60Hz refresh rate in 2024? This might be a phone you buy for your parents but with other options available out there, it’s going to come down to whatever specific niche this phone fills and whether that’s enough compared to the competition.
Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones.
A few things to keep in mind:
Apple’s build process makes reproducible builds near-impossible.
All the effort Telegram went through and it doesn’t completely validate the entire build - there are components that are not fully reproducible [0] and as we saw with the recent XZ backdoor, these could potentially be leveraged to hide a backdoor while claiming to be secure - so was anything gained other than “these things are validated but this black box, which could contain malware, was not validated because we can’t check them”?
Developing Signal is difficult.
Signal is developed by a small team and has to prioritize and coordinate efforts to deliver results - look at how long usernames took or even private contact discovery [1] - nearly 3 years (as a preview) after Signal was created.
Signal has no built-in telemetry, any issues are not automatically logged and reported. The end user has to manually submit debug logs and provide an adequate description of the issue for the devs to even attempt to understand what the issue is and how to fix it. Telegram may also have this issue in their very limited private chats, but as most chats aren’t E2EE, they can already see all your traffic anyways, making things significantly easier in terms of development speed.
Considering the two points above, it’s not irrational to come to state the following:
Signal has been prioritizing a fully end-to-end encrypted (E2EE) platform that shares zero data with anyone but the intended recipient and this decision has slowed down their development speed. Non-E2EE chat solutions have existed for decades and can iterate and progress significantly faster as they don’t have to work on difficult privacy/security/encryption related issues.
Telegram has not been prioritizing a fully E2EE platform and by default do collect most of their user’s data. This makes it much easier to develop Telegram and is why E2EE group messages don’t even exist on the platform - the Telegram devs have spent more time talking about privacy and security than actually implementing it
Given the two statements above, assuming both projects need to balance resource constraints, it’s safe to conclude, :
Signal has spent zero effort working on reproducible builds on iOS because its impossible to completely reproduce a build and would take development resources working on enhancing the platform for minimal gains, as Telegram has proven [0]. Signal has instead placed their efforts on reproducible builds on a platform where it is possible [2].
Telegram, instead of working towards implementing security and privacy by default, have decided to work on security theater by working on reproducible builds for iOS that are not even completely reproducible.
Signal refused to add reproducible builds for iOS, closing a GitHub request from the community.
It was closed because they use Github for bug reports, not feature requests [4]. The dev even pointed them to the right place. That said, I do agree it would be great if there was some progress made on this front for Signal, but realize its a huge effort and may be best avoided for now as the iOS client still needs some “catching up” to do, compared to the Android version.
And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤
Agreed.
Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪
Telegram collects all your data by default in a way that’s accessible to anyone with enough privileges to their infrastructure.
Even without a source I can see how ICE vehicles are cheaper to repair (assuming you don’t have some high-end expensive car. I had a relatively “new”-ish engine replaced in my ICE vehicle (I’ll let you guess the make/model) for just under $2,200, this is including labor.
ICE vehicles are “old tech” and everyone knows how they work and where to source cheaper (new or rebuilt) parts. All bets are off if you’re working directly with a dealer when trying to save money.
I’m looking forward to owning an EV at some point, but will definitely need to find someone who’s competent whenever any major issues appear. Hopefully by then they’re significantly more common and the industry has more people that are competent at that type of work.
Amazon was caught hiding evidence by using Signal - most larger orgs have a pretty strict policy (with mandatory yearly trainings) that remind users not to use non-company approved messaging apps because of this specific reason. There’s all kinds of rules, regulations and laws that may have been broken by them using a service like Signal.
It’s a shame that Signal has discontinued its support for normal SMS,
While this does suck for those of us who used it, it was the cause of a few issues:
It was confusing to less “technical” users.
Because of point 1, it introduced a security/privacy weakness to its userbase in that users could be tricked into thinking their communications were secure/private.
The feature was poorly maintained due to the small team behind Signal and the decision to improve their platform vs supporting something they had minimal control over.
Signal’s SMS feature was causing real-life delivery issues with some new users as RCS started rolling out. A user’s phone would register with RCS - and if they installed signal -which then takes over SMS messaging but couldn’t (thanks to Google) support RCS - they would stop receiving RCS messages. This is a problem caused by Google to their benefit.
hadn’t implemented RCS,
Signal cannot implement RCS on Android without Google providing an API like they did with SMS. Apple doesn’t even allow alternative SMS clients so this made no sense going forward - basically SMS/MMS/RCS is a dead-end for Signal.
is spending too much effort on “stickers”
What year is this? Signal stickers were released at the end of 2019 [0] and, in the nearly five years since, the work to maintain them is so small it may as well be zero. Check github - the work they release is public and you can see exactly what they’ve been working on.
and now keeps prodding you to donate money.
