Exploring the alternatives? Telegram, Signal, Element , ____?

Hi folks!

With the recent change in the privacy policy of whatsapp, there has been surge of articles, videos etc. around the the concern and towards suggestions of privacy-friendly IM alternatives (like Signal, Telegram and Element). ( Forbes, India Today , techradar, Indian Express, The print, Business Standard, NDTV, HT, Op - Hitesh, Blog - Now or …later! by Abhishek Gupta )

I think sharing vignettes based on our experience would help us develop a shared understanding of this complex theme. Some of the initial prompts which I thought would be interesting to discuss are,

• How is your experience of weighing the pros n cons of the various platform? Which criteria do you consider important while making your choice?
• What challenges you have experienced/are experiencing when it comes to adopting the alternative?
• Any thoughts on the potential implication of such policy changes on end-users?

Thanks!

Fortunately, this forum itself is a wonderful replacement for all public conversations, accessible through all devices without any installation. Though this forum also supports private chats with users also, there is no end-to-end-encryption.

For public conversations, why are we looking any further?

https://chatShaala.in/

My preference for private group chats will be a decentralized matrix model of communication. Element runs on most web browsers without any issue. It does not require users to have a prior identity through mobile or email. With one identity or multiple identities, we can participate in any number of private groups or personal conversations.

That’s great! So, this makes it harder to link the metadata to a specific profile making the experience more secure.

While reading about Signal, I came across few comments which mentioned that it binds the phone number to the keys. (Pls correct me if I misunderstood it.) Does it have any potential danger when it comes to privacy?

Also, I read this blog Signal >> Blog >> Looking back at how Signal works, as the world moves forward

The only Signal user data we have, and the only data the US government obtained as a result, was the date of account creation and the date of last use – not user messages, groups, contacts, profile information, or anything else

It does say that signal does not collect any data. Does this move of consciously NOT collecting data and making the application F/LOSS(both front end and back end open source) render it as a secure IM despite being a centralized architecture? Could there be any implication of this design leading to making it vulnerable to security threats ?

Random thoughts, but necessarily related to each other.

I see trusting software itself as a vulnerability. Most people discuss platforms. But there are many points in the journey of messages.

Your app may be secure, or not, but what about your computer or phone? And so on.

Generally security is about a payoff between the effort it takes to get into something vs the benefit of doing it. The harder it is to get in, the less likely. The less the value of the secured information, the less likely it is to be a target.

Nothing is absolutely secure, ever. Even systems with no known vulnerabilities cannot be complacent about being future proof.

With a high enough value, and hence enough resources thrown at breaching it, most things can be breached, which is how there are Intel leaks from the most secure of places.

Generally highest security would be among small offline groups where access is limited to very few, but obviously this is not relevant to social media/chat. And even this is no guarantee. Given enough value to the information, movements of people could be tracked to reveal networks (how spying works). And so on.

Only the truly paranoid are private with any notable assurance.

But for most casual purposes, mitigation may be adequate.

For example, applying updates diligently (will patch unintended vulnerabilities, won’t protect from govt/deliberate surveillance). Distributing information across different, perhaps competing providers. For eg, email with Google for casual purposes, less common and highly secure providers for important stuff (or better still, your own server), social media with fb, chat with other than whatsapp/Instagram (because same parent as fb), image sharing with flickr, Pinterest etc rather than Instagram and so on. (And turn notifications off, or Google gets it all)

Website hosting in another country from your own… Or physically hosting your own server…

Small sites such as this one will be less vulnerable to govt surveillance. On the other hand, admins and moderators knowing members and having full access can present risks from personal motivating.

Keeping phone numbers used for banking, tax or licences etc separate from ones used for social media…

Very often, there biggest risks come from humans, not code. Passwords that are easily guessed, installing apps and softwares with generous permissions to system resources, support staff with high access to user accounts and inadequate protocols to prevent conversational leaks of information (calling helpline to ask for use data, for example)…

Speaking of telegram and signal, etc, the fact that they go through effort to make policies with a view to protecting data is already a step in the right direction. WhatsApp learned it the hard way after this exodus and made hasty statements to reassure users that the data sharing only applied to business accounts. But trust is a fragile thing. And interacting with a business account can’t be ruled out if one is to keep using WhatsApp.

And so on.

Sorry if this destroys anyone’s sense of online safety, but online safety is mostly a myth.

Privacy, like any other right or freedom is one that must be exercised robustly to be strong.

No they cant figure out who is who until they get hold of the Signal server and all it’s messages and your private key. Private key is stored on your phone, which you encrypt with a pin/password. So after they get hold of your phone thay have to beat you up to get the pin. Far easier to just beat you up.

Yes. Opening both client and server allows proper code audit and hence build trust.
Centralisation means that a single compromise exposes all participants.
HOWEVER in this case private key is stored with you. Therefore only you can compromise your security. This is perfect for one to one. But in a group key management becomes a nightmare. Also each time you send to a group you are sending as many messages as there are members in the group, ie very bandwidth inefficient. Signal could in principle store a group message temporarily, send to all members then delete. But that would mean that anyone not online is likely to miss a message. (Note: I dont know how Signal is handling such things)

I am saying something tangential but very important in my opinion.

As most of us started using mobile applications for communicating with each other, both in groups and personally, most of what we write has become inaccessible for public archives and search engines to find the messages. So, we need to realize that we might not use Signal or Matrix unless the conversations are private in nature. This kind of communication when done on this forum, e.g. is archived for as long as Internet archives exist since these messages are published. This does not and should not happen while using Signal and Matrix.

