Telegram - Is it really reliable?

It’s three months dated but I just got it now.
Does anyone have heard of this information?

https://piunikaweb.com/2019/09/01/telegram-may-add-new-option-to-protect-phone-number-privacy/

I think it’s implemented

3 Likes

I’m aware that the popular messenger Telegram is much more widespread than Threema.

But what I especially like about the Swiss Threema is that, unlike other services, it is not linked to a telephone number. The identity is linked to the ThreemaID, which is independent of the device and remains the same. The fact that it contains proprietary code does not bother me in this case.

To communicate in everyday life with friends, family and colleagues, it is a very good alternative to telegram and signal. For a limited time: 50% OFF. Learn more …

as far as there is no way to connect with Threema or any other messenger to telegram or whatsapp I won’t use it. I need a messenger which is able to connect to EVERY other messenger :laughing:
That’s my x-mas wish :laughing:

There’s a lot of controversy and criticism around Telegram for two main reasons:

  1. Does not provide end-to-end encryption by default, only for Private Chats which have to specifically be started by the user and do not support group conversations.
  2. The encryption algorithm they use is custom made instead of relying on the current, existing ones that are widely used and audited by security professionals. They received a lot of critics from security researchers and experts about this, since there’s no reason to reinvent the wheel especially when there’s effectively no added value provided. The issue here is that is very difficult and takes a lot of time for cryptographers to properly audit this algorithm and ensure that it really is as secure as it promises, has no vulnerabilities, etc.

On the other hand Telegram is open source and has gone through security audits successfully. It has never been hacked even though it has help contests rewarding anyone able to bypass their encryption with no winners.

All that been said, privacy is not the same as annonimity. Telegram does provide privacy but it does get your phone number when you signup for an account, and may be exposed should their servers ever be hacked or their information leaked in any way.

Threema has also passed security audits which is great, but it is closed source, meaning there’s no way to verify that the app is doind what they are advertising: you just have to take their word for it. When you install Threema you agree to grant certain permissions to the app and you will never know if the app is taking advantage of that fact. for profit.
Also consider that ID stands for identification and therefore it is by its own definition something unique, which is linked to your device where you installed the app.

I’d personally choose Telegram over Threema since I have more reasons to trust them (in the end you’ll just have to trust someone), and it offers the exact same thing which is secure messages.

4 Likes

Given your number of contacts, I understand your desire … :grinning:

Also almost all maintainers and supporters use the messenger telegram as a communication medium, so it makes sense to use multiple messengers.

These are only the number of contacts which proton has collected. My address book does have a lot more :pensive:
There are to much people which are needing support :wink:

Well, each one has his/her own needs, I believe.
Whatever they are, the big issue I see is what @PNJ88_Beast said:

To achieve the goal of one app communicating with all others is what Matrix is trying to do but, again, you’ll have to trust them. The bridges do not offer the encryption available in the reall app, AFIK, and is not very stable.

If I could have stability with this bots, I would choose to use Matrix but, so far, I didn’t.

The P2P looks more interesting to me because there’s no need of a centralized server but, again, how can one know if it is really working that way? How does the Twinme in my phone reaches the Twinme on someone else’s? I’m trying to figger that out and once I’m satisfied I might as well change my IM of choice and dump WA.

Decentralization really adds a lot on the trust issue but doesn’t eliminate it completely. Unfortunately I don’t have any experience with Matrix so I can’t really say much about it for now, it’s on my to do list of technologies to keep up to…

1 Like

Matrix is very difficult to setup. I have had a Matrix server running 2 years ago. But I never gotten the telegram or whatsapp bridge running. :frowning:

I managed to run a Matrix/Synapse with the Mautrix Whats App bot running on an Ubuntu 16.04. For me, the catch was using the fullchain of the SSL certificate for the bot to run.

Problems:

  1. The communication of the bot was not encrypted;
  2. The bot used to loose communication with the WA API several times during the day forcing me to keep the WA app in my phone to reconnect;
  3. The Riot app froze when I finished an audio/video call forcing me to stop it from the phone Settings or even restart the phone;
  4. The Riot app could only make audio/video call to another Riot app not for a WA app as I would want.

It was very frustating so I gave it up.

As European, I like a messenger provider based in Switzerland and server more than servers in North America or anywhere else.

Threema meets the requirements of the European General Data Protection Regulation (EU-DSGVO). As a Swiss company, Threema is also subject to Switzerland’s strict Federal Act on Data Protection (DSG) and the accompanying Ordinance to the Federal Act on Data Protection (VDSG).

Trust is a elixir of life. And there is no such thing as 100% certainty. So I’ve to choose.

I agree with this point of view; if I have to trust some company I’d choose an european one.

Since I’m thinking of using my own server or a P2P connection I tested Nexcloud Talk (for the first) and Twinme (for the second).

In the Twinme test, one phone was on 4G and the other on a WI-FI controlled by me. The connection traveled thru a german IP owned by Hetzner Online GmbH, a web hosting provider located at Germany and Finland, therefor also subjected to the European General Data Protection Regulation (EU-DSGVO).

In the Nextcloud Talk test, everything runs on my own home server and travels thru internet companies backbones. In this case, I’m the routing server between the peers.

Twinme is a better app in all aspects so, if I choose it, I’ll have to trust the company behind it (Twinlife).

If Nextcloud Talk manages to change some aspects of the app that I need (voice recording and send files from the phone and not only from Nextcloud), I’ll choose it.

Finally, what I won’t do is use WA or Google anymore.

1 Like

@facb69, although I have acquired some knowledge about custom ROM in the last months, I still belong to the user group Mod and Dad.

What they are doing there in about 5,900 miles as the crow flies is a different user sphere. Sounds exciting.

1 Like

I agree that regulations in the EU are much better for costumers in terms of privacy and data protection, and I’d prefer an European company for sure for just about everything. But I also recognize that the jurisdiction of a company’s operations is just one more piece of the puzzle; laws and regulations can be fuzzy sometimes and there can be loopholes and/or shady business going on. I’m not saying that Threema does any of that.

My point is still the same: you have to trust someone to either do things right (proper implementation of secure encryption algorithms, for example) or do the right thing (collect only as much information as it is really required to run your business, and have your users’ privacy and security in mind).

The bottom line here is the same and I think we all agree that given what we know about the big giants today, we should look for alternatives and start demanding more assurances in the privacy front and always keep a healthy degree of skeptiscm.

3 Likes

@PNJ88_Beast
I agree 100%.

HI @facb69, just following your thread - Twinme, hadn’t heard about it before.
Seems their French, they advertise themselves as privacy focused, but through a quick look on their website, I wasn’t able to find out neither if Twinme is open source, nor what their business model is like. By any chance, do you have a clue?

Hi @ralxx.

It’s not open source, unfortunately.

As far as I could get, they provide a way to self host it but for companies (with Twinsee app).

They have a very comprehensive page with informations: https://twin.me/en/support/twinme-business-model/

All of this would end up in what we were discussing in this topic: either you choose to trust someone or you try to do things yourself.

I’m more inclined to self host everything on my own home server but this is a work in progress. Until then I’ll have to pick some company to use their services and I’m inclined to choose Twinme.

I’ll probably insist with Nextcloud Talk because I’ll be the routing server. Ah, NT is open source!

2 Likes

Thanks for the feedback.
Just read the business model page - there is virtually NOTHING written on… a bit disappointing.

Indeed… :smile:
Trying Jami once more. Yet another not FOSS app. :face_with_raised_eyebrow: