SIGNAL-TELEGRAM

14 réponses [Dernière contribution]
Erithacus Libre
Hors ligne
A rejoint: 09/03/2022

Hi guys,

Why is Telegram available on Synaptic Package Manager and not Signal even knowing that Signal has better privacy feature than Telegram?

Signal's individual messages are encrypted end-to-end by default, while Telegram's basic one-on-one chats are not.

Jorah Dawson
Hors ligne
A rejoint: 12/13/2020

Signal developers don't want their app to be redistributed:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842943
https://github.com/signalapp/libsignal-service-java/issues/50
https://forum.f-droid.org/t/signal-on-f-droid/13742

Besides, Signal has multiple closed source Google dependencies including Firebase Cloud Messaging (for notifications), Maps, Authentication and Wallet/Payments:
https://github.com/signalapp/Signal-Android/blob/main/app/build.gradle
https://github.com/signalapp/Signal-Android/search?q=%22com.google.android.gms.%22
https://github.com/signalapp/Signal-Android/search?q=%22com.google.firebase.%22

What is worse, the first time you install it on mobile it makes a connection to firebaseinstallations.googleapis.com. If you block it, it will crash. Moreover, many users reported that if you install their web .apk it forces you to complete a Google recaptcha, specially on ROMs without gapps.

On the other hand, Telegram client is fully free software (but not their servers, of course)
Unfortunately desktop TG has severe telemetry:
https://codeberg.org/shadow/SpywareWatchdog/issues/149
Maybe Firebase too?

Greetings.

Erithacus Libre
Hors ligne
A rejoint: 09/03/2022

Thanks Jorah Dawson,

I didnt know that. One of your links there people said (...) "use self-hosted (XMPP+OMEMO, Matrix) or p2p (Cwtch, toxchat) alternatives instead."

I guess in the end they are all the same and the best is to no having internet at all...
I wish to know what people here can tell about that Matrix , Cwtch or Toxchat.

I found the follwing site https://xmpp.org/software/clients/ either for GnuLinux or mobile phone.
I dont know if these software respect freedom or not. Need to see better.

Thanks again for your reply Jorah.
Best regards

Avron

I am a translator!

Hors ligne
A rejoint: 08/18/2020

In my opinion, XMPP is a good choice because there are free software clients:

  • in Trisquel (and most GNU/Linux distros): Gajim, Dino
  • in F-Droid repositories (for Replicant or any Android): Conversations, Blabber
  • for common non-free desktop OSs: Gajim
  • for iphone (Monal, Siskin IM), not as good but ok as others but ok

For self-hosting, Trisquel includes two possibilites: ejabberd and prosody. However, it requires a bit of configuration. The freedombox project provides a more user-friendly self-hosting solution, see https://www.freedombox.org. This is exclusively free software, but some hardware require some non-free software. If you use the "Pioneer", no non-free software is used.

This works well for XMPP but there is currently one important limitation: the XMPP server is configured so that it is not possible to send messages with attachments. There is ongoing work to make it possible, I hope it comes soon (but I cannot predict). Currently, I use external hosting but I will switch to self-hosting as soon as freedombox allows this.

I tried Matrix, it is good but:
- free software clients in Trisquel (nheko, quaternion) have limited functions and don't work so well
- I am not sure whether other clients are 100% free software
- it is more difficult to undertand what your client does
- hosting takes a lot more resources than XMPP

Jami is a good peer-to-peer free software solution, but it is work in progress. I am using it with a small group of motivated people, there are still many issues. I hope it becomes good-enough to use with anyone. Currently, I am promoting XMPP to all my contacts, but it is difficult to make people change their habits.

prospero
Hors ligne
A rejoint: 05/20/2022

In my experience, ejabberd is a breeze to configure, even more so for someone determined to use XMPP.

The wall I hit at the time was the last bit in your post: "make people change their habits."

Ignacio Agulló
Hors ligne
A rejoint: 07/30/2019

"F-Droid is notoriously poor when it comes to messaging apps"... and now
I understand why.

