[floatboth]

> if a Signal user wishes to hide their private/public IP addresses even from contacts who call, then it has an option “Always Relay Calls” in its privacy options

I thought Signal was all about privacy by default? :D

Signal fans love to dunk on Telegram for secret chats not being the only kind of chat.. well turns out on Signal, private is not the only kind of call, and your IP address is exposed by default.

[vinay427]

I'm unclear why you claim that "private is not the only kind of call." [EDIT below to clarify.] Also, your IP address is only potentially revealed to your contacts, which is rather different from the Telegram situation in which another party that you don't specifically authorize has access to your data.

EDIT: What I meant by this, as upon re-reading it seems unclear, is that the privacy as I understand it is not supposed to protect one party from the other party with which they are communicating, but rather conceal the conversation from third parties.

[lxgr]

The confusion seems to stem from two kinds of privacy goals here: Metadata privacy towards third parties (i.e. who is calling who; Signal explicitly does not provide this) and reciprocal location privacy of two calling parties (i.e. I don't know where I am called from and vice versa, only who I am talking to).

Signal's conscious choice is to interpret a user adding another as a contact as an implicit signal to mark them trustworthy enough to forfeit the second kind of privacy in exchange for better voice quality (latency and bandwidth) as well as to lighten the strain on their resources.

[lxgr]

Telegram has the exact same default (allow P2P calls for contacts only).

In my opinion, this is a reasonable default: Relaying all voice calls would use significant resources and might increase latency for users far away from the nearest relay (topologically or geographically).

Also, what's with the snarkiness? Are Signal's security tradeoffs or vulnerabilities somehow making Telegram more or less secure?

The two of them intentionally make different security/usability tradeoffs (the most significant one being Telegram's choice to provide a server-side message history visible to the service operator).

Of course this tradeoff isn't inherently bad, but weird communication and branding on Telegram's side in the past has given this a weird aftertaste that, at least for me, is still sticking around.

[emerongi]

I thought Signal is more about privacy for the masses. Signal claims the call quality is better when this option is not enabled, so it makes sense to leave it off if your goal is to actually have users use your app. The call itself is still encrypted.

[dancemethis]

Signal fans like to selectively forget that the server-side is proprietary software - therefore, the whole platform can't quite be proven to be reliable.

Essentially, they are not much better than Whatsapp stans.

[lorenzhs]

That’s hilariously wrong, the server source code is at https://github.com/signalapp/Signal-Server. How can you make such a claim in good faith when it’s so absolutely trivial to refute?

[ric2b]

I don't need the source code for Facebook.com to know what information my open-source browser sends to it. Same concept with Signal, you can read the client source code to know what the protocol sends to the server.