In my opinion this has started as part of Rufo's campaign against Katherine Maher (see https://news.ycombinator.com/item?id=40341993), then Dorsey and Musk boosted that article because it aligns with their political views. Durov decided to add Telegram vs Signal angle in his post.
This seems organic to me. I was a security researcher, and for years I've been telling anyone who would listen that Telegram is not as secure as their marketing says it is, while Signal is.
The reasons why are already pretty well listed in the thread above. Telegram's E2EE is hand-rolled and not the default. Signal's E2EE is always on, and it's _the_ industry standard protocol. (Outside of iMessage, I believe the Signal protocol is used on every well-adopted messaging service which offers E2EE chats.)
People also aren't aware that phone numbers and usernames are tied on Telegram. When a former friend of mine joined Telegram, I searched up his username, and found his _very_ explicit Reddit account. This identity compromise issue isn't mentioned more often.
You can add me to the list. There is no good reason to pick Telegram over Signal, unless you don't care about security. It DOES have more sticker packs.
>People also aren't aware that phone numbers and usernames are tied on Telegram.
But you can, under Privacy & Security, switch Phone number visibility to "nobody".
You can also change your username anytime you want to. A new feature called "anonymous numbers" allows you to purchase and use virtual numbers (they start with +888).
I think the bigger problem here is that Telegram has not e2e encryption enabled by default, which is definitely suspect.
That was my impression too, that this was more of a thread to slander Telegram than anything.
The main leg that Signal has to stand on is it uses standard encryption, but it has all kinds of shady components like it used to require sharing phone number to contact someone, and the cofounder Moxie launched some MOB crypto scam which went to 0 and he has now quit the project too.
As I recall they went out of their way to hide that they were working on that shitcoin integration as well, Signals open source releases went dark for a year or so without explanation and then it turned out to be because they didn't want people to know about MobileCoin. Compromising the transparency of the project to obfuscate the development of a feature that they surely knew would be unpopular isn't a good look.
Perhaps you're right, and all of them have the "greater good" intentions, but it's ridiculous how their "regular reminders" popped up in the same 24h interval
It's getting harder and harder to tell because bot activity has gotten so good, but Matthew Green has been around a while and is a genuine old school crypto dude. There is a group of people who just believes that crypto and privacy are good things and want to promote them.
The reason it gets harder is because you can spin up a handful of "expert" accounts shilling for this or that privacy VPN or bitcoin scam etc. So it's hard to just pull up a list of statements and know whether it has any weight. In this case, Matthew Green has a lot of weight because I've followed him for a while and I know what he's about.
yes, but that's the point: it's not a technical problem, it's an institutional problem. Facebook is pure surveillance capitalism. They live by scooping your data. E2EE is hardly a concern or a solution.
While metadata can leak a lot about conversations, it doesn't leak nearly as much as plain-text data of conversations. I've argued for years that companies have an incentive to do E2EE on private messages so they don't have to be held liable or have to get involved in a lot of investigations if they don't have any access to the info. Telegram has access to the plain-text data of the conversations, as far as I know. Signal, WhatsApp, and Messenger (more and more), seem to not have much, if any, access to the plain-text data of conversations.
But the Meta companies are lying about E2EE, I don't know? Signal has seemed to me to be the company (org actually, nonprofit) that cares the most about privacy in terms of intentions and implementation.
Facebook actually has had optional E2EE with the Signal protocol since at least 2016 (in my experience), as "secret chats". This puts it on a better security standing than Telegram.
Yes, but Facebook (and others) uses the Signal protocol in its optional E2EE chats, because it has withstood the test of time. But Telegram uses its custom protocol (MTProto2) in its optional E2EE chats, which has a host of problems and has not withstood the same weathering.
It’s ultimately a distinction without a difference, as it is an appeal to the morality of the corporation behind the product, which can change from based on their incentives. E2EE protects against that.
https://news.ycombinator.com/item?id=40301508
https://news.ycombinator.com/item?id=40336005
https://news.ycombinator.com/item?id=40330694
https://news.ycombinator.com/item?id=40308241
https://news.ycombinator.com/item?id=40299313
https://news.ycombinator.com/item?id=40298608
https://news.ycombinator.com/item?id=40279661
https://twitter.com/jack/status/1787895769183268948
https://twitter.com/elonmusk/status/1787908190799278360
https://twitter.com/elonmusk/status/1787589564917490059