Meredith WhittakerAug 15, 2023

OK, real talk.

Telegram makes big proclamations about privacy, but their promises are mostly marketing.

The app collects a huge amount of data. And like all Big Tech, when pressed by governments, they ultimately comply.

This is why Signal goes to great lengths to NOT collect any data about you -- something that is ironically more expensive and more complex.

We do it because it's the only way to ensure we keep our privacy commitments to the people who rely on us.♥️

https://techcrunch.com/2023/08/14/iraq-lifts-ban-on-telegram-after-messaging-app-complies-with-authorities/

TechCrunch is part of the Yahoo family of brands

Show threadLaPingvino 🟙 Aug 17, 2023
@Mer__edith says the app that builds its empire on anti-Telegram FUD and implementing spy-compliant E2EE on Whatsapp, forcing data to stay on the device where it can be read out.
Show threadDušan 🇷🇸⚛️Aug 18, 2023
@lapingvino @Mer__edith Where would you like the data to be stored? The only devices that have decryption keys are the ones within the conversation. That's what E2EE is.
Show threadLaPingvino 🟙 Aug 18, 2023
@me @Mer__edith that is exactly the issue. Devices are a fixed issue for people who want your data, through Pegasus and rootkits in the CPU etc. But mostly it really depends on your threat vector. The threat vectors I have seen in practice rely on you decoding the data for invasive people. Telegram is much better for plausible deniability, increasing actual security for most people. People using Signal have been caught at the border with incriminating information, and unlike Telegram you cannot just remove the app and be good. That is what E2EE encryption does in real life, it makes sure the data stays on the device where the bad guys can get it.
Show threadDušan 🇷🇸⚛️Aug 18, 2023
@lapingvino @Mer__edith You absolutely can just remove the app. The data is tied to the app. Signal also provides you with tools to share sensitive information without leaving traces, namely disappearing messages, which are also E2EE.

No tech will help you if your OPsec isn't good.
Show threadDušan 🇷🇸⚛️Aug 18, 2023
@lapingvino @Mer__edith

Since Signal's servers have no idea what you send and receive it's up to you how you handle sensitive data. Make sensitive messages ephemeral!
Show threadLaPingvino 🟙 Aug 18, 2023
@me you miss the point. you are right about what you say, but that is not my point.
Show threadDušan 🇷🇸⚛️Aug 18, 2023
@lapingvino My point is that I'd very much prefer only my device having the decryption key for my private messages.

To prevent being forced to reveal my secrets, I have all the tools at my disposal. They can't get incriminating evidence if there is no incriminating evidence.

You are correct that this requires vigilance on my part, which is why I clear my Signal chats frequently.

The people getting caught at the border clearly had bad OPSec. Nothing will save you from that.

I'm interested in what kind of plausible deniability does Telegram offer compared to Signal? If you're caught red handed, you're caught red handed.
Show threadLaPingvino 🟙 
@me metadata, being caught on suspicion of illegal stuff. All of Iran uses it for example, so just having Telegram tells agents exactly nothing. And because of the "reverse 2FA" (setting up a password outside of your phone number) the government cannot even use their control over the phone numbers to start impersonating etc.
Aug 18, 2023 at 11:08amWeb