Its a free service, god forbid they ask users to contribute so they can continue to exist and provide said service to those who can’t afford it? 🤷♀️
Then there’s the broken notification with iOS users who just don’t find out that you messaged them until they launch the app.
Valid criticism IF true. I don’t have an iOS device so I can’t say much here but I do message iOS users pretty frequently and haven’t had any problem with response times - not sure if that’s because they’re always on their phone or because notifications work in most cases.
As a direct result my use of Signal has pretty much ceased.
While unfortunate for your privacy, if you were primarily using Signal for SMS, you weren’t really using Signal to begin with.
You’re looking at it through the eyes of a competent user. It’s obvious to us. It’s not trivial to the general population. Just ask most iOS users what the difference is between green/blue bubbles - they have no idea other than “one sucks and means they use Android”
There’s a few clients for Signal, nobody is preventing developers from creating apps; there’s Molly, gurk-rs, Axolotl, Flare, signal-cli, Pidgin (with the Signal plugin.
The problem is 3rd party clients don’t implement all features because it takes a lot of work and they’re created/developed by volunteers - just take a look at Matrix and how many clients support all features or even just group end-to-end encryption (E2EE). Last I checked many third party Matrix clients didn’t support encrypted group messages, primarily just Element, the reference client built by the matrix developers. So you have the same problem on Signal that you have on Matrix.
This is an often repeated piece of misinformation. The developer of gurk-rs, a third party Signal client, has even said this himself. The client presents itself with a completely identifiable name to the Signal servers - the Signal devs can see this and could easily block this client from connecting but they don’t. This project has existed for at least 3+ years now.
First off, how can you claim RCS "requires you to buy an Android and then state iMessage is "cross platform through Apple’s ecosystem? RCS works on Android and is available in various devices from many manufacturers. iMessage is only available on devices sold by Apple.
Secondly, why would you rate iMessage higher than RCS for “ease of use”? That makes zero sense, they behave basically the exact same way.
Lastly, RCS is coming to iOS - Apple’s just been lagging because implementing a cross-platform solution is detrimental to their profits.
So RCS will eventually work across iOS and Android AND work by default. There’s no reason RCS wouldn’t be easier or rated higher than iMessage in terms of “ease of use”
In Matrix a direct chat is a group chat with two people.
You’re right, I forgot how Matrix handled messages and the current state is that there’s are at least 6 other clients that support E2EE - this is awesome.
That said, as soon as you look for a stable client that supports other features like Native 1:1 calls and Threads the only client listed is Element, check here: matrix.org/ecosystem/clients/
Side note: Looks like ~3 years ago a Fluffychat dev stated they would not implement E2EE in the app [0], this must have been around the time I was looking at other clients because I recall this one “looking” the best and might be viable for non-techy people to use/recommend. I’m glad they changed their mind and implemented E2EE. Time to take a look at it again.
Telegram doesn’t default to encryption. All your messages are stored and can be viewed by anyone with enough privileges on Telegram’s infrastructure.
Telegram’s “secure” 1-1 messages are limited to the point of being useless and not worth using. It’s a dark design pattern created to discourage their use, ensuring you give them all your data.
Never forget: The second-largest egg producer in the country - a family farming company of a Republican candidate for the US Senate- was found liable to fix the price of eggs.
Session provides protections against these types of threats in other ways — through fully anonymous account creation, onion routing, and metadata minimisation, for example.
Reading between the lines, we can interpret that as introducing security through obscurity, which is generally considered bad practice - cwe.mitre.org/data/definitions/656.html
Am I the only one who has this issue? The volume in calls is way too low, even with the maximum volume set. Regular cell calls have higher volume and thus I can’t fully switch a relative of mine to Signal....
GSMArena | Sony Xperia 10 VI review (www.gsmarena.com)
10 updates coming to the Android ecosystem (blog.google)
Proton Mail Discloses User Data Leading to Arrest in Spain (restoreprivacy.com)
Telegram founder and CEO alledges signal has backdoors, they don't provide reproduceible builds, etc.
cross-posted from: lemm.ee/post/31431894...
Android 7.6 features (signalupdateinfo.com)
Group call reactions 🎉...
New German research shows EVs break down at less than half the rate of combustion engine cars. (www.adac.de)
Better way to communicate with me
we fell for the corporate propoganda rule (lemmy.cafe)
Bird flu outbreak is driving up egg prices --- again (www.cbsnews.com)
FireChat was a tool for revolution. Then it disappeared. (www.fromjason.xyz)
Volume is too low in calls
Am I the only one who has this issue? The volume in calls is way too low, even with the maximum volume set. Regular cell calls have higher volume and thus I can’t fully switch a relative of mine to Signal....
its true tho (lemmy.today)