I don't think this necessarily has to hold true (Discord for instance have implemented their apps really well), but in reality this holds true for most electron apps in my experience.
I don't know - clicking links seem really sluggish in discord - both on Android and on my surface 4 pro. It's odd, clicking on an image link in a browser is instantaneous on either device.
Could just be me, but the Discord app is full of glitches and random pauses for me. The app is better on my phone, but on several Linux distros the feel of the application is just off to me. Switching servers and channels has a tiny but noticeable delay that I haven't seen native applications have.
Unfortunately, there aren't many native applications any more. At this point I'd prefer a Windows application that works in Wine over yet another "cross-platform" Electron webbrowser-with-builtin-website.
> Discord for instance have implemented their apps really well
No they haven't. The discord electron app is a trash fire. I use discord in Safari. It's just as bad UI and UX and slowness as the electron crap, but at least I get a few more hours of battery life...
Since I removed the electron garbage from my phone, my battery life tripled from one day at most to three days...
Discord is unusable at times too. But compared to other Electron shits, Discord is above average when it comes to performance. But in the end, when compared to Native apps, performance wise, Discord is still shit. It's nowhere near Telegram.
Even for a native app it seems to be well developed because, on Windows, for example I have it running at the moment and uses 25mb of ram, the most I've seen it at was 45mb.
Recently I migrated off Whatsapp like many others and the Linux desktop experience is really good, in particular the performance of search impressed me. Compared to the Whatsapp Web client it is much faster. If I'm not mistaken it's a Qml + Qt app which is actually very pleasant to write. Not sure why not more stuff is built with it these days.
It's actually Qt-widgets if I am not completely mistaken. Also, the reason why not more companies do this is unfortunately cost, it's much easier and thus cheaper to just cobble together some electron trash.
They are encrypted, but not e2e. It is a key distribution problem.
Threema solves it by scanning QR codes; for that, you need to physically meet with the other recipients, they need to bring their devices and scan each other QR codes (note that Threema still supports only one device per recipient; otherwise, the users would need to scan each other QR codes for each device).
It is not something that an average Telegram user would be willing to do.
I really like Telegram and these features but I don’t use it because they don’t have end2end encryption as default. Also you can’t create a secret group chat that you can start from your phone and continue from your Mac.
Actually, you can't start a secret group chat at all in Telegram. It supports secret chats only for chats between two people, and that's where it's tied to the devices used for initiating the chat.
Secret chat with multiple devices or with group has the key distribution problem - what's good to receive the message, if you cannot read it? When there are exactly two devices, you avoid that problem.
That's why it is not on by default and why it doesn't work for groups. Most users favor convenience over strict e2e.
Signal, for example, copies the received messages into per-device queues that belong to the same identity. The problem for the user is that the user has no visibility into what is really assigned to his identity and where copies of his messages are routed encrypted by which keys; it could be used to implement anything between CALEA to Prism access.
I'm not familiar with the Matrix approach, so I won't comment on it.
Just out of curiosity, what kind of discussion do you have that require e2e?
Myself I use TG extensively with friends, family, girlfriend and I think I've used secret chats once when the gf wanted to send a naughty photo.
It's not that I don't have anything to hide, it's just I choose what to say according to the environment and I feel the features of telegram far outweigh the con of not having e2e at all times.
Oh no. No. “You have nothing to share.” E2e by default or GTFO. This isn’t about your secrets. It’s about making your regular discourse indistinguishable from secrets. There is no con to e2e, and many cons for snake oil/plaintext.
Actually, there are many cons to e2e, especially with bigger groups.
I've read a lot about Signal's and Matrix's development and there are many problems that don't exist when sending data over a simple SSL connectiom to a server.
For example: You have a group with 100 Members, do you encrtpy each message you send 99 times for each recipient? Not likely.
So you use a send key that everyone else can decrypt.
But then what if the group changes?
Does everyone has to replace their send-keys, because the party that left can still decrypt all those messages otherwise.
