Telegram - Is it really reliable?

I tried Jami but it is quite energy consuming and I did not make the camera working correctly
I bought a subscription for Threema a while ago but it does not install on my device - and the manufacturer does not provide support for Lineage based OS.
So, I’ll stick to a combination of Signal/Wire/Telegram/Skype Lite. That far from being satisfying but it is my current compromise - as a non-WhatsApp-er.

Your solution, @ralxx, I cannot use because everybody here uses Whatsapp so it’s a waste of time for me.

Last time I used Telegram was to help /e/ team with some tests. And I do have a Skype account 'cos I might need it for a job interview but then I install it and remove it if I get the job! :smile:

Well, I realy don’t like Jami. I’ll stick with Twinme for a while but as soon as my home server is all set I’ll go back for Nextcloud Talk.

1 Like

Just wonder, when some serious Wire forks are coming up - afaik, the software, even the one for servers, is open source.

https://medium.com/flow-ci/how-to-build-and-deploy-your-own-wire-client-for-android-with-flow-ci-5c1a79ff7eca

RiotX people, new and improved great and simple UI, Matrix protocol, federated and tons of bridges!

But you must be a developer for understanding the bridge setup. I never gave get them running

This is confusing from Twinned website
https://twin.me/en/privacy-policy/

Twinme claims to be p2p e2e with no servers, yet on the link posted (twinme privacy policy page), they have twinme servers run by twinlife. Can anyone sort this out?

what’s the difference between server and ‘staging’ server?

For me, after having carefully read their website it feels like proper privacy-washing (like green-washing, just with ‘privacy’). They use all vocabulary for appearing privacy repectful but they do not explain anything in detail. Even the explaination of their business model is just the stringing of words without making any sense. Haven’t tried the app but to me it just sounds doubtful.

That was my impression too. Saying something without telling you anything. The app itself is working fine, but if it’s not open source, I have always doubts.
Btw Telegram is not open source either, at least not on the server side. Only the client is open source. Wire is completely open source (server/client), also Jami. Unfortunately there are issues with Jami as it’s not reliable yet with messages (testing cross platform does not work for me sometimes). I hope email registration with Signal will come at some point of time.

1 Like

The Telegram one is quite easy to get running because it connects using a bot

It would be great if they open sourced their server-side code as well, but in realitiy you’d have no guarantee the code they provided is the same that is actually running in their servers. The whole point of client-side encryption is you don’t have to trust what happens in the server because you can verify your data is (properly) encrypted from the very beginning.

2 Likes

Since there’s not a phone number to identify the device, they must have some way to know it is you and know who is the person you want to talk to. They say they generate an identifying number for it so whenever you’re on-line they know of.

It’s mandatory to have some kind of identification. Whatsapp, Telegram, Signal, etc, use phone numbers, Twinme use a self generated number.

In the end, it’s all the same. They have a server to route the communication between the devices. The question is wheter they can or do see what’s on the packet or not.

I might be wrong but if the encryption happens on the phone, they cannot see what’s on the package (routing server). If it happens on the server they might as weel do whatever they want (staging server).

When I talk about Nextcloud Talk being better than all of the other options at hand is because I have the routing server. I can see what’s being transmitted and I can asure you that I cannot see what’s on the package. I can see in the logs John talking to Mary, the timestamp, the devices…but I cannot see what they’re talking about.

Of course, there’s a push notification for the android device and it is Nextcloud’s so it goes to push-notifications.nextcloud.com. As far I could see, they’re not related to Google in any ways.

Since Nextcloud is the same solution /e/ uses, they might add some more accurated info about the matter.

Don’t get me wrong, I tried Twinme but my goal is to stick with Nextcloud Talk.

1 Like

there is a way to guarantee this: if the organization agrees with un-announced visits/inspections by an independent watchdog/inspector. I think that is the way forward for all IT companies with open source code, also on their server! i think there will be a 3 tier system:

  • open source bronze: client-side open source
  • open source silver: client-side + server open source
  • open source gold: client-side + server open source + un-announced inspections and certificate by an independent watchdog
1 Like

Without making any statement in the messaging comparison debate, I just want to share this with you guys. In the news 24/12/2019: The German army is building its own messaging app and infrastructure based on Matrix (BwMessenger), like the French government decided to do for its authorities (Tschapp). The article also mentions some local police authorities are testing other alternatives (Stashcat).

https://www.heise.de/newsticker/meldung/Open-Source-Bundeswehr-baut-eigene-verschluesselte-Messenger-App-4623404.html

1 Like

@facb69, did you think about this?
When SMSing, or calling over the phone number, you are using the ISP’s framework? Often, ISPs are super bad for privacy…:grimacing::pensive:

@donut3
Yeah, I know that. :slight_smile:
Actually I rarely use my phone for texting or calling.
And my goal is to use Nextcloud Talk for both.

1 Like

That’s great! I think it’s the best way to go.

1 Like

Well, this thread has become so much larger on messengers in general (an not so much on Telegram as intended initially), that I have something else to contribute.

The Gemran armed forces are testing Matrix as a possible solution for the future army messenger “bwMessenger”. The French government who opted for Matrix as core for the governmental messenger seems to have inspired German government officials.
An article that is currently only available in German, states that in parallel the German chancellors’ office is running tests with “Wire” whereas regional Police departments are already working with solutions based XMPP. Good to see that on governmental level open source solutions are been taken more and more into consideration. Hopefully, many more will follow.

3 Likes

i agree this is really great!

@facb69, I thought maybe this could be interesting to you. There a white hat hacker congress on privacy and IT security currently taking place in Germany. One of the talks was focusing on messengers: What’s left for private messaging?

Has anyone used or know anymore about Kontalk? Based on XMPP and “Encrypted everywhere”