from Wudi@feddit.uk to privacy@lemmy.ml on 27 Feb 16:05
https://feddit.uk/post/45043385
“Telegram is not a private messenger. There’s nothing private about it. It’s the opposite. It’s a cloud messenger where every message you’ve ever sent or received is in plain text in a database that Telegram the organization controls and has access to it”
“It’s like a Russian oligarch starting an unencrypted version of WhatsApp, a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. Somehow, they’ve done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives in Russia, and their families are there.”
" What happened in France is they just chose not to respond to the subpoena. So that’s in violation of the law. And, he gets arrested in France, right? And everyone’s like, oh, France. But I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn’t have access to the data and couldn’t respond to that same request. To me it’s very obvious that Russia would’ve had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment"
threaded - newest
pro tip: there is no such thing as a fully private app or communications channel unless you are face to face with someone and in a Cone of Silence™.
While that is true to a degree, it is still worthwhile to have a hierarchy of escalation about on which app or platform it is safe to say which thing and which not.
True. But there are still degrees of privacy you can achieve without going to extremes.
<img alt="Portable cone of silence from the TV comedy Get Smart" src="https://i.imgur.com/YNdiLky.gif">
What?
WHAT?!
Unfortunately, this is a barbell of silence. Privacy won’t hold up to our expectations unless it is cone shaped.
was hoping the reference was going to be recognized. :)
Didn’t JUST get this way, we been smart
Why not? If the service is fully decentralized and e2e enceyptwe with metadata included how is this not fully private?
I suppose someone with access to the network could see were the traffic is going to and from, in that case add a trusted vpn + tor. Ok sure it is possible for tor to be tracked and it is possible for a team to hijack your vpn providers servers forecefully and take logs. So technically possible. But even then they will only find who you are talking to, not what you are saying.
But it is also much easier to use countless tracking techiques to locate you, find were you are going and find who you are talking to.
Both of these are very unlikely to happen unless you are being personally targeted by govenment agencies.
It doesn’t matter how private and secure the messaging app is if the OS / keyboard / some random Google slopware with notifications access / physical device is compromised.
But for 99% of people, Signal, Telegram or even WhatsApp is good enough.
pretty much yeah.
Hmm maybe not whatsapp or telegram though. One of them is spyware and the other one is spyware and supports one of the (if not the) most evil tech companies in the world.
and in the US, as ab example, the gov is actively targeting citizens and noncitizens without the required warrants.
so yeah. assume the worst and prepare accordingly.
And WhatsApp is worse. It fails to include a libre software license text file. We do not control it. It is never secure.
I don’t think this really makes sense as the leading point. More like “It’s run by Meta and who knows what kind of backdoor they put in”
Yeah, it uses the signal protocol, but who’s to say they don’t have a secret member of every conversation.
I think WhatsApps biggest risk is the metadata. They know every group you are in and who else is in that group. They know when messages are sent and to who. They know where you are at all times, and probably have access to your libraries as well if you didn’t specifically restrict that. It’s a huge trove of data, which one would assume is freely shared with governments on request.
I have a credible source that says they’re scanning media being sent. They have a CSAM or related department. No idea how that works but I heard it exists. Can’t find anything about it on the internet however to confirm
I wouldn’t say it’s worse. It technically claims to have end-to-end encryption while telegram doesn’t. I wouldn’t trust it at all because it’s from Meta, but I don’t see how you can say the one at least claiming to have encryption is worse than the one that just flat out doesn’t have it.
End to end encryption is worth nothing when WhatsApp have access to the encryption key. And the fact that all photos you see on WhatsApp are saved on your phone without encryption means that it’s only encrypted when it’s sent, nowhere else.
I also have very suspicious examples of advertising linked to WhatsApp conversations.
Yes, it’s not good. We’re talking about if it is worse than telegram though. Not if it’s simply good or not.
I thought I was pretty fucking clear on that in my original comment?
From my perspective, I’d rather have an enemy of country to have my personal data. It’s far harder to use for them than for my country.
Exactly. Meta is fine with What’sApp having E2EE, because they can still spy at the endpoints
Lying is worse and you already said you don’t trust it at all.
Worse with an asterisk. For making contents encrypted - no, anything else - yes
It’s not.
Not = content not encrypted, or not worse
I’ve been saying this for years. Telegram is a social media app.
I randomly got banned on telegram I have no idea why.
AI moderation made worse, not distinguishing between a bot and and real user.
Ya or I just pissed off the telegram douche bag, all these idiots know me.
Were you using it to catfish strangers via DM? If you weren’t, maybe they banned you for misuse of the platform.
Nope I wouldn’t even know how to start doing that. The last convo I had was with some dude I used to know who’s been hanging out with Zionists because he’s in the psytrance scene. He started talking about how there are to many people on earth and we need to get rid of some of them stop climate change, he was also ranting that single fathers have no rights (which isn’t true in the place where I live). I told him that he’s being kinda fascist and then the next day I was banned, maybe he reported me but I didn’t want to give telegram my full name so I was just like fuck this platform. All I wanted from that guy was to get some synths back that I lent him.
Oh, I was just making a cheap joke. I used Telegram for a while for a specific group, and in that time I was inundated with catfishing bot messages. The joke was that that’s the purpose of Telegram and if you’re doing any else on it, you’re misusing it.
It was a very funny joke.
Went right over my head.
Yes, but did they have a sauna together afterwards?
Seriously though, Signal founder should be careful not to use too much free speech around this, as even sauna can have 2nd floor windows you can fall out of.
Just tell people Telegram and Whatsapp and the TenCent clones are all the same. Signal is a bit better, matrix should be standard, and indeed, face to face without any electronics and lots of background noise is still best.
Why is this interview happening inside a sauna?
Why not? I thought it was een interesting choice ;-P
She likes putting guests on the hot seat.
Right? If they’re just chatting this should be happening in a jacuzzi with nice glasses of milk 🍼 👍
Like in a sauna you should be completely exposed or something
They say the trick to public speaking is to picture the audience naked, but I actually prefer to do my interviews in a sauna so the audience pictures me naked.
What
If you watch the video - its explained starting at 1:13, Moxie built it himself: www.youtube.com/watch?v=cPRi7mAGp7I
That’s fucking awesome
Moxie might not be right on every issue and might even be a part-time fed but his bona fides are impeccable
Dude is an OG from WAY back, used to frequent EFnet in the 90s and was already “elite” then.
It’s his personal sauna. He built it himself.
www.instagram.com/p/DNV-qUfPZJ0/?hl=en
Why did he invite the hot reporter chick to his sauna? would be the follow-up question…
You answered yourself.
If I had a personal sauna, I’d invite everyone. But I’m not from puritan central (USA) so that might be a foreign concept to some readers.
It’s a sauna on a boat. She’s out in the middle of nowhere with some dude she barely knows. You know, she looks around and what does she see? Nothin’ but open ocean.
it’s the D.E.N.N.I.S. system working
Because of the implication…
That explains that awkward interaction in the interview. It’s like an interview happening in the Black Lodge.
Somehow all these years I thought that Marlinspike is either Swedish or Finnish, so the sauna would be on brand.
for the thumbnail :)
To me, that is just clickbait.
Pretty sure signal is not the best option, but telegram should be avoided at all costs.
Why do you say signal is not the best option? My only discomfort with it is the phone number requirement (and I think they maybe relaxed that)
Context:
…signal.org/…/6829998083994-Phone-Number-Privacy-…
Phone number requirements + afaik servers are in USA + it was some cryptocurrency related story (they tried to add some crypto wallet at some point)
Ah I am not bothered by the cryptocurrency … thing. It’s pretty well buried in the app, and doesn’t seem like anything they’re particularly trying to push. More like a failed experiment.
It’s important to remember that for a lot of programs that have some tangentially related crypto feature, crypto used to be popular. It still is popular in some circles. There was a time when it made sense to include those features because users were asking for it. So time, money, and energy was spent to add those features.
What do you expect them to do with those feature now? You really think they’re just going to delete them? Why would they remove an already developed and implemented feature? They hurt nothing. People don’t have to use them. Them existing doesn’t take anything away from the app functionality.
It’s like being upset that old car models weren’t recalled to remove ash trays and cigarette lighters when smoking became unpopular.
It’s not the wallet itself that bothers me (it is these days equivalent of adding some ai feature), but the story behind their involvement with and promotion of a particular blockchain or coin . Frankly can’t recall all the details .
