Group Video Calls(telegram.org) |
Group Video Calls(telegram.org) |
That being said, WhatsApp is like the authorized garage where you know that you'll get the service which is officially recognized (by the government) and will keep your car's value "at its best", but which screws you over in so many ways.
Everything else is somewhere in between these two platforms.
It seems like whenever telegram is brought up here, there's a lot of speculation about it not being trustworthy but no concrete evidence.
The client is open source. While not end to end encrypted by default, it shares that property with most messengers. E2E limits search-ability and other features so it's a tradeoff.
I have to wonder if part of why this is mostly brought up is due to the origin of the app being a group with a Russian nationality. That's pretty sad.
The app is damn good. The best messenger app I've used - much better than signal. I'm so disappointed by this attitude.
How does everything which has its origins in US is touched up with fairy duust while anything that may have a remote link with Russia is garbage?
Signal is garbage. They are riding on the coattails of marketing (and that's what investment money does)
Also, the evidence that it's not end to end encrypted by default for many operations is out in the open.
I think it has more to do with the fact that there is no known reason for the organisation behind Telegram to provide it. It doesn’t make money from users, it has large operating and development costs, it keeps access to a lot of personal data without regulation, it is not a non-profit funded by donations and being open about their operation…
So most realistic hypotheses about that organization is that it’s shady. There are very few other possible explanations.
But people are deluded that it's as private as Signal or Matrix, which is laughable.
Nginx is currently at 1.21.0
Why wouldn't you care about your load balancer being so outdated? That's over 15 years.
There could be an explanation for this, but I'd have to put some unnecessary trust into it before I get the valid explanation. It is http and no https is offered on that server, which probably indicates that there's no need for TLS, that the communication is secure enough for it not to rely on TLS. But anyway...
This is a weird way to respond to someone using a metaphor to describe how an app makes them feel.
I use an iPhone for iOS development and as a backup phone, I use Android as a daily driver - WhatsApp couldn't sync history when I broke my phone twice in a year and had to switch to iPhone. And I prefer using a desktop app over mobile one, if my phone dies I can still use telegram desktop (this was useful a few times I left my phone in the car and wife drove off with it, I could keep using telegram to message her, my only other option would be messenger at that point).
I don't mind privacy implications of my random chats being read by telegram.
I think a decent compromise would be just enabling it by default for private group chats, since it'd be costly and pretty pointless for public ones.
End-to-end encrypted group chats are currently in the works.
Source - https://t.me/durovschat/518625
We used to have them in Hungary. I miss them. "Szaki"
And when comparing Telegram and Whatsapp shady-wise, only one of them has obvious many reasons to track you as much as technically and legally possible.
And when it comes to app performance, UX and ease of use - Telegram beats all others with a huge margin.
Privacy controls on voice/video calling, restrictions on who can add me to groups and so on. Intelligent cache without looming storage limits on my device. Efficient application that doesn't drain battery. Cross platform client that even works in modern browser and remains in perfect sync.
I wonder why you are forgetting the virtues and only focused on the "shady aspects".
the missing piece seems to be the type of car.
if i put down a years income for a new car, the 'authorized garage' has it's perks because the value of holesome repairs is probably greater than the cost.
if on the other hand one has a ten year old, used car, which main purpose is a means of transport, that greasy, dusty garage, were the mechanic will let you know that there was only one screw missing and charges you a few bucks is golden.
Facebook derives valuable data about you through WhatsApp in three channels:
- analyzing the content of your discussions before they get encrypted and sent,
- the app acts like a Trojan horse into you smartphone. It collects data such as your device model, geolocation, contacts, text messages with all activation/verification texts from third parties, the list of apps you installed, when you wake up or go to bed, when you sleep or do other things in bed (thank you gyroscopic sensors), etc.
- Through the correlation of real-time data collected from other smartphones, Facebook also acquires who you met, spend time with, where and when.
As you can see, you don't get end to end encryption for philanthropic reasons but because that's simply not where the money is and that's what gullible customers ask for.
end to end encryption is like when you get offered tap water at the restaurant: for many customers, it provides then with a feeling of self satisfaction.
But it doesn't improve the quality of the food at all...
Hope I brought some light in the topic :)
[1] https://wikipedia.org/wiki/May_2019_Jakarta_protests_and_rio...
If you’re not willing to sacrifice too much UX for privacy, it kicks the pants off of a lot alternatives while still, ostensibly, not being the worst offender privacy-wise.
