this post was submitted on 14 May 2024
105 points (82.2% liked)

Privacy

31893 readers
604 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] nbailey@lemmy.ca 115 points 5 months ago (4 children)

I wouldn’t put a lot of trust in Telegram. Not only is their cryptography off by default, it’s a bespoke hand-rolled non-standard algorithm that might not work as well as they say. Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.

https://www.cnet.com/tech/tech-industry/telegram-reportedly-ordered-to-share-encryption-keys-with-fsb/

[–] rottingleaf@lemmy.zip 16 points 5 months ago

Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.

From the very start rather.

And there's been a few cases where not FSB, but mundane police was reading suspects' messages before arresting them.

Don't trust Telegram, I use it because, eh, most people use either that or VK DMs in Russia as the default IM. But never trust it for something which should be secret.

You can even have "opposition"-themed channels there or call for rebellions, but don't ever expect anything to be secret or even pseudonymous. Even without ill intent regularly flaws are found which allow to get a lot of information, and the code quality is sewer-level.

load more comments (3 replies)
[–] catalog3115@lemmy.world 105 points 5 months ago* (last edited 5 months ago) (8 children)

I am going to repeat what I have said for another similar post.

I still stand for Signal App.

  • Telegram has no default E2EE, Telegram is run by for profit company
  • Multiple flaws were found in Telegram's encryption algorithm
  • Almost all cleartext messages are stored on telegram server, but signal stores encrypted message temporarily
  • Signal is non-profit & all their source code + finances are public. Even their server codes are publically available
[–] rottingleaf@lemmy.zip 23 points 5 months ago (1 children)

Telegram is as safe as just using Facebook DMs (unencrypted), only it's Russian.

I suggest you judge for yourself how safe that is.

[–] JubilantJaguar@lemmy.world 5 points 5 months ago (2 children)

Even if it were encrypted and the backdoor was controlled by the Russian state, logically that would make it safer than Facebook for anyone living in Western jurisdictions. The Russian government cannot get them and is hardly going to exchanging intelligence with its enemies.

[–] rottingleaf@lemmy.zip 2 points 5 months ago (1 children)

Even if it were encrypted

It's not.

logically that would make it safer than Facebook for anyone living in Western jurisdictions. The Russian government cannot get them and is hardly going to exchanging intelligence

No it wouldn't. You shouldn't opine on what they'd do. They can negotiate, you know. And they are exchanging intelligence all the time.

with its enemies.

If that were true, corporations wouldn't work with their competitors.

[–] JubilantJaguar@lemmy.world 3 points 5 months ago (1 children)

You shouldn’t opine

To "opine" is to have an opinion. Are you suggesting I should refrain from having an opinion? Does this apply to your own opinions too? Odd place to make such an argument.

Otherwise: interesting point. To me, a state that can obtain personal data by leaning on its owns corporations is, by definition, more threatening than one that has to negotiate for it with a hostile power. But perhaps I underestimate the scale of that practice.

[–] rottingleaf@lemmy.zip 3 points 5 months ago

On what they would and wouldn't do - yes, I try not to make opinions.

But perhaps I underestimate the scale of that practice.

Considering that the balance of power between US government and, say, Meta is not much different from the same between it and Russian government (Meta doesn't have a military, but has ways to compensate for that), that should be right.

load more comments (1 replies)
load more comments (7 replies)
[–] NaibofTabr@infosec.pub 89 points 5 months ago* (last edited 5 months ago) (1 children)

The CEO also claims that users' Signal messages have popped up in court cases or in the media, and implies that this has happened because the app's encryption isn't completely secure. However, Durov cites "important people I've spoken to" and doesn't mention any specific instance of this happening.

[...]

The Register could not find public reports of Signal messages leaking due to faulty encryption.

Claims made without evidence can be dismissed without evidence.

Durov's entire criticism seems to be based on implications and have no actual evidence of any technical problems with Signal. He's basically just throwing shade at a competing business, which amounts to whining.

[–] EngineerGaming@feddit.nl 13 points 5 months ago* (last edited 5 months ago)

Funny how first association is "end-to-end encryption is broken" and not, you know, that whoever used the message got hold of one of the "ends".

[–] UnfortunateShort@lemmy.world 58 points 5 months ago* (last edited 5 months ago) (3 children)

Edward fucking Snowden has recommend Signal and I think if anyone knows whether it's secure, it's probably him and the NSA.

