- Signal -> Close friends & family I've convinced to use it.
- WhatsApp -> Most of my friends.
- SMS -> School notifications, 2FA, shipping updates, etc.
- Facebook Messenger -> Elderly relatives
- Telegram -> That one relative who wants to use this instead of Signal.
Is there a consolidated messaging app that the HN community recommends?
I can't be the only one suffering from messenger bloat.
But somehow people started using it because it was "more secure" than whatsapp.
I now have everyone I talk to regularly on Signal (30-40 people), but it took years.
Any proof? If you're calling MTProto 2.0 'insecure' then you should know it's already been audited multiple times in the last 2 years. If insecure means not using E2EE, then I guess the whole infrastructure of the internet is insecure.
> It's not even anonymous
It's more anonymous than Signal is. It requires phone number to register but you don't need to share a phone number or any personal detail to communicate with people.
Signal team is also actively hostile to any 3rd party client usage of their service.
And that's always cheered on this website - just remember the RCS topics where people were making fun of attempts to add some basic standardisation to this mess.
Telegram has amazing user experience. It's available for any platform, the messages are always backed up, the apps are high quality and responsive and they have great features for group messaging and group organization. They even give you a library you can build your own Telegram client with.
It's *great to use* - something that Signal people never prioritized and always rather pushed their sometimes horrible preferences down peoples throats.
> If you're calling MTProto 2.0 'insecure' then you should know [...]
If you're calling "secret chats" the default, then you should ask around or try to use telegram on desktop or just open telegram and see how much stuff is actually encrypted.
My UK-based employer seems nonchalant about expecting me to agree to be subject to the laws and courts of California in order to receive internal company newsletters delivered via a 3rd party.
While I agree this is harmful to the user (or unpatriotic, if you prefer), it's extremely common thanks to the state of the global economy since the 1980s.
I'd wager that 99% of people in the UK would now be unable to contact their friends and family without relying on at least 1 large U.S. company.
MTProto is the name of the:
1. Cloud Encryption
2. E2E encryption
algorithm at Telegram. MTProto 2.0 is not just secret chats, a different implementation is used for cloud: https://core.telegram.org/mtproto/AJiEAwIYFoAsBGJBjZwYoQIwFM...
Both cloud and e2ee consist of what's called the MTProto 2.0 algorithm.
In whatsapp, messages have always been on-device / in-memory, where they belong, doing a p2p sync/transfer
> 1. Is There a Secret Chat On Telegram Desktop?
> No. Due to Telegram secret chat's end-to-end encryption and the requirement for permanent storage on the device (and not using the Cloud to store data), Telegram does not have the secret chat feature on Desktop or Web Telegram. They may add this feature on their desktop version in the future, but for now, it is not safe enough to have it.
Whatsapp has caught internationally but it's Facebook and its desktop app is a crashing dumpster fire.
Viber is another popular app, but has too many ads and visual noise.
Telegram has caught on as a good alternative for all, because it does everything good. Apps are functional, fast and stable. Interface is clean. Also Telegram channels were genius idea to increasing market penetration. Nowadays all social networks are heavily abused by bot abusing abuse feature (hehe). Basically any post containing "politics" let alone "war" content can be taken down by abuse spam. Be it facebook, twitter or reddit, all the same. So political and social "influencers" are rapidly creating backup or new main channels in the Telegram to post "controversial" information, and people reading news and blogs in Telegram will also message there too.
"actively" is a big word, there are several 3rd party clients and no big push to make them stop. They don't want widespread 3rd party clients though.
Also see [1], they have every bridge's features well documented.
Of course, it's not really "anonymous" if a nation-state wants to come after you, but that's not the threat model for most people.
https://twitter.com/matrixdotorg/status/841424770025545730/p...
Bridging chats of different technologies doesn't work well/at all (i.e. Signal bridge + WhatsApp bridge users in a single room) but bridging external chats (DM or group) into Matrix works very well. Some services need a daemon running on a phone (i.e. WhatsApp) and that's very annoying, but where possible these bridges all run in the cloud.
If you trust third parties, you can also go the easy route by getting a subscription from EMS (https://element.io/matrix-services/ems-pricing) or Beeper (https://www.beeper.com/). I personally prefer to keep my messages and encryption keys on devices I control, but others prefer to let someone else take care of it all and I respect that.
It's relatively straight-forward to set up a bridging server if you're comfortable with Docker and YAML files. You can read how to set up a Matrix server here: https://matrix.org/docs/guides/free-small-matrix-server and here: https://github.com/spantaleev/matrix-docker-ansible-deploy/b...
If you use the Ansible playbook, all you should really need to do is run through the setup, fire up a Matrix client, start chats with bot accounts, and follow the instructions on the guide (usually sending /login to a bot and authenticating your account with whatever service you're bridging).
