So…there is a concerted campaign, with Musk as its mouthpiece, to discredit Signal and get people to switch to Telegram. It’s disinformation, but there’s also useful information in it. The useful information is that a hideous, powerful, right-wing crank — or whoever’s yanking his chain — really, really wants people to use Telegram.
We’ve long known Telegram’s security is weak. But now, in light of this new information, we should move forward assuming that Telegram is actively compromised.
@inthehands how about the #InconvenientTruth that both @signalapp / #Signal and #Telegram are BOTH EQUALLY BAD since they both are #proprietary, #centralized #SingleVendor & #SingleProvider solutions that collect #PII like #PhoneNumbers with no "#LegitimateInterest" because they are not "technically necessary" to fulfill their services.
Plus they not only can but will include #Govware #backdoors when pressed hard enough aka. cops with 3-hole masks put a gun to their heads...
Just like there are no #LoglessVPN's these Services and their #staff have addresses...
https://web.archive.org/web/20210226175949/https://twitter.com/thegrugq/status/1085614812581715968
Instead, consider something where the #developers nor #maintainers can't do that - like with #XMPP + #OMEMO where you have #SelfCustody of all the #Keys and thus you are in control!
@kkarhan @inthehands both have problems but “stores comms in clear text on their servers and use proprietary security” (Telegram) is not equally as bad as “provably end to end encrypted with an open and independently vetted cryptosystem” (Signal)
Spreading FUD when you could just offer honest critique makes your message extremely suspect
@calcifer @inthehands it's not #FUD, but the #InconvenientTruth: #BOTH are garbage!
#Signal is able, willing and required per law to restrict it's services to comply with #Sanctions as well as integrate #Govware #Backdoors for #CloudAct & #FISA.
https://infosec.space/@kkarhan/112439031215285462
Unless you can reproducably build and #SelfHost the entire infrastructure yourself, you won't know if the #SourdeCode released is in fact the one being used.
Unlike with @monocles / #monoclesChat which doesn't fall under #CloudAct and is available via @fdroidorg which is taking the published #SourceCode.
@[email protected] @[email protected] @[email protected] no, #Signal - like #Telegram is #proprietary, #centralized and a #SingleVendor / #SingleProvider solution, thus inherently insecure. And don't even get me started on the #Cyberfacist laws like #CouldAct it's subject to... Only true #decentralization and #SelfCustody can be secure. Everything else is just #marketing-#lies!
Paul Cantrell
Kevin Karhan 
calcifer 🧯