Soeren
GrapheneOSTelegram has full access to all of the content of group chats and regular one-to-one chats due to lack of end-to-end encryption. Their opt-in secret chats use homegrown end-to-end encryption with weaknesses. Deleting the content from the app likely won't remove all copies of it.
Telegram has heavily participated in misinformation campaigns targeting actual private messaging apps with always enabled, properly implemented end-to-end encryption such as Signal. Should stop getting any advice from anyone who told you to use Telegram as a private messenger.
Telegram is capable of handing over all messages in every group and regular one-to-one chat to authorities in France or any other country. A real private messaging app like Signal isn't capable of turning over your messages and media. Telegram/Discord aren't private platforms.
A major example of how Telegram's opt-in secret chat encryption has gone seriously wrong before: https://words.filippo.io/dispatches/telegram-ecdh/.
The practical near term threat is for the vast majority of chats without end-to-end encryption: 100% of Telegram group chats and the regular 1-to-1 chats.
The Most Backdoor-Looking Bug I’ve Ever Seen
This is the story of a bug that was discovered and fixed in Telegram's self-rolled cryptographic protocol about seven years ago. The bug didn't get any press, and no one seems to know about it, probably because it was only published in Russian. To this day, it's the most backdoor-looking
Companies should treat user data as toxic waste rather than as something they want to gather and hoard for business models like targeted advertising. It's not a good thing to have a bunch of sensitive data which could be obtained by adversaries or requested by a government.
Not using E2EE creates a lot more legal risk than using E2EE at least while E2EE is still legal in most of the world. Not using E2EE gives the technical capability to moderate, provide data, etc. and therefore governments expect that to be done. That's why they hate E2EE.
Kevin Karhan 
@GrapheneOS nodds in agreement
And that is why #Telegram rightfully got hit by #Germany and #France with fines, as per their platform like #Shitter, #NSAbook and others, Telegram can easily do #ServerSideScanning of #content and do #ContentModeration, but explicitly choose not to.
Whereas worst-case with most real #E2EE incl. #SelfCustody, it's technically impossible for the provider to #decrypt data even when forced to hand out everything at gunpoint...
David O'BrienThis is the thrust of European privacy legislation - #GDPR, #PECR and so on. (Essentially the same standards still apply in the UK despite the more moronic Brexit swivel-eyed loons.)
#Data is not something you should hoard and trade. It's a hot potato you should handle with care while you have to, and get shot of as soon as you can.
Darwin Woodka@GrapheneOS we should own our data and there should be access keys to access it. We should be paid for it's use.
Tommy Þ@GrapheneOS First step: actual meaningful consequences for exposing PI data.
We should class-action all of them. There currently just isn't a financial incentive for taking security seriously.
@tommythorn @GrapheneOS #ClassAction ain't a #consequence, because it allows them.to just cough up money and not undo bs.
- See the "#OtherOS Settlement" for the #PS3: #Sony wasn't forced to undo the #Enshittification but merely pay a few $ per customer (but only in the #USA, everyone else got a big middle-finger!), which I think is rather insulting given this was their sole decision and they could've decided just not to be assholes instead...
The correct reaction would be risk of actual #jailtime for exectives: no parole and being forced to pay restitution to all victims that cover all damages & costs incurred as a result of a #DataBreach...
- Remember: If the penalty for a crime is a fine it's only illegal for the poor...
Orca 🌻 | 🎀 | 🪁 | 🏴🏳️⚧️@GrapheneOS
Oh no, companies are known to dump toxic waste everywhere, into the river, into the air, leaked all the time. /s!!!
Oh no, companies are known to dump toxic waste everywhere, into the river, into the air, leaked all the time. /s!!!
sabik
Tom Streeter@GrapheneOS Your point is well-taken, but have you noticed how we handle toxic waste?
🌈 Kerblambuli 🦄@GrapheneOS Pops up in my mind in context of hoarding personal data: "In part due to the well-organised population registers, about 70% of the country's Jewish population were killed in the course of World War II"
https://en.wikipedia.org/wiki/Netherlands_in_World_War_II
josh@GrapheneOS haha this made me think of oceans 11 for toxic sludge
Rue Mohr@GrapheneOS we should start using AI to inject fake user data everywhere. flood them with it.
@RueNahcMohr @GrapheneOS well, "#FloodTheZoneWithShit" certainly works, as "#AI" models "hallucinate" themselves into "collapsing" aka. falling over it's own feet...
Tom@RueNahcMohr @GrapheneOS that assumes most of this hoarded data isn't already shit. Not just worthlessly banal or outdated, but legitimately wrong and fake. These companies make their bank shoveling that shit by the pound, so they would probably welcome the flood. Everyone sieving the bilge for secret sauce magic advertising insights probably won't notice, and those bad actors and governments targeting individuals would still be able to drill down easily enough.
@GrapheneOS +9001%
The sheer amount of liabilities if not legal through #GDPR & #BDSG, but indirectly through.mandated #standards like #PCIDSS & #PSD2 are the reason one should avoid storing them at all costs!