O 2023-02-03 20:53, escribiu:
> Signal developers don't want their app to be redistributed:(...)
>
> Besides, Signal has multiple closed source Google dependencies
> including Firebase Cloud Messaging (for notifications), Maps,
> Authentication and Wallet/Payments: (...)
>
> What is worse, the first time you install it on mobile it makes a
> connection to firebaseinstallations.googleapis.com. If you block it,
> it will crash. Moreover, installing their web .apk it forces you to
> complete a Google recaptcha if you use a ROM without gapps.

This is bad news.

> On the other hand, Telegram client is fully free software (but not
> their servers, of course)

My take on this is, Free Software Client + End to End Encrytion = Good
Enough.

You can't audit the Telegram Server software, but then you never really
know what a server outside your control is doing. Even if allegedly it
is Free Software, you cannot be sure that the particular server you are
using is not a modified version.

> Unfortunately desktop TG has severe telemetry:
> https://codeberg.org/shadow/SpywareWatchdog/issues/149

Ow. I use Telegram desktop from Trisquel, and I didn't know that. More
bad news.

I should change my stance: Free Software Client + End to End Encrytion +
Blocked Telemetry = Good Enough . For now, I will just stop using
Telegram Desktop.

I found the comment by azzqkztkwqvsegvj in that thread to be funny:

"It still connects to Telegram servers that may log device information,
IP addresses and chat content (if it's not a secret one)."

Yes... that's what using a messaging service means.

But if I keep reading I notice that azzqkztkwqvsegvj really has a point:
"So perhaps an even better solution is not to use Telegram at all and
use self-hosted (XMPP+OMEMO, Matrix) or p2p (Cwtch, toxchat)
alternatives instead.". If we all switched to self-hosted messaging
services, then the only ones handling a message would be the sender and
the receiver. But for that to be practical, we would need permanent
public IP addresses, and we aren't there yet. My public IP address
changes everytime I restart the router, and even if I decided to waste
electricity and keep the router always on the company has service
issues, at least one a month, so I wouldn't be able to keep the same
public IP for long.

Kind regards.

prospero
Hors ligne
A rejoint: 05/20/2022

Telegram simply kicked me out of my own account a couple of months ago by way of nonexistent user support. For unknown reasons, they would not send the account recovery code through sms, although this shows as an option on the desktop app. Good riddance.

We have been warned for a while about the inherent limitations of centralized communication systems, this was a typical example. On a larger scale, if some day the Telegram people decided they would rather go surfing for the rest of their life than maintain their servers, no more Telegram. Same goes for Signal, by the way.

There are XMPP server instances that are not too difficult to trust if you do not want or do not have the opportunity to get a static IP, especially using OMEMO. I believe disroot.org and nomagic.uk are offering XMPP services (ejabberd). At least you can audit ejabberd. I believe you can even talk to these people.

PublicLewdness
Hors ligne
A rejoint: 03/15/2020

Neither are good options for privacy as far as I am concerned. Telegram for obvious reasons of it being closed source on the server side as well as censorship issues. Signal isn't much better though. They have been caught not publishing their server side code in the past; requiring a phone number be tied to your account; and having their server based in the United States. Jami; Matrix; XMPP; or Session would all be better options for privacy in my eyes.

myself600
Hors ligne
A rejoint: 03/01/2023

Signal is not available via Ubuntu APT repositories which reflects to Trisquel.

On Android, there's Signal-FOSS, but it requires Google Apps to work properly: https://www.twinhelix.com/cgi-bin/forum.pl/signalfoss/1. I recommend Quicksy XMPP (Conversations is for more advanced users) on mobile, which works reliably provided you know how to disable aggressive battery saving (background app killer) on Android: https://dontkillmyapp.com/. On desktop (web browser), you can use Movim to interact with Quicksy. I've personally used Conversations for more than a year in the past so hopefully it should work.

sid
sid
Hors ligne
A rejoint: 02/09/2022

In addittion to the options discused above, you also have Briar which prospero mentioned in this thread https://trisquel.info/en/forum/beta-desktop-client-briar-has-been-found

Briar is not yet as mature as other messaging apps discused above and it does not yet support as many platforms as Signal and Telegram but I believe the devs are working hard to change that. You can currently download it for Android or get a beta version for Gnu-Linux or Windows. Hopefully it will be included in the official Trisquel repo somewhere in the future.

