Switching from Telegram to Signal

Hello

We all know that we have an Telegram channel that we use to communicate with each other for different topics.What i don’t like Telegram is the fact that is not fully open source. (we support open source software right?).Another problem with Telegram is that it doesn’t use end-to-end encryption by default and if you enable it you will lose the use of group chats and other benefits of Telegram.Even Edward Snowden has called it dangerous and unsafe, and pretty much every security expert will tell you to avoid it.

So i was wondering if we all agreed to switch on Signal which is fully open source and uses end to end encryption by default.

What do you think?

Let me know :slight_smile:

3 Likes

@Members what do you think?
@IrdiMerzheku I added this to the issues to be discussed on the next members meeting that will happen early January 2018.

R.S

I started using Telegram with the Albanian community and I nearly use it only for this ; so I really don’t mind to switch to Signal, especially if it’s open-source and end-to-end encrypted :slight_smile:

Thanks for addressing this.

While it might be lucrative to go the Free Software way (which Signal is not really as well: https://blog.grobox.de/2016/is-signal-a-threat-to-free-software/) So we can agree that potentially moving to Signal would not be because of Free Software reasons.

Although, Signal is definitely “more free and open” than Telegram. Signal usually requires Google Play services for analytics, hence it’s also not available on F-Droid (which makes a lot of sense I believe, but that’s my opinion). You can download the apk from their website, but installing it outside the Play Store is actually a less secure way for non-technical users. You’d be suggested to verify the signing certificate and fingerprint if you really care about security. If you want to get the apk, check this out:

Having said this, it’s a good option if you are not running Google Apps on your phone and/or have a custom Rom like Lineage OS. You have went into some trouble doing that and probably can handle a bit more.

Now, if you care about privacy and encryption, the best way to go ahead is using Signal or WhatsApp. Considering that we don’t have any official sensitive channels apart the @Members group (and the channels are public by design) I don’t think it makes much sense to have large groups on Signal, including other reasons:

  • You have to share your phone number to everyone in the group
  • Message history is problematic if you switch devices
  • Message time stamps differ depending on the time you are online with a device with Signal
  • no bots (would be stupid if they did)

Now, I’d argue it would make sense to have the Open Labs Members group migrate to Signal because it’s all NDA protected and dealing with 30 member’s phone numbers makes more sense than 120 in a publicly accessible group. It would also reduce spam eventually as Telegram has become a bit more casual in its usage.

Another point I’d like to raise is the fact that most of the time we spent on Telegram, is on mobile. Please correct me if I’m wrong. So a good mobile app would be a requirement I believe. Signal is pretty good but I think that any IRC or Matrix client has bad usability on mobile and we want to make it accessible to new people wanting to contribute to Open Labs, not scare them with all these “scary” processes, right?

Although I believe that Matrix/ Riot has great potential, I don’t think it’s there yet. We would potentially lose communication and contributors because the barrier is higher compared to Telegram. We currently have an IRC bridge channel, which is the main channel of Open Labs. It is accessible through any IRC and Matrix client and should provide all these people access to our main channel. If required, we can open new bridges for project specific channels if needed however. I’d argue here again though, that you can easily see the ratio between IRC and Telegram users on the Open Labs chat and only a handful of IRC users. If you care about switching from Telegram, you should use IRC or Matrix. I haven’t seen that much yet.

I hope I have given some context here. The way moving forward in my opinion would be to test pilot a Members Signal group for sensitive discussions. I agree that NDA discussions should not happen on Telegram (Mozilla has a similar policy).

If you are unsure about the topic, I’d kindly ask you to consult with the @infra team for any questions.

