this post was submitted on 05 Mar 2024

98 points (95.4% liked)

The Signal messenger and protocol.

1646 readers

3 users here now

https://signal.org/

founded 4 years ago

MODERATORS

max@lemmy.ml

Usernames are now rolling out to everyone using Signal version 7.0! (mastodon.world)

submitted 8 months ago by celmit@lemmy.ca to c/signal@lemmy.ml

62 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

I know roughly what e2e for group chats implies and reasons why it’s not implemented everywhere asap

It's not implemented because it requires more resources and Telegram is too cheap to offer that. The same reason Telegram does not encrypt chat by default, but you have to actively choose secret chats. It's a way for Telegram to save money on server ressources. Both Signal and iMessage can provide e2e encryption for 1-1 messages and group messages and sync across devices.

Seems false as I didn’t find confirmations for that. All messages between iMessage clients are end-to-end, also groups, it has been so for years, it's not news. iMessage has other problems, mainly that the private key is synced in iCloud by default (you can turn this off), and that Apple save a bit too much meta data. So iMessage is not perfect. It is still better than Telegram. As you can see here https://security.apple.com/blog/imessage-pq3/ Telegram have not even implemented a post-quantum cryptographic protocol, both Signal and iMessage have that.

For now, I mainly use my PC, so not going to infect it with another electron app, or recommend it among friends

We can agree that the Signal desktop app is kind of clunky, and I do hope it gets better in the future. Telegram might provide some usability, but it's not much better than using Facebook, if your concern is privacy. Mainly because the lack of e2ee in default chats and group chats.

[–] rdri@lemmy.world 0 points 8 months ago* (last edited 8 months ago) (1 children)

because it requires more resources

Not just more. Exponentially more, if one is going to host the data on server.

Telegram is too cheap to offer that

It's dumb to call telegram cheap at this point. User base is too large and it handles it relatively well.

Signal, however, chose to not keep almost anything on servers, which mean it's literally cheap to serve, and it's very easy to call them cheap for not offering more features.

Telegram does not encrypt chat by default, but you have to actively choose secret chats

This is false. Again, "not using e2e" is not the same as "not encrypting".

Both Signal and iMessage can provide e2e encryption for 1-1 messages and group messages

Again, I have yet to see proofs of iMessage using e2e for group chats. Rather, things I read suggest the opposite.

but it's not much better than using Facebook, if your concern is privacy

Arguable due to many differences. But not going to waste our time on this. Though if your only concern is privacy better don't use the internet in the first place.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

It’s dumb to call telegram cheap at this point. User base is too large and it handles it relatively well.

Apple does it.

Again, I have yet to see proofs of iMessage using e2e for group chats. Rather, things I read suggest the opposite.

It's on iMessage wiki and on the first page that comes up when you Google it:

We designed iMessage to use end-to-end encryption, so there’s no way for Apple to decrypt the content of your conversations when they are in transit between devices. Attachments you send over iMessage (such as photos or videos) are encrypted so that no one but the sender and receiver(s) can access them. These encrypted attachments may be uploaded to Apple. To improve performance, your device may automatically upload attachments to Apple while you are composing an iMessage. If your message isn’t sent, the attachments are deleted from the server after 30 days. When a passcode or password is set on your iOS, iPadOS, visionOS, or watchOS device, stored messages are encrypted on your device so that they can’t be accessed unless the device has been unlocked.

https://www.apple.com/legal/privacy/data/en/messages/

But do you have sources that proof that Apple is lying?

Though if your only concern is privacy better don’t use the internet in the first place.

Nah, I will just use services that use e2e encryption for my private conversations. There are plenty of services that do that, not just Signal. But if you want to use a service that require access to your private conversations, you are free to do that. But why use a sketchy service with headquarters in Dubai that is like "trust us bro, we need access to your private conversations for totally legit technical cloud reasons, we totally wont look or share that information with anyone, pinky promise."

[–] rdri@lemmy.world 0 points 8 months ago (1 children)

It's on iMessage wiki

It doesn't say it works for group chats.

But do you have sources that proof that Apple is lying?

I got some complaints from people unable to leave conversations if they have less than 3 or 4 people, which suggests there are technical differences in how they work with many people. It's logical to suggest the switch from e2e to shared keys happens there.

Also no credible source suggests what you suggest

Also trusting apple is not a good thing in my book.

But why use a sketchy service with headquarters in Dubai that is like "trust us bro, we need access to your private conversations for totally legit technical cloud reasons, we totally wont look or share that information with anyone, pinky promise."

Apple is more sketchy for me lol.

You choose to rely on a service's promise that it doesn't host your data. I prefer relying on my experience which says dangers from individuals and conversations are more grave and more likely to be triggered than dangers from services those are being hosted on. I can't imagine anyone would benefit from spending time on reading or processing my conversations anyway. My messages can get long and it's not optimal for my devices to spend resources on constantly re-encrypting them for every chat member.

[–] DaseinPickle@leminal.space 1 points 8 months ago (1 children)

It doesn’t say it works for group chats. It says all messages send between iMessage users are end to end encrypted. That, of cause, also goes for group chats. It is only the Telegram marketing machine that act that group chats is some special edge case.

But if you must have it spelled out, here it is: https://support.apple.com/en-gb/guide/security/sec70e68c949/web

I got some complaints from people unable to leave conversations if they have less than 3 or 4 people, which suggests there are technical differences in how they work with many people. It’s logical to suggest the switch from e2e to shared keys happens there.

Now you are just making things up. Apple explicitly write in their documentation, that this is not the case. So again, you suggest they are lying without any proof.

You choose to rely on a service’s promise that it doesn’t host your data. I prefer relying on my experience which says dangers from individuals and conversations are more grave and more likely to be triggered than dangers from services those are being hosted on. I can’t imagine anyone would benefit from spending time on reading or processing my conversations anyway.

I see, you don't understand the nature of mass surveillance and surveillance capitalism. It's not really about individuals reading specific conversations..

[–] rdri@lemmy.world 0 points 8 months ago* (last edited 8 months ago)

It is only the Telegram marketing machine that act that group chats is some special edge case.

It is a case that doesn't fall into "end to end" definition by default because in group chats there are more than 2 ends. Any implementation of group chat like that would be structurally nonstandard.

But if you must have it spelled out, here it is:

Thanks.

Now you are just making things up.

Just google "can't leave group chat" or something.

I see, you don't understand the nature of mass surveillance and surveillance capitalism. It's not really about individuals reading specific conversations..

It is exactly about that, otherwise I don't see why would anyone care. Having grown up under a police state regime I live under assumption that the surveillance is everywhere anyway. Don't mind feeding surveillance capitalists with my messages, knowing how many options I have to make them choke. I know that if someone wants to cause me any problems, neither Telegram nor Signal would prevent that.