Sorry, another question - TELEGRAM?

Excellent. When you say it’s bad at screensharing, are you saying it does have it but it just doesn’t work well yet?

@StanTheMan
Riot has two ways to video conference, one is built into riot. (Works great for one on one video / audio calls, as it is peer to peer and E2E encrypted) and it has the feature to use a Jitsi plug in for 2 or more people. On the jitsi conference, the Screenshare button is not working. On the other hand for the one on one video calls there is a Screenshare feature, It works Pretty well but it is hard to find and afaik only the person who starts the call can share the screen.

So you can not change that during a call.

Well that sounds damn good to me! Thanks.

PS One thing that confuses me slightly, and maybe it’s due to people regurgitating information they read on (often old) websites, is that most people seem to think Riot isn’t very secure. I keep hearing people saying “you can make it more secure if you host it yourself” and stuff like that, which suggests it isn’t very secure/private out of the box. You said P2P and E2E. That sounds damn private and damn secure to me. Some people say the encryption is in beta so not reliable yet, other people say the whole thing is beta and unreliable, and other people say it’s all working perfectly and is VERY secure and private!! If I understood tech stuff (especially cryptography) then the simple answer is to test it all myself! Sadly I am just a patsie :smiley:

Riot doesn’t have E2EE enabled by default for even private chats yet (but it’s said to be coming) and it stores a lot of data it doesn’t necessarily need.

https://github.com/privacytoolsIO/privacytools.io/pull/562#issuecomment-457878353

I have understood that the screenshare is hidden under pressing shift when calling or something as it’s experimental and I remember hearing something about it requiring running XMPP stack?

Ha ha. see what I mean! Riot is out again :smiley: :smiley: :smiley: :smiley: :smiley: :smiley: :smiley:
I will come back to it in a month or two and have to suss this all out for certain. I have read SO many sites (I thought Matrix site too) saying that it IS fully encrypted.

Just out of interest, when you say it stores a lot of data it doesn’t need, do you know what sort of data that is? No worries if not. Thanks as always Mikaela

Sure, even if I should rephrase and say that the information may be needed temporarily, but not stored forever like is currently being done (as far as I am aware) and if I delete a message in my opinion the message should be deleted:

Synapse also keeps log in the database of each time device connects to the server and this is stored forever as currently there is no mechanism to remove it. This data includes, IP address, device fingerprint, user-agent and precise time. With one db query someone can get entire connection history on a user when, from where and which device.

Server side logging in case of matrix since you cant remove anything and everything you say (even redacted messages) is stored forever without any way for users to change it is at this moment anti-feature privacy wise.

I think privacy wise xmpp is more suitable and deserves more exposure rather then being treated as an obsolete technology that noone uses.

As for redaction, avarage joe thinks redacted means gone. It nowhere states otherwise. Also as far as metadata goes on matrix, everything you do on all devices is carefully stored in the database forever.

to give you some more details.
Since Tuesday, December 6, 2016 12:58:36.296 AM I have been seen (and recorded in db) 14991 times by matrix server. This entries consist of:
user_id, access_token, device_id, ip, user_agent, last_seen - timestamp

As for meta of the rooms most essntial and basic (all in one table) data stored is:
room_id, is_public, creator(user_id)

And thats basics. Db stores all joins and leaves for each room to the point I can see which color people selected for the room.

however with matrix you can be sure it [metadata] isnt removed even from the originating server.

I also recommend reading other comments from muppeth in that discussion (whom I quoted and who is the Disroot admin by the way). We also have an open issue about Riot and recently got more news on how even self-hosted instances send data to Matrix.org.

https://github.com/privacytoolsIO/privacytools.io/issues/840

1 Like

Wow, thank you Mikaela - that certainly doesn’t inspire confidence in privacy does it?!
So instead of Wire and Riot, I think I will go more towards Wire and XMPP

I have re-read your last few posts Mikaela and, due to being totally STUCK here, I have decided to change my approach slightly. I think I am going to split my contacts into THREE distinct categories:

  1. People who can ONLY use Skype and other mainstream nasties (with whom I rarely discuss much, and when I do, it;s a few messages back and forth about business etc

  2. People who can and will install apps to try out with me, but who are not technically skilled enough to tackle anything more complex than a brief sign up form, and running a very user-friendly app (so someone who could use Wire ok, but would have a cardiac arrest if asked to set up XMPP :D)

  3. People who can install and do tech stuff at least to my standard (which isn’t great, but better than an average granny user!)

This change is the only way I can make things decidable (not a word, but it works!)

So… Even though cat 1 I may try to move from Skype to Wire or other easy things (I just want rid of microshaft), I CAN continue with Skype if absolutely necessary. I hate it, but it has to be.

But for most people I will try to move them to cat 2. I am torn between Wire and Riot really. Riot seems a better choice for features and long term likelihood of becoming bigger and more widely used.

Wire/Signal/XMPP maybe - those will be for my cat 3 people.

If you have any comments I would be glad to hear them as always!

P.S. Re Riot - I read your posts again and it seems that even though they keep records of device connections, IP and times, that’s only metadata. I don’t really care about that as most people I speak to show up in my cell phone logs anyway, I dont deal with criminals or wanted enemies of the state etc!! The main desire here is to just get some damn PRIVACY on the content of my conversations. I don’t know why but to think that people are recording or listening to every word I say, well I just can’t live with that. If I was sat in a bar talking to a friend, having a PERSONAL conversation, and some guy was listening over my shoulder, I would tell him to do what I want Skype to do, namely f**k OFF out of my life!! :smiley:

So metadata isn’t a problem for me (well, it is in principle, but in practice it isn’t). But being able to have a PRIVATE conversation, that would be nice just from a privacy angle.

