How do notifications work in the official Telegram Android app (Play Store vs Site version maybe)? Does it have the same mechanism as Signal, which only recognizes the presence of notifications via Google services, but sends them via its web socket service?

  • rdri@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    third incident

    Not third but another one out of many. Incidents that don’t really mean the app is not secure.

    You can see from the article that Telegram would have to give up on a basic feature expected from similar apps in order to fix that “issue” with public groups.

    Again, it’s the public communication features that lead to such issues, and I expect any other app to have very same “issues” if they introduce similar features and make them useful enough for protesters to try to rely on them when fighting against oppressive governments.

    You can’t expect messengers like these to be a proper instrument for protesters that makes them safe. These public groups need to grow to become effective, and apps specifically aimed for protesters would not have enough user base. Still, Telegram is the most used app by protesters from what I see, and it does provide adequate level of protection if you use it correctly (if you understand how it works).

    Signal pushes back against third party apps

    So it doesn’t like to be open enough for others to do what they want with it. Still, one shouldn’t expect it to work anyway. If you make your client open source, there will be forks that allow communicating with your servers. You’d have to introduce a black box, and open source community won’t like that.

    Signal seems to do quite enough of useless stuff. People rate it more secure than Telegram. One of reasons for that is that it supports e2e encryption in group chats. But it’s useless when comparing to all the issues with Telegram, already because it’s always about public groups. Let me see how Signal would protect people in such groups while staying in scope of private communication app.

    can pressure a CEO into simply handing over previously accrued user data, then the app was never secure to begin with

    Nah, actually: “if a public service uses servers, then it is never secure”. Any service will handle all the data they have if pressured. Servers have to know your IP address (though you can always use proxies) and phone number at least to provide service at all. You can’t really blame owners of public service. You could blame them if their service was serverless though, because that would mean they store something they shouldn’t need to operate.

      • rdri@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        What basic feature?

        Contacts sync.

        Telegram has told people to make third-party clients

        What? No. It just didn’t tell them they have to use their own servers to use their forks.

        the fact people found it easier to find and download a third party client really speaks to how little they cared about that particular area.

        No, it speaks to how no big developer can do anything to prevent their apps from being banned by oppressive governments. Hence why opposition resorted to 3rd party forks.

        And Telegram now has an increasing history of supporting state governments over the people.

        Telegram has experience of trying to protect people when they oppose governments. Signal is not interested in getting any similar experience. It will remain useless to opposition it seems.

        Telegram stores far more data than Signal, including the memberships of groups

        Signal would have to store the same data to allow users participate in public groups.

        and the contents of every message in every group.

        I don’t think Telegram ever disclosed anything like that. Public groups are open for everyone including governments. Any service that is not serverless will store the same amount of metadata, otherwise it won’t work.

          • rdri@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            This is useless when groups are public.

            And when groups are not public, there is no ground for any action from the service.

              • rdri@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                This argument will have some weight if you can provide examples where telegram shared some information about private groups with someone unauthorized.

                I’m not shilling. Just pointing out obvious differences in products’ features that one has to take into account when judging about app developer’s “wrongdoings”.

                  • rdri@lemmy.world
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    edit-2
                    1 year ago

                    It is you who refuses to take logical steps to agree that every single app with the same feature set will be vulnerable to governments’ decisions. Signal is not a subject of that only because it does not provide such features and therefore is not used by protesters.

                    Yes, telegram knows all your private groups. But you are missing everything by assuming it is bad for you. You will be arrested not because telegram will disclose your private groups. You will be arrested because some person will join your private group and leak your presence there. That person will not need to get any information from Telegram for that. This is not an issue a service could solve by any encryption.