this post was submitted on 29 Jan 2025
112 points (97.5% liked)

Asklemmy

44615 readers
985 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
mekhos@lemmy.ml
tmpod@lemmy.pt
14specks@lemmy.ml
112
What are the reasons to use Signal over Telegram (lemmy.ml)
submitted 2 days ago* (last edited 2 days ago) by doomsdayrs@lemmy.ml to c/asklemmy@lemmy.ml
127 comments fedilink hide all child comments
 

Greetings!

A friend of mine wants to be more secure and private in light of recent events in the USA.

They originally told me they were going to use telegram, in which I explained how Telegram is considered compromised, and Signal is far more secure to use.

But they want more detailed explanations then what I provided verbally. Please help me explain things better to them! โœจ

I am going to forward this thread to them, so they can see all your responses! And if you can, please cite!

Thank you! โœจ

you are viewing a single comment's thread
view the rest of the comments
[โ€“] 9tr6gyp3@lemmy.world 19 points 2 days ago (2 children)

This entire article is guessing at hypothetical backdoors. Its like saying that AES is backdoored because the US government chose it as the standard defacto symmetrical encryption.

There is no proof that Signal has done anything nefarious at all.

[โ€“] dessalines@lemmy.ml 2 points 1 day ago (1 children)

There was also no proof that a ton of US companies were spying on their users, until the global surveillance disclosures. Crypto AG ran a honeypot that spied on communications between world leaders for > 40 years until it got exposed.

[โ€“] 9tr6gyp3@lemmy.world 4 points 1 day ago

Right but Signal has been audited by various security firms throughout its lifetime, and each time they generally report back that this messenger has encryption locked down properly.

[โ€“] juli@lemmy.world 3 points 1 day ago (2 children)

This entire article is guessing at hypothetical backdoors. Its like saying that AES is backdoored because the US government chose it as the standard defacto symmetrical encryption.

There is no proof that Signal has done anything nefarious at all.

As an outsider, I mean isn't that the same for news coverage for chinese/russian backdoors, but everyone believes it without any proof.

Why is US company being a US honeypot a big surprise, and its government recommending it not a big red flag? but it is when China recommends wechat? Can't we be critical and suspicious of both authoritarian countries?

Do you have access to Signal servers to verify your claims by any chance? Afaik their servers are running modified codebase, and third party apps cannot use them. So how do you claim anything that goes behind closed doors at all? Genuinel curious.

[โ€“] patatahooligan@lemmy.world 2 points 1 day ago

Do you have access to Signal servers to verify your claims by any chance?

That's not how it works. The signal protocol is designed in a way that the server can't have access to your message contents if the client encrypts them properly. You're supposed to assume the server might be compromised at any time. The parts you actually need to verify for safe communication are:

  • the code running on your device
  • the public key of your intended recipient
[โ€“] 9tr6gyp3@lemmy.world 2 points 1 day ago

Being critical is good, and we should always hold them accountable for our security. We can look to third party audits for help with that.

https://community.signalusers.org/t/overview-of-third-party-security-audits/13243