LonM@GrapheneOS The problem with that metaphor is often companies are perfectly happy to treat toxic waste as if it's perfectly safe and normal. And even when they recognise it's not, they can lobby governing bodies to let them treat it in an unsafe manner.
Martin Ruskov@GrapheneOS "The current consensus seems to be that the latest version is not broken in known ways that are severe or relevant enough to affect end users, assuming the implementation is correct. That is about as safe as leaving exposed wires around your house because they are either not live or placed high enough that no one should touch them."
#Telegram #TelegramSecurity #MTProto
#Telegram #TelegramSecurity #MTProto
Sunshine@GrapheneOS OMGeeee.
No Gods , no Masters! RESIST@GrapheneOS CEO of Telegram was just arrested in France and Putin is mad because the guy may have Russian intelligence that France can now tap into.
fanf42@palin @GrapheneOS and the fact that he (strangely) got French nationality 3y ago likely means he is subjected to French laws.
@fanf42
That made my day!!
That made my day!!
@palin @GrapheneOS I can't decide if it's just Macron wanting more billionaire in his habitual glee, or a genius pocker play by the french "diplomacy" (at the time, tension between Russia and Ukraine / Europe were escalating, but the war was not yet open)
Viss@GrapheneOS lotsa internet drug dealers are gonna have a real bad time soon
@GrapheneOS Signal is too able to hand over stuff, and they too will.
- Whether one has #SelfCustody of Keys on @signalapp is somethibg I'd doubt, but even the worst "conspiracy theory" makes #Signal the better choice than #Telegram.
Tho thankfully we live ib a world where we don't just have Ketchup (Telegram), Majo (Signal) and Mustard (#WhatsApp / #FacebookMessenger) as options, but various others to fulfill case-by-case needs.
Like @zulip / #Zulip, @delta / #deltaChat, #IRC & #XMPP+#OMEMO like @monocles / #monoclesChat & @gajim / #Gajim.
@GrapheneOS @signalapp I didn't say all of them have it...
Re: #Signal I'd not consider it #disinfo as we've seen more elaborate Setups like #EncroChat & #ANØM fall.
Given the fact that one cannot #SelfHost #Signal's backend, they shilled the #MobileCoin #scam and use #PII like #PhoneNumbers to enforce 'selective availability' as well being incorporated in the #USA all rubs be unpleasantly...
"The" correct way to do things (sarcasm OFC!) is to do #OfflinePGP but we can all agree it's not practical...
I remember when #Signal did a good #E2EE Messenger (#TextSecure) and that had a reason to use #PhoneNumbers as it merely encrypted #SMS, but that OFC has other issues.
- In terms if "proper #E2EE" with #SelfCustody if #keys, @delta / #deltaChat does fit even the stingest criteria - including #encrypted #GroupChats!
[English] Pfandleiher on... The offline-pgp-method and why Encrochat, SKY ECC and ANON are failing.
@kkarhan @signalapp @delta PGP is legacy technology with tons of legacy cryptography like still using SHA-1 for fingerprints in practice. It doesn't have forward secrecy like a proper secure messaging system. The main implementation of it that's widely used is horribly implemented with massive security flaws throughout it (GPG). The web of trust nonsense is badly designed and always in use even to simply verify a specific file with a specific key from a file. Keyservers are another big mess.
@kkarhan @signalapp @delta Most of your claims here are horribly wrong and you're giving lots of bad advice. You're claiming things are scams which aren't and are posting inaccurate claims and misrepresentations about Signal and other things.
@GrapheneOS @signalapp only time will tell, but right now I've been correct about #CryptoAG, #LavaBit, #EncroChat, #ANØM, etc.
So farewell...
Kevin Karhan :verified: (@[email protected])
@[email protected] It doesn't change the fact that #security requires #transparency and thus full access & reproduceability from source. To give you a good example, *source-available* #Tarsnap demonstrates that stuff is truly securely encrypted by enabling #SelfCustody of keys *and* thus show they can't decrypt anything! - You may call me paranoid, but having *'massive trust issues'* saved not only my own life more often than I'd be able to disclose so you may see this as a 'survivorship bias', but we'll only see #MassSurveillance becoming impossible when people ain't just *users* of some big-ass platform that can be easily targeted once it becomes *inconvenient* for it's host nation, but actually push for #decentralization and #TechLiteracy. *"Just use A, B, C & D, E, F"* is the real threat as it sugfests people a [false sense if security]( https://grapheneos.social/@GrapheneOS/113047066349052609 ). - Just like a dresh #TechInspection doesn't prevent one to hose an engine due to lack of oil! Collecting any #PII [*IS the illicit activity*]( https://grapheneos.social/@GrapheneOS/113047045993549018 ) NO MATTER the excuse... - You may [choose ignorance]( https://grapheneos.social/@GrapheneOS/113047083361853248 ) but like with #LavaBit, #EncroChat & #ANØM I tend to turn out to be right all along. Sooner or later the #Enshittification of #Signal will reach a point where you'd rethink and consider apologizing...
