Telegram is some shady ass shit NSA-proof encrypted chat app by the russian who made VK and there's a whole history of him talking absolute bullshit proving he doesn't know crypto. One of the biggest issues is that while the client is free software the server is not, meaning you can't self host. It's not really free software.
Therefore everyone recommends Signal by moxie a twitter-infosec-clique approved cryptographer (and to be fair he does know his shit, he's one of the world experts on crypto - I'm not doubting the cryptography of Signal despite the recent whatsapp issue [1])... but you probably heard about the shitshow that was issue 37 of the LibreSignal fork [2].
Well Signal is not really free software just like Telegram: The server source code is not available. I hope people stop recommending this shit. We deserve better.
The only true free software app I know of for chatting to someone with a phone is fucking ChatSecure which is XMPP/OTR garbage that crashes if you so much as turn your phone while typing. It's pathetic that settle for this or something that isn't really free. We deserve better.
Also as Signal is an integration of RedPhone and TextSecure, RedPhone is even more simple, as it seems to be handled by GCM, which isn't surprising. The phone side is done using RTP peer to peer, so there isn't much to the server.
Juan Watson
oh shit this is awesome. I was wrong, mea culpa.
Jonathan Bell
So my question then is, Could we hack signal so that it doesn't use phone numbers?
It doesn't matter whether server is closed source or not.
The whole point of End-to-End encryption is that it doesn't matter what's in-between, even if it's NSA agents. And Signal does that well. Technically, even if the source was available, server it officially connects you to could run a modified version and you wouldn't even know.
Matthew Davis
I understand your point but there's also the issue of needing to self host! if they don't give a server it's too much trouble and everyone is locked in to the central one
William James
It does, because people will buy the end to end encryption meme despite the fact that the protocol itself is dogshit, in say Telegram. Telegram E2E can be MITM'd.
Nicholas Long
What's with the obsession with gifs lately?
Lucas Hughes
what about Wire? It uses Signal's encryption protocol and OTR for text messages.