I avoid everything else apart from Signal (this includes Telegram) because with Signal I trust that they have:
- end-to-end encryption enabled by default, and as far as I know there is no possible way to disable this even if I wanted to.
- no logs/state stored server side, or at least that's what they claimed.
- no SPAM. The only people that talk to me on signal are the ones I actually intend to talk to. Not sure if this is just because so few people use Signal or because they don't have a chat-bot API they try to push as a commercial offer.
- a non-profit organization structure, not that being a for-profit is bad, but I tend to trust non-profits more when it comes to things like respecting privacy as a core value of their business (a for-profit would scrap that and abuse their market share at the snap of a shareholder finger).
I'd agree with all that. An in the past I'd also tend to like non-profits more until I've realized that these are as vulnerable as a for-profit in terms of ideological contamination.
You can choose only one. Otherwise I can't see how it would be end-to-end encrypted. Your devices should create some sort of a group chat to make this work.
Group chats have large enough attack surface and "end-to-end encryption" will create false sense of security.
Signal has end-to-end encryption and you are able to see the conversation on other devices from the point you link your devices.
What it does not have is the ability to send your conversation history to your linked devices (which I find a bit odd, if you can trust a device with your present/future conversations, you should be able to trust it with your past, or at least be able to opt in in trusting it with sending over your past conversations). I hope they will provide this in the future.
All you need is for the two instances of the app to use separate sets of key pairs, where the keys have been generated on the device itself and the private keys never leave the devices, to share the private key for the conversation between the two devices. I don't know if Signal or any other app does this, but it's 100% conceptually possible.
In general there is a simple rule: either usability or security.
All general consumer grade tools are fighting with this equation: How can we make an app which will appeal to the broad audience which will be easy to use.
I can't say anything about signal but in general if something is easy to use and you can chat super secure with your grandma then most likely it isn't secure how you might think it is and it's actually an issue because you may want to send data which otherwise you wouldn't if you know you're on compromised channel.
Sharing history between e2e encrypted devices is a tricky thing because you should have forward security with some ratchet keys.
Why is this utterly stupid question coming up again and again? Go ask your peers/yourself why feel the need to share all of your conversations with the government and other 3rd parties who in the best case just want to sell you shit.
I recently signed up to an online course at Helsinki Open University, there is an online message-board for students (empty) and a Telegram group for the users of the course which has 350+ members.
This is the only real time I've used telegram. Mostly people that I know here in Helsinki, Finland, use WhatsApp (friends, neighborhood kids-group, etc), or facebook messenger (pottery teacher, local companies).
their encryption is closed source. If we don't know exactly how Telegram works at it's core, any encryption it might have is almost worthless IMHO.
Signal and Keybase FTW
- end-to-end encryption enabled by default, and as far as I know there is no possible way to disable this even if I wanted to.
- no logs/state stored server side, or at least that's what they claimed.
- no SPAM. The only people that talk to me on signal are the ones I actually intend to talk to. Not sure if this is just because so few people use Signal or because they don't have a chat-bot API they try to push as a commercial offer.
- a non-profit organization structure, not that being a for-profit is bad, but I tend to trust non-profits more when it comes to things like respecting privacy as a core value of their business (a for-profit would scrap that and abuse their market share at the snap of a shareholder finger).