So…there is a concerted campaign, with Musk as its mouthpiece, to discredit Signal and get people to switch to Telegram. It’s disinformation, but there’s also useful information in it. The useful information is that a hideous, powerful, right-wing crank — or whoever’s yanking his chain — really, really wants people to use Telegram.
We’ve long known Telegram’s security is weak. But now, in light of this new information, we should move forward assuming that Telegram is actively compromised.
Lest it get lost in that longer post:
Assume Telegram is compromised. Not just vulnerable. Compromised.
@inthehands I'd assume the same of Signal, to be honest. You're not safe and secure against a nation-state actor, especially not running software from that country communicating through servers run in that country.
The question is if you're worth them exposing that operation (you're probably not).
Disagree.
The question is whether you're high-profile enough that them compromising you (using a tool they own, in an environment they control) would result in their "operation" being "exposed" to a degree that would result in their operation being disrupted.
If you're anything like me, probably not.
(There's an entire class of people who can get disappeared in plain sight and everyone will automatically hallucinate their own thought-terminating explanation. Sucks)
@pettter @inthehands While I agree that it's good to expect compromise of whatever technology you're using, I don't think this take is really helpful.
The assumption that everything is compromised, apart from discussing strategies for dealing with it, just takes away our ability to make informed decisions. We have limited knowledge of the capabilities of the relevant threat actors, so we have to weight the probability that a particular implementation is still secure.
Paul Cantrell
@
lobingera
B'Wera Tension
Konstantin Weddige
Johannes Hentschel