Comment by joel35
3 years ago
With Signal moving away from SMS, the required messaging app stack on my phone just to be able to receive everything sent do me will have to be:
- Signal -> Close friends & family I've convinced to use it.
- WhatsApp -> Most of my friends.
- SMS -> School notifications, 2FA, shipping updates, etc.
- Facebook Messenger -> Elderly relatives
- Telegram -> That one relative who wants to use this instead of Signal.
Is there a consolidated messaging app that the HN community recommends?
I can't be the only one suffering from messenger bloat.
I never understood Telegram. It's insecure by default, runs in a different jurisdiction. It's not even anonymous
But somehow people started using it because it was "more secure" than whatsapp.
> I never understood Telegram.
Telegram has amazing user experience. It's available for any platform, the messages are always backed up, the apps are high quality and responsive and they have great features for group messaging and group organization. They even give you a library you can build your own Telegram client with.
It's *great to use* - something that Signal people never prioritized and always rather pushed their sometimes horrible preferences down peoples throats.
Different jurisdiction to what? :)
My UK-based employer seems nonchalant about expecting me to agree to be subject to the laws and courts of California in order to receive internal company newsletters delivered via a 3rd party.
While I agree this is harmful to the user (or unpatriotic, if you prefer), it's extremely common thanks to the state of the global economy since the 1980s.
I'd wager that 99% of people in the UK would now be unable to contact their friends and family without relying on at least 1 large U.S. company.
Signal was late to market, and as much as I hate this in principle, it is unfortunate state of things.
Whatsapp has caught internationally but it's Facebook and its desktop app is a crashing dumpster fire.
Viber is another popular app, but has too many ads and visual noise.
Telegram has caught on as a good alternative for all, because it does everything good. Apps are functional, fast and stable. Interface is clean. Also Telegram channels were genius idea to increasing market penetration. Nowadays all social networks are heavily abused by bot abusing abuse feature (hehe). Basically any post containing "politics" let alone "war" content can be taken down by abuse spam. Be it facebook, twitter or reddit, all the same. So political and social "influencers" are rapidly creating backup or new main channels in the Telegram to post "controversial" information, and people reading news and blogs in Telegram will also message there too.
Anonymous groups are one killer app: you can easily join interest groups without leaking your phone number or other obvious ID (Facebook identity etc).
Of course, it's not really "anonymous" if a nation-state wants to come after you, but that's not the threat model for most people.
If someone has your phonenumber, they will still know it's you. Even if you think you're 'anonymous'
telegram doesn't make me share my phonenumber with everyone. i would use signal, but sharing my phone number is a no go.
maybe now that signal is switching off SMS it can implement user handles that people can share instead of their number. once they do i'll give it a try
It has channels, which are a great middle ground between Twitter and Substack.
Telegram is now more to Discord than friends and family messaging app. You use Telegram and Discord similar on how you use Reddit or Hacker News.
> It's insecure by default
Any proof? If you're calling MTProto 2.0 'insecure' then you should know it's already been audited multiple times in the last 2 years. If insecure means not using E2EE, then I guess the whole infrastructure of the internet is insecure.
> It's not even anonymous
It's more anonymous than Signal is. It requires phone number to register but you don't need to share a phone number or any personal detail to communicate with people.
> > It's insecure by default
> If you're calling MTProto 2.0 'insecure' then you should know [...]
If you're calling "secret chats" the default, then you should ask around or try to use telegram on desktop or just open telegram and see how much stuff is actually encrypted.
5 replies →
> I never understood Telegram.
A lot of piracy stuff on it.
No, there isn't any, because outside Telegram and SMS, none of those apps really support any APIs or 3rd party clients.
Signal team is also actively hostile to any 3rd party client usage of their service.
And that's always cheered on this website - just remember the RCS topics where people were making fun of attempts to add some basic standardisation to this mess.
> Signal team is also actively hostile to any 3rd party client usage of their service.
"actively" is a big word, there are several 3rd party clients and no big push to make them stop. They don't want widespread 3rd party clients though.
> Is there a consolidated messaging app that the HN community recommends?
I am not HN community, but there is Beeper or Texts.com possibly others, there are also (other) Matrix bridges, but it's PITA to set them on your own.
Personally I'd just move family and (old) relatives to Whatsapp and you will have everything consolidated in one app used by everyone anyway. That one relative would have easy choice, either Whatsapp or SMS if they wanna talk to me, not keeping extra app for one special snowflake.
Plus you need to keep SMS app to receive all those codes, shipping updates since Whatsapp sadly doesn't support SMS.
