Signal is an end-to-end encrypted messenger app for smartphones that has been recommended by the likes of Edward Snowden and has seen an especially large influx of new users in recent months who are suddenly more concerned about Facebook or other tech companies reading or censoring their chat messages.
It's a fairly good app for what it does and it would probably fit the needs of your "average user" very well, but it doesn't work well for my needs and I still use Telegram in its place.
Now, I would like to use Signal instead of Telegram, because Signal's technology is more sound and the chats are truly end-to-end encrypted (where Signal Co. would be incapable of reading my chats even if they wanted to). Telegram in comparison uses some home-made cryptography (and you should never roll your own crypto) and their chats are not end-to-end encrypted by default, but Telegram does have some good quality-of-life usability features that makes it more appealing to me than Signal for now.
Both Signal and Telegram are "smartphone first" messengers and they base your user account around your cell phone number. Signing up for either messenger is as simple as receiving an SMS text message with a verification code, and you're good to go.
Signal is 100% end-to-end encrypted which means the company running the servers can't access your chat messages, but it also means that your encryption keys for your chats need to be handled specially. With Signal:
Telegram on the other hand trades the strong E2E encryption for a more traditional client/server model:
The first problem is that Signal IDs are the same as my cell phone number. If I wanted to chat with a rando from the Internet over Signal, I have to give them my cell number which is personal information that they shouldn't have.
Telegram uses cell numbers too, but you can also create a username to share with rando's so they can chat with you without knowing your phone number.
Signal reportedly is working on a username system, too, but it's not there just yet.
The other problem is the "master app on Android/companion app on Desktop" model that Signal has.
I'm looking at the Pinephone to be my new daily driver over my older Android phone. The Pinephone runs mainline GNU/Linux software and doesn't yet have an official Signal app available for it.
The Axolotl app on Linux looks like the best contender in that space: it can serve as a "primary" Signal app and register your account. But, doing so would de-register Signal on Android and I can't have Signal in both places at the same time. At least with Telegram I can be signed in on both Android and Pinephone together.
Signal may be more secure/better than Telegram but really neither one of them is ideal. Signal is 100% open source, but in practice, it uses centralized servers controlled by Signal's company and they don't want third-party Signal client apps to use their servers. You can stand up your own Signal server, but that completely isolates you from the greater Signal network -- it's not a federated protocol.
Telegram's client software is open source too, but uses the centralized servers controlled by Telegram and the server is not open source, and so it has similar problems to Signal there.
The best solution would be to use an open standard like Matrix or the older XMPP: something where the servers are open source, the client apps are open source, and anybody can run their own server and the network is federated and there is no need for a central company. XMPP is not end-to-end encrypted, though, and while Matrix supports that it's not "on by default" there either.
And either way: I'd have to convince my contacts to switch to Matrix which involves them finding a server they want to sign up on, which is somehow a much larger obstacle than getting them to switch to Signal or Telegram or other "easy" centralized messenger.
There are 2 comments on this page. Add yours.
If only Jami worked reliably.