- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
You must log in or # to comment.
More people need to understand this, Telegram was never trustworthy to begin with.
They spent years lying about their encryption algorithms too acting like they’re more secure than Signal when they never were
Signal cares so much about your privacy that they need your phone number.
Supposedly to combat spam (which makes sense) and some BS about bringing your social network.
But let’s think about this logically. What can they do with your phone number when they don’t know who you are?
Let’s say they receive a subpoena from a government law enforcement entity. That would have to include your phone number and even then what can they give that entity? The date you registered the number and the last time your account was active?
At best my guess is that you and others who bring this up are worried about the information that you can buy from data brokers that would include a phone number and allow someone with the phone number to link it to a person.
But at that point law enforcement already knows the number, already has likely used to same services to link that number to a human, and since most people haven’t de-googled or use an iPhone they likely know what apps are installed. Including signal.
What is the threat profile that should be worried about this?
Please note that I don’t think they should need to require a phone number and if you don’t want that you can use a different service.
But I’d like someone to elaborate on their reasons for objecting to this.
I would assume if an entity had my phone number they could easily connect it to me, like by spoofing it and calling themselves and getting the name off caller id or some shit, or even just subpoenaing the phone carrier for the id of the phone number. Why they would want to do that for little old fudgy mctubbs is beyond me.
I’ll say it: I dont want anybody to know what I jack off to. It’s all legal stuff, but im too prudish to have that be public.
Anonymity is impossible, but we can still attempt it.
They don’t offer anonymity. Anonymity does not equal privacy. They aren’t the same thing. And if you’re using the signal app to jerk off I have some questions.
I dont use super secret messaging apps. I also dont fuck with peer to peer anything. I was broadly speaking about why anonymity on the internet is important to me.
Privacy ≠ anonominity.
In the same class as any app store based communication software.
Signal can be installed from an apk from their site
And can you review the source for this APK?
Yes, you can even confirm the published source reproduce this specific apk
https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds/README.md
Wow. Not what I expected in the Android world.
Ever since the CEO of Telegram was basically lured to Paris, arrested, then read the riot act for Telegram’s non-cooperation with French authorities, the company has been responding to warrants and downplaying its “E2EE” features. Expect them to have a fully accessible backdoor for LE.
By the way, don’t forget about that Bitlocker backdoor that “mysteriously” doesn’t affect Windows 10.
The EU and US digital surveillance states have been tightening their grip on encryption and online anonymity for years now. “Age verification” is just the latest push.
I can only assume there’s a different backdoor for 10 that just hasn’t been published. Even if there isn’t, Windows defaults to backing the key up to the attached Microsoft account. You think they’d ever tell intelligence agencies to come back with a warrant for that?
Just use Veracrypt folks.
Centimeter by centimeter getting people towards signal and matrix chats
could not figure those out
Fork found in kitchen
As long as the keys are handled via a closed source app and server system, e2ee is potentially broken.
Even if you generated the key, keep the private part locally and submitted only the public part to your communication partner, you can never be sure that the intransparent app does keep your private key private.
With WhatsApp I’m quite sure that they somehow can retrieve the private key. Certain events point to that. But I see no reason to consider signal or telegram any more trustworthy - they are all prone to governmental influence.
And as open source and closed app infrastructure are incompatible, I would not handle anything important on an Android or Apple device.
Why would you not trust Signal?
You don’t have to trust their server infrastructure, because the end to end encryption has been verified by countless experts (and all their client side code can be looked at by anyone).
to be fair there is no way to verify the google play distributed app has been built from the published source code. there are also people arguing that the closed source google components built into it could work as a backdoor
You can build the app from source code though. Couldn’t you compare that to the Google Build?
Also, you could use a fork like Molly, they removed all proprietary binary blobs and replaced them with FOSS alternatives. And it’s still fully compatible with Signal
only if the app is built reproducibly. I suspect the google libraries are likely minified/obfuscated by default though.
Also, you could use a fork like Molly
I do, but that’s only so much when the point of the app is communicating with other people
With WhatsApp I’m quite sure that they somehow can retrieve the private key. Certain events point to that.
What events point there?