PS, another part of my problem is devices and app compatibility. I have just got a rooted Android Motorola G phone. I was thinking of installing https://conversations.im/ on there. But I am not sure if that means everyone I want to talk to also needs to have Conversations installed, which means they MUST have android. I have iphone and mac desktop machines, so I wonder if there is a way to make Conversations.im work on those?

Conversations.im does look DAMN good for privacy, including metadata, forward secrecy, E2EE and deniability, so it seems to tick every single box (until someone unticks one here :D) - BUT it’s only available for android. This privacy stuff sure ain’t easy is it?!

I am sure I ruled out Ricochet a year or so ago, but maybe prematurely before I learned a lot more about this stuff. I just read another great post on this board where the author said he uses it. I looked at it and it looks good, if what it says on this page is true - https://ricochet.im/

Anyone care to blow that out the water for me? :smiley:

I think Riot isn’t that much easier compared to XMPP, unless you hate the people you communicate with and want them to follow the defaults registering on Matrix.org by default and suffering slowness and federaton issues due to the server having too many users. I am also let to understand that Riot Android is being rewritten and thus you may have issue sometime in the future if your contacts have to remove Riot and install Riot X or something like that, I have no idea if they are going to publish RiotX as an update to the existing Riot.

Did you ever encounter Quicksy or Kontalk by the way?

No, they just need an XMPP client which preferably supports OMEMO

I don’t remember which clients are for macOS, but they exist and I hear Monal recommended for iOS.

There is also always conversejs.org or https://inverse.chat for web.

1 Like

Even aside from security, why would you use Telegram? I think this the fourth crash I’ve had using the Telegram software. I’m strongly considering a Signal group instead.

Most Telegram users say it has great features, great clients (all platforms, official and unofficial), it’s better than Whatsapp or Viber, etc. It is for sure the most popular “private” messenger (if we don’t count WA, Viber and Skype, even they all have E2EE chats). But way more popular than Signal. And Signal is again way more popular than Wickr, Wire, Riot, Keybase…

I really don’t see any reason to use Telegram

Yea SingularyNet groups is the only reason I use it.

I don’t know about Viber, but I’m pretty sure neither Whatsapp and Skype are as private as they claim to be. Even if Telegram is also not as great as it claims to be, is open source and can be audited. I wish I could use Signal more often, and get rid of Whatsapp altogether, but as it stands right now Telegram is simply the right tool for the job: fairly popular and secure. If anything, I don’t see any reason not to use it more often.

But why people think Telegram is more secure than Skype, Viber or Whatsapp? Just because its clients are open-source?

I don’t know about that, but I think it’s worth mentioning that Facebook has had massive data leaks before which may lead to that conclusion. It was also found that Microsoft handed Skype conversation to Chinese contractors without any security measures.

Also important to note that security and privacy are not the same. As far as I’m aware, no 3rd part has actually breached or hacked into any of these services.

  • It’s not FACEBOOK which I consider worse.
  • There are people using it and I considered returning there to be less bad option than returning to FACEBOOK.
  • The app is not Electron (heavy).
  • There are open source clients, even from main Debian repository.
1 Like

Ok, Whatsapp (FACEBOOK) might be worse in terms of privacy, but still more secure (I’m not saying it is, but no one can tell it isn’t also). But why use Telegram instead of Viber?

Also, If I’m going to stop using Whatsapp, Skype, Viber… At least I would choose both more secure and more private messenger (e.g. Wire, Signal, Riot…)

One more thing - do we know how much metadata Telegram collects?

By FACEBOOK, I mean all their products.

  • WhatsApp does have E2EE encryption, but likely also takes a lot of metadata and everything is closed source. It also shares my phone number to all my contacts and groups contacts add me to (which is what I also dislike in Signal)
  • Facebook has no E2EE that I know of, but people are using it and alongside Telegram it seems to be the only OKish way to hear of public events or stay in contact with people who are not going to install Signal or Wire or Jami or anything.
  • Messenger had E2EE that no one used only in one of their clients last time I used it.
  • No one I communicate with uses Viber.
  • Viber is not open source.
  • If I recall correctly, it requires having it installed on phone to login.
  • Viber is also Electron?
  • Viber shares my phone number to all my contacts and groups?

I am using too many instant messengers including 5 that are mentioned on our real time communication page. Which one private messenger do you choose to have contact with your family, friends, groups and everything that you need real time communication for?

I imagine it collects everything it can if the actual data is also accessible to servers.

PS. To clarify, I am not saying that you should use Telegram, I am saying that it’s one of the instant messengers that I use and my reasons for it.

1 Like

Also, If I’m going to stop using Whatsapp, Skype, Viber… At least I would choose both more secure and more private messenger (e.g. Wire, Signal, Riot…)

I just want to add one more thing to what Mikaela mentioned, and that is if you find other messengers more reliable then go ahead and use them. You asked for reasons why to use Telegram and you have a few, just bear in mind that these by no means exclude other messengers as valid alternatives.

One more thing - do we know how much metadata Telegram collects?

Why don’t you give us some reasons not to use Telegram? Regardless of whether there are other clients that are better, more secure, etc. Just to know about your views on the topic.

1 Like