← Back to context

Comment by bilkow

8 years ago

That's not entirely true. While Telegram's "cloud chats" are not end-to-end encrypted by default, they're encrypted at rest. They claim that "all data is stored heavily encrypted and the encryption keys in each case are stored in several other DCs in different jurisdictions."[0] It's not even close to perfect, but it's also not everything that the government wants.

For me, the problem with Signal is based mainly moxie's position on the LibreSignal fork, which aimed to be a Google-Free version of signal, but moxie said he was not OK with LibreSignal using the Open Whisper Systems servers and the name "Signal".[1] I kind of understand his position, but that's not what I'd expect of the free software community and definitely not what I expect from someone who's in the middle of my communications.

In the end, the hope's in matrix.org. It supports end-to-end encryption, works without a number and is fully federated. Maybe someday Telegram and Signal can even federate with matrix.

[0] https://telegram.org/privacy#2-storing-data [1] https://github.com/LibreSignal/LibreSignal/issues/37#issueco...

5 comments

bilkow

Reply
kakarot  8 years ago

I think it's fair to not want a project whose quality you cannot control use your servers and your name to compete for users in a market whose focus should he keeping those users safe.

The issue with not encrypting in transit by default is that it makes profiling encrypted communications MUCH easier and can potentially defeat the purpose via the Streisand Effect.

Vinnl  8 years ago

Note that Signal supports Google-free itself now - I'm running it on AOSP without Google Play.

  • bilkow  8 years ago

    It may now support working on devices without Play Services, but being the same apk, Google's libraries are still inside the app. This way it's not entirely free and doesn't fit F-Droid's inclusion policy. (https://f-droid.org/en/docs/Inclusion_Policy/)

    • Vinnl  8 years ago

      Ah, I did not know that - thanks for clarifying. Does that mean that library code is still executed, or is it just "there"?

      (Oh, and worth noting: it has an integrated update checker, so not being in F-Droid is less of a problem.)

      1 reply →