That means you have to do n-1 key exchanges whenever a party leaves or joins. Otherwise it wouldn't be secure anymore.
There are some clever ideas about key exchanges, but so far the messengers that implement them are not widely used and since there is no profit in it, no one is in a hurry to compete.
From what i’ve read, whatsapp is doing just what youdescribed for group chat, and it’s working fine... now maybe you’re talking about groups with hundreds of people ?
If you have 2 devices, one device can send messages to the other, all e2e encrypted. It's the same for group chats: if you are part of a chat, any participant can send you the history of the chat.
All those issues are protocol-related. E2E only stipulates that the message can't be read between the two ends, it doesn't say you can't send a technical message for making a better UX.
> if you are part of a chat, any participant can send you the history of the chat.
Re-sending parts of the chat kind of removes the guarantees of the secret chat (just like backups defeat the purpose of e2e). These apps have also expiring and non-screenshotable messages, you don't want to resend that.
Ideally, all messages sent should be only decryptable by given set of keys (i.e. one key for each device used by each party of the chat; or, depending on the size of the message, ephemeral key used for message encryption, decryptable by each device that is supposed to receive it). Now the key distribution is the non-solved part.
"Secret chat" is something only Telegram and pseudo-private messengers have. No application can ever provide assurance that messages aren't backed up. When it's sent, it's sent; you don't control it anymore. Re-sending the message is something you can only assume can be done. The experience given with expiring messages is just that: an experience.
Now, secret chats don't necessarily mean "this message can only be read by one device". To answer your second paragrah I disagree: a message shouldn't be sent to a given set of keys but to a given set of participants. Each participant may have one or more devices and should be able to read messages whatever way they want.
Also key distribution is "solved" by not counting on the user to do it but doing it for them: see what Matrix, Signal, Deltachat, XMPP (OMEMO) and probably others are doing.
I disagree; if you are sending to participants instead of devices, you don't really have e2e. Any private key should never leave any device. If the user want to use several devices, his client should enroll multiple keys for him and the message should be decryptable by each of these keys. Also, the user should have visibility into which keys can decrypt the message, to avoid enrolling any keys behind his back.
That the user won't see on his device any messages sent before enrolling the new key? That's the point. Otherwise, the user should use the normal/non-e2e messages.
Thus, the key distribution as it is "solved" is being lax with them.
Indeed, and you can go even further: with e2ee there is no need for central server beyond dumb distribution of opaque blobs. So the history can be exchanged by the whole network and the encryption keys shared recipient by recipient on a need-to-know basis. That's what bitmessage is doing, for example
(At least Threema does it this way): Server doesn't really store the messages long term; only until the receiver picks it up. With just two devices - sender and receiver - you have a guarantee that once the single receiver picks it up, there's none else to do the same and can be safely dropped.
> There is no con to e2e, and many cons for snake oil/plaintext.
Is this true? From anecdata every e2e encrypted platform I used is much lower quality than the alternatives (iMessage, Signal, etc). Things like multi-device sync don’t work that well. Is this really just a coincidence? Telegram claims they can’t provide the same quality chat (and snappy cross platform crispness is really their competitive advantage) with e2e. Is this just a fake limitation?
Technically, E2E increases the complexity of the applications and servers, but it shouldn't really affect quality of chats or messages. One area where this will be a problem is in search. Telegram claims that is can search chats faster because those are on its servers, and anecdotally, I have seen Telegram's search being better and faster than the other platforms I use or have tried (they have to search only on the local device, which then has an impact on battery life for phones and tablets).
The other bigger drawback with E2E is that the servers of those platforms don't store the chats permanently (they store it for about 30 days or so to deliver the messages to devices when they come online, depending on the platform). So syncing chat history across devices gets affected by this choice (it could still be done, but the complexity and speed of syncing grows a lot).
Wire does E2E for all chats and syncs all chats across devices. But it too doesn't sync chat history on newer linked devices. It also took the (what I consider as inferior) choice of using Electron for its desktop apps, which makes it quite sluggish.