Hey there! I am really glad that we’re having this sort of conversation as it is of great importance.
My reply will be separated in 2 parts. One that lists alternatives and the other which has my opinion.
Here’s a list of alternatives that I can think of:

  1. Matrix/Riot
  2. Mattermost

At Open Labs we have multiple teams (for example: members, board, infra, oscal organizers, etc) so a platform like these (which are open source alternatives to Slack) would make sense.
I believe it would make sense to self host one of these too (not an opinion of @infra!)
Here’s a list of pros/cons for each alternative (in no way an extensive list)


  • Mattermost
    • Pros:
      1. Cheap to host
      2. Easy to use
      3. Email Notifications
      4. Can create bridges to other platforms
      5. No need to provide more info than your email
    • Cons:
      1. Mobile notifications don’t always work
      2. Mobile app is not quite there
      3. No end to end encryption

  • Matrix/Riot
    • Pros:
      1. Hostable
      2. Encrypted
      3. Can create bridges to other platforms
      4. No need to provide more info than your email
    • Cons:
      1. Mobile app is not quite there
      2. ???


I’m personally against using Signal because I don’t like to give away my number(especially with over 120 users).
Matrix/Riot seems pretty solid to me.

A solution to this problem (while not elegant) would be to bridge the new platform with IRC and Telegram(if we decied to still keep it).
I think it is more problematic to transfer the existing users than the new ones, because new users will install a new app anyway (Like @jbelien)

I totally agree with you on this one

I want to say this again. Please do feel free to do that. We’d be more than happy to help

  1. I do not want to share my phone number in a public group (talking about privacy).
  2. As I have seen nothing considered sensitive information is shared on Telegram. If someone do not want to use Telegram in general, from what I know that group is connected to the Open Labs IRC channel. Switching from one group to another would confuse many non-technical users. I mostly use Telegram with Open Labs community.
  3. If members want to choose another secure communication tool for sensitive information, maybe that should be first discussed between members. I do not think this is related to public groups anyway.
1 Like

Wire is another option to be considered.

How about Ring? Did anybody meet Dorina from the Savoir Faire Linux
team when she visited Albania recently?

It would be better to have a conversation around all this, rather than throw in suggestions at random. Especially since @kominoshja and me took the time to make a more detailed analysis of the landscape and offer a few pathways. That would be a more constructive way to discuss around this I’d say.

Also, I’m having a hard time finding out more about Wire. Is it a Slack alternative? Can it be self-hosted? Can it be bridged with other services?

Hey @pocock ,

I am waiting your answer regarding Debian BSP. If you cannot come in person, please let us know if you help us organise it.

Izabela

@IzabelaBakollari please switch to the other post thread for this issue :slight_smile:

R. S

I tried to start a new discussion, but saw this old one, and thought that it might be better to continue this one.

EU is switching from WhatsApp to Signal: https://itsfoss.com/eu-commission-switches-to-signal/

The reasons are obvious. Signal is more secure than WhatsApp. There are also suspicions that WhatsApp might be eavesdropped by Facebook, and this is unacceptable for the EU commission. They might want to penalize big companies like Facebook or Google, and being eavesdropped by them makes them vulnerable (for example they can blackmail EU officials if they know all their secrets).

Signal is also more secure than Telegram because it uses encrypted messages by default. The server code of Signal is also open source, while the server code of Telegram is not. This means that one can install and host his own Signal server (although this might not be so easy), but cannot self-host a Telegram server.

Last but not least, Telegram has been developed by Russians and its servers are hosted in Dubai because there are no data protection regulations there (https://telegram.org/faq#q-where-is-telegram-based). This makes it too suspicious. I have no proves that they are eavesdropping, but the rule of thumb is: If anything can possibly go wrong, it will.

I am not sure how the previous discussion ended, but maybe it is time to consider again switching to Signal and/or Mattermost/Matrix/Riot etc. which can also be self-hosted. For example I have tried Mattermost recently and it seem quite nice.

1 Like

I have installed Mattermost in my server. If someone wants to give it a try use this invitation link:
https://mattermost.fs.al/signup_user_complete/?id=ojniqr7dcpyi7pncszzkp1n37c
I am not sure if this works for many users or just for one, but we can try it.

Thanks for this @dashohoxha. I just joined tha chat :slight_smile:

R.S

1 Like