this post was submitted on 27 Feb 2026

619 points (98.6% liked)

Privacy

46649 readers

1335 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

619

Signal Founder Moxie Marlinspike: Telegram is not private. There is nothing private about it. They've done a really amazing job of convincing the world that this is an encrypted messaging app (cdn.imgchest.com)

submitted 12 hours ago* (last edited 12 hours ago) by Wudi@feddit.uk to c/privacy@lemmy.ml

231 comments fedilink hide all child comments

“Telegram is not a private messenger. There’s nothing private about it. It’s the opposite. It’s a cloud messenger where every message you’ve ever sent or received is in plain text in a database that Telegram the organization controls and has access to it”

“It’s like a Russian oligarch starting an unencrypted version of WhatsApp, a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. Somehow, they’ve done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives in Russia, and their families are there.”

" What happened in France is they just chose not to respond to the subpoena. So that’s in violation of the law. And, he gets arrested in France, right? And everyone’s like, oh, France. But I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn’t have access to the data and couldn’t respond to that same request. To me it’s very obvious that Russia would’ve had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment"

you are viewing a single comment's thread
view the rest of the comments

[–] bunkyprewster@startrek.website 11 points 11 hours ago (2 children)

Best alternative?

[–] yogthos@lemmy.ml 35 points 11 hours ago (4 children)

It really depends on your needs and what people you communicate with are willing to use. A few platforms that are notable in no particular order.

SimpleX Chat is probably the gold standard right now. It uses absolutely no user IDs such as phone numbers, no usernames, no random strings of text. Instead, it creates unique, pairwise decentralized message queues for every single contact you have. Because there is no global identity, there is no metadata connecting your conversations together.

Session is a popular Signal alternative. It doesn't require a phone number and routes your messages through an onion-routed decentralized network that's similar to Tor. Since your IP address is hidden and messages are bounced through multiple nodes, no single server ever knows who is talking to whom, stripping away metadata.

Jami is completely decentralized, open-source platform. It uses Distributed Hash Tables to connect users directly to one another without a central server. Notably, it supports high-quality voice and video calls.

[–] Neptr@lemmy.blahaj.zone 3 points 6 hours ago (1 children)

Session is a security downgrade. It doesnt support forward secrecy which is hella important.

[–] yogthos@lemmy.ml -1 points 6 hours ago (1 children)

Session actually does implement a form of forward secrecy through the Session Protocol. https://getsession.org/blog/session-protocol-v2

[–] Neptr@lemmy.blahaj.zone 3 points 5 hours ago (1 children)

It seems that forward secrecy is still in development from the blog you showed.

I still wouldnt use session for the reasons stated in this Soatok's (a cryptographer) blogs. Even if they fix(ed) these problems, I have no trust for their security implementations. Why use session instead of something like Briar?

https://soatok.blog/2025/01/14/dont-use-session-signal-fork/ https://soatok.blog/2025/01/20/session-round-2/

[–] yogthos@lemmy.ml 0 points 5 hours ago (1 children)

I'm not advocating for using Session specifically, I just listed it as a viable alternative to Signal. Given that it's forked from Signal presumably it's an easier switch for people who like the general mechanics of Signal and its encryption system.

[–] Neptr@lemmy.blahaj.zone 2 points 5 hours ago

Understood.

[–] tracyspcy@lemmy.ml 16 points 10 hours ago (1 children)

heard SimpleX is really good, the only thing that bothers me is their vc funding model. It makes me feel a bit suspicious.

[–] yogthos@lemmy.ml 14 points 10 hours ago

Yeah, I'm leery about anything where vcs are involved as well for obvious reasons. The tech itself does seem solid though, and it is open source. If it does start moving in a sketchy direction at least it could be forked at that point.

[–] marcie@lemmy.ml 12 points 10 hours ago* (last edited 10 hours ago) (1 children)

I really want simplexchat to evolve and get more features. If they ever make a lot of mod tools and the possibility to make giant servers with thousands with chatrooms like discord I could see it having mass appeal due to the ease of "signup"

[–] yogthos@lemmy.ml 7 points 10 hours ago

yeah it definitely has some promise

[–] Dialectical_Specialist@quokk.au 6 points 10 hours ago (2 children)

I like your analysis, and would love your thoughts on matrix(assuming you have ofc)

[–] Neptr@lemmy.blahaj.zone 2 points 6 hours ago

People keep finding significant vulnerabilities in its cryptography and the Matrix team tries to deflect or create strawmans for why it isnt actually a vuln. Soatok found a vulnerability in 2024 by just browsing the source code for tiny bit of time, and again just two weeks ago after looking for a couple hours. In both cases, Matrix then responded to his vuln report with hostility, saying it wasnt actually a vulnerability. He is sitting on another vulnerability.

Having a cleartext mode is a security downgrade and no secure messenger should support cleartext. It only barely got functional forward secrecy recently. VoIP in most Matrix clients (and servers) still use Jitsi backend which isn't E2EE, even with the release of the newer (secure) Element call protocol. Matrix leaks tons of metadata, such as usernames, room names, emoji reactions, generate URL embedded previews. Rooms arent encrypted by default. It is also a UX nightmare and often times you cant decrypt your messages.

Matrix is not secure. You'd be better off with XMPP and OMEMO which has its own problems and isn't secure either. Sill better than Matrix.

[–] yogthos@lemmy.ml 6 points 10 hours ago (1 children)

It's better than Signal since you don't have to disclose any personal info, but people have pointed out some issues with federation in it. Again, it's one of those things that may or may not matter based on your use case.

[–] Dialectical_Specialist@quokk.au 3 points 10 hours ago

That link seems dated (Nov. 2024). If anyone finds a more current critique, pls send. I also get auto-kicked from HLC simplex group, so I'm not sure what to think of them but commando's matrix server was amazing befored abandoned

[–] MeowZedong@lemmygrad.ml 8 points 11 hours ago (2 children)

Probably Briar. Encrypted, P2P, and doesn't require anything but a username and password to sign up. Pretty sure that username doesn't need to be unique, it's just what people will see you as in messages.

Downside is it's only Android, so many people are left out.

[–] tracyspcy@lemmy.ml 9 points 11 hours ago (1 children)

sadly Briar has been stuck at the "cool idea" stage for years. Still no desktop app, still no iPhone app.

[–] 0x0@lemmy.zip 3 points 10 hours ago

Still working android app.

[–] Jimmycrackcrack@lemmy.ml 1 points 10 hours ago (1 children)

If the username doesn't have to be unique, couldn't you impersonate people?

[–] MeowZedong@lemmygrad.ml 4 points 9 hours ago

It doesn't work like a centralized server for connecting contacts. You use a unique link per device to initiate the original connection with others at a distance or you can use QR codes in-person.

The link just tells briar where to route the messages and looks like:

briar://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (50 char alphanumeric key)

So there's no way to impersonate someone directly. If you made two contacts and they use the same username, I suppose you could mistake them, but their contact connection keys will not be the same.

Hopefully that makes sense, if you look in the app or their site, it's probably explained clearer.