Damn near everyone was making a coin at some point. Again, why would they remove or get rid of a feature they spent time, money, and energy to develop when it doesn’t hurt anything by being there. In fact, they’d have to spend more time, money, and energy to remove it than if they just left it in place.
Yeah, you can make payments with MobileCoin. 🤮
Luckily, Signal does give you the option to completely ignore it. I only see it mentioned in the settings and I have not enabled it.
Same with stories, you can enable/disable them. Although, if I want to convince my normies friends to look at Signal using stories probably helps that. 🤷
You mean one of the few countries not currently trying to dismantle encryption?
Supported by US nasty agencies… They do NOT care about any-ones ‘privacy’ and would only support if they have another purpose or a way in…
How is signal not the best option?
Tbf, there’s options that are just as secure and don’t require a phone # to register, but that doesn’t make Signal bad
Signal does not require a phone number to register anymore, afaik.
it does at least on android, you don’t need to share it tho, there are usernames now
Signal still requires a phone number. What was added is usernames for contacts, so you no longer need to give other people your phone number for them to contact you. It is a step in the right direction, but it would be great for them to get rid of the phone number requirement all together.
Ah thank you for the clarification!
Signal is good because it is easy to get others on board because of its simplicity, while having good encryption and security. However, SimpleX is just a better option. No phone number required, the same encryption, you can make a new profile whenever you want and you can have however many you want at a time. The groups can hold thousands of people. You can have it automatically make a new anonymous profile for you for each contact and group so that you can’t be tracked across them apart from your writing style. There are no usernames, you add each other through links, which can be temporary or permanent, and you can add or remove a link whenever you want.
Sorry for that big wall of text, I just spat out all the things SimpleX is better for. I think that it’s platform is the future.
the tracking argument against signal is pretty weak imo… signal has no ability to build a social graph because in 2018 they implemented a feature called sealed sender which is a cryptographic mechanism that allows you to send a message without disclosing to signal who you are (the receiver still knows, and rate limiting still works)
the reality of signal having your phone number is they know you (as an identity/person) use signal and that’s it
I know about that and that’s why I’m not worried about them having my phone number, but its still a pointless requirement. What if I don’t have a phone number for privacy reasons? SimpleX is still better in every way other than simplicity.
i’d agree that for privacy alone simplex is probably better, but until it scales i’m not sure we can say that it will be able to scale. i have my doubts, simply because if you can have unlimited anonymous profiles, when it becomes a high value target then spam becomes a real problem, and then there’s only 2 major solutions that i can think of:
Well spam seems pretty easy to combat. A lot of the groups make you talk to the admins and wait before you can talk, and you can have it so you approve contacts before they can contact you using one of your links. And if one of your links falls to spam, you can just delete it. I’d say spam isn’t really an issue.
that’s reasonable. perhaps the best service is one with both options: you can somehow have a verified account that lets you msg people you haven’t connected with (perhaps they have an “allow from verified” contact option), and join groups without verification, but that you can also have unlimited anonymous accounts that are assumed spammy
Personally I disagree and think that the way SimpleX already has it is the best way because I don’t think trying to protect your privacy as much as possible should automatically get you labelled as a spammer, but I can see your viewpoint.
yeah, bad choice of words on my part… and i think the verification doesn’t have to be identity-based… it just has to be some limited resource (which identity is, and guarantees fairness because it’s n per identity)
it’s all compromises, and i don’t think there’s a perfect solution… what we want is the largest impact on general privacy the world over, and options that allow verifiable perfect privacy when needed - but understanding that that requires compromise in things like usability simply because it’s more complex to set up things like trust networks than to … just not
What do you mean?
DoDDOW uses it, it must be super secure /sIt is as long as you pay attention to who is in a group chat
Remember how Telegram said they would stop providing Chinese authorities with user data during the Hong Kong protests. Implying that they were doing it at some stage.
Also remember how the FBI have said in several leaked documents they hate signal because the only data they get is when the user signed up and the last time they were online, nothing else.
Which app would you rather use?
Random mention of Matrix because I feel i should
Nothing federated is private, mind. Even with E2EE on in private rooms for specific messages, Matrix still relies on a constant information feed during use that can be used to deduce who is messaging whom and when, even if the content of the message itself is encrypted.
inb4 matrix fanatics say you are wrong and spreading false info
What, are you talking about? “Information feed”? Where? By whom?
E2E encrypted messages in Matrix contain more user metadata than alternatives like SimpleX, nothing scary but a MitM is able to see origin points, destinations, and times of messages. Server to server, if you’re using E2E encryption, it relies on trust that the other server is not compromised.
And it seems Matrix.org is not the best at security disclosures: soatok.blog/…/cryptographic-issues-in-matrixs-rus…
I agree, metadata collection and the obligatory matrix.org server are the biggest problems for privacy, but I don’t think you made that clear in your comment.
Yeah with a lot of research they may be able to figure out that semi-anoymous account messages semi-anoymous account at this time. But have no idea what was sent.
Remember when they arrested the creator of Telegram and forced him to hand over chat logs? Yeah, nothing to see here 🙈
how much data do the FBI get from telegram? do you think the russian owner (who got arrested in france for refusing to make changes demanded of him by glowing authorities) is very likely to give any of your info over to american 3 letter agencies?
I think it probably doesn’t matter what he wants, it only matters that the data exists at all. If the owner is not giving permission, that’s one thing. But I’m inclined to believe that those American 3-letter agencies aren’t the sort to ask permission.
All it takes is one disgruntled systems engineer who thinks they don’t get paid enough. An agency comes knocking with a sizable offer of cash, and they’ll get the backdoor they want.
It’s also important to continue educating people about the fact that Signal is incredibly problematic as well, but not in the way most people think.
The issue with Signal is that your phone number is metadata. And people who think metadata is “just” data or that cross-referencing is some kind of sci-fi nonsense, are fundamentally misunderstanding how modern surveillance works.
By requiring phone numbers, Signal, despite its good encryption, inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out who talks to whom is incredibly valuable. A three-letter agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand.
So, in a twisted way, Signal being a tool for private conversations, makes it a perfect machine for mapping associations and identifying targets. The fact that Signal is operated centrally with the server located in the US, and it’s being developed by people with connections to US intelligence while being constantly pushed as the best solution for private communication should give everyone a pause.
The kicker is that thanks to gag orders, companies are legally forbidden from telling you if the feds come knocking for this data. So even if Signal’s intentions are pure, we’d never know how the data it collects is being used. The potential for abuse is baked right into the phone-number requirement.
Best alternative?
Probably Briar. Encrypted, P2P, and doesn’t require anything but a username and password to sign up. Pretty sure that username doesn’t need to be unique, it’s just what people will see you as in messages.
Downside is it’s only Android, so many people are left out.
sadly Briar has been stuck at the “cool idea” stage for years. Still no desktop app, still no iPhone app.
Still working android app.
If the username doesn’t have to be unique, couldn’t you impersonate people?
It doesn’t work like a centralized server for connecting contacts. You use a unique link per device to initiate the original connection with others at a distance or you can use QR codes in-person.
The link just tells briar where to route the messages and looks like:
So there’s no way to impersonate someone directly. If you made two contacts and they use the same username, I suppose you could mistake them, but their contact connection keys will not be the same.
Hopefully that makes sense, if you look in the app or their site, it’s probably explained clearer.
It really depends on your needs and what people you communicate with are willing to use. A few platforms that are notable in no particular order.
SimpleX Chat is probably the gold standard right now. It uses absolutely no user IDs such as phone numbers, no usernames, no random strings of text. Instead, it creates unique, pairwise decentralized message queues for every single contact you have. Because there is no global identity, there is no metadata connecting your conversations together.
Session is a popular Signal alternative. It doesn’t require a phone number and routes your messages through an onion-routed decentralized network that’s similar to Tor. Since your IP address is hidden and messages are bounced through multiple nodes, no single server ever knows who is talking to whom, stripping away metadata.
Jami is completely decentralized, open-source platform. It uses Distributed Hash Tables to connect users directly to one another without a central server. Notably, it supports high-quality voice and video calls.
heard SimpleX is really good, the only thing that bothers me is their vc funding model. It makes me feel a bit suspicious.
Yeah, I’m leery about anything where vcs are involved as well for obvious reasons. The tech itself does seem solid though, and it is open source. If it does start moving in a sketchy direction at least it could be forked at that point.