> he other bigger drawback with E2E is that the servers of those platforms don't store the chats permanently (they store it for about 30 days or so to deliver the messages to devices when they come online, depending on the platform).
Not true: Matrix is fine with storing messages permanently
Can you send me a zip archive of all your chats? It would be fun for me to read and ok with you since you have nothing to hide. You can contact me here.
If you don’t send me your chats then I assume you want privacy after all.
Not op, but what would you give him in return? Sending some random purist on the internet my personal texts is one thing.
Sending it to the company promising secure communication, company which delivers the best convenience messaging UX in the whole fucking world without any ads...
I think the argument here is that without e2ee, the chats are available to whoever pays enough (e.g. advertisers). So in return he will get some ads and sms spam.
There are two kinds of things someone may want to hide: legal stuff and illegal stuff. It's a real shame that governments have succeeded in conflating the two and forcing us to take a position that is not the one we really have. Truly a brilliant move.
Of course you have something to hide, it's called privacy. There is absolutely no reason your private life should be public by default, so why accept it ?
I fully understand.
Privacy is important to me, but it's not a binary state.
What I talk about to my friends, girlfriends and family are all on different "privacy levels".
If the chats with my friends were disclosed, I'd probably be made a laughing stock at most but it's no big deal. My family ones would probably be most boring, and the ones with my girlfriend could be material for a soap opera, and embarrassing.
But it's not the end of the world if someone at Telegram can read them of if they were disclosed by some hacker group.
My point is that it is an amazing chat app and have way too many benefits for me to not use it, but I _am_ fully aware that there are a chance what I write can be read by someone else, and therefore I take care what I write about.
Oh, and thank you for keeping the discourse on a respectful level. :)
I have never used Telegram but not once have I ever read anyone being displeased with the experience; it's always about how it is the pinnacle of messengers. I'm a bit jealous about that because I want to experience it but I don't want to be tied to an app that doesn't do privacy by default.
Privacy is definitely not binary, but to me it is a bit like using Libre software. You can't realistically expect to live on the 21st century internet with the entirety of services and viewpoints it offers and only use Libre software. At this point you have to either follow your values and stick to a very small part of it that is guaranteed to work on your browser rejecting non-Free javascript, or you can make concessions and accept a bit of proprietary bits here and there. But you can still decide to be Libre-first and accept non-Libre from there, on a bit-by-bit basis. That is what I and others are talking about with e2ee first: Instead of asking "what is worth being hidden and being made public", I feel the more just mindset should be "supposing everything is private by default, what can I disclose and to whom". Your threat assumption regarding your conversations is a good example: of course every software has bugs and all your messages could be read by Telegram. But you're behaving as if Telegram might read it one day, when I believe you should believe as if Telegram is reading it every day. The danger is not that Telegram can make a soap opera out of your drama but that the whole world can.
As you say you take care what you write about and that is a good thing to do. So, following up: if you don't want anyone to be able to read it, then let's go to the end of this and make sure no one physically can read it, by default. Instead of asking what kind of conversations require e2e, let's ask what kind of conversation doesn't require e2e
I personally follow a different reasoning: I assume that using a precompiled app from X mean that you trust X. Personally I do not particularly care that whatsapp is e2e, I do not trust Facebook not to have side channels in their apps.
Something like Matrix are likely the best you can go (a federated network where bad actors are likely to get called out, I have high expectations for its future), but apart from this I consider e2e a red herring* as e2e would also need to include source code, compilation, installation, and platform. it is not a magic incantation that fixes privacy (not to talk about metadata)
we find reasonable to have not e2e emails, not e2e file sharing, not e2e phone calls. personally I care more about the long term commitment telegram has publically and repeatedly made (and the my assumption that they do not expect to be able to come out unscathed from obvious leaks)
I understand that others might want more, no problem with that, but there is so much more than just e2e encryption.
