature of these protests:

https://www.tagesschau.de/faktenfinder/esoterik-impfgegner-c...

https://www.spiegel.de/wissenschaft/mensch/corona-demonstrat...

https://www.sueddeutsche.de/politik/corona-demos-zwischen-hi...

https://www.rnd.de/panorama/esoteriker-auf-corona-demos-tanz...

https://www.faz.net/aktuell/politik/inland/corona-proteste-q...

So I don't think your assessment is fair.

They may not be considered right-wing, but they are falling quite easily for those rat catchers.

Just take the "Truther" movement. Those guys were readily spreading antisemtic bullshit in the last 20 years. They were quite successful in the esoteric scene.

https://twitter.com/martinkulldorff/status/15645903371375493... The look at Great Barrington Declaration. Then look at what the vaccines were promised to do by the authorities and politicians in power, and what the outcome truly was.

Currently the poll stands at:

* OPTION 1: 40%

* OPTION 2: 21%

* OPTION 3: 35%

* (no opinion): 4%

with 1.3 million votes so far.

I like the outcome (personally, I don't think the "store nothing" approach of OPTION 3 is really necessary), although the 21% that push for even less privacy are a bit concerning

Not German, but still want to know

Since the poll already has >1.1 million votes, I wouldn't expect those numbers to change a lot

Purchases are where the sales at. Strange that these sellers aren’t using more secure messengers.

I believe that illegal activity is a good litmus test for a messenger, much better than forum theories or headlines. If for some reason drug dealers stay away from particular apps, so should you.

Eg. Would users have been more accepting of YouTube removing the dislike button if the proposal had won a user poll?

1.26 mio. votes; Option 1 (41%), Option 2 (21%), Option 3 (34%), Option 4 (4%).