Privacy

31258 readers

722 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

What's your opinion on telegram from a foss and privacy perspective? (feddit.it)

submitted 1 year ago* (last edited 1 year ago) by dontblink@feddit.it to c/privacy@lemmy.ml

54 comments fedilink hide all child comments

I see i can find a foss version on f-droid, and that's something not a lot of social networks can have, i don't really like all the crypto bullshit and ads testing they've been up to lately, but still looks better to me compared to what Reddit have done lately or what other platforms have done in these years..

I don't know about their privacy feature, but i wouldn't trust their chat as for as far as i knew they were not end to end encrypted some time ago (except for secret chats).

Anyway it still looks like one of the at least still decent platforms out there, or am i wrong?

you are viewing a single comment's thread
view the rest of the comments

[–] bruzzard@lemmy.world 30 points 1 year ago (3 children)

Telegram is neither private nor secure. Its not encrypted bu default. Normal texts as well as group chat is stored unencrypted on its servers.

For everyday use with friends, family and work (assuming these folks already have your number), Signal may be the best thing out there as its open source both on server and app levels. Signal is also end to end encrypted (E2EE) with decryption keys stored on device.

For anonymous communications Session and SimpleX may be better as they are both E2EE and doesnt requie a phone number as an identifier.

Just chuck out Whatsapp, Telegram and all the other closed sourced garbage apps.

[–] dontblink@feddit.it 5 points 1 year ago (1 children)

What about Matrix?

[–] bruzzard@lemmy.world 5 points 1 year ago (1 children)

Unless you want to run communities there I wont bother with it. I feel everything from setting up accounts (anonymously) to getting people to join, works better in SimpleX and Session. I'd even be happy using SimpleX as my everyday messenger. Matrix is a little clunky and the fact that all conversations get duplicated on the primary Matrix servers is cause for concern.

With Signal and SimpleX, servers are used only for relaying messages beteeen users - messages which are encrypted on the device.

In the end you are going to be sacrificing something, and the last thing you'd want to sacrifice is privacy and security.

If I was pushed to list my go to, it'll be Signal for chats with people I know: because its open source, battle-tested against adversities, and can be set up by anyone who understands how ro use Whastsapp / Telegram.

For communitties (and even as a daily text solution beteeen collaborators or anyone you dont want to exchange numbers with), I'd use SimpleX as it has a lot of in-built anonymity and decent privacy (so far - its a fairly new project).

Theres just too much fuzziness round Matrix for anyone to trust it.

[–] Llewellyn@lemmy.ml 0 points 1 year ago (1 children)

Signal is also end to end encrypted (E2EE) with decryption keys stored on device.

And how decryption key gets to other device 👀?

[–] KLISHDFSDF@lemmy.ml 3 points 1 year ago

It's a "basic" Diffie-Hellman key exchange that's been a solved issue since before mobile phones were even invented[0].

Think of it like this:

I give you a lock that only I have they key to open it. You can secure (read encrypt) any message with it by placing it in a box and locking it with my lock, send me the box and - because I'm the only person in the world with the key to open it, we can say you're sending me a secured (encrypted) message. It doesn't matter if anyone can intercept this lock because all they'll be able to do is send me secure messages from their inbox. Now, in the digital world this lock we're giving each other is a cryptographic "public key" that you can lock a million things with (messages, images, videos) and send them to me via the internet. We can thus exchange public keys and securely message each other.

I've simplified it a lot, as Signal actually uses something called the "Extended Triple Diffie-Hellman" (X3DH) [1], but I hope this explains how it works. You can read more about it here [2]

[0] https://studybuff.com/when-was-diffie-hellman-key-exchange-invented/#When_was_Diffie-Hellman_key_exchange_invented

[1] https://www.signal.org/docs/specifications/x3dh/

[2] https://security.stackexchange.com/questions/45963/diffie-hellman-key-exchange-in-plain-english

[–] Llewellyn@lemmy.ml -1 points 1 year ago

Signal is also end to end encrypted (E2EE) with decryption keys stored on device.
And how decryption key gets to other device 👀?