Naru
Meredith WhittakerTelegram is notoriously insecure and routinely cooperates with govs behind the scenes while talking a big game about speech and privacy. Even their limited opt-in (roll their own) encryption is sus. The more you know 🌈
On their DIY encryption:
The Most Backdoor-Looking Bug I’ve Ever Seen
This is the story of a bug that was discovered and fixed in Telegram's self-rolled cryptographic protocol about seven years ago. The bug didn't get any press, and no one seems to know about it, probably because it was only published in Russian. To this day, it's the most backdoor-looking
मानस Mānas مانس@Mer__edith Had no idea.
Was using XMPP+OTR/OMEMO for e2e text chat and SIP for e2e voice calls. It was nice to not have to sacrifice the quality od SIP calls when switching to Signal.
Greg Bell@Mer__edith @hacks4pancakes telegram is a cop pass it on signal
lj·rk@Mer__edith Tbf, most people I know (including me) who also use Tg don't use it because of their encryption but because the app is much faster and has better UX :~
I'm till annoyed at Signal for all those little things like enabling "jumbo emojis" but not offering a setting for that to disable it. Since it's open source I probably should contribute it but after many many 2nd hand interactions with the dev team I really don't want to any more. The Signal GitHub is probably one of the most toxic places for discussion. I've seen things shut down like: Local-only customization options, improved reproducibility, alternative clients/publishing, regular release of server source code, etc.
Often a reason was given but when contributors wanted to find solutions for that problem the thread was locked and moved to a discussion space where nothing happens except for "oh, we had this discussion 100 times already". I'm glad Signal, at least, now allows push notifications outside of Google Services.
I'll still use Signal primarily, but it's "open source" only de jure and mostly just source available and trying to contribute to it is just traumatizing. Which is really sad.
Mélani (Melanie) Bjornsdottir (she, ŝi)@Mer__edith Also, quite many of the users seem to be conspiracy theorists.
gary
KackfreshThe way some people are shilling for telegram is also sus
I got a good laugh out of this one tbh
Du Rove's Channel
🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷 🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕🦺 🕵️♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡 🕵️♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤 🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪
shadowwwind@Mer__edith telegrams CEO is hilarious, he pretty often states the opposite with weird arguments.
https://t.me/durov/274
https://t.me/durov/274
Du Rove's Channel
🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷 🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕🦺 🕵️♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡 🕵️♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤 🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪
@Mer__edith rest of the alt text "
🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪"
🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪"
AlexTECPlayz@shadowwwind @Mer__edith Quoting a 2020 Yahoo article:
"The app was kept afloat thanks to nearly $3 million in funding from the Open Technology Fund, a Congress-funded nonprofit that finances projects aimed at countering censorship and surveillance."
https://www.yahoo.com/tech/inside-story-signal-became-private-150114933.html
So no, the 'US Government' didn't fund Signal. What did this guy smoke?
ksir@alextecplayz @shadowwwind @Mer__edith
I've heard this argument before. Mostly by conspiracy theorists.
I've heard this argument before. Mostly by conspiracy theorists.
🧃@Mer__edith bad privacy, but good ux.
x_cyanide_x@Mer__edith The fact that Telegram is not even E2EE by default makes it’s even more super sus cuz even Matrix has it on by default, so surely it can’t be that hard to do, but Telegram be going brrrrrrrrrr anyways and be like “its open source!” despite the backend literally being proprietary.
calamusWhen I see ridiculous comments like this on Telegram, I just turn it off and make sure that regular donations to Signal are still valid.
Even though it's a very small amount.🙈
Leonardo Lanzi@Mer__edith
You too, should DoS the public with a very rare one-hour interview, in which you sigh and allude to superior philosophies every 2 minutes. Something like Grand Master Oogway in Kung Fu Panda, but a little bit more techy, seasoned with ~ "wealth bother me" 😂
https://www.youtube.com/watch?v=1Ut6RouSs0w
You too, should DoS the public with a very rare one-hour interview, in which you sigh and allude to superior philosophies every 2 minutes. Something like Grand Master Oogway in Kung Fu Panda, but a little bit more techy, seasoned with ~ "wealth bother me" 😂
https://www.youtube.com/watch?v=1Ut6RouSs0w
Telegram Creator on Elon Musk, Resisting FBI Attacks, and Getting Mugged in California
Jₑₙₛ Gustedt@Mer__edith It is just a pity that signal still has not the same functionality as telegram or whatsapp. In particular the fact that I cannot use it on all my android devices (phone and tablet) but that I have to designate one of them where I use signal. That makes signal not practical for daily use, I miss too much messages while on my tablet.
Take a look at @mollyim its a signal client fork that allows signin in multiple Android devices
@shadowwwind @Mer__edith @mollyim Thanks! That partially solves my problem, indeed : one of my tabets now has Molly and everything seems to work out of the box. My other tablet is incompatible, it seems.
xorox@Mer__edith Deleted my account there. The smell of FSB officer was intolaratable.
Dagnabbit, Pascaline! 💥@Mer__edith
That's why I always encourage good organisations to NOT use Telegram but Signal instead. You can even support Signal, this helps to feel part of a movement.
So, I don't understand why for instance Extinction Rebellion uses Telegram. I just don't.
aproitzThat's absolutely true ! 👍
Freddy@Mer__edith Where does that (unwarranted) perception of security come from? From the fact it’s also used by nefarious actors?
@freddy Not totally sure, but the founder talks a big game often in very misleading ways, as well
blackwhitemint@Mer__edith I don't like Telegram, because their security is a joke and they aren't transparent. Signal instead is very transparent but there is one thing I am missing: Updated Transparency Reports! Nobody can tell me that signal only got 5 requests from law enforcement in the last 10 years... Would be nice to get the stuff updated 🧐
https://signal.org/bigbrother/ <- This one here
yeah the small number of reports is something I'm also confused by.
@Mer__edith any comment on this?
Wyre@Mer__edith when will people learn that the people pushing privacy the hardest are feds.
Stephan@Mer__edith I do not use Telegram, but at least their client is free and open source software in a way that Debian and others can and do build their own clients independently.
The Signal app is really a pain, it is almost impossible to build it yourself, let alone modify it or make your own client.
And both are only secure if you trust the code /and/ verify your partner's fingerprint, which is even less handy than PGP, where you can sign it and then forget about device changes.
The Signal app is really a pain, it is almost impossible to build it yourself, let alone modify it or make your own client.
And both are only secure if you trust the code /and/ verify your partner's fingerprint, which is even less handy than PGP, where you can sign it and then forget about device changes.
alina 🌸@Mer__edith people don't use telegram because it's secure or whatever
people use telegram because all other messengers suck even more for daily use
people use telegram because all other messengers suck even more for daily use
Clot@Mer__edith We mostly use telegram because of the features and how good its clients are, no matter which OS you use. It's private enough (every app have chances of backdoor anyway).
Durov talks sometimes rubbish tho, also he is fanboi of elon which sucks
Durov talks sometimes rubbish tho, also he is fanboi of elon which sucks
Oscelot@Mer__edith Geezy creezy. I'm glad we don't do much sensitive on it. May have to think about switching to Signal...