Related regarding feature deployment: I got some negative feedback for dumping on Matrix for announcing Spaces without iOS client support. They should have waited until Element had all their major platforms covered before announcing it. It's maybe an unpopular take but when around 40% of my homeserver's users can't use a major feature, that's a shitty rollout.
It's just incredibly scary not to know anything about who these developers are, where they are located and most importantly how this is all financed!
I understand Pavel Durov is a very wealthy man, but developing and hosting a popular global messenger service can't be cheap.
On desktop* there is no e2ee even among the options.
* where "desktop" includes GNU/Linux phones.
200,000 users for group chat. Unlimited users for voice chat (like clubhouse). 30 users for group video calling. That limit will be increased later. Flawless sync across platforms. Secret chats - the e2ee chats self-destruct between users and stay on the device where it has been initiated. Robust third party clients-that add more functionality to the official app. (I use Utyagram; Plus is another popular mod, but is closed source). Unlimited users for channels - that work as broadcast lists. The lists goes on and on.
Is this supposed to be a feature? Telegram themselves claim that this inability to backup chats is at least part of why they don't enable E2EE before mentioning that it allows users choice over data storage, which seems silly in the face of apps that allow for encrypted backups of E2EE messages. [1]
Signal backups are obviously E2EE and can be moved between devices by copying an encrypted blob or directly transferring over Wi-Fi, depending on your platform.
Meanwhile, on Telegram if I reinstall the app all of these chats are gone. If I change phones and posess both devices concurrently, there's still no official way to move chat histories. E2EE feels like a crippled afterthought on Telegram considering so many of the interesting Telegram chat features (or just backups/transfers) don't seem to work with it.
[1] https://telegram.org/faq#q-why-not-just-make-all-chats-39sec...
The UI also looks like it was made by a intern who just learned how to use Android Studio, not like something new and cool. The actual text "Telegram" and a magnifying glass button instead of a search bar, hamburger menu instead of your own profile pic, no big fat QR scan icon, ...
2) hamburger menu is right here. the avatar-as-menu implies account details. the menu presented instead makes sense and has the stuff you'd expect.
3) magnifying bar makes sense since the real estate saved is used for useful information
4) there is a big fat qr scan icon. it's just not "first page material", which is the correct decision here. if abd when you need it, telegram tells you where to find it.
In any case, you are entitled to your assessment. I just completely disagree with it.
Why do you need your profile instead of a menu? Why a QR icon? Why a search bar?
Those are very minor things on an app that functions extremely well.
At this point Telegram is unrivalled and already has almost everything that WhatApp has, except for E2EE turned on by default.
When you go into Clubhouse you know you're in Clubhouse. They don't need to write "Clubhouse" at the top of the app. There are no generic buttons such as hamburger buttons. It's obvious which account you're logged into just by looking at the icon at the top right. Almost every use has a profile pic. There is attention to negative space and typography.
A medical emergency in the family and I was back on WhatsApp in a second.
Signal kept crashing, remained full of UI bugs (the kind I just couldn’t believe is there has been there for months and years; yeah the simple and silly ones), functionality bugs, slightly better than barely useable calling, delayed messages, broken notifications, extremely frustrating and broken encryption key update even when there was no such actual update — while the foundation kept giving us new emojis/stickers and worked on crypto. Nice gesture I reckon. And yeah, still a closed garden.
No opinion really. It’s just how it is. I use Apple’s phone and computer which is proprietary and closed garden by design, effort, and lobbying. Who am I kidding.
So no, I’m not going to say Telegram is shady. Maybe it is but so are others. Maybe not Signal (or is it?). It’s just that Telegram is far from being the personal messaging/communication app, at least around me. It’s an extension of other online communities like subreddits. Discord is eating into that share anyway. It’s used for apartment groups. COVID update channels (especially in India where very high up offices still have public Gmail IDs) and all that. Oh, they do have literally the best mobile and desktop apps among its peers. By many miles.
// Unless I am not aware of any recent change, I tested this last month and don't see any related update ever since.
Which is not the same, and actually, for me is not useful at all. The main difference is that a "chat" does not ring the other participants' phones, which is a must for me to "call" my family either voice or video. You must first tell them through chat that you will create a voice or video room/chat. For 1-on-1 it does have calls, as it rings. For groups, it does not.
Documentation I mentioned: https://core.telegram.org/api/end-to-end/video-calls
I was once banned from the service for playing around with very old clients and had a back and forth with them over email for a week or so (it was re-enabled and they apologized for the inconvenience). They are prickly and refuse to give any details over how data is managed.