I like your analysis, and would love your thoughts on matrix(assuming you have ofc)
It’s better than Signal since you don’t have to disclose any personal info, but people have pointed out some issues with federation in it. Again, it’s one of those things that may or may not matter based on your use case.
That link seems dated (Nov. 2024). If anyone finds a more current critique, pls send. I also get auto-kicked from HLC simplex group, so I’m not sure what to think of them but commando’s matrix server was amazing befored abandoned
People keep finding significant vulnerabilities in its cryptography and the Matrix team tries to deflect or create strawmans for why it isnt actually a vuln. Soatok found a vulnerability in 2024 by just browsing the source code for tiny bit of time, and again just two weeks ago after looking for a couple hours. In both cases, Matrix then responded to his vuln report with hostility, saying it wasnt actually a vulnerability. He is sitting on another vulnerability.
Having a cleartext mode is a security downgrade and no secure messenger should support cleartext. It only barely got functional forward secrecy recently. VoIP in most Matrix clients (and servers) still use Jitsi backend which isn’t E2EE, even with the release of the newer (secure) Element call protocol. Matrix leaks tons of metadata, such as usernames, room names, emoji reactions, generate URL embedded previews. Rooms arent encrypted by default. It is also a UX nightmare and often times you cant decrypt your messages.
Matrix is not secure. You’d be better off with XMPP and OMEMO which has its own problems and isn’t secure either. Sill better than Matrix.
“sitting on a vulnerability” does this mean he’s discovered another exploit but refuses to disclose it essentially?
It is a denial of service attack. He discloses all vulnerabilities ahead of time. The only reason he released the previous one so quickly is because the Matrix team said it “wasnt a real vulnerability”.
I really want simplexchat to evolve and get more features. If they ever make a lot of mod tools and the possibility to make giant servers with thousands with chatrooms like discord I could see it having mass appeal due to the ease of “signup”
yeah it definitely has some promise
Session is a security downgrade. It doesnt support forward secrecy which is hella important.
Session actually does implement a form of forward secrecy through the Session Protocol. getsession.org/blog/session-protocol-v2
It seems that forward secrecy is still in development from the blog you showed.
I still wouldnt use session for the reasons stated in this Soatok’s (a cryptographer) blogs. Even if they fix(ed) these problems, I have no trust for their security implementations. Why use session instead of something like Briar?
soatok.blog/2025/…/dont-use-session-signal-fork/ soatok.blog/2025/01/20/session-round-2/
I’m not advocating for using Session specifically, I just listed it as a viable alternative to Signal. Given that it’s forked from Signal presumably it’s an easier switch for people who like the general mechanics of Signal and its encryption system.
Understood.
Apparently they don’t store contact info.
signal.org/…/looking-back-as-the-world-moves-forw…
The problem is that you just have to trust them because only people who actually operate the server know what they do or do not store. Trust me bro, is not a viable security model. As a rule, you have to assume that any info an app collects, such as your phone number, can now be used in adversarial fashion against you.
And that is the problem with anything you don’t write yourself. And for anything you do write yourself: Are you smarter than the three-letter agencies?
No need for that when self hosted open source projects exist
But again, you either read the source to confirm there’s nothing nefarious, or… you trust the programmers.
Which is not a problem, but it is a choice to trust. All I’m pointing out. :)
Well yeah everything is a choice when trust is the matter, but there is a difference between choosing a community project that can be audited by different transparent parties and choosing a private company on their own servers (even on source available projects)
You don’t have to trust anybody when you run your own server, or you use a server that doesn’t collect information it has no business collecting.
You have to trust the people that wrote the code.
Again, you’re trusting the authors of the code.
Which is fine, but it’s a choice to trust them.
There’s a big difference between having confidence in open source code that has been audited by many people, and knowing for a fact that the service collects specific information. In the former case, you can never be absolutely sure that the code is not malicious so there is always a risk, but in the latter case you know for a fact that the service is collecting inappropriate information and you have to trust that people operating the service are not using it in adversarial ways. These two scenarios are in no way equivalent.
It’s a choice to trust the entire open source community around the project and all the security researchers who have been looking at the code.
Frankly, I have trouble believing that you don’t understand the difference here and are making your argument in good faith.
Let’s back up to what I replied to in the first place:
I even took the time to quote that, because it’s important.
Of course there are different levels of trust. But what you said is flatly wrong and misinformation, if you want to get technical about it. Arguing in bad faith? I beg your fucking pardon, friend.
Just becuase it’s less likely to find nefarious code in open source doesn’t mean it doesn’t exist. There ahve been multiple cases of it found in open source code. Blindly trusting something because it’s open source or you host it on your own server is a very very false sense of security, especially in the context of the larger discussion, which came about in regard to what information is exposed by certain messaging clients.
It’s also a matter of the importance of what you’re doing.
I wrote a little CRUD app a while back to track me giving my cat medication. I sanitized inputs, but I left it open without a login on my server, just an obscure URL that didn’t get published anywhere. All you could do was click a button to indicate the cat had been medicated, or another button to delete the latest entry. That was plenty of security for that. If I was writing a banking app, I’d use a bit more.
So yes, in the same way as that, hosting something you use to chat with friends about whatever is one thing; trying to communicate secretly from a country where your comms might lead to being put to death is quite another. And in the latter case, it’s important to know that no matter what you use, unless you wrote it or read all the source code, you are trusting others with your life. Perhaps you feel comfortable doing that, but you should be aware of it.
So no, this is not a discussion in bad faith at all, it is valuable on multiple levels.
What’s important is that you’re quoting me out of context, and that makes all the difference. The actual statement you’re replying to is:
The fact that you proceed to quote me out of context and then accuse me of being wrong shows that you lack even a modicum of intellectual integrity. Then you proceed to make a straw man arguing against something I never claimed.
So yes, this is very clearly a discussion in bad faith, where you’re arguing against a straw man while ignoring what I actually wrote. It’s especially incredible since I even followed up with a more detailed explanation which you just ignored:
Do better.
You can take your rudeness and bugger off. I’m done with you.
Make all the accusations you want. You think you’re smart, but you are not.
Ah yes clutching them pearls, when called out on outright lying.
Bye!
And the client, too.
Precisely.
And it’s worth repeating here - the level of trust needed is affected by the nature of what you might lose if that trust is broken. For non-important things, trusting a third-party company is probably fine. If you’re in a country and being found out might mean you get put to death, though, the stakes are a bit higher.
There are plenty of chat services that aren’t centralized and hosted in the USA.
Sure… and my point is that you have to trust those services that aren’t hosted in the USA. It’s a choice you have to make. I’m not judging either way, just pointing out because what I responded to in the comment to which I replied was:
Which is true of open source unless you read the code and can verify nothing nefarious exists; which is true if you use a service in a country you trust; which is true no matter what you’re doing.
Not all entities are deserving of the same level of trust - some are more trustworthy than others - but you are still making a decision to trust someone unless you write the code yourself or verify the code yourself.^[And had the capability and time to do so]
Not at all. Not everyone needs to audit open source, only a few interested experts do. Most importantly, auditing is possible because its out in the open.
The just trust me model of signal means its impossible to audit, unless they give us their centralized database and server code.
If you are not auditing the source code, you are trusting those that are.
I not sure what you are trying to argue.
Even if you audit the code yourself, you still need to trust your OS, you need to trust the hardware the OS is running on, and you need to trust the proprietary drivers of each component in that hardware. Then at that point you gotta trust the person who sold you the hardware hasn’t modified it.
Ok and?
There’s a difference between trusting something written for general purpose use not to have harmful code vs. something written specifically for communications people want to keep private that would therefore be a target.
So either I felt I was making a valid point for consideration that I thought was valuable to make, or I’m a troll wasting everyone’s time.
I know what I am. And I’m starting not to care what you or others think. Go blindly and trust whatever you want, it’s no skin off my back. Frankly, I use Telegram because none of my comms are particularly sensitive, and I have no problem with that. I’d rather my private conversatiosn not be actively posted somewhere, but in the case of a breach, it wouldn’t be the end of my world. So I’ve no problem trusting Telegram thus far, personally, in my case.
Anyway, have a nice time. Understand my point or don’t.
I apologize if my comment came off as an attack, that was not my intention.
I appreciate you putting in the effort to bring up a concern, but I still don’t get it.
Hope you enjoy your weekend
Yeah there’s a reason they don’t allow you to use your own self hosted server.