That and he is paranoid to a point where he physically kills all mics and cameras on his devices, so if he claims anything is secure, I will believe him unconditionally.

[–] rottingleaf@lemmy.zip 4 points 5 months ago

so if he claims anything is secure, I will believe him unconditionally.

That's much more stupid than just using Facebook and unencrypted e-mail with Outlook address for communication, but knowing how safe exactly those are.

[–] autonomoususer@lemmy.world 2 points 5 months ago* (last edited 5 months ago)

Same guy shilled anti-libre software and we should let them stop us thinking for ourselves?

load more comments (1 replies)
[–] shortwavesurfer@monero.town 53 points 5 months ago (5 children)

Yeah, I'm going to take this with a massive dose of salt. At least, Signal has encryption on by default for people. Where Telegram does not.

[–] Clent@lemmy.world 22 points 5 months ago

Sounds like projection. Probably just got back from meeting with his Russian handlers and posted this to sooth their impotent rage.

[–] doona@aussie.zone 5 points 5 months ago

Even Facebook Messenger has E2EE on by default now. Pavel Durov talks a lot of shit considering Telegram still treats encryption as an afterthought.

load more comments (3 replies)
[–] tuckerm@supermeter.social 37 points 5 months ago (2 children)

I know that Telegram has a lot of users, so I'm not describing all of them here. But I've noticed that it seems especially popular among people who kind of like to "play pretend" as underground hackers. You know, the kind of person who likes to imagine that the government would be after them.

This mudslinging feels like more of a marketing campaign than anything else. An info op that will work well on the Telegram users who like to imagine that they have outmaneuvered all the info ops.

[–] rottingleaf@lemmy.zip 8 points 5 months ago

Yes. And those pretenders are always people who can't install Synapse and "delete" their messages thinking that's very smart.

load more comments (1 replies)
[–] xilona@lemmy.ml 35 points 5 months ago (1 children)

If one is to compare apple to apples, imho the decision to choose between Signal, Whatsapp and Telegram and other "messengers" is obvious and clear.

Signal is fully open source! You can run it on-premises, if you know your business!

Why are we not talking about it?

I hope my comment will not be discarded/removed as not being in sync with the narative... 😉

[–] mox@lemmy.sdf.org 8 points 5 months ago (1 children)

Signal is fully open source! You can run it on-premises, if you know your business!

Why are we not talking about it?

Unless something has drastically changed recently, the official Signal service won't interoperate with anyone else's instance. That makes its source code practically useless for general-purpose messaging, which might explain why few are talking about it.

[–] xilona@lemmy.ml 3 points 5 months ago* (last edited 5 months ago) (2 children)

My point is that you have all the open source software components needed to run secure communications, on your own premises, for your own users/community in case you are not trusting Signal's infrastructure.

If you know any other similar alternative with strong encryption open source protocols please let me know! I love learning new things everyday!

Cheers!

[–] mox@lemmy.sdf.org 4 points 5 months ago* (last edited 5 months ago) (1 children)

on your own premises, for your own users/community in case you are not trusting Signal’s infrastructure.

Yes, that's an example of data (and infrastructure) sovereignty. It's good for self-contained groups, but is not general-purpose messaging, since it doesn't allow communication with anyone outside your group.

If you know any other similar alternative with strong encryption open source protocols please let me know! I love learning new things everyday!

Matrix can do this. It also has support for communicating across different server instances worldwide (both public and private), and actively supports interoperability with other messaging networks, both in the short term through bridges and in the long term through the IETF's More Instant Messaging Interoperability (MIMI) working group.

XMPP can do on-premise encrypted messaging, too. Technically, it can also support global encrypted messaging with fairly modern features, with the help of carefully selected extensions and server software and clients, although this quickly becomes impractical for general-purpose messaging, mainly because of availability and usability: Managed free servers with the right components are in short supply and often don't last for long, and the general public doesn't have the tech skills to do it themselves. (Availability was not a problem when Google and Facebook supported it, but that support ended years ago.) It's still useful for relatively small groups, though, if you have a skilled admin to maintain the servers and help the users.

load more comments (1 replies)
[–] h6d2n@lemmy.dbzer0.com 2 points 5 months ago
[–] Gutless2615@ttrpg.network 29 points 5 months ago (2 children)

I think Telegram has always been a honeypot

[–] rottingleaf@lemmy.zip 3 points 5 months ago

An FSB (or AP, don't know which, the main thing is it's Russian) honeypot at that.

