No, if you want to use Telegram, installing Fernschreiber from Jolla store will do.
Just search in browser: securemessagingapps.com and you will find a thorough comparison of most existing chat apps.
1 Like
You can pay for Threema directly on their website, you do not need Google Play Store for that. If I remember correctly it is even possible by using bitcoin, so you can buy it without revealing your identity.
Nice, this will help some
It’s better to download from official venues if possible. As Google Play Store isn’t available, you can download apk of both apps from their official website:
Signal: https://signal.org/android/apk/
Telegram: https://telegram.org/apps
The Android store you get on Jolla is aptoide, which isn’t the safest (official apk, FDroid or Aurora Store are better).
1 Like
In this discussion, what does ‘best’ mean?
Is it ‘more convenient’ or ‘more secure’?
Whatsapp does not match any of those indeed. It is said to be secure, but we don’t know that (because it is not open). So first things first, why do we need an open client?
An OSS client is definitely more secure, because you (or somebody else) can check the encription algorithms. Telegram, Signal and other decentralized systems mentioned above check this box.
What about the server? Does it need to be open/decentralized?
An OSS decentralized server secures you even more from leaking metadata (who are you talking with). So this is desirable.
But not that practical, since you would only NOT leak metadata if you and your party use a self hosted server.
Telegram has a closed source server. They will start to add monetizing through ad-shared revenue in groups (if the group wants to run ads). By default the discussions are cloud stored, so available on multiple devices (and we have 5+ clients on Sailfish OS), but they have Secure chats for E2E encryption. Knowing the protocol is open this is enough NO NEED TO CONTROL THE SERVER to check this.
Convenience? Use it from any device for cloud chats, only from the originating device for Secure chats.
Whatsapp is out of the question, we don’t know if it’s secure and the server is closed too.
Convenience? You have to have the phone powered to decrypt messages, as its the only point of truth (in theory, since it’s not open - we don’t know).
Signal is deemed to be the the reference implementation of the protocol whatsapp uses, has open server and open client but no federation with own servers (meaning: it still leaks metadata. Plus, would any signal client connect to whatsapp? Your guess why not)
Convenience? You have to have the phone powered to decrypt messages, as its the only point of truth.
The real option: decentralized servers where you have your own one (many mentioned above).
You will not leak metadata, chats, anything if you only use your server.
Convenience? Your call.
(oh… the times where facebook messenger and google talk and even whatsapp used to be just xmpp implementations… good lord)
no, there was a funny article about facebook users shifting from whatsup to signal, thats all
That’s incorrect, you can sign up to Signal using your phone, connect it to Signal Desktop (or to (another) instance of Whisperfish soon™), throw away your phone and Signal Desktop will continue to work. Contrary to the way Whatsapp does it, Signal simply adds new devices to the list of trusted devices messages need to be encrypted to and from. This is also contrary to the way Telegram does it, because as far as I understand it’s impossible to have an encrypted conversation on Telegram with more than one device - you’d need to have a separate conversation per device, which is ridiculous in this day and age.
There was a short period when contacts import worked. I had also the desktop version and even after the change in Signal’s mobile app the desktop client worked without problems.
hach…I really like Telegram for usability. But its a trade-off between security and usability. And Signal wins.
Thanks for checking my assumptions, I was not aware of this, I just assumed it is a limitation of an E2E implementation you have to live with (Whatsapp and Telegram were clear to me how they implement this).
Do you have any info how this works? Sounds like E3E or EnE to me (multime Ends to multiple Ends encryption). What would one know how many ‘trusted devices’ would be there and prevent a third party to add one?
The encryption is indeed multi-end to multi-end, though with an artificial limit to the amount of ‘ends’ as each ‘end’ inflates the size of the encrypted content. The encryption protocol itself is far too complex for my understanding, but as a user you can link up to five secondary devices (officially, this means five instances of Signal Desktop, but unofficially and theoretically you can do whatever you want), and if you no longer trust one of those devices, you can remove them again and those devices will lose access to your messages. The only one who can add a new secondary device (or remove one) is the person in charge of the primary device. I’m not sure if that’s because it’s required by the encryption protocol, or if it’s because it’s a design choice in Signal.
The protocol Signal uses was also adapted to be used with XMPP, and dubbed ‘OMEMO’.
1 Like
Hmm I actually searched this a bit. This is the original desktop beta announcement: https://signal.org/blog/signal-desktop/
„Signal Desktop is a Chrome app which links with your phone, so all incoming and outgoing messages are displayed consistently on all your devices.”
I don’t see how this is different from whatsapp.
throw away your phone
maybe shut it down? Let me know if then it still works
Later edit:
As an example, social apps need a social network, and Signal’s is built on the phone numbers that are stored in your device’s address book
It’s multi-end to multi-end, therefore it works regardless of which devices are online. Up until a couple of weeks ago, I hadn’t even used Whisperfish for years, only Signal Desktop.
You must be misinterpreting the part you quoted, because nothing in there points to the primary device having to be online to receive messages on other devices, because, as I said, that is not the case, because the encryption is multi-end to multi-end and not single-end to single-end. Signal Desktop is also no longer a Chrome application, but an Electron application.
The numbers in your address book are checked to see if they belong to a Signal user, but someone doesn’t need to be in your address book to contact you, and you don’t need to have someone in your address book if you know their phone number. This checking of the address book is actually done in a way that doesn’t let Signal find out who’s in your address book. You still do not need to even own a phone at all after the initial setup.
Hi
Thanks, i tried installing but it appeared to freeze and wouldnt let me enter my phone number to register, any ideas?
Hi
thanks for the info
I have downloaded both APKs but can appear to get them to run. I have File Browser and can find the APK in the Download folder but get a message saying “Install Launched” but then nothing actually appears to happen
Any help on this?
thanks
I guess you are referring to Whisperfish, the best would probably to contact the developer @rubdos, he is very supportive.
If you have Android support, usually you won’t see a visual indication of installation from the file browser. Check the list of installed apps, if install is success you’ll see it there.
If you can install Aurora Store (you find it in F-Droid), you’ll get access to apps in the play store and install from there.
1 Like
ughh
i can.promise its not because i want to, any suggestions ?