JC8
JC8
Hors ligne
A rejoint: 12/29/2020

Telegram clients are nowhere near to be free software and whoever claims it is has never tried compiling their clients from source.

You will need to provide a special key during compiling that only Telegram degelopers can grant, otherwise the client will never connect to Telegram servers, this is very much in practice breaking freedom 0 from GPLv3 and makes the license void, avoid Telegram.

I've never personally liked Signal either as they have their fair share of issues, though as far as i know, you can compile their client from source and get a working build at least, but I'd rather stick with something like Matrix or XMPP.

Ignacio Agulló
Hors ligne
A rejoint: 07/30/2019

O 2023-03-18 22:28, escribiu:
> Telegram is nowhere near to he free software and whoever claims it is
> has never tried compiling their clients from source.

I use the Telegram client from the F-Droid app store. F-Droid warns
that Telegram developers fail to release the source for every Telegram
client version, but F-Droid has this special version made available
exclusively from releases that include source code so it is guaranteeed
to be fully free. It has license GPL 2.0 or higher.

As for Telegram Desktop client, you can find it at GitHub, with license
GPL 3, so you can pull it and compile it yourself. Warning: People have
warned us in this very forum about its telemetry. Link:
https://github.com/telegramdesktop/tdesktop

Kind regards,
Ignacio Agulló.

JC8
JC8
Hors ligne
A rejoint: 12/29/2020

I'd like if you didn't completely ignore every single word of what i just said in my first comment.

None of that matters, FDroid has a release because they requested permission to Telegram devteam and were granted a key, a key that can be revoked at any given time and all clients distributed through FDroid will stop working, I think FDroid should be more transparent about that matter if they're not about it already. This can very much be considered a form of DRM which is against freedom 0 of GPL and therefore the license means nothing.

The client, regardless of whether for desktop of phone, requires those keys BEFORE compiling or the built client will simply not connect to their servers and be completely useless, the only reason i know this is because i tried compiling them by myself, and i discovered this whole mess that proves once again that Telegram is nothing more than a honeypot, and I can tell you did not try to compile them by yourself cause you would know this already if you did.

If you care about your privacy, I insist, do NOT use Telegram at all, regardless of what client you go for, regardless of where it is distributed, it is not free software and it's not private, even Whatsapp is more private than Telegram at this point, also don't divulge misinformation about Telegram clients being free software, please.

Sources:
https://core.telegram.org/api/obtaining_api_id
https://github.com/telegramdesktop/tdesktop/blob/dev/docs/building-linux.md
https://github.com/telegramdesktop/tdesktop/blob/dev/docs/api_credentials.md

Avron

I am a translator!

Hors ligne
A rejoint: 08/18/2020

About Telegram, F-Droid mentions another issue: "Creating new accounts in the FOSS version not possible anymore, you have to create an account in the official build and then login to the FOSS".

So even though Telegram did not revoke the key, they already have put restrictions on what the version from F-Droid can do, and they could put more restrictions at any time or just make that version not work anymore.

I suppose other free software communication apps (like signal) relying on a server that is not free software could do the same at any time.

Ignacio Agulló
Hors ligne
A rejoint: 07/30/2019

O 2023-04-02 11:30, escribiu:
> About Telegram, F-Droid mentions another issue: "Creating new accounts
> in the FOSS version not possible anymore, you have to create an
> account in the official build and then login to the FOSS".

Ouch. That sounds terrible.

I am checking the "Telegram" app at the F-Droid app store at the
moment. Current version is 9.3.3, released on 2023-01-17, I see the the
warning about server code being non-free, but I don't see that warning
about not being able to create new accounts.

I know from experience that the same app can be available in more
than one way (in fact, I remember finding the "Telegram FOSS" app not so
long ago) and that F-Droid filters the apps so only the ones that work
on your device are shown, so maybe we are seeing different apps at
F-Droid.

Kind regards,
Ignacio Agulló.