[–] extant@lemmy.world 3 points 5 months ago (1 children)

There's no oversight for any of these agencies and they have the means and incentive to backdoor cryptography, what would stop them from doing this morality? There's no possible way that they both aren't compromised and all we're seeing now is them firing pot shots at each other trying to convince the reader to join their honeypot because its sweeter.

load more comments (1 replies)
[–] possiblylinux127@lemmy.zip 23 points 5 months ago
[–] KingThrillgore@lemmy.ml 19 points 5 months ago

Blaming the Americans is a signature "Russia has fucked with this company" trademark.

[–] sunstoned@lemmus.org 15 points 5 months ago

Ma-trix! Ma-trix!

[–] autonomoususer@lemmy.world 8 points 5 months ago* (last edited 5 months ago)

~~claiming it has ties~~ Which lines of its libre software source code are malicious?

[–] yogthos@lemmy.ml 8 points 5 months ago* (last edited 5 months ago) (1 children)

I'm always amazed how people come out of the woodwork to defend Signal any time any criticism of it comes up. It's become a sacred cow that cannot be questioned. Whatever you may think of Telegram should bear zero weight on your views of Signal.

The reality is that developers of Signal have close ties to US security agencies. It's a centralized app hosted in US and subject to US laws. It's been forcing people to use their phone numbers to register, and this creates a graph of real world contacts people have. This alone is terrible from security/privacy perspective. It doesn't have reproducible builds on iOS, which means you have no guarantee regarding what you're actually running. These are just a handful of things that are publicly known.

And then we know stuff like this happens. NSA suggested using specific numbers for encryption that it knew how to factor quickly. The algorithm itself was secure, but the specific configuration of how the algorithm was implemented allowed for the exploit https://thehackernews.com/2015/10/nsa-crack-encryption.html

These kinds of backdoors are very difficult to audit for because if you don't know what to look for then you won't have any reason to suspect a particular configuration to be malicious. Given the relationship between people working on Signal and US government, this is a real concern.

The same kind of scrutiny people apply to Telegram and other messaging apps should absolutely be applied to Signal as well.

[–] devraza@lemmy.ml 7 points 5 months ago

I’d just like to add that you can use a temporary phone number service to sign up to Signal as you only need a phone number to register, not to actually use Signal.

[–] big_slap@lemmy.world 7 points 5 months ago

he's probably projecting, yawn

[–] mox@lemmy.sdf.org 7 points 5 months ago (13 children)

There is also Matrix, which has advantages over both of them.

[–] electricprism@lemmy.ml 4 points 5 months ago (1 children)

Anyone see if self hosted server ever got easy enough? For realsies.

load more comments (1 replies)
load more comments (12 replies)
[–] autotldr@lemmings.world 6 points 5 months ago (1 children)

This is the best summary I could come up with:


Telegram CEO Pavel Durov issued a scathing criticism of Signal, alleging the messaging service is not secure and has ties to US intelligence agencies.

Durov made his remarks on his Telegram channel on Wednesday, pushing a variety of points against the rival messenger app, including alleging it has ongoing ties to the US government, casting doubt over its end-to-end encryption, and claiming a lack of software transparency, as well as describing Signal as "an allegedly "secure" messaging app.

The comments seem to have been inspired by a City Journal report that detailed the origins of Signal, which was kickstarted by a $3 million grant from the US government's Open Technology Fund.

The report says that Maher was an "agent of regime change" during the Arab Spring, and communicated with dissidents in the Middle East and North Africa.

The CEO also claims that users' Signal messages have popped up in court cases or in the media, and implies that this has happened because the app's encryption isn't completely secure.

It's hard to say, but Durov may be making a reference to Sam Bankman-Fried, whose Signal messages were a key part of the trial that resulted in the ex-CEO being convicted.


The original article contains 671 words, the summary contains 199 words. Saved 70%. I'm a bot and I'm open source!

load more comments (1 replies)
[–] electricprism@lemmy.ml 6 points 5 months ago

Pot trying to call out Kettle.

F. Doubt.

[–] LucidBoi@lemmy.dbzer0.com 5 points 5 months ago
[–] drwho@beehaw.org 5 points 5 months ago

They've never been shy about saying this.

load more comments
view more: next ›