People just accepting what companies say is how we ended up in the current mess. But here we are again. Companies work around how people perceive things to be secure and private all the time. It’s just one small cog in the big machine.
It’s how some NGOs are part of a intelligence and surveillance network but people only focus on the social work and it becomes immoral to criticize the good things they do as a cover.
There’s also reluctance to release it in f-droid. They say they want to becontrol the distribution, but they have no problem with Apple and Google being the main distribution platforms. They haven’t even looked at unified push. And that just adds to the “there’s something else going on” factors.
Signal protocol might be bullet proof but the app supplier, centralized server, and phone number requirement and the most mainstream OS aren’t. When you combine with how mainstream OS companies like Microsoft, Apple and Google work together with the feds, there’s ways that the bulletproof protocol may not be sufficient and is only a part of the bigger picture. There’s also US government spying on notification.
They may work without them but the inconvenience will deter 99% of people. Being dependent these external factors, It just doesn’t feel as bullet proof as a whole.
Whatsapp also uses the signal protocol, but you wouldn’t trust them because they’re under facebook, would you?
I also find it really weird how aggressively Signal is being pushed everywhere, and how any criticism of it gets dismissed or ridiculed. It feels a bit like a cult at this point.
I’m fully convinced its just like apple’s support: they make some vagueish unprovable claims about privacy, and have a functional and shiny app. That’s enough for people to overlook all the privacy issues, and build a cult-like fanbase.
Like if anyone walked into a privacy conference and said, “Hey everyone, I’m going to make a private messaging service. I need everyone’s phone number!”, they’d get laughed out of the room. But because their app looks nice, then people need to develop the cult-like following whenever it gets attacked, because its touching on an unresolved cognitive dissonance of this being a terrible idea.
Pretty much yeah, and they’ve had a really good marketing campaign too. They got a whole bunch of prominent tech influencers incessantly pushing it, and it just feels like a massive astroturf campaign to me. Like you said, if a random person pitched this idea, they’d be laughed at, but you get some people with clout to do it, and it sticks because everybody respects them and trusts them.
Yeah, this is the viable security model.
I’m not a developer, but if the client and server code is open (AGPLv3), you can definitely know what they do or store.
Except you have no idea what’s actually running on the server. Only people who operate it know.
.
The only people who know this are people operating the server. Period.
See the link I provided above.
Yup, that’s precisely what it’s a filter for.
Trust me bro is not a viable model for anybody who actually gives a shit about their privacy.
The reality of the situation is that Signal asks users for information it has no business collecting during the sign up process, and this information can be used in adversarial ways against the users. People using Signal are making a faith based judgment to trust the operators of this server.
We all know this, for reasons I’ve already stated.
Your link is broken.
100M people is not a filter…
No one said anything about that? That is not the model.
The business is connecting users. It’s one of the reasons it is the most viable private and secure chat platform. It’s why I have a dozen connections on Signal and literally 0 on every other platform. Because you actually know who’s using it. You can have the most private and secure messaging system in the world but if you can’t use it to actually chat with anyone, then what good is it?
No, we don’t all know this. What we actually know that people like you say this and expect the rest of us to trust you blindly, which is itself concerning.
Your browser plugins are broken, the link is fine. That said, here’s non archived version washingtonpost.com/…/faq-data-subpoena-investigat…
Given world population and modern data analysis capabilities it absolutely is.
That’s literally the model. Signal asks you for your phone number when you register, what happens with that information after that is only known to people operating the server. Let me know what part of that you’re still struggling to understand.
That word salad has fuck all to do with the point I made, which once again, is that you have to trust people who operate the server in how they handle this information.
Ah yes, because there’s absolutely no conceivable way to verify whom you’re connecting with aside from sharing your phone number with an American company. You couldn’t possibly use any out of band channel to verify who the person you’re communicating with is.
.
I’m not misrepresenting anything you said. Meanwhile, it’s very telling how you’ve pivoted to making personal attacks instead of actually addressing the problem I’ve now repeatedly explained. You’re not fooling anyone here bud.
.
nope… signal has sealed sender to prevent them from building a social graph
Nope, sealed sender does not address the problem because the phone number is collected at sign up time. The whole sealed sender concept is just another trust me bro mechanic because, once again, nobody aside from people who are actually operating the server know what it’s doing. Signal is proof that vast majority of people don’t understand the basics of privacy and security, and they don’t actually care.
the phone number being collected at sign up just proves that you use signal
they can’t build any kind of social graph from it… they can only use the information contained in the message for delivery and rate limiting
Again, the only people who actually know what the phone number is used for are the people who operate the server. I don’t know why this is such a difficult concept for people to grasp. They don’t need the information contained in the messages. Once the phone number is collected, it CAN be stored and associated with your account. There is no way for you to know whether that happens or not unless you have access to that server. There is no way for you to verify that the server does what people operating it say it does. That’s what makes it a trust based system.
yes, i’m aware that you don’t know what the phone number is used for, but what we can guarantee is that it can’t be tied back to your message history, because again that’s what sealed sender is for. in order to send messages, you use a signed, derived value that has never been seen by the signal servers (since it’s derived) but is still signed (so signal knows it’s legitimate: they can validate your identity and rate limit without knowing it)
so whilst the phone number is associated with an account, that only allows them to know that you (person/identity) use signal… but that identity can verifiably not be tied back to any messages you send
nothing about that identity other than derived cryptographic data is ever sent along with your messages
*edit: i’ll slightly retract that: of course your IP address is also sent along with messages, and that may be able to be tied back to your identity… let’s say out of band, of course… so it’s on you to use a VPN or some other method to obfuscate your source IP address. i’d say that’s generally applicable to any other service too
Again, nowhere did I talk about message history. What I’m talking about the server having unique ids for each user, which is how it connects users to each other, and having a phone number collected initially which can be tied to that id. You don’t need anything from the messages themselves to create a graph of people who talk to each other. The routing is done by the server.
but in that chain what you really care about is your phone number that identifies you in the real world to your messages, right?
yes, and the only thing you need to route is the receiver; not the sender
the sender is only used to validate the senders identity, and for rate limiting
sealed sender solves both of these problems whilst not including any sender information in messages… phone number or user id doesn’t matter: those things are not sent along with any of your messages, and that’s verifiable
your phone number and user id is only known by signal when you retrieve a temporary token (this solves rate limiting: the retrieval of the token is the rate limit, and each token has a limited number of messages it can send)… the client then derives a different key from it, which can still be verified as having been signed by the server, but does not contain any information that can be tied back to your phone number or user ID
It doesn’t matter, what matters is that the server has a unique id for you and the person you’re talking to, and that id can then be mapped to the phone number that was initially collected. That’s all the server needs to identify the real identity of the people you communicate with.
It’s not a question of what the server needs minimally, it’s a question of what the server could be doing if it was set up maliciously. The sealed sender does not solve this problem in any way shape of form.
the key point missing in the middle here though is that the IDs aren’t what matters: it’s having the ability to link those IDs
and i agree, being able to link you->your phone number->your user ID->message->recipient ID->recipient phone number->recipient as an individual is a problem
but again, sealed sender break that chain: there is cryptographically no way to link your user ID to the message you’ve sent
it’s literally impossible for them to build a social graph from your messages
again, i agree… kinda… i put that there to show that you don’t actually need the sender to achieve the goal of delivering the message. it was part of the explanation of why sealed sender works, rather than a point to be made by itself
would you be able to explain how it doesn’t?
sealed sender divorces your user ID from any message you send… your messages can not be tied back to your user ID or phone number without having decrypted the message content
so even with a malicious server, because you can verify your client behaviour (that it derives keys, and that you can verify the message payload contains nothing outside the ciphertext which is unexpected), then even a malicious server (without IP information) doesn’t have the information necessary to infer the sender from the sent message
Again, sealed sender has nothing to do with it. If I run a server, I have access to the raw requests coming in. I can do whatever I want with them even outside Signal protocol. You can’t verify that my server is set up to work the way I say it is. You get that right?
You’re confusing what Signal team says their server does, and the open source server implementation they released with what’s actually running. The latter, you have no idea about.
The core issue is trusting the physical infrastructure rather than just the cryptography. The protocol design for sealed sender assumes the server behaves exactly as the published open source code dictates. A malicious operator can simply run modified server software that entirely ignores those privacy protections. Even if the cryptographic payload lacks a sender ID, the server still receives the raw network request and all the metadata attached to it. Your client has to talk to the server and identify itself before any messages are even sent.
