It's not worse, aside from chats being unencrypted by default.
I've had suggestions on Instagram of people who I never got in touch with, only because my wife, who has no FB account, is in the same WhatsApp group as these people. They mixed in a bunch of other "you may know" people to make it less obvious, but when comparing her groupchat and my suggestions, it's clear they made links via IPs and phone numbers. At least Telegram isn't big enough (not yet, anyway) to cross correlate data to ID users like that to create such privacy concerns. FB? No, thanks.
Chats are encrypted. The question who can decrypt them by default.
It is a trade-off between security and usability. By default, you get usability (e.g., you can chat across devices easily). But you think it is worth the cost, you can make encryption keys unavailable without corresponding devices (create secret chat).
My guess, most telegram users prefer usability or don't care/ignorant. It would be a mistake to make the experience worse (that people would notice ignorant or not).
It is false that chats are "unencrypted" (I know, it is repeated on every submission about Telegram here but it does not make it true whatever Goebbels said). Here's a quote from the FAQ: "The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data." https://telegram.org/faq#q-do-you-process-data-requests
That is only true for the End 2 End encrypted chats, which are a separate and not very user friendly thing. Regular chats and group chats/channels are by design unencrypted.
To me a chat app not reading my messages is way more important than a chat app will not use my phone number for advertisement. Ideally I'd have both, but given a choice, the first one is way way more horrific than the other.
Though, for some cases Telegram is definately better, Groups, work related chats don't really need to be private as much and that's where telegram really shines for me. Specially since I can use it without giving my phone number away.
> is way more important than a chat app will not use my phone number for advertisement.
My profile being shown on a different platform to people that I might be close to (co-workers, in-laws, friends of friends) but I'm not interested in having on social media is pretty damn concerning, regardless of ads.
Both are equally bad, for different reasons. As a user, one might be more worried of having their identity tied to their Facebook account (and therefore advertising/tracking), than about their government spying on them.
Having worked with people in totalitarian countries, it's surprising how much protesting people can do in plain sight. Until the regime decides they went too far, and it won't matter what proofs or chats they have on their devices, they'll just randomly arrest a bunch of people and release them after a week of horrible prison conditions. It's usually good enough to scare everyone.
I use Signal 95% of the time, but I understand the appeal of Telegram. The UX is better, it allows pseudonyms, has huge communities in group chats. In a sense, it feels more private than Signal because of the pseudonyms. And for people in non-Western countries, well, Telegram might seem like the only option.
signal and telegram are a no brainer when it comes to totalitarian regimes. i live in Kashmir which has historically and continues to hunt down dissidents with agility. i cannot imagine being tied to my "mobile number" when the government has that data by law, tying a telegram/signal account to it is a gone case by that point.
people who go with signal call it "better whatsapp without facebook tracking" but just like telegram, its Achilles heel is mobile number requirement. matrix has that from the start so its better in that respect. sure, matrix does not have "social graph" out of the box but in a "totalitarian regime", that is precisely what you want.
besides, you can set up your own matrix server, something whatsapp/telegram/signal simply cannot do so its 100% more secure in that sense
Synapse is still one of the worst installation processes[1] I've gone through. I'm extremely comfortable with Ansible and Docker but their install process sucks if you aren't exposing your Matrix instance to the world and don't have a domain pointing at it. On top of that, there are so many moving pieces to it if you want to bridge it to other services.
I got it all installed but ended up dumping it because I felt the complexity wasn't worth it. There are so many moving pieces imo.
Are there alternatives to Synapse for homeserver software? Or is there a less complex deployment method for a homeserver and bridges that I am not aware of?
Oh cool, I had never heard of YunoHost before this.
After my comment, I decided to give Matrix a try again and setup a fresh Arch Linux VPS for it. I didn't run into any snags but it took quite some time to get everything configured. It probably took me a solid 2 hours just to get everything up and running (Synapse + bridges for iMessage, Signal, Discord and IRC).
Not many applications I self host require as much setup as Synapse!
Thanks for giving it another go. Setting up Synapse itself should be super easy though - it’s just an https listener pointed at by an srv record or .well-known uri. We don’t need weird certificates or reverse proxy contortions these days (since Matrix left beta in 2019); it really should be a few minutes max to do it from git or pip, or a few seconds via apt or similar.
Now, setting up a bunch of bridges is indeed harder, but they are deliberately entirely separate apps, each with their own foibles. But just like you wouldn’t blame Apache httpd for some fiddly 3rd party Apache module, I wouldn’t blame Synapse for the complexities of running bridges.