> we find reasonable to have not e2e emails, not e2e file sharing, not e2e phone calls
That's where we disagree: I don't find those to be reasonable but I have to make do with them because that's where the current status is. That doesn't refrain me from using e2ee file sharing by default, or doing e2ee phone calls by default, only resorting to the not encrypted when I can't do otherwise.
I'm not saying that e2ee must be the target for everyone and is the solution to all problems. I'm saying that there are very few situations where e2ee blocks features, so for most use cases if it works transparently for the user, why not use it ? It's the next step after point-to-point encryption like TLS: if you can have it on at all times without inconveniences, why not use it ? Both of those make the overall situation better with no discernable downsides.
To me they have downsides, like being unable access your messages if you lose your device. I care about not losing my 6+ years of old messages even more than I care not to lose my 10+ years of emails.
Security is good, but sometimes truted third parties are "gooder", maybe we disagree on the next example but I like that the police is able to forcefully block some financial transactions, or that my bank can disable my credit card remotely.
e2ee encryption with convenience is also very likely to be broken by design,
> If the chats with my friends were disclosed, I'd probably be made a laughing stock at most but it's no big deal.
That’s a privilege many people don’t have. Think about sexual preferences, controversial opinions or health problems that can be disadvantageous in their career or when obtaining insurance. Or that aren’t problematic now but might be in the political climate in 20 years.
You could argue that people worrying about this still have the choice to use an E2E encrypted messenger. After all different needs are served by different products. But if this behavior becomes the norm, people who hide possibly disadvantageous information can be identified simply by their messenger use, partially defying the purpose of hiding their information in the first place.
I consider this a very strong argument for privacy as the default regardless of particular people's lack of a need for privacy.
EDIT: Removed remarks that could be misunderstood as snark.
Clubhouse is yet to release an Android app whilst their main competitors are already there and copying them quickly to death.
When the VC hype brigade knows that Clubhouse is losing steam, they will aggressively push for another company to acquire them or worse; they shut down.
Might as well remove the invite system now to allow the rest of the small iOS userbase in, I guess.
What's even more annoying is that Clubhouse requires access to the entire contacts list/address book if you as a user would like to invite someone else. You can't invite someone by just entering their phone number (since a phone number is the only way to register for it). It doesn't have to be this way, but the Clubhouse team doesn't seem to care.
We call it the Cartmanland[1] approach. Although I think CH is a really nice idea, that too much exclusive thing kept me away from getting an account there even if I have an invite to the platform.
The feature set sounds like competing with Clubhouse in a sense while providing a lot more, but discoverability is quite low and the UX is not great. Telegram has started putting more features behind the scenes in the last year or so – one could start a secret chat from the chats list before, but now it's hidden in the person's profile under a "..." submenu. This voice chats 2.0 feature is also implemented in the same way on groups and channels. It could've been in the menu that comes up with the audio/video recording button or in the attachment menu for quicker access.
More and more I appreciate Signal for what it is. A no nonsense (okay, stickers) messaging tool for people that know each other in real life. I hope it never changes into something "social".
I'm all for no-nonsense, but I'd qualify Signal as barebones in some regards. Two features that routinely annoy me: no way to synchronize previous messages when linking a new client, no way to change the spellchecker language in the desktop app.
I want Signal to succeed but I always hesitate to recommend it because it always feels like an early beta product to me, not something ready for prime time.
the reality is that signal is a secure communication app, not a messaging app. syncing old messages has unavoidable security problems and so signal chooses (as they should given their goals) not to implement it.
How long ago did you use signal? The UX is on par with WhatsApp. In fact I've found tiny things that signal does better (it groups sending multiple pictures into on "album" message instead of sending one message per picture like WhatsApp)
The only place I could agree WhatsApp has a significantly better UX is with backing up messages.
I use it everyday. Its just not. Video calls are strictly worse, forwarding images is strictly worse, no ability to share history in group chats, the UI is just inferior. Some of these, I can live without, others are really preventing my friends and family from using the app.
