Meredith WhittakerTelegram is notoriously insecure and routinely cooperates with govs behind the scenes while talking a big game about speech and privacy. Even their limited opt-in (roll their own) encryption is sus. The more you know 🌈
On their DIY encryption:
The Most Backdoor-Looking Bug I’ve Ever Seen
This is the story of a bug that was discovered and fixed in Telegram's self-rolled cryptographic protocol about seven years ago. The bug didn't get any press, and no one seems to know about it, probably because it was only published in Russian. To this day, it's the most backdoor-looking
मानस Mānas مانس@Mer__edith Had no idea.
Was using XMPP+OTR/OMEMO for e2e text chat and SIP for e2e voice calls. It was nice to not have to sacrifice the quality od SIP calls when switching to Signal.
Greg Bell@Mer__edith @hacks4pancakes telegram is a cop pass it on signal
lj·rk@Mer__edith Tbf, most people I know (including me) who also use Tg don't use it because of their encryption but because the app is much faster and has better UX :~
I'm till annoyed at Signal for all those little things like enabling "jumbo emojis" but not offering a setting for that to disable it. Since it's open source I probably should contribute it but after many many 2nd hand interactions with the dev team I really don't want to any more. The Signal GitHub is probably one of the most toxic places for discussion. I've seen things shut down like: Local-only customization options, improved reproducibility, alternative clients/publishing, regular release of server source code, etc.
Often a reason was given but when contributors wanted to find solutions for that problem the thread was locked and moved to a discussion space where nothing happens except for "oh, we had this discussion 100 times already". I'm glad Signal, at least, now allows push notifications outside of Google Services.
I'll still use Signal primarily, but it's "open source" only de jure and mostly just source available and trying to contribute to it is just traumatizing. Which is really sad.