Wait for evangelists to come and say that it's simply out of their threat model for Signal, it's actually just no-Facebook Whatsapp with Mobilecoin, you're a 0.0001% privacy geek whose needs are totally irrelevant to 99% of the actual userbase whose requirements are stories and, surprisingly, usernames which are coming the next day, pinky promise! That's what always is being heard in response to unorthodox requests wrt Signal development, chinese users case shining there especially so. But yeah, some people gotta bring some bread to their tables and other to get memed into "use Signal, use TOR".
I think the bigger question is anti-spam in anonymous chatrooms, even with the mobile phone requirements spammers (in particular from Nigeria, why does this country have so many scammers in particular?) are everywhere and spamming all the time, I'm in 5 or so groups and every day 2-3 spam messages have to be deleted. There are millions of fake channels and I wouldn't be surprised if up to or over 10% of telegrams messages sent are spam/scams.
What does matrix do to prevent the tidal wave of spam hitting it?
I would say it's the same question as "what does IRC do?" as the general design is the same - maybe a bit more friction signing up with Matrix than IRC but at the end of the road they operate on the same trust model. The Matrix team blogged about a spambot attack last year on this very question: https://matrix.org/blog/2021/06/30/security-update-synapse-1...
Side comment: because my mobile number was leaked (breached) by T-Mobile which included my name, I get way, way way more spam via it than anything else. Lots of political spam, 95% or greater from the right/repub end of the spectrum.
Edit, side comment #2: I ported my secondary Google Voice number out to Tello (a low cost MVNO in the US) with a SIM in a spare phone, and all the spam I was getting every day to that number simply stopped instantly. I'm a little amazed to be honest, it's very interesting.
Ah sorry that's a spambot attack, the spam on telegram is 99% Indian/Nigerian origin of people literally just signing up to go into group channels and spam whatsapp channels/msg me for how to make riches/join this trading signals channel you'll make millions.
the more public group that i am in, i leave "mentions and keywords only" notifications on so it does not bother me with every buzz. that way, only groups that i know are "relevant" can notify me, these groups i can browse later when i get the time
i am member of a group, public, 876 users as of right now, another openstreetmap india group and that one has 1350.
only the osm-in has some sort of "spam" where i see occasional crap thrown on but that gets flagged and removed quickly.
i don't know about telegram but my matrix account(s) are pretty public but i have basically never gotten a stray spam. as i said, one group has a "couple of spam messages occasionally" but i can "report" the user and check tickbox
"Ignore user
Check if you want to hide all current and future messages from this user." which should be good.
that is what i wrote. matrix does not by design force users to submit a mobile number while everyone else does because they want to use that for social graph, etc etc.
Telegram has a great thing working in its favor: it is mostly free of censorship, particularly of the kind that reacts to Western do-gooder sensibilities. I have learnt more about the Ukraine war from Telegram channels (Gruz 200, Truha, some local ones) than from all of the Western press combined. Analysts like Bellingcat, CIT and ISW keep citing Telegram channels as sources. Both DNR/LNR "separatists" and Ukrainian regular and irregular fighters are putting out a lot of unfiltered info on TG.
The idea that Telegram is in any way safer than the other platforms, I really don't see much to speak for it.
It's similar to ProtonMail: you get it as a backup in case you get locked out of your googlemail; you don't get it to conspire.
Twitter and Youtube are a censorship minefield as it comes to war footage. Russian trolls have been known to mass-report pro-Ukrainian accounts for posting "NSFL" material (and much of the interesting material from the front is NSFL). If you are famous and know the right people in the West, you can get unbanned through your connections, but this is a lot harder for the local sources.
For people looking for privacy: Briar is where it's at. A bit clunky UI (e.g. inviting someone isn't easy) but otherwise really well built client, and top notch network protocol and cryptographic features.
I want to like Briar and Cwtch but neither of them have iOS clients which really breaks the whole friendly to people who use other platforms covenant. If a client doesn't have apps for both of the big mobile platforms I'd say it's very unfriendly because you by omission are creating exclusionary silos.
There's Session, which is iOS and Android friendly and doesn't burn down your battery as messages are privately routed through zero-knowledge nodes: https://getsession.org
I hate to say it, but if the product/service name immediately evokes a "how do I pronounce this" feel, and actually has an entry in the FAQ about it, its facing an uphill battle with mass adoption.
I've had suggestions on Instagram of people who I never got in touch with, only because my wife, who has no FB account, is in the same WhatsApp group as these people. They mixed in a bunch of other "you may know" people to make it less obvious, but when comparing her groupchat and my suggestions, it's clear they made links via IPs and phone numbers. At least Telegram isn't big enough (not yet, anyway) to cross correlate data to ID users like that to create such privacy concerns. FB? No, thanks.