Privacy @lemmy.ml FarLine99 @lemmy.world 11 mo. ago

Telegram Android Notifications

How do notifications work in the official Telegram Android app (Play Store vs Site version maybe)? Does it have the same mechanism as Signal, which only recognizes the presence of notifications via Google services, but sends them via its web socket service?

37 comments

deleted
- I know and use Signal to communicate with family/friend. but everyone at work uses telegram, I can't give them all an ultimatum to switch to Signal
  
  If you're ready to put on tinfoil, signal is not the way to go too
  
  Phone number requirement is a big no-no in privacy community, plus signal wants to centralize more and more, when they could actually make it possible to selfhost signal
- I've been using Telegram enough to understand that such allegations are useless. The first link is literally not about Telegram but about its 3rd party fork that original developers can't do anything about. The second link is about piracy, and any app owner would handle any data they could in similar situations.
  
  Telegram is not just a messaging app but a public platform with channels and public chats. Any app with these properties will eventually have the same issues. If you don't want to risk, you just use it as a personal messaging app and that's it - in this way it's not much different from other "secure" messaging apps.
  
  The way for apps like Signal to remain "truly secure" in "careful" users' eyes is avoiding the introduction of the public communication part, which could lead to all the same problems some people don't like Telegram for.
  
  That said, Telegram actually has a history of being a "bad actor" if you want to call it so. Namely:
  
  At first it was possible to steal someone's account by faking a SIM card (any government can do this). Later Telegram introduced cloud password that helped to prevent such cases.
  
  At various points Telegram wrongfully banned and marked as "fake" various channels and bots used by opposition in Russia.
  
  But I can't agree that either of that makes Telegram an insecure messaging platform. It's either about bad management decisions in specific situations (e.g. Durov being worried about Telegram getting banned) or technical aspects of how user reports are handled (basically any channel can get marked "fake" if enough user reports are received).
  
  deleted
  
  yeah funny how the oh-so-private and amazing signal allows bad actors to take over your account with sim access, and telegram does not.
- Your first link:
  
  42 million user IDs and phone numbers for a third-party version of Telegram were exposed online without a password. The accounts belong to users in Iran, where the official Telegram app is blocked.
  
  How is that a state exploit of Telegram? It's not even about Telegram. It's a third party app.
Telegram uses Google services like Signal for notifications - https://telegra.ph/Notifications-FIX its the first point under the Android section

https://core.telegram.org/api/push-updates these are the docs for building your own Telegram app, specifically the push notifications section and again it mentions using APNS for iOS or FCM for Android but they also offer Simple push which would work with Unifiedpush and would be one way to bypass FCM but I don't know if they offer that in their official app or if there are any other Telegram apps that have implemented it
- "Signal only uses FCM to wake up the Android app if there are new messages waiting on the Signal server and the app isn't connected to it. Signal does not include any information in these notifications, encrypted or otherwise, so Google can only infer that your device has something queued on Signal's servers." I was wondering if a similar system has been implemented in telegram?
  
  It's still metadata, ditch google play services all at once
- The Telegram client available on F-droid does not use FCM for push notifications.
I've noticed notifications are working sporadically now for quite some time (at least half a year now) for both Android (both Play store version and APK) and iOS from my experience. Only on the deskptop version of it are notifications instant, hope they will fix it at some point
- I had this when I used microG, it started in the last month, official google services are fine so far)
  
  Damn, didn't occur to me at all, I do use MicroG, but that still doesn't explain late notifications on the iPhone. This is going on for quite some time, friends also report the same issues regardless of plaform
i assume that the official telegram client uses FCM. but the Telegram FOSS client on Fdroid and its forks use a background service.
- I'm thinking the same way for now, hopefully I'll be reassured)
Signal does not use google if it is not available, so no. If you think about privacy, stop using apps like Telegram and please stop using google services
- I still want to communicate with normal, normal people, play normal games. i don't want to put myself in complete isolation from the world, so i can't throw away google services yet).
  
  Youd be surprised how little its actually needed. I've been free for about a year now, some games complain about not having it but then work anyway.
  
  Normal people do care about their privacy, they just don’t know enough about tech to understand what services to use—which is why they trust the surface level privacy marketing from Apple. But if you are someone that does understand the tech, then you should feel empowered to help these folks out on their messaging front. If you host it & give them accounts, many come. You could set up an XMPP server for messaging & a Mumble server for voice coms & folks will be happy to chat with you regardless. My longer-term experience is folks are happy wdth how much lighter weight these 10+-year-old technologies are that they start to prefer it.

You've viewed 37 comments.