Several people do not realize this, as a result, a lot of public and very useful knowledge construction happens on these private groups, while their purpose was to share and publish knowledge. However, their intention does not work, since these IMs are not meant for publishing conversations.

So, my suggestion is reduce the use of Matrix or Signal, unless it is for coordination of team work or discuss strategies etc, which you may not want to discuss in a public space. Make a good judgement about whether the message you are composing needs public space or private space.

Before CUBE migrated to instant messages, we used to discuss over mailing list. Please see the excellent archives of those engaging conversations:

http://gnowledge.org/pipermail/cube/

Notice the decrease of the size of each month. There are hardly any messages archived in public there. And the conversations that are happening in the IM applications cannot be published since we do not have consent. They are considered as private conversations. The same can be said of a number of FOSS mailing lists, which are dying this way. This is one reason why when we search for some technical help, we often land in https://stackoverflow.com , https://stackexchange.com or https://reddit.com and such forums. Previously when we searched for technical help, we always landed in some mailing list archive or the other. This is how smartphones killed excellent quality communications we used to enjoy over mailing lists.

This is part of digital literacy to know the difference between small groups, personal messages on one hand and public forums.

This platform is created to solve that problem. So, for all educational engagements use metastudio.org, instead of Telegram, Signal or Matrix, and certainly not WhatsApp. Use them only for private coordination with a small group of people.

MLs were so convenient. Threading provided proper context.

Found this for the group message handling mechanism. Signal >> Blog >> Private Group Messaging

Found this related to this thread!

If the concern of the user is just to use a platform that is privacy-respecting and offers robust features, Telegram seems like a really good choice since it offers great compatibility with different platforms and convenience through the cloud-stored database.

And telegram does support the trending “end-to-end” encryption through secret chats along with disappearing messages. Although the only concern about Telegram is its confidence in homegrown encryption MTProto, overlooking that Telegrams seems to be optimal for many purposes especially due to features like the ability to conduct polls and sharing uncompressed media and files.

One surprising thing about telegram’s secret chat is that it prevents screenshots, which is trivial to implement using android’s FLAG_SECURE, but if someone tries to circumvent screenshot protection by disabling it, telegram notifies the other user with a notification in the chat.

And, Signal isn’t really “privacy concerned” if it still uses phone numbers for not just creating an account, even to establish a chat which is almost slightly worse but opensource WhatsApp.(Even mimicking layout and functionality of WhatsApp and iMessage).
And signal fails at many concerns of future censorships like being blocked by a country’s government to force citizens to use less secure ways of communication.

Keeping these flaws in mind, the future is opensource,Libre software which is DECENTRALIZED.

Which brings us to softwares like Element and Jami.
Element decentralizes by giving the user the ability to choose between different servers like matrix.org. This is great but not “great enough” since it offers limited decentralization and an ultimately Element is a for-profit organization which might affect their decisions in the future. And for-profit organizations usually don’t adhere to their promises if they get acquired (like WhatsApp).

Jumping to Jami, it is a decentralized, peer to peer messaging service which is a Libre software by a GNU project distributed under a GPLv3 license. The peer to peer nature of Jami makes it probably the best and most secure and censorship-resistant messaging platform out there. Jami requires NO information while setting up an account and provides many features of modern chat apps including Unlimited file sharing

Conclusion:

Depending on the level of security required, there are various options available, But for a common citizen who just wants a messenger that “just works”, Telegram seems to provide a good balance between privacy, features, and security trade-off

Could you please elaborate on this ?

Based on this, their approach does seem to be privacy-centric.

what they are implying is that the platform is resistant against law enforcement agencies subpoenaing about user data backed by law.

One of the problems with WhatsApp and even Signal is you are obligated to share your contact number will ALL participants in a group. In a large group, you are forced to share your phone number as account identification.

Signal has a proxy to bypass censorship.

Great points

One of the elephants in the room is the convenience of phone numbers for most mobile users. Removing phone numbers from the picture loses most of the messaging crowd. While you might be able to convince close people to use something else to message you, most of your “third-party” interactions basically involve “is this your whatsapp number”. Unfortunately your third-party interactions are the mother lode of metadata that vulture-capitalist-funded advertising businesses remain after.

Another elephant in the room is the ubiquity of always-logged-in GMail users thanks to Android. I have seen people log in on Chrome at cybercafes and print shops and leave without logging out! The only reason many people use one thing other than a phone number online is Google’s clout.

As @Vidyut said, a mix of approaches would be good but would people go along is the question. I am also wary of “decentralized” stuff like Jami because the “decentralized directory” is centralized on Jami servers! Something like Secure Scuttlebutt is a little better, but nothing beats a “network of hubs” model where different people have “accounts” on different hubs and the hubs network among themselves. You may change your opinion of the hub your account is on and want to move to a different hub, but you would be dealing with known devils.

Public discourse should be on mailing lists that can be archived. I don’t see the difference between metastudio and stackoverflow, aren’t they both silos?

People need to get used to paying for online identity like they pay for phone numbers. Identity is currently either phone number or free e-mail address. Paying for e-mail hasn’t been a thing since Hotmail! Paying for messaging hasn’t been a thing ever. But perhaps more people will pay for a service that gives them a personal URL + an XMPP ID for messaging + e-mail hosting. quicksy.im has made an interesting start, with XMPP ID being phone number!

Cell phone service providers are uniquely positioned to provide authenticity to such a service. They can charge the subscriber for it (but not service users!), and it will be low overhead for them as it will just be for contact discoverability.