When your device connects to send that sealed message, it inevitably reveals your IP address and connection timing to the server. The server also knows your IP address from when you initially registered your phone number or when you requested those temporary rate limiting tokens. By logging the raw incoming requests at the network level, a malicious server can easily correlate the IP address sending the sealed message with the IP address tied to the phone number.
Since the server must know the destination to route the message, it just links your incoming IP address to the recipient ID. Over time this builds a complete social graph of who is talking to whom. The cryptographic token merely proves you are allowed to send a message without explicitly stating who you are inside the payload. It does absolutely nothing to hide the metadata of the network connection itself from the machine receiving the data.
i do, of course… and the information you have in that raw request is limited to the information that’s in the request (including metadata like IP address and other header information in the packets that make it up)
i’m really not… i’m saying it doesn’t matter what their server is doing, which is the only way to actually verify this: the client is the only thing you can trust in the chain, so you should always assume that the server is compromised: maliciously or not
trusting signal doesn’t even have anything to do with it; they could be compromised and not know it
these are things we both agree on
i agree with that too. what information contained within that request do you take issue with?
as i said earlier, your IP address is problematic, but that can be said about any service: you have no way to validate any server software, open source or not… so you have to take measures to protect that information no matter the service you’re connecting too
this is pretty trivially achieved with a trustworthy VPN these days (again, this is unverifiable, but you have to draw the line somewhere: can we agree that IP address privacy is within the realm of personal responsibility since that applies to any service?)
agree
also agree
okay, i can see where your problem is
i can agree that’s definitely a vector they can use to build a social graph, and then tie that social graph back to real identities, and also that’s far from what you want in a private platform
id say that it comes down to trade-offs… signal (says) they require the phone number in order to combat spam, which i can see as a real issue (i’d be happier if they didn’t store the phone number, or at least didn’t link it to your account, but that comes with a whole load of other issues)
services need to have some way of combatting spam, which either boils down to “expensive accounts” so that blocking is a viable option, or spam filters which can be abused by corporate entities like they have with email
if you really care about privacy with signal, you can get a VPN that allows you to frequently rotate your IP… most users won’t do that, so i can agree it’s a sub-optimal solution
but i do think it’s a reasonable trade-off
Sure, you can absolutely decide that it’s a reasonable trade off, but your original claim was that sealed sender addressed the problem. Sounds like you’re now acknowledging that’s not actually the case…
i think it’s a very clever partial solution, but when combined with signals other ethos (making privacy simple so that more people use privacy-centric options), that means people aren’t going to change IPs between temp token and message to solve the last part of the puzzle: thanks for explaining your line of reasoning
i also think that there’s a way forward where messages are sent or tokens are retrieved via a 3rd party proxy to hide IPs (i thought i read something about signal contracting a 3rd party to provide some of those services but i can’t find the reference to that, and also it’s not verifiable so limited in usefulness), which is a complete solution to the problem, as long as said proxies aren’t controlled by signal (thinking about it now, you could also simply route signal traffic through a proxy so many people share an IP, and they do provide proxy functionality separate to the system proxy configuration)
i still think that signal has made a pretty reasonable set of trade-offs in order to balance privacy and usability in order to have a large impact on global privacy
*edit: actually, adding to the proxy point, turns out EFF run a public proxy
and there’s a big list of public proxies available(not a big list to avoid censorship, but still a good resource)and they also have support for tapping a link to configure the proxy, so very quick and easy
It’s not really a partial solution, it’s just sophistry to obscure the problem. The fact that I’ve had this same discussion with many people now, and it always takes effort to explain why sealed sender doesn’t actually address the problem leads me to believe the the actual problem it’s solving is not of making the platform more secure. The complete and obvious solution to the problem is to not collect personally identifying information in the first place.
You have a very charitable view of Signal making the base assumption that people running it are good actors. Yet, given that it has direct ties to the US government, that it’s operated in the US on a central server, and the team won’t even release the app outside proprietary platforms, that base assumption does not seem well founded to me. I do not trust the people operating this service, and I think it’s a very dangerous assumption to think that they have your best interests in mind.
disagree, and that’s fine… STEM is full of partial solutions that become complete solutions as additional pieces are added (and as i said with the proxy, imo the proxy makes it a complete solution)
but that creates other problems… for example, with spam and usability
it’s all trade-offs, and signal has done a lot of global privacy when compared to alternatives exactly because of the compromises they’ve made
i don’t consider it charity… they’re making a lot of right moves, and are explaining their compromises. they’ve given me no reason not to trust them, and plenty of reasons to say they’re a good compromise that will have the greatest impact to global privacy
are there better privacy solutions? sure… will they ever take off? personally, i doubt it… not letting perfect be the enemy of better or good enough is important: a solution that keeps people who don’t care about privacy relatively safe is important, including for the privacy of people who do care about their privacy because it allows everyone to blend in with the crowd
imo the fact that it’s hosted in the US is pretty irrelevant… as you’ve pointed out: it shouldn’t be a matter of trust… validation of the client is the only thing you can rely on, so even if the NSA hosted the servers you should still theoretically be able to “trust” the platform (outside of the fact that you couldn’t ever trust that they’re using encryption that they don’t have a secret back door in or something)
i trust them as much as i trust anyone running any other privacy service
I don’t think we’re saying anything new here. I’ve explained my point and the problem with Signal collecting phone numbers. You can make your own decisions on whether you think that’s acceptable practice or not.
agreed!
Prove it. And not from some just trust me bro statement from signal.
replied to your other msg, so i wont duplicate it here and we can continue there if you’d like
You have no source for that other than Signal’s “just trust us” claims.
.
no, the technology in signal prevents it
Give me ssh access to their server so I can verify that works like it should.
Can’t? Then it’s just trust me bro
the whole point is you don’t need to trust them… you can never trust any server: your client is the only thing you can trust. you can verify using your message payloads that your sender information is not ever sent to the signal servers along with your messages
Signal has your phone number and everyone else’s who signed up. That is more than just client information, and it’s possible to build entire social networking graphs with it alone.
they do, but that information is disconnected from your messages by sealed sender: that’s the point… your sender identity is cryptographically shielded from the signal servers
they know who you are, but they have no ability to connect that identity with who you message (which you can verify using only your client)
*edit: i will say, because i’m interested in conversation and understanding not just winning an internet argument, that my conversation with yogthos here has underscored i think a place where this could still be improved: your IP address across the entire sealed sender process can be used to tie things together, if it remains unchanged (but you can change your IP address between receiving your sender token and sending messages)
Opinion: I think painting in Signal in such negative light is more harmful in the practical sense. Having fragmented messaging towards the public that does not care about many of these aspects just makes them a lot more hesitant to change, from my perspective.
We as a community should, in my opinion, pick a “good enough” solution for the majority of the people we interact with. That in itself is a market force to show interest and demand for private solutions. Most people I know don’t have the tools or knowledge or time to understand nuances and all they’ll hear are conflicting messages.
For us more technically inclined people: hell yeah, let’s figure out the ideal model and bring it up to maturity so others can join when it’s fleshed out. E.g. when lemmy came to my attention in the reddit 3rd party app fiasco, I was really confused on how to sign up and use it. And I’m no stranger to tech.
Edit: spelling
There are plenty of good enough options like SimpleX Chat out there that don’t have this problem. The whole argument that people should just ignore the obvious issue with Signal is frankly weird.
Accept defects != ignore
My original comment that you replied to was explaining the defects. People are free to decide whether they want to accept them or not. Your comment is saying that it’s harmful to discuss these defects which implies that we should just ignore them.
I was talking about the “educating people” part. I interpreted as “let’s steer them away from Signal towards a better solution”. If it’s not the intent then my comment is irrelevant
Again, I think people should be aware that there are alternatives to Signal, and be able to make an informed decision on the trade offs that matter to them. My personal view is that there are absolutely better platforms than Signal, but if people understand the potential risks with Signal and use it because it’s convenient or their other contacts use it, etc., that’s entirely up to them. It’s just not what I would personally recommend if people want privacy.
You think we’re living in an ideal world, but we’re not. Most of our family and friends use WhatsApp and other big tech messaging apps. You make valid points, but they’re just a dream if messaging means people and if there aren’t people, it’s not messaging.
No, I don’t think we live in an ideal world. I repeatedly said you ultimately have to use the platform that your contacts use. I’m merely pointing out that you should understand the trade offs.