That's also my setup - Whatsapp+SMS, used to have also Signal years ago with family before we ditched it en masse after PINgate for Whatsapp, my mother has also Facebook, I think father only Whatsapp, sister I don't talk to has also Whatsapp, wife has Whatsapp and (Google) Messages which she use just for receiving SMS.
If I would be moving somewhere my family (parents, wife, kids) I'd go for Element (Matrix) - decentralized network, various apps to choose from, no phone required.
Another alternative but without (video) calls would be using some email app like Delta Chat or Mailtime for instant messaging, that would require no signing up for new service, I like the idea, though I guess messages would be quite slow.
Btw. Messenger and Skype (Lite) supports SMS, so since you use Messenger anyway you could ditch SMS app and Signal after they remove SMS, if you wanna keep more IM apps than having everyone on Whatsapp.
There is some critical mass fortunately. The driver for most people in my group to get it was that they’d miss out on a group chat if they didn’t have it.
I now have everyone I talk to regularly on Signal (30-40 people), but it took years.
I don't think that would work, because then they'd just introduce their own messaging standard.
https://xkcd.com/927/
> the difference is that matrix isn't trying to become the One True Standard, but just glue the others together. @xkcdComic
https://twitter.com/matrixdotorg/status/841424770025545730/p...
I don't disagree that that's the status at the moment.
But the nature of these things is X gains traction. Y wants a piece of X's pie so cuts X off. X realises that it's dependent on the Ys and so launches its own service.
We've seen the this with Netflix. We've seen the former with Twitter.
Ideally the stars would align so that it's in everyone's interests to support an open protocol and we kind of have those in SMS and email. Except these have their own issues.
Matrix
Matrix has fundamental security problems that they seem unwilling to fix. Almost a polar opposite to Signal.
This is categorically not true, as per https://matrix.org/blog/2022/09/28/upgrade-now-to-address-en....
The only practical issue raised by https://nebuchadnezzar-megolm.github.io/ which we didn’t already fix is the question over whether servers or clients should control group membership. Our position is that it’s okay for the server to control it as long as clients are warned if malicious users/devices are added. Fixing it properly is Hard: for instance, if you are chatting in a room and it turns out that a remote user kicked another remote user, but the kick was delayed in reaching you, you could keep chatting away encrypting messages for a user who is no longer in the room and theoretically should not be receiving them. Is this a security flaw? Or is this just how causality works? So we’re dealing with problems similar to that; hopefully we will be able to switch to client controlled membership by end of year.
tptacek’s derision is not very constructive.
What security problems?
Genuinely curious, not trying to be antagonistic.
5 replies →
It is my understanding that this mostly works with rooms/channels over bridges - not with individual, 1-on-1 communication. Do you have a hint how to set this up?
I have set up a bridge on my own server. I bridge 1-on-1 chats and group chats equally and have set up spaces to separate the different clients for ease of overview.
Bridging chats of different technologies doesn't work well/at all (i.e. Signal bridge + WhatsApp bridge users in a single room) but bridging external chats (DM or group) into Matrix works very well. Some services need a daemon running on a phone (i.e. WhatsApp) and that's very annoying, but where possible these bridges all run in the cloud.
If you trust third parties, you can also go the easy route by getting a subscription from EMS (https://element.io/matrix-services/ems-pricing) or Beeper (https://www.beeper.com/). I personally prefer to keep my messages and encryption keys on devices I control, but others prefer to let someone else take care of it all and I respect that.
It's relatively straight-forward to set up a bridging server if you're comfortable with Docker and YAML files. You can read how to set up a Matrix server here: https://matrix.org/docs/guides/free-small-matrix-server and here: https://github.com/spantaleev/matrix-docker-ansible-deploy/b...
If you use the Ansible playbook, all you should really need to do is run through the setup, fire up a Matrix client, start chats with bot accounts, and follow the instructions on the guide (usually sending /login to a bot and authenticating your account with whatever service you're bridging).
Your Matrix account doesn't have to be on the same server as your bridges, which is a setup some seem to prefer. You can set up a Matrix server just for bridging so that you don't need to set up all the VoIP features and performance tricks while keeping your own server dedicated to just bridging stuff. This does break some nice features (i.e. double puppeting, a bridge feature) but it also makes your own server less of a single point of failure if you ever do get talking on Matrix.
Most bridges work by running a program that will emulate a client. For example, with Telegram/Whatsapp/Signal you will authenticate the bridge bot using a qr-code just like if you were authenticating on a computer.
Also see [1], they have every bridge's features well documented.
[1] https://matrix.org/bridges/