Signal. It is at least as secure as Whats App by design, has pratically the same interface and also a Chrome-based desktop app that works untethered from the phone app.
Out of curiosity: I’ve noticed a long-term sceptical attitude to telegram in HN audience and have seen multiple arguments against it. Something like that their crypto can’t be trusted, that it’s not time-proven.
Don’t you know any good source with some sort of domain expert explanation, why shouldn’t it be used or trusted?
No intention to start any flame against Signal, only curiosity regarding telegram flaws. Personal point of view is also appreciated.
> Don’t you know any good source with some sort of domain expert explanation, why shouldn’t it be used or trusted?
People like tptacek have talked here at length about why Telegram is not trustworthy, you can see a history of his comments with a simple search: https://hn.algolia.com/?query=tptacek%20telegram&sort=byPopu.... Moxie Marlinspike has also pointed out a bunch of problems with Telegram, and even if you don't consider him a trustworthy source because he runs a competing service, the technical reasoning behind his opinions is sound.
If you want a personal POV, here are three reasons why Telegram is a bad idea:
1) The large number of unsound technical decisions. See Thomas and Moxie's many comments for details, or the "Security" section on its Wikipedia page.
2) Within days of launching, they had a critical security vulnerability: https://news.ycombinator.com/item?id=6948742. Frankly, this alone should have discredited them forever, especially considering how much boasting they were doing beforehand, but people are stupid.
3) They have a consistent pattern of responding to criticism not with technical defenses, but with ad hominem attacks and conspiracy theories ("You're paid by the US Government!")
Some years ago all you needed for Whatsapp was the phone number and MAC address to login and view all messages. Nobody gives a shit about this today. Should have discredited WA forever too.
Also I find it puzzling that so many people here keeps on recommending WhatsApp over Telegram after all the lies from WhatsApps owner.
Edit: While I have no way to verify this, AFAIK both Telegram and Gmail stores data and keys in ways that makes them hard to access by everyone except for the user.
Telegram in particular say they do this by storing data and keys in different datacenters in different jurisdictions.
Add to this that WhatsApp has had their fair share of issues as well before they started working with Moxie.
AFAIK WhatsApps crypto isn't too old either but that doesn't seem to prevent HNs resident cryptospecialists from recommending it.
That said: I belive them when they say that WhatsApps crypto is stronger.
On the other hand I would expect them to leave a little note somewhere about WhatsApp being a data collection tool for Facebook that also still happens to works as an instant messaging platform.
Telegram is actually fighting the Russian government over the encryption keys, saying that it is impossible to hand them over (I assume this is for e2e encrypted secret chats). The consequence of this action is that they'll likely get banned (i.e. removed from app store). How much of this is a farce remains to be seen, since the whole nation, from casual users to small businesses to government employees use the app daily.
As a Russian, I do appreciate the fear that the "russki" brand instills in your soul, but I think you are rightly being downvoted for jumping to conclusions simply based on nationality.
I too appreciate nationalist sentiment, but the parent clearly stated: 'personal opinions also appreciated'.
But to be clear: I have a lot of distrust against governments regarding mass surveillance. But I distrust some governments more than others. And Russia is relatively high on that list for me. I think a healthy dose of distrust would be fitting for Russians citizens too.
Signal has most of the problems that has WhatsApp: mainly the fact that it's dependent on a smartphone, yes you have a Chrome-based application that is the same as WhatsApp web, it's only a remote interface that connects to your phone.
Telegram in my opinion is far better, it's completely cloud based, you can use it from whatever device you want, it has real desktop apps, you can send files, you have bots, channels, large groups, usernames, you name it.
I don't get why using Signal, yes it's free software, also Telegram it is (ok, the server is proprietary but even if you have the source how can you be sure that what they release is what is running on the servers ? If you don't run your own server the source are useless), but I don't see other advantages, so why bother with a third messaging app ? I use WhatsApp for the large user base, and I use Telegram for the advanced features if I need them.
No, Signal Desktop is NOT the same as WhatsApp web. You still need your phone for the initial setup (same as Telegram), but after that, the desktop app is untethered until de-authentication.
Also, it has a much more praised security and cryptography than Telegram, is always encrypted (Telegram is only encrypted in secret chats) and has a much more secure codebase, with more open development (Telegram sometimes takes weeks to release source code), reproducible builds and a more transparent history.
I do use Telegram (mainly for group chats), but I treat everything posted in it as I would treat a public forum like HN.
The more I dig into Signal, the more complicated everything with it is.
Just go XMPP with OMEMO, so no hard smartphone dependency, no electron app monsters. Thankfully XMPP doesn't have a problem with 3rd party and federation.
My friends switched from whatsapp to signal for day. We switched back after a matter of hours. We couldn't find a way to quote messages to reply to them, which is critical for group conversions where multiple threads are happening at once. Also there was no ability to @user to direct a message at a specific person. As for the app, there was unnecessary whitespace between messages--even using smallest font size. Usability vs unauditable security is tough calculus but I think technical people weigh security more then their less technical friends.
Not very likely any time soon. There was a long debate about it and they decided that putting your trust entirely in the CA system and Signal's servers every time to not serve a malicious client that couldn't be validated by the user wasn't acceptable.
I'm sure if a third-party client would contribute to support the maintenance (both financially and in terms of the time and effort investment) he might be open to that, but obviously that's not going to happen.
After playing around with federated XMPP (on my own server): XMPP with OMEMO is brilliant. No battery drain (Conversations and Astrachat tested on android), multi-client e2e encryption, even voice/video is possible. And, being federated, I finally own my identity.