"Secret" groups are in the works, I believe
Building a chat service with server-side chat history but without E2EE is like building a car with very nice headlights that doesn't actually move.
Kudos to Telegram team!
That said, who knows who has access to Telegram servers.
It's not open source backend or customizable. But it's probably the most libertarian/freest one from the closed source solutions, that won't kick you off, and the software is very good.
We could consider integrating with them (for example, instead of connecting your mobile via sms, you could connect your telegram and then receive notifications there from some FTL bot).
PROBLEM
Still, of course, keep in mind it's a closed source and proprietary backend:
https://yalantis.com/blog/whats-wrong-telegram-open-api/
If you want an open source network to power "Web 2.0" communities, there aren't many good solutions. Diaspora, Matrix, Mastodon, Inrupt, etc. are just not on the same level as Telegram for regular users.
For Web 1.0 we have Wordpress, which powers 40% of all websites in the world now. But somehow for Web 2.0 there are no good alternatives, so all our public discourse is taking place on privately owned platforms, and now the US government has put out bills seeking to break up big tech. How about trying a more libertarian solution first: open source.
SOLUTION
We've been building something for the last 10 years, and giving it away as open source: https://github.com/Qbix
Here is a demo that we did for Yang's campaign two years ago, and kept it around as a demo, it has payments, video, etc. also but it uses open Web standards like WebRTC and WebPayments to do so, and it's completely open source: https://yang2020.app
PS
Web 3.0 is value transfer and programmable smart contracts, e.g. Ethereum web3 l9brary, etc. That happens to be radically open source (just like Web 1.0) because (for now) these blockhains and the code they run are all public, and you are encouraged to verify your smart contracts on EtherScan, etc.
It's refreshing to see original thoughts in illustration.
Teams takes 500MB of ram and pegs a quad-core cpu to 70% to updates some smileys
Or are you deliberately spreading unsubstantiated claims?
That's not a metaphor, though.
https://support.signal.org/hc/en-us/articles/360007059752-Ba...
Durov mentioned they've been working on group "secret" chats. Secret is just another term for end-to-end encryption in telegram.
There's no point to encrypting public group chats. There's a ton of point to encrypting private group chats. They should support it for private chats and it should be the default. Or, better, there should be no way to disable it, even.
Using Whatsapp is like sending a locked chest to your friend and a copy thereof + a copy of the key to unlock it to a warehouse. Government employees and warehouse workers can enter the warehouse at will, use the key to open your chest, and copy everything too.
Nice lock.
Works on web, macOS, Windows, Linux, iOS, and Android and already looks promising to be the diamond standard of chat software and compete against the alternatives.
Impressive piece of extremely high quality software so rare in this software industry.
Thanks for the rec.
Long run it's a problem, but until I have a app at the same risk/feature sweet spot I don't mind the downsides of telegram.
(Edited cause I am utterly unable to spell)
Basically any western country can be secretly ordered to turn over all my information on the flimsiest of reasons, if it’s not already just intercepted through Five Eyes style arrangements.
The chances of Russia volunteering to share my chat history with anyone that could actually impact my day to day life is pretty much nil, and I’m certainly not interesting to anyone in their sphere.
Likewise. I'd like FSB to know what I did in the last one hour. I wonder if they really find it interesting to pursue me.
It's just not a red flag. It's a minefield.
2. Notifications in one platform is weird for me.
3. Video quality is extremely bad to the extent of unusable.
4. Completely agree with the lack of settings whether other users with my number can text/call me on Signal.
Most popular apps don't use native design but rather artistically always a step ahead of native. Think of e.g. the Airbnb, Uber, Slack, Discord, Instagram apps.
If Instagram or Airbnb used native iOS/Android design they'd lose users pretty quickly IMO.
Drag and drop, text inputs, selections, UI elements, keyboard shortcuts, state preservation – none of those worked as they should. I would accept a divergence for a legitimate improvement, but it's just system-wide basic functionality missing.
All of that works correctly in Telegram. There is great value in adhering to the system conventions, design, and using native elements – it's fairly clear what is supposed to be what, a good chunk of the time, and there is minimal context switching as I use other native apps.
Those are services.. where would people go to replace Instagram? Twitter? Airbnb, what other big service has brand mindshare that people know about for fly-by-night unregulated sleeping accomodations?
I don't think iOS/Android design would cause them to lose or gain users.