Also, scheduled messages. Ability to message people without exposing ones phone number (a real blocker from using Signal for some group chats that are privacy minded). Default camera is very bad, image picker is slow and picks images from all dorectories instead of my main camera dir. My gf wasn't even aware its possible to send multiple images in a single message until I pointed it out. Telegram has none of these issues :/ I really want to love signal, its my daily driver. But its incredibly hard.
The desktop app has managed to corrupt its database multiple times since I started using it a couple of months ago. Its really bad for an app to do that in this day and age, mind you. This is btrfs levels of bad.
I've had the same issue multiple times lately. It really wouldn't be so bad if Signal could resynchronize the messages, but here you have to restart from scratch every time.
I always found it very dissonant that all I hear coming from the Signal devs is "we know best, you know nothing" but then when it comes to a native client the only thing they manage to implement is a half-assed, bloated-yet-underfeatured electron client (which already suffered at least one significant security vulnerability I might add). If they were a little more open with their development policies they might not be in such an awkward situation right now.
Looks like they are prioritizing a path towards being a social influencer platform. To displace Twitter, Youtube, Instagram, does facebook even count anymore?
I‘m hoping that messaging apps will add a feature that allows you to transcribe voice messages after you received them. I find it rather annoying to listen to five minutes of audio when I could read a message in less than a minute.
This is what I would expect. Though Clubhouse is a novel idea, it's relatively easy for a plethora of social networks to implement something similar and immediately have the network effect of their already immense userbase. On Instagram/Youtube/Facebook people can already go live with video. I think we will very quickly see similar audio-rooms on these platforms.
> On Instagram/Youtube/Facebook people can already go live with video. I think we will very quickly see similar audio-rooms on these platforms.
Exactly what happened to Slack being killed by Microsoft Teams, Meerkat killed by both Periscope (Twitter), Instagram Live. Snapchat suffered the same thing with Instagram Stories; but although they survived, user growth slowed.
We will see lots of audio-rooms on IG, Facebook, Twitter, etc and Clubhouse will join Meerkat as another victim of this VC hype machine, who ironically are hyping them on Twitter!
I already have access to Spaces and have been considering trying it. It's not clear to me that anyone would show up, though: they have to be using the mobile app, and I only have ~1800 followers. Maybe people will get used to it? The thing about something like Clubhouse is that the audio chat is _why_ people are there.
It's interesting to me that of all companies, Facebook has not added reactions to WhatsApp, but Signal has them. I would have thought the roles to be reversed.
I assume as well as any VoIP system, which (in my experience) is "meh", although the results can be very tolerable with a little knowledge, care, and post-processing.
An ideal system would automate a "double ender"[1] setup, streaming low-bitrate voice for the conversation itself but also recording uncompressed/losslessly-compressed audio at both ends, then delivering high fidelity sync'd audio as one file per participant (for easier editing) to the podcaster.
That is the first thing that I thought about. I know a lot influencers (political and not) on telegram. They can host live radio shows (and record it and call it a podcast). It's great. I'm curious what the community comes up with these new features.
I'd love to fully switch to Telegram - it's snappy and has a nice UI. However, video calls are low quality at the moment, and that's the one thing holding me back.
Does Telegram perform any censorship or deplatforming like Twitter when it comes to controversial topics (like illegal immigration, trans issues, race issues, etc)? I see from this post they have public groups but I also worry that these tech companies are all too willing to deplatform those that disagree with the progressive political platform, especially when they try to make the turn towards monetization. That’s really my deciding factor for adopting something new, as I don’t wish to give any power to those who are against free speech principles.
It seems like Telegram has had their own pressures from the anti-speech/anti-freedom crowd so maybe they’re on the other side of this?
Telegram can and will remove content and users who violate its policies. Since the content is not end to end encrypted by default (except in one to one secret chats), Telegram has access to scan/listen/process the content. There is also a content moderation team that works on handling content removal, though it seems like it has mostly focused on terrorism in the past. The FAQ [1] has more details. So does the ToS. [2]