Fair enough
I’d probably suggest Deltachat. It’s decentralized and has always on encryption, but is so incredibly simple and easy to onboard and use, and doesn’t require a phone number or even an email. It also works on all platforms with a single app.
wait, doesn’t it rely on the email system?
I would rather have signal possibly collect my social graph than google through gmail.
It uses a subset of the email protocol (which makes it very difficult for governments to block) but it no longer uses an an actual email address to function by default.
Even if someone did use a gmail exclusively for this (you can’t use it with an email account you use for normal emails too), everything would be entirely encrypted, and only the app itself would be able to decrypt it (google would not be able to decrypt the messages). But again, no normal user is going to use an actual email address.
You can read more about how it works in their FAQ. But the short version is once you pick a username, it just gives you a QR code or link to send to people, which connects you immediately in an encrypted chat room with no faffing around with emails.
.
oh here washingtonpost.com/…/faq-data-subpoena-investigat…
signal is open source no?
There are forks that don’t require phone numbers.
Yes, but those are basically separate platforms like Session. Signal does not federate, and there’s only a single server in the US that requires your phone number to sign up.
Not effectively, since it’s centralized in the US and you have no idea what code the server is running.
Signal does claim to have their server code open, but they went a whole year one time without updating it, until they received some backlash for it.
you can never validate what code a server is running, so having FOSS server code is kinda a moot point: it can’t add anything useful to the privacy conversation
the only way you can guarantee privacy is with the client code, and they have repeatable builds so you can validate the code that’s encrypting the messages, and in that case it barely even matters if their server is streaming all the data they receive to some shady other place… especially with sealed sender
Most halfway-decent messaging services (unlike signal) are self-hostable. So yes with actual open source software, that’s very possible.
that comes down to a difference in philosophy i think… signal have detailed their reasoning for not making signals servers decentralised and self hostable, and i don’t disagree with some of them… i think everything is a trade-off, and decentralisation has scaling and usability issues
signal has done a pretty good job of creating a platform that’s much much better than alternatives in a package that’s consumable by the general public
i’m not sure that something that’s more like matrix, or xmpp, etc could do that
it might be theoretically and technically not quite as perfect, but its impact on increased privacy across the globe has been far larger because they’ve made some of those compromises
I can’t really trust anyone’s security philosophy when they market their service as “secure”, but then have it built on required phone numbers (linkable to your real identity), and a single centralized US-based server subject to national security letters.
Anyone who came up with this idea of security should be laughed out of the room.
I’m convinced signal’s entire support is similar to apple’s : they make vague untestable claims about security, whilst having a shiny and functional app.
There are so many self-hostable alternatives that have signal beat on both those, that make any reason for using it moot.
Really? if so how can we trust Lemmy?
you can’t, and shouldn’t… lemmy never claimed to be, nor has the architecture to enable it to be a private service. lemmy instances are run by arbitrary people on the internet, and some of them do run forked versions of the codebase (eg blahaj)… we have no way of verifying what’s running on the server
but interaction on lemmy doesn’t require trust. i don’t think anyone is expecting lemmy to be private
@dessalines@lemmy.ml I’m not a developer could you explain this?
The above poster is wrong. You can absolutely trust lemmy, because its open source and self hostable. You can build the project from source (like a cooking recipe), and run it yourself.
Thanks for the explanation. I’d be so anxious if we can’t even trust open source.
Isn’t it reproducible?
!citation needed
Citation for what exactly? Go read up on how networking works, entire textbooks are available. The server has access to all the data the client sends it. How do you think you get paired with another person to chat, by magic?
I think their point is that signal knows the phone number associated to each account, and in lots of countries nowadays phone numbers are only obtained after identity verification.
sealed sender is supposed to hide the identity of the sender from signal servers, but it’s security is questionable as it’s based on blackbox hardware not even signal staff can audit.
I appreciate the comment on the matter. This is good information to know and consider.
People should know that Signal is encrypted and private, but won’t make you a ghost.
That being said, the majority of people are not interested in privacy so getting them to use Signal over WhatsApp or SMS is a 99% win.
The question here is why not get people to switch to a better platform like SimpleX or even matrix with something like Element. I don’t find that Signal does anything better in practice.
And I’m not arguing not to.
But I tried to get everybody I know to contact me on signal or simplex. For a year. Only one person switched and they did so to signal. Because it was easier and more people were on it. I myself stopped using simplex because not enough people are using it that I know.
So where the rubber meets the road, if anybody wants to use signal I’m good with that because its good for 99% of all things.
If we (as privacy enthusiasts) want to promote the better apps, they need to be and appear less niche so they’re more acceptable.
Yeah, there are network effects at play here. Getting people to move off a platform is very difficult because they need their contacts to move to, and their contacts need theirs in turn. Some people are willing to use multiple messaging apps, but most don’t. I’d argue that’s why it’s important to promote alternatives to Signal. The more popular they become the easier it is to get people to move to them.
We have to choose our threat level. Signal is great when you don’t want to expose your data to companies mining it for their profit. It is not so great when you are a person of interest, and need absolute privacy.
The metadata is worthless and pricy to use it for an awarage joe.
The thing is that there’s nothing special about Signal that makes it better than alternatives like SimpleX. I just don’t see why it should be promoted instead of them. Yes, it’s better than WhatsApp where meta has a master key and can read your messages, but why settle when you can use a platform without compromises?
Simple: I already migrated most of my friends over Signal. I did not know better alternatives at the time. While I agree with you, not about SimpleX I dont have enough info about it, but about that there are better solutions.
Yeah, that’s fair. If you’re already stuck on Signal, then it’s difficult to make a move to something else. I’m mostly talking about people who are using something like WhatsApp, and it’s better to make a fresh move to a platform that doesn’t have the issues Signal has.
Are they in a sauna?
A floating sauna. He built this himself.
www.instagram.com/p/DNV-qUfPZJ0/?hl=en
Signal is also not private
The onus is on you to back up that claim
Look for other comments in this thread that back up this well-known fact.
Ahh yes. The anti-vaxxers “do your own research” defense.
Try harder if you’re trying to troll or offend, your attempt is pathetic.
It’s not “do your own research”, it’s “use the fucking scroll wheel”.
\0
No one told OP to make that claim. The onus is on them to back it up.
it’s useless, signal fanatics is unbearable
It’s really the opposite, considering its a centralized server hosted in the USA. Signal’s “Trust me bro” is not an adequate security model.
.
Dude for the first 15s I thought this is porn
its the sauna
How I hate that saunas are associated with porn and sex. It’s not supposed to be sexual and it’s an awful, just terrible place to have sex
I don’t know man, those benches are nice for a variety of positions. Plus, you are already naked…
Just trust me on this one, 80C+ room just isn’t the place for that sort of exercise. And it’s not like your heart rate isn’t up already lol. It’s a terrible experience
Slow down, big daddy! You can be gentle at it sometimes.
I want you to actually try sauna sex and report back to me, if you don’t believe me. But don’t say I didn’t warn you lol
you are gonna feel way too gross in the sauna to wanna have sex
Raising money for Signal with OnlyFans
Telegram has first party bot support, Signal doesn’t.
That’s the #1 reason I still have Telegram installed.
Let me have my own bot, officially, connected to Signal so I can do my nerdy automation shit through it and I’ll move over fully.
Please don’t link me any of the “just use a prepaid phone and…” hacks. I don’t want that, I want first party support.
What’s the source of this interview?
No one I know uses it for secure chat per se
They use it for piracy, group chats, channels, stickers and other cool stuff it offers
I used it for my family chat, which I naively thought was private. I moved the fam to signal last year
I was using it because the API was easy and it didn’t have a problem sending images from my back door camera to my cellphone.
At some point, it got REALLY slow at sending, so I moved to NTFY
good for you
SimpleX is the most private of the big three. No phone number or account needed. Able to self host.
Pardon my French but what the fuck is SimpleX?
The answer is Simple!..
X
A messenger app Musk touted as better than Signal some time ago
It’s a turd of an App, it’s not even close to ready for prime time.
most importantly it has a severe network effect problem. you will not find anyone to message on it
Why you say its Bad?
Herpes. It’s sexually transmitted, and it’s lifelong. You don’t want it.
Geeez, who are the other two?
Why did they do it to themselves to name it after the herpes virus tho?
Because the most common transmission vector is via family members? (HSV 1)
E.g. Your crazy uncle or news max loving grandparents
What are the big three, and what is the bar it’s jumping over to be consider big?