I don’t know about WhatsApp, but macOS backups your keys on iCloud by default, so…
A number of WhatsApp conversations unexpectedly appearing in courts.
You can easily access any undeleted convo in any app if you achieve device access. I would like to read more about this to understand it more and because your reply is still a little unprecise, do you have links to examples?
This was not about device access, that’s why I considered interesting. No, I don’t have links to everything I have read in my life… IIRC it was in a discussion on Reddit, which I don’t frequent anymore.
I’ve no proof of this, but technically the whatsapp app is closed source so they could push an update that collects the private keys, if they don’t do this already
One way to prevent this is would be to re-sign the app with your own signing key and delete that key before court, I guess. But those people whose conversations appeared probably just had Google Drive plaintext backups enabled.
Signal (assuming you live in a country that hasn’t blacklisted them for refusing to install backdoors).
Matrix, Session, SimpleX chat, Tox chat, Jami… and so on.
Signal still doesn’t support bots and is shit for bigger groups
Good for 1-10 friends and 1on1 chats tho
Are these negatives?
People criticising Telegram have no idea how big some of the channels there are. They’re stupid big. Like full ass Discord server but with one channel big.
That needs automated moderation tools - bots as well as built in tools to manage lager groups.
Signal doesn’t do that at all. It’s a good replacement for group texts, not communities.
And for me personally: missing first party bot support makes it a complete non-starter.
I mean, fair enough on you opinions, but it sounds as if all you’re saying is this one particular messaging tool doesn’t fit your requirements?
As I see it, (and I may be speculating and/or wrong), supporting bots might worsen some aspects of other users experience. If there necessitates a worsening of other users’ experience in order to support what you’d want to do, at what point should you just use a different app?
There’s little reasoning for catering to a niche use like huge channels and bots, and tbh that sounds like a dreadful experience to me. Dev time is costly, feature creep is a killer, I don’t see lack of support for unwanted (to me) features as a negative.
Signal has bit me already. Every single *Claw supports Signal bots, which pretend to be actual people.
Telegram has explicit first party bot support, a bot is always a bot and identified as such
yes
Same. Any non-verifyable app in an app store is at least suspect.
Signal is legitimately one of the worst messaging apps I’ve tried
So it’s not selling all my information to the Kremlin?
Russia is a toothless tiger.
Better than WhatsApp at least
As in “with WhatsApp we know, with others we cannot exclude the possibility”?
As in “fuck the zucc”
I would not limit it to him.
Security doesn’t equal private.
it is not hosted in the US or a country affiliated with the US, which makes it infinitely more secure from the point of view of sovereign risk
The Telegram servers are in Miami, Amsterdam, and Singapore, so some data is still stored in the U.S.
In any case, it wouldn’t be any better to have data stored in a country like China or Russia.
this is very disturbing to learn, thanks for sharing
Chinese and Russian authorities can’t steal me from my home and imprison and torture me for the rest of my life
No, but they do that to plenty of their own citizens.
Better something from a non-authoritarian country that doesn’t also happen to be in the Five Eyes intelligence network.
Oh, you mean the guys who were obviously such criminals they were run out of Russia and Europe and had to settle on being headquarted in Dubai?
Oh the guys who instead of doing something thoughtful like Mullvad and having RAM only servers with no logs, they just hide all their datacenters behind shell companies to avoid complying with legal subpoenas? That’s not completely shady at all, nope.
I mean, it’s not like Matrix or SimpleX chat or others that actually are secure (-ish, even Matrix leaks metadata!) and thoughtfully designed and open source that you can self host or don’t need servers or are incorporated in Europe (like Telegram tried to incorporate initially before settling on Dubai).
Oh and don’t forget France had very good reasons to arrest Pavel Durov, co-creator of Telegram. He went on Tucker Carlson to defend himself, which says it all, really.
pavel not complying with russian or french requests gives me some confidence that if some agency subpoena’d telegram for user records, they might actually have the spine to say no
Isn’t signal basically just a honeypot for feds these days like TOR? i didn’t know telegram was also hosted in the US, which is kinda heartbreaking but such is life in the imperial core i suppose
No, it does not. There is a different primary actor, but that does not exclude anything.