Your Matrix account doesn't have to be on the same server as your bridges, which is a setup some seem to prefer. You can set up a Matrix server just for bridging so that you don't need to set up all the VoIP features and performance tricks while keeping your own server dedicated to just bridging stuff. This does break some nice features (i.e. double puppeting, a bridge feature) but it also makes your own server less of a single point of failure if you ever do get talking on Matrix.
But the nature of these things is X gains traction. Y wants a piece of X's pie so cuts X off. X realises that it's dependent on the Ys and so launches its own service.
We've seen the this with Netflix. We've seen the former with Twitter.
Ideally the stars would align so that it's in everyone's interests to support an open protocol and we kind of have those in SMS and email. Except these have their own issues.
I am not HN community, but there is Beeper or Texts.com possibly others, there are also (other) Matrix bridges, but it's PITA to set them on your own.
Personally I'd just move family and (old) relatives to Whatsapp and you will have everything consolidated in one app used by everyone anyway. That one relative would have easy choice, either Whatsapp or SMS if they wanna talk to me, not keeping extra app for one special snowflake.
Plus you need to keep SMS app to receive all those codes, shipping updates since Whatsapp sadly doesn't support SMS.
That's also my setup - Whatsapp+SMS, used to have also Signal years ago with family before we ditched it en masse after PINgate for Whatsapp, my mother has also Facebook, I think father only Whatsapp, sister I don't talk to has also Whatsapp, wife has Whatsapp and (Google) Messages which she use just for receiving SMS.
If I would be moving somewhere my family (parents, wife, kids) I'd go for Element (Matrix) - decentralized network, various apps to choose from, no phone required.
Another alternative but without (video) calls would be using some email app like Delta Chat or Mailtime for instant messaging, that would require no signing up for new service, I like the idea, though I guess messages would be quite slow.
Btw. Messenger and Skype (Lite) supports SMS, so since you use Messenger anyway you could ditch SMS app and Signal after they remove SMS, if you wanna keep more IM apps than having everyone on Whatsapp.
maybe now that signal is switching off SMS it can implement user handles that people can share instead of their number. once they do i'll give it a try
on this paper: https://nebuchadnezzar-megolm.github.io/
Worth reading the response from Matrix as well (https://matrix.org/blog/category/security).
My first reactions are to wonder how many of these issues are associated with federated (as opposed to fundamentally decentralized) group chat in general. Matrix seems to be taking the position that some of these issues ultimately relate to trust vs lack thereof in the homeserver as a bottleneck.
I also wondered if there was a good security model for federated or decentralized group chat at all at the moment. I can't remember offhand if Briar was adding groups or not, but that's not federated.
The only practical issue raised by https://nebuchadnezzar-megolm.github.io/ which we didn’t already fix is the question over whether servers or clients should control group membership. Our position is that it’s okay for the server to control it as long as clients are warned if malicious users/devices are added. Fixing it properly is Hard: for instance, if you are chatting in a room and it turns out that a remote user kicked another remote user, but the kick was delayed in reaching you, you could keep chatting away encrypting messages for a user who is no longer in the room and theoretically should not be receiving them. Is this a security flaw? Or is this just how causality works? So we’re dealing with problems similar to that; hopefully we will be able to switch to client controlled membership by end of year.
tptacek’s derision is not very constructive.
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-en...
Matrix can't even load 100 old messages properly with E2EE enabled in a room. Signal can't even handle scale when it comes to chat groups and communities. There's no anonymity in both either as Signal doesn't even allow you to hide your phone number and Matrix leaks your metadata to all involved participants like crazy.
Telegram doesn't use E2EE but the privacy and security are in no way compromised.
The whole fuss about "They can read your messages" holds a very negative assumption in the first place about them reading it and then also assumes everybody's threat model involves inferior UX of managing chat backups like WhatsApp just to keep messages away from cloud.
Just take a look at your threat model and decide what you want, not everybody wants an E2E encrypted chat app because we know the compromises that we have to make with E2EE and I'd rather have my chats on cloud encryption than my local device, considering how many features Telegram allows me to have with cloud sync.
Oh, no, please! What I want is the other way around: turning Signal into Telegram, i.e. keep bolting features onto Signal until it has feature parity with Telegram, or even what Telegram did five years ago. That would be a dream.
I disagree that e2ee can fundamentally not deliver Telegram's experience, at least not far off. It may need more local processing and indexing (storage), but generally it's all possible. It's just a ton of work that Telegram has sunk many millions into and will cost even more to do securely.
What you are absolutely wrong about, however, is claiming that it's all the same.
> Telegram doesn't use E2EE but the privacy and security are in no way compromised.
There are various scenarios in which your data on Signal is safe in ways that it is not on Telegram, and more actors can see your data on Telegram than on Signal. Thus, both security and privacy are impacted. That much is plain as day. Whether that is worth the trade-off, is up to you.
It's fine to have opinions and a conversation about whether the whole e2ee concept is silly, but please don't give your friends and family false senses of what the practical impact is for privacy and security when choosing these trade-offs by saying it's all just as safe and identical.