Many people who focus on information security, including myself, have
long considered
Telegram suspicious and untrustworthy.
Now, based on findings
published by the investigative journalism outlet ISt
You’re better off using WhatsApp compared to Telegram, but that’s a very low bar, and it absolutely doesn’t mean that anyone should use WhatsApp.
Signal, Threema, Wire and SimpleX are far better options. I prefer Signal, because it’s very easy to use, the UI/UX is basically the exact same as on WhatsApp. It’s also free, unlike Threema, and uses either phone numbers or user names as identifiers, unlike SimpleX, which requires you to share a QR code.
Signal is also the most popular of these messengers, so there’s a larger chance that someone is already using it.
As for F-Droid: It’s not a good way of distributing such privacy/security-relevant apps like Signal. F-Droid doesn’t have certificate checks built in, thus the APK could easily be modified without the user ever noticing. Again, I don’t like Google, but you’re better off downloading Signal from the Play Store.
The best option is to use Obtainium and automatically fetch the latest version of the Signal APK directly from their website https://signal.org/android/apk/
That way, you’re at least getting the app from an official source, built and signed by the Signal developers, not a random third party.
You can use AppVerifier to verify the integrity of the downloaded app aginast the certificate fingerprint on the website.
No, but an app like Signal claiming to care about privacy should at least make an effort to be on the largest open source appstore. The fact they don’t, despite very loud complaints from the community, makes me question their commitment to privacy and security.
Again, I just explained to you that the “largest open source app store” is an insecure mess and isn’t suited for apps like Signal. You don’t need to use Google Play, you can find the APK on GitHub, or the Signal website, together with the certificate fingerprint.
makes me question their commitment to privacy and security.
That doesn’t make sense. F-Droid neither secure nor trustworthy. Signal not being on F-Droid is a good security choice. I recommend reading through this thread.
Signal devs accuse f-droid for not being secure, but do not offer any convincing arguments to back it up. Just saying it doesn’t make it so.
F-Droid works. I have 20+ apps installed on my phone from F-Droid. I am not going to go back to installing apks from website or Google Play just so that I can use Signal.
Literally no one here is advocating for the use of WhatsApp. Stop making up straw man arguments.
Just above you said “You’re even better off using WhatsApp”.
I will use Signal if Signal devs get over their hate of F-Droid.
You’re better off using WhatsApp compared to Telegram, but that’s a very low bar, and it absolutely doesn’t mean that anyone should use WhatsApp. Signal, Threema, Wire and SimpleX are far better options. I prefer Signal, because it’s very easy to use, the UI/UX is basically the exact same as on WhatsApp. It’s also free, unlike Threema, and uses either phone numbers or user names as identifiers, unlike SimpleX, which requires you to share a QR code. Signal is also the most popular of these messengers, so there’s a larger chance that someone is already using it.
As for F-Droid: It’s not a good way of distributing such privacy/security-relevant apps like Signal. F-Droid doesn’t have certificate checks built in, thus the APK could easily be modified without the user ever noticing. Again, I don’t like Google, but you’re better off downloading Signal from the Play Store. The best option is to use Obtainium and automatically fetch the latest version of the Signal APK directly from their website https://signal.org/android/apk/ That way, you’re at least getting the app from an official source, built and signed by the Signal developers, not a random third party.
You can use AppVerifier to verify the integrity of the downloaded app aginast the certificate fingerprint on the website.
I don’t trust an app that tells me to download from Google Play. Sorry, not going to happen. Signal has too many red flags.
So almost any Android app in existence?
No, but an app like Signal claiming to care about privacy should at least make an effort to be on the largest open source appstore. The fact they don’t, despite very loud complaints from the community, makes me question their commitment to privacy and security.
Again, I just explained to you that the “largest open source app store” is an insecure mess and isn’t suited for apps like Signal. You don’t need to use Google Play, you can find the APK on GitHub, or the Signal website, together with the certificate fingerprint.
That doesn’t make sense. F-Droid neither secure nor trustworthy. Signal not being on F-Droid is a good security choice. I recommend reading through this thread.
Signal devs accuse f-droid for not being secure, but do not offer any convincing arguments to back it up. Just saying it doesn’t make it so.
F-Droid works. I have 20+ apps installed on my phone from F-Droid. I am not going to go back to installing apks from website or Google Play just so that I can use Signal.