Better than American big tech chats. It may not be private but its a very good chat app. Definently the best designed one from a user interface point of view.
So what? Her app is also probably selling data too, and it it isn’t it will be sold any day now
<img alt="fedposting" src="https://hexbear.net/pictrs/image/ca3ebb4d-6350-4470-bfe6-ed022c387fed.png"> “Don’t use those other chat apps, where the barbarous Russians or sneaky Arabs could compel your data. Use my app instead: FedChat: Built For Feds, By Feds” - Feddy McFedderson, founder of Signal
I mean I’m not a huge Signal fan but I certainly trust them far more than either telegram or whatsapp. I would at least be ok installing telegram if I had to; if someone told me I needed to download a meta product to save my own life I’d tell them I’m ready to die.
All these apps owned by corporations are just black boxes where you send information and nobody knows for certain what they do with it.
Best case, they parse it, cross it with other data and make it profitable (for them, not for you).
Worst case… Who knows…
When you build a backdoor into your “encrypted messenger” its just a surveillance app
.
Things like SMS also are used for a lot of illegal activity by people who don’t know better. Commonly used doesn’t mean much.
She who?
Why are they sitting in a sauna?
Build sauna, host interview in sauna, sauna is tax writeoff
Damn that’s brilliant.
Depending on country you may be able to subsidize only part of the sauna as a business expense if it’s a sauna at your home office, but actually hosting interviews in it would for sure help your case in claiming it to be operated for business.
I don’t know how it is in the US though.
No windows, therefore quiet, and good acoustics.
well, duh. it is also deeply annoying to navigate. It is like even shittier and less engaging reddit
weird to compare telegram to reddit, one is a messaging app and the other one is a link aggregator
but then both are used as forums
So are the comment sections below pork and beans recipes.
Any public discussion is technically a forum.
except for Steve Hoffman forum. It’s a colloquy
probably depends on how people use in different regions. down here it is mostly a news aggregator or thematic dumpster type of thing - so kinda like reddit. i had to look up when was the last time anyone wrote DMs to me in Telegram and it’s been a little over 4 years. Viber is the go-to messenger down here, followed by WhatsApp and Signal and it is always a headache to figure out who is using what and when someone uses a couple of those it is a bitch to find anything across multiple chats.
This is a play on people’s naivety. It is an encrypted messaging app in as much as regular messages are encrypted between the client and the server. It’s just that this achieves nothing for the user in terms of privacy unless you can both completely trust the provider (you shouldn’t) and be confident that the back-end can’t be compromised (you can’t).
They do also have “secret chats” that are apparently E2E encrypted, but you’d be mad at this point to give them the benefit of the doubt without at least looking at independent security audits of the client.
I stopped using Telegram as soon as I learned their chats aren’t E2E encrypted unless you create a secret chat. Their advertising is so misleading. Even WhatsApp is more private than Telegram.
The body language in this video is wild.
Body language of the interviewer?
No, both. The interviewer seems extra comfortable at the start but by the end they both seem on the same level. I think in a good way, not sure it’s a good method to get a read on either of them if i know my friends 😆
What about the astrological signs of the people?
I don’t think, at this point, people who use Telegram do it for their privacy. I still use it, but I don’t trust it one bit more than I trust WhatsApp.
Where I am, Telegram is mainly used by alt- and far right figures close to Russia. Facts don’t matter in these circles any more. Feelings do. And Durov knows how to manage those.
These people are foolish to use telegram, it’s just a plain-text unencrypted app. Plus there’s scams and spam all the time on telegram but not on signal.
These people are foolish for reasons far worse than just using Telegram.
Especially after Telegtam started working with authorities and handing out user / chat info.
His NAME is MARLINSPIKE?? Like the ancestral home of Captain Haddock from Tintin?! We really are living in a simulation
It’s also the name of a tool for working with braided rope.
It’s not his real name
Lol of course
It’s a surname, he used to be a boat punk younger.
As much as I’d like to favor foss and federated messenger apps, telegram isn’t as much garbage as whatsapp:
1.The client is somewhat open source and have forks like Forkgram, Materialgram and unoffical clients like Telegrand.
2. Telegram isn’t E2EE by default but at least it doesn’t lie about it and have E2EE secret chat when nessesary, that means crucial chats stay on your device and the rest stay on their database recoverable and syncable across devices.
(Yes, whatsapp supposedly is E2EE but we can’t know for sure, it’s closed-source.)
3. You can use telegram as a cloud service with only 2GB per file limit, unlike whatsapp.
(There’s even a third-party app that utilise this as a cloud gallery.)
4. Even tho telegram has ads in large channels, telegram isn’t funded by a greedy big-corp and it doesn’t datamine you, ads are based on the channel’s topic.
Yes, in terms of privacy, telegram isn’t the best option, Signal, Session, XMPP, Matrix, or SimpleX have better privacy features, less linkability and E2EE by default but telegram is very mainstream and got more publicity, making it the whatsapp alternative it advertises itself as-is.
Publicity doesn’t make a better messenger app, but for what it tries to do, it’s adoptable for simple users, doubles as cloud storage and is more secure than the garbage being whatsapp.
Immigrating users to different apps is a headache on it’s own, but if they know of telegram and it’s not privacy invasive, that’s not bad.
Isn’t it possible to verify WhatsApp encryption with packet sniffing?
Yes, but how would you know Meta doesn’t have a copy of your encryption key (ex: when you sign up) and keeps a copy of your encrypted messages somewhere?
AFAIK your encryption key resides as whatsapp’s data folder but since whatsapp is closed-source you can’t guarantee that whatsapp gave the encryption key to Meta’s server at some point when it was created; (or it was created on their servers and sent to your device.)
One would just assume the encryption key is made on your device and never sent to Meta and all the E2EE messages aren’t kept on Meta’s server after they are sent.
Again, Meta is a company that is profiting on targeted advetising and selling user data, how would whatsapp be a free service without any profit?
Also, Here’s someone who saw their whatsapp chat used for targeted ads on them in case you have doubt.
Yeah don’t get me wrong, I despise meta and their facade pretending WhatsApp is private. Your example is evidence but not proof but it does not mean I doubt you because it really doesn’t surprise me. Gmail likes to pretend it’s secure and private too because data in transit is supposedly encrypted but they can still just read absolutely everything in your inbox themselves
Just…
Don’t let them deceive you;
If you must use deceitful software like Gmail, Whatsapp, Discord, office or whatever, just try your best not to leak your personal data on them, and if you can hinder the tracking, do so.
If you can use other (preferably FOSS) software, do so, there’s plenty of solutions out there and most of them are free, and sometimes selfhost-able.
Google, Meta, Microsoft or whatever corp can lie about security or privacy all they want, but in the end, they only fool themself thinking their monetary practices aren’t obvious and they can fool everyone, trust is a hard thing to earn and they can’t earn it with fraud.
The product mostly show itself, and you have to go around it to know what’s it’s deal, if you prefer to not do so, you can search if any security researcher or analyst did investigate the product; For example Google claims Chrome browser is “safe” and “secure” dispute them giving so much trackable APIs for websites, and having a horrable default permissions, and don’t forget the “Manifest V3” transition just to remove ads (and trackers) blockers like uBlock Origin.
You don’t need solid proof to know what is what.
And then you just type " Foss Chrome Alternatives" or “Private Browsers” on a search engine like DDG where you can find many articles to help you find one (like this) and you’d be done.
Forget about ““Others”” right now, your well-being matters the most.
Again, as I said, whatsapp doesn’t feel like a genuine messenger app as much as an oversimplified garbage made for tracking users on the background for profiting.
Even the deal of “giving” Llama LLMs (Meta AI) to everyone feels sketchy and look abusive the way it is pushed to users.
Likewise all of meta’s services, the only catch with whatsapp that it used to be good and it’s a well-spread application, that’s why they bought it instead of improving FB’s messenger, as meta want to benefit of it’s naive userbase who think whatsapp is “As fine as ever”;
To you, publicity is nothing important and it doesn’t make a good product, to meta however, publicity is “everything” and it shall be all-time high, they have more analytical data about their userbase and have a good idea of what they would do and what decision they would take.
Isn’t Telegram is a Social Media?
What is not mentioned… there’s no privacy when the device itself is compromised. For instance, Android phones can read and phone home data from your notifications. In that case, any messenger app wouldn’t be private from Google’s eyes.