Uber and Slack look nice but they're rather slow. After a week, the "looks nice" part ceases to matter and all that's left is the annoyance of waiting 200ms-1000ms between every action.
Not being on by default has an impact on other things, that the users value more. If they were on by default, they would lose it and Telegram would lose part of its appeal. This way, users themselves can choose the trade-off they are happy with.
Privacy is a human right; it shouldn't be part of any "trade-off", just like you can't sell yourself into slavery, even if you really wanted to.
Yet, there we are. People value that other functionality more. You may not like it, but that's how they are.
> Privacy is a human right; it shouldn't be part of any "trade-off", just like you can't sell yourself into slavery, even if you really wanted to.
You are now off the rails. The problem with the trade-offs is not social.
"Telegram is not E2EE" is factually incorrect.
WhatsApp has E2EE however it ships your private keys to cloud storage by default. So it's even less secure than Telegram.
Desktop apps are not the ones where you create Telegram account; you only authorize them.
For another example, Threema, which is E2EE by default, doesn't allow more than one device with the account (to use multiple devices, you must create several accounts, one for each device and link them, and then basically any chat is a group chat. For desktop use, the web client uses webrtc to talk to your device to use it as a proxy).
1. I was able to use telegram without using the smartphone app at first, I just needed a phone number to register on desktop
2. The MacOS desktop app supports E2EE
3. Some third party desktop apps support E2EE
4. Signal has synced E2EE that works on both desktop and smartphone (And so does Matrix)
2. Which one? There are several and the one I'm running (the official one; brew cask telegram-desktop) does not.
3. They are third party and if it doesn't work nicely or has missing functionality ("why are not my chats from other devices there?"), Telegram devs can still point fingers that's not the official client and should be discussed with the third party developers. Ultimately, they will find out why the original Telegram doesn't do it.
4. Signal doesn't do cloud messages as Telegram does. You might have noticed that functionality like that makes Telegram much more popular among normal users.
Aren't disappearing messages a feature of secret chats? If my understanding is correct here, these messages are not backed up to the cloud. Rather they are stored within your device. That's precisely why e2ee synced chats are not available.
You are correct about their secret chats. The secret chats limitations (inability to sync) actually encourage destroying and recreating sessions when needed vs Signal that is intended for longer synched sessions. Not having to worry about those sessions syncing to a system you may not be in front of is also a benefit.
Automatically disappearing messages are only available in "secret" chats and those are end-to-end encrypted.
With gdpr, you can at least download all the data they have collected about you. Have you verified your Trojan horse claim?
> WhatsApp still won't be able to access any of your communications or share them with Facebook. Meanwhile, WhatsApp will be able to share user account information like your phone number, logs of how long and how often you use WhatsApp, device identifiers, IP addresses, and other details about your device with Facebook. Plus, WhatsApp can share transaction and payment data, cookies, and location information with Facebook if you grant permission. All of which has been true since 2016.
More is detailed in the WhatsApp privacy policy [1] (emphasis mine):
> We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services (including when you interact with a business), and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports. This also includes information about when you registered to use our Services; the features you use like our messaging, calling, Status, groups (including group name, group picture, group description), payments or business features; profile photo, "about" information; whether you are online, when you last used our Services (your "last seen"); and when you last updated your "about" information.
I suspect nokya was exaggerating somewhat, but only somewhat.
[0]: https://www.wired.com/story/whatsapp-privacy-policy-facebook...
I don’t believe this is correct: They may only have to provide data they “control” (in the GDPR-sense of the word; see Art.15,3)
If they merely downloaded it for processing into market segments or even just generated high-value marketing segments directly on the device, they would only have to and be able to give you the list of those segments, and maybe explain broadly that they learned this from “on-line activity”.
If they do exfiltrate everything, they could hold this data for “legitimate interests” such as for lawful intercept, fraud detection, or disaster recovery. If it is not a “normal” business practice to access[1] it they may not be required to reveal that they have it.
Note I am not verifying that Facebook does these things only what my understanding of their obligations are under the GDPR. This does not constitute legal advice, I am not your lawyer, and so on.
[1]: FB’s normal business is selling ads and they don’t typically let ad sales or traffickers access this raw data directly.
1. You only get the data you provided to the service, not the data they derived from your use of the service. Incidentally, this second data set can be as much critical when shared to third parties.
2. You only get the data they kept about you, not the data that resulted from the various transfers to their partner companies and which was thereafter correlated with other databases.
