Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones.

A few things to keep in mind:

1. Apple's build process makes reproducible builds near-impossible.
   • All the effort Telegram went through and it doesn't completely validate the entire build - there are components that are not fully reproducible [0] and as we saw with the recent XZ backdoor, these could potentially be leveraged to hide a backdoor while claiming to be secure - so was anything gained other than "these things are validated but this black box, which could contain malware, was not validated because we can't check them"?
2. Developing Signal is difficult.
   • Signal is developed by a small team and has to prioritize and coordinate efforts to deliver results - look at how long usernames took or even private contact discovery [1] - nearly 3 years (as a preview) after Signal was created.
   • Signal has no built-in telemetry, any issues are not automatically logged and reported. The end user has to manually submit debug logs and provide an adequate description of the issue for the devs to even attempt to understand what the issue is and how to fix it. Telegram may also have this issue in their very limited private chats, but as most chats aren't E2EE, they can already see all your traffic anyways, making things significantly easier in terms of development speed.

Considering the two points above, it's not irrational to come to state the following:

1. Signal has been prioritizing a fully end-to-end encrypted (E2EE) platform that shares zero data with anyone but the intended recipient and this decision has slowed down their development speed. Non-E2EE chat solutions have existed for decades and can iterate and progress significantly faster as they don't have to work on difficult privacy/security/encryption related issues.
2. Telegram has not been prioritizing a fully E2EE platform and by default do collect most of their user's data. This makes it much easier to develop Telegram and is why E2EE group messages don't even exist on the platform - the Telegram devs have spent more time talking about privacy and security than actually implementing it

Given the two statements above, assuming both projects need to balance resource constraints, it's safe to conclude, :

• Signal has spent zero effort working on reproducible builds on iOS because its impossible to completely reproduce a build and would take development resources working on enhancing the platform for minimal gains, as Telegram has proven [0]. Signal has instead placed their efforts on reproducible builds on a platform where it is possible [2].
• Telegram, instead of working towards implementing security and privacy by default, have decided to work on security theater by working on reproducible builds for iOS that are not even completely reproducible.

Signal refused to add reproducible builds for iOS, closing a GitHub request from the community.

It was closed because they use Github for bug reports, not feature requests [4]. The dev even pointed them to the right place. That said, I do agree it would be great if there was some progress made on this front for Signal, but realize its a huge effort and may be best avoided for now as the iOS client still needs some "catching up" to do, compared to the Android version.

And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤

Agreed.

Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪

Telegram collects all your data by default in a way that's accessible to anyone with enough privileges to their infrastructure.

[0] https://core.telegram.org/reproducible-builds#step-6-comparing-the-appstore-build-and-the-version-built-in-the

[1] https://signal.org/blog/private-contact-discovery/

[2] https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds

[3] https://github.com/ali-fareed/darwin-containers/commits/main/

[4] https://github.com/signalapp/Signal-iOS/issues/641#issuecomment-1276308990

There's a few clients for Signal, nobody is preventing developers from creating apps; there's Molly, gurk-rs, Axolotl, Flare, signal-cli, Pidgin (with the Signal plugin.

The problem is 3rd party clients don't implement all features because it takes a lot of work and they're created/developed by volunteers - just take a look at Matrix and how many clients support all features or even just group end-to-end encryption (E2EE). Last I checked many third party Matrix clients didn't support encrypted group messages, primarily just Element, the reference client built by the matrix developers. So you have the same problem on Signal that you have on Matrix.

Signal > Matrix/Element > RCS > SMS.

iMessage isn't in the equation because it only works on a single platform.

link for the lazy?

I've gone back and my main feed is mostly posts about women asking for their "rating", weird af. don't miss it at all with lemmy and all the alternatives available.

Just tried sending an 8GB file and it froze. Worked great to send a small image tho!

Because not only do you (the end user) have to go out of your way to get it, but you get spammed by Microsoft/Edge and Google/Chrome to install a "faster" and "more secure" browser. Additionally, on the mobile side, Apple is preventing all iPhone/iPad users from picking a real alternative browser that isn't just webkit re-skinned, putting half the population at a disadvantage and to their own corporate interests.