…and once you get to “AI” with system level access that is supposed to scan for “bad content” (like with Apple’s supposed “CSAM scanning” and Google’s Android System Safety Core), all bets are off.
All of the major platforms owned by corporations (including Apple) are or will be compromised.
The only way out is degoogled Android (for now) or, better, a true Linux device.
There’s a commonly used Russian metaphor “to not see the forest behind the trees”.
What you are calling a device is in fact a system. It’s a local system, that you are carrying in your hand, but it’s functioning due to a very complex global system which is not. That device in itself is like a 1960s’ town in complexity. In itself, but there’s also the global system.
And these are a result of quite a lot of people employed by various organizations with hierarchies and dependencies. And most of the power in those organizations doesn’t want you to have privacy and autonomy as much and when you want. If you want those, you should produce your own hardware and everything above it. Or build organizations interested in your full privacy and autonomy which will do that. It’s about structure, so just creating a few of them (a goal hardly reachable in itself) with manifests saying “we want to be good” won’t change anything.
So, if you were wondering why contemporaries of Stalin’s regime were reluctant to divorce it with Marxism and call it something else, - that’s similar to this. They really wanted to believe there’s a Marxist superpower, just like some people wanted to believe Google is a good corporation, and before that some people wanted to believe Apple is a counterculture corporation, and so on. And, at various moments in time and space, in various dimensions, sometimes these were. Just like in some ways the British Empire was really bringing civilization to the world.
The more life and diversity there is, the likelier we are to have good things. That doesn’t mean we’ll ever have full privacy, full autonomy, fully civilized, peaceful and honorable world, and so on. We won’t.
I think that metaphor is quite universal because it’s also used very commonly in English and Estonian at the very least.
It’s common in Russia. It’s common a lot of places, but it’s common in Russia
But yeah, I’ve used that and the inverse depending on the context plenty of time.
Well, that something common in Russia as a metaphor is also common in Estonia wouldn’t be a surprise, but in English seems a bit less common. Anyway, that wasn’t the point of my comment.
It’s been documented to have been in use in English in the 16th century
I think it’s just so old that it’s more or less ubiquitous
It should be the law that any information a online service collects about it’s users should be given to the government immediately and unconditionally, then suddenly people will start really caring about how much information a service has access to.
I sincerely doubt it. The majority of people will accept that this is just “how it is” and will move on with life. After all, they’re not doing anything wrong.
I agree, if majority of people would care, Linux PCs would be the most popular option. They care about convenience only, but not even that much. Instead of researching the best they are just ok with the advertised options. They eat what they get.
I predict yet another Signal-related hack within the month.
yet another? what dou mean?
And it will again be about someone added to the wrong group. Meaning - not a hack.
See this is why I’m reluctant to start listing them because I don’t want to get dragged into an interminable discussion about how hacks like thehackernews.com/…/hackers-exploit-signals-linke… somehow “don’t count” because it was the user’s fault, or …signal.org/…/4850133017242-Twilio-Incident-What-… doesn’t count because it didn’t include chat messages.
The irony is I very carefully chose my words when I said “Signal-related hack” instead of “Signal hack” because I knew fanbois would show up to argue that anything short of a central database leak isn’t really a hack.
It’s a thread about comparing Signal to Telegram of all things. In comparison to Signal as anything secure Telegram doesn’t exist in any quality.
At the same time Signal doesn’t have mass group chats and is not intended for that purpose.
The first link does count, it’s a valid failure from Signal devs. Humans err.
The second link does not, it’s an unofficial centralized aggregator, not from Signal devs, and the “hack” was a direct consequence of how it worked. It’s absolutely something that no sane person would use.
The relevance is that it’s not some unaligned security professional talking in the article, it’s literally the guy that runs Signal having a pop at his competition.
The right kind of pop, saying only the obvious and nothing more.
Could you maybe resfresh my memory a bit and share a few previous signal hacks? Thanks
Telegram had a good PR from Mr. Robot.
.
You see, these arguments are just impolite when made against the man in the post going out of his way to provide you with an experiment based on logic that you don’t need computer science knowledge to verify.
As far as I have heard, Ukrainian servicemen are forbidden to use Telegram. Ukrainian civilians do, and Ukrainian special services might do that sometimes perhaps.
they definately installed signal and fucked afterward
Unlike Signal, Telegram is successful in getting people to move away from Meta’s Whatsapp.
Idk about that. Signal is the main alternative to WA in some parts of europe.
Telegram has approximately 1 billion global users. Signal only has around 100 million. Telegram is about 10x the size of Signal.
She’s pretty hot for a programmer.
And with a name like that she was destined for greatness.
Moxie is the guy
Misgendering on Lemmy? Yikes.
I’m not sure what you mean? I’m pretty sure moxie identifies as a guy. I think the person i was replying to was trying to talk about the interviewer, Sabrina Halper.
Think that was a joke playing on the possibility that Moxie could be a trans woman.
Hmm. Looks more like a Bill
What is a Moxie Marlinspike?
You mean the messenger that requires you give them your phone number to make an account? Yeah, fuck that.
That’s absurd coming from the founder of a FOSS messaging app who actively decided not to let Signal federate and rejected any other open source Signal client. Not only that, even now you can’t truly use Signal’s new “username” feature. If any of the recipients have your number stored in their phonebook, irrespective of whether you know them or not, the username goes for a toss. This was/is the problem with Telegram’s username feature. Signal knew this and still decided to go ahead with it. Not to mention never doing anything about completely removing the phone number from the account after its creation. This has been, by design, a privacy and hence safety threat, and even after the username feature was implemented, this not getting implemented is very concerning.
Don’t forget not allowing you to sync historical messages between your phone and PC. Apparently somehow that’s just too complicated.
What are you talking about?
I literally installed Signal on my Linux laptop yesterday and it automatically downloaded all my messages from my phone.
Last time I did that, it would only sync new messages
Its not about being complicated, its about dumping the whole chat history with just a few seconds of physical acceas to the device.
LEA has used this method with messangers like Whatsapp for years to quicly exfiltrade the data from a victims phone to other software.
There’s a pin. Just require the pin.
The Pin is not designed and used for such an authentication. Also can be changed at any time:
How do I manage or change my PIN?
On your phone, go to Signal Settings > Account > Change your PIN
Hm. I haven’t interacted with a new Signal user in a while… but I do see in settings two knobs: “who can see my phone number” and “who can find me with my phone number”. Both of these settings can be set to “nobody”.
I’m guessing if I set “who can find me with my phone number” to “nobody”, then even if someone has my phone number in their contacts, they wouldn’t know I’m a Signal user?
I’m sorry your free messaging app isn’t perfect. /s
And I always assumed that nicknames was just as much to prevent screenshots from becoming a liability.
I don’t understand his point about restoring your messages to a new phone. How does that prove it isn’t encrypted? Couldn’t Telegram store the encrypted data on their server, send the encrypted data back to you and then you automatically decrypt it because you have the key?
With my limited knowledge of cryptography, this is how I understand it:
The distinction to make is that the user’s password is not the encryption key - it only gives access to the key. So even if the user has the same password on a new device, there would be no way to decrypt the data without the original key.
In order to maintain full privacy, data has to be encrypted on device before sending it through any server (whether to another participant in a chat, or for backup). This means that the encryption key has to be on device.
If that key was copied over to a location not controlled by the user (e.g. Telegram server), then that location would have access to the key and can decrypt any data encrypted by that key. In the same vein, if a user loses their phone then that encryption key must be lost, so encrypted data cannot be decrypted on a new phone.
Which means that the only way that Telegram can provide the chats on a new phone (when the user has no access to the old phone) is if they have access to the encryption key and can provide it to the new phone.
From my experience with that: Telegram restored all unecrypted chats when I swapped phones without asking me for any passwort / key. I literally just confirmed my phone number and all my chats / groups / contacts appeared.
I assume you still had access to your old phone and could approve the transfer from it. If not, then your phone number is your password, which is even worse, in my opinion (it’s basically public information).
I got a one time password via SMS to confirm I am the one with access to this phone number.
Why don’t we all just truly go FOSS and use matrix?
Because it’s not p2p.
Matrix results in way more meta data and through federation those meta data could be stored jn way more places.
Besides their main developer (element messenger) are cop / military boot lickers.
Those are some examples for why you might not use it, but depending on you use case you might still prefer it over signal.
I’m on dat Molly