Signal/Telegram Discussions

I think that email today is outdated. With services like Signal and Telegram existing, for most people they can serve the same functions, attachments, etc... I would like to see the day I am able to correspond with my bank and other services through telegram or Signal. One service sends notifications to my telegram account. I wish more would follow suit.

 

I do hope my bank will never ask me to correspond with them via such "services".

 

Messages on Signal or Telegram are not "durable medium". They may be a way to correspond with bank, but documents such as agreements are required to be provided on a durable medium. Email is a "durable medium" while Signal messages aren't.

 

+1
And, of course, it will never happen, so no need to worry about this alternative.

 

""such" Services"? You speak about them as if they were taboo. Regardless, it should remain optional of course.

 

Why?

Because they'd only do that after things had totally gone into the [bad place]?

 

Simply because I don't trust such "services". I may use them to invite friends over for a drink, but it would never occur to me to use them for the transfer of banking data.

 

Signal is used by government officials throughout the entire world. Its code is open source and available here for peer review. It has stood the test of time. I believe Telegram to be private as well.

 

When it comes to really sensitive data, I doubt government officials send them via such "services".

 

Banks just use HTTPS, right? I'm pretty sure that Signal is far more secure than that. And if it isn't, many people have pwned hard.

I prefer Session, I think. It's a Signal fork with anonymous routing. And no links to such meatspace identifiers as phone numbers.

 

Unfortunately, it's not as private as Signal:

1. There is no end-to-end encryption by default (Cloud Chats). Only the communication between the clients and the Telegram server is encrypted. All data in those cloud chats are stored on their servers. Telegram says that that stored data is encrypted and not accessible by local engineers or intruders. But since their server infrastructure is not open-source, nobody can tell how reliable that is.
2. End-to-end encryption is only available if you deliberately chose Secret Chats. I'm sure that most users are not aware of that. And end-to-end encryption is not available for group chats at all.
3. Telegram uses their own MTProto protocol which has been criticized by experts several times. A security audit https://courses.csail.mit.edu/6.857/2017/project/19.pdf[plain] in 2017 for v. 1.0 revealed several serious weaknesses. They are said to be resolved in v. 2.0 but so far there is no audit for that version.

 

I trust Signal, but I don't trust Telegram and it's creator Pavel Durov. Here is why.

On the other hand I like email. It is decentralized. It is a lot more immune to outages and delivery failures than instant messengers. Instant messengers come and go, but e-mail is operating since the beginning of the Internet.
Copy of an email and logs are (unless you operate your own e-mail server) present on provider server. This decreases privacy, but at the same time it provides some evidence in some legal situations. These logs and ability to export from 3rd-party may be needed if bank breaks contract with its clients. You need evidence for the prosecutor and for the judges.

 

Yes, Session is nice. However, considering how difficult it is to convince people to switch from WhatsApp to even Signal, I seriously doubt that you will ever get a meaningful number of contacts in that messenger.

 

I trust him enough to not worry that he is going to be accessing my particular messages. Furthermore, you forgot to mention that the encryption key to each cloud chat session (the chats that are not e2ee) is divided across many servers in different countries.

 

Huh. About ten people contacted me via Session, after I posted my ID here and on HN. Including a couple old friends whom I'd lost contact with. So hey. One key advantage is availability on Linux, Windows, MacOS, Android and iOS.

 

I think

 

I said "I think" because it's new, and I haven't seen any reliable third-party assessments.

There is this: https://www.reddit.com/r/privacy/comments/f8ppyp/signal_vs_session_loki_messenger/

Many of the critics are ignorant (typical for reddit) and the Loki spokesperson does make good points.

Still, the Loki Foundation is Australian, and that makes me very nervous.

 

Including myself

Yes, sure. But you're mirimir - which means that people highly interested in privacy are motivated to use such tools like Session to be in contact with you.

But "ordinary" people? I've convinced relatively many friends to use Signal to stay in touch with me. But that does not mean that even one of them stopped using WhatsApp as they didn't want to lose contact with other friends. For most users convenience is more important than privacy, and Signal is convenient enough to use it. I doubt that I would have been able to convince them to use Session, though.

 

Yeah, but what they wrote here sounds calming.

 

Huh. I guess that I have been Mirimir for over eight years, and haven't been at all shy. Maybe that means it's time to disappear

It'd be a huge pain for me to use Signal. I'd have to get some fake number that they'd accept. And then I'd worry about how secure that was.

With Session, I just installed the app, created an account, and that was it.

 

Yes, I read that. But I'm still nervous, because their defense relies on adversaries respecting laws, constitutional rights, and stuff like that.

I'd be more comfortable if they simply weren't findable.

 

Usernames are coming to Signal.

 

Get a pre-activated SIM card from UK on ebay. You do not need to provide any details to the provider, it lands preactivated and suitable to receive SMS anywhere. Register with it in Signal and you are good to go.
Nevertheless, at some point you would have to share your "anonymous" number if you want to chat with someone, so you are back to the start

 

That requires a meatspace address. Which Mirimir does not have.

Then someone with access to both Ebay and Signal data could know the meatspace address for that SIM number.

 

And 4. Telegram saves your contacts list (not only phone numbers, but also full names) on their servers.
Imo Telegram should be considered snake oil, and definitely not categorized as a secure/private messenger.