These two sets of data are about the user, but the user never gets to see it, unless it is explicitly requested to the partner companies.
Thanks Trojan horse GDPR.
They've started syncing notification settings, so I can either have both my laptop and my phone beeping or none. Combine that with working within a small team that primarily uses Signal and it's absolutely terrible.
Leave them off and you'll miss something important. Leave them on and my phone beeps after work hours. And since there's nothing in between pausing them for 8h or 1 day, I forget to turn them on in the morning.
Went from never needing to touch those settings to having to change them at least 5x every fucking work day.
But the features I've seen since growth are: 1) group call (which happened during early growth), 2) screen share on desktop, 3) color hinting in chats removed (which now results me in messaging several people I didn't intend to because I've been trained for years to rely on colors for hinting and it takes longer to untrain users. Thank god delete exists...) 4) mobile coin.
I'm still waiting on 1) usernames 2) channels 3) easy access to community based stickers (or just an official repository!). Things that I don't care about but the community does: 1) backup of messages 2) transferring messages between phones. Honestly after these two things a lot of other stuff is "cool." But these make it more usable. A 20 minute interaction with Signal users outside the community forums will illustrate how important these things are to people (the community forums have a real group think that's a big disconnect from what most users want). I'm all for more UX devs and making the app prettier, but it's no longer "early 2021" and we still don't have them (and have been waiting for years). It feels like there's a larger disconnect between devs and us users than there was in the past. People wouldn't throw a fit about MOB if the rest of the platform was moving along steadily and would probably be treated as "cool, but I'm not going to use it and have reservations." I'd welcome cool stuff like that, or noise canceling (featured in this update), or any other stuff if the rest of the platform was moving along.
I'm losing faith in Signal. I fought so hard to get my friends on board (years!) and now that we have critical mass it feels things have slowed instead of accelerated. It isn't just us "hackers" and privacy conscious people anymore. To the devs reading this: I love you and appreciate the work you do, but help us out here. We don't understand why these weird decisions are being made and they feel like step backwards instead of forward.
My android phone has a global "do not disturb" feature for notifications, so I'm not disturbed during sleeping hours. Can you use that?
> during sleeping hours
There's an important difference there. I think the GP wants their phone to keep working when they're off work -- including giving them notifications in other apps, for personal conversations.
For the exaggeration, I would happily answer but I would need to know on which access you felt I exaggerated (except the fact I did not know Apple kept this list only to itself and friends). The data categories I mentioned are quite straightforward and not specifically obtained by WhatsApp only.
I've once listened to a presentation given by someone from the company behind AdBlock Plus. They were explaining their (back then) new "Acceptable Ads" program and how an overwhelming amount of users chose to let the program enabled.
They even had a pie chart showing over 90% participation in the acceptable ads program and interpreted it as user choice. ("That's how they are")
After the presentation I asked whether they've tested how many users actively enable Acceptable Ads participation in the settings if it's off by default. To noones surprise they did not run such a test.
Not changing the defaults should not be interpreted as user choice if the same settings end-state is not reproducible with other defaults.
Usually any default, no matter how hostile, stays set. The reality is that users can be nudged easily and rarely ever change any settings at all.
This is about that one functionality being mutually exclusive with other functionality. If you enable E2EE, you disable cloud sync/history, multi-device use, message forwarding, etc. In normal use, users want the latter and if they need the secret chat, it is available.
In your example with Adblock Plus, there was no trade-off (to the user; there obviously was for the company). With Telegram, there is.
That is a design decision made by Telegram. My e2ee Signal and Matrix groups sync just fine across devices, preserve message history, allow message forwarding, etc.
Not enabeling those features is a nudge against using the e2ee-feature. Facebook Messenger does the same by crippling their encrypted chat experience.
The reason most people on WhatsApp enable unencrypted cloud backups is not because they really desire their message history to be leaked to Google/Apple but because they get occasionally nudged by a popup to enable it.
Those nudges work. It does not matter whether it's a good or a bad action they nudge to make one central assumption about them: settings should not be interpreted as user choice if the results aren't tested against complementary nudges.
Signal does it relatively right; but the nuances are difficult to explain. Even here, on HN, it is difficult to explain the Telegram's tradeoffs, how would you explain that to common users?
> it is difficult to explain the Telegram's tradeoffs, how would you explain that to common users?
I think that serves as an additional indicator for the trade-off decision not being a conscious user choice.
I'm not sure many people would opt for unencrypted chat even if they fully understood those particular multi-device limitations you described.