Chewie
uis@GrapheneOS same Signal that showed user's phone number to any doxxer or FSB agent?
s0nlx ⬇️↘️➡️➕MagFest '26@GrapheneOS one of the reasons I avoided WhatsApp over Telegram is it being owned by Facebook and how many exploits and RCE can be done on WhatsApp. I think those same exploits came on over to Telegram but the fact that Facebook owns WhatsApp deters me after many Facebook hacks/leaks and that whole Cambridge Analytica jazz that happened.
I wouldn't mind doing Signal if my friends were willing to move to it.
@GrapheneOS I think both apps are shit as *both #Telegram and @signalapp demand #PII in the form of #PhoneNumbers.
- #Signal at least has their #client's source code published so similar to like #Tarsnap it's more trustworthy by virtue of better #transparency...
OFC Telegram is (by my personal observation) almost exclusively being used by #Scammers and other #TechIlliterate criminals.
- Trusting Telegram is like trusting #EncroChat or #ANØM aka. #OperationIronside aka. #OperationTrøjanShield: It literally has #Govware #Backdoors because the #UAE of all plaves would've swatted their "HQ" if not forved #Durov at gunpoint to integrate it into it if it wasn't there...
@kkarhan @signalapp Signal requires a phone number as an anti-spam mechanism but you can disable sharing it or allowing it to be used to contact/discover you. You can use Signal's username support instead. They could provide an option to pay a one-time fee for an account without a phone number but creating unlimited numbers of accounts without one is not allowed for a reason.
@GrapheneOS @signalapp TBH, I think that "#AntiSpam" is a bad excuse, because it penalizes honest users and enables abusers who have entire number blocks to spare...
Furthermore it also allows LEAs to track who is a Signal user, and in sple places (i.e. Belgium) using @torproject / #Tor and #VPN|s is enough to get a warrant for #wuretapping signed, so it only adds #cost to onboard and no benefit to the #users.
They could've chosen different approaches to combatting #Spam, ranging from #Invites to a slowly growing #trust-level system that makes #Spamming costly, slow and unfeasible on the platform.
Sadly, I'm not being paid to fix this and thus I'm not allowed to fix it at all...
nictakiego@GrapheneOS 
> :telegram:
> :telegram:
🌹 𝐫𝐮𝐳𝐚 ✅
(eng🇬🇧)@GrapheneOS Does it still apply to MTProto 2.0?
https://en.wikipedia.org/wiki/Telegram_(software)#Privacy
I do not consider Telegram to be a good solution for private communication. it seems that they can still have copies of encrypted and unencrypted messages on the server and the server decides on the encryption parameters.
@ruza Yes, it does. Also, proving code correct simply shows it matches a specification. It doesn't mean it's secure. Code that's proven correct can still have bugs both since the specification can have bugs and proving it correct can have bugs.
Oliver D. Reithmaier@GrapheneOS any resources or info about these e2ee weaknesses you could link to? I've heard this a couple of times already but couldn't find anything myself...
Edit: read the wiki article. Not too much in the know considering crypto to know how grave this is. Would love comments from people who do.
@odr_k4tana @GrapheneOS There was a very backdoor-looking bug in MTProto 1:
https://words.filippo.io/dispatches/telegram-ecdh/
https://words.filippo.io/dispatches/telegram-ecdh/
The Most Backdoor-Looking Bug I’ve Ever Seen
This is the story of a bug that was discovered and fixed in Telegram's self-rolled cryptographic protocol about seven years ago. The bug didn't get any press, and no one seems to know about it, probably because it was only published in Russian. To this day, it's the most backdoor-looking
@Orca @GrapheneOS that still a thing in MTProto 2.0?
@odr_k4tana @Orca No, but they didn't entirely move to doing things according to best practices.
@GrapheneOS @Orca sounds idealistic, no? There's lots of big names doing that, too (MS, Google, Solarwinds, Crowdstrike, Cisco, WhatsApp etc).
I get that TG does bad things (bad faith marketing, being opaque about their business model etc.) but their encryption apparently right now at least seems to be a lesser issue, if any at all. I just don't understand why people are focusing on that so much.
I get that TG does bad things (bad faith marketing, being opaque about their business model etc.) but their encryption apparently right now at least seems to be a lesser issue, if any at all. I just don't understand why people are focusing on that so much.
@odr_k4tana @Orca They don't use E2EE for regular chats and group chats. There's only E2EE for opt-in 1-to-1 secret chats. This means the vast majority of private chats (regular direct messages and all group chats) are not E2EE. We only pointed out that there are weaknesses in the homegrown end-to-end encryption as a side point. We added an extra post at the end clarifying that more.
> The practical near term threat is for the vast majority of chats without end-to-end encryption: 100% of Telegram group chats and the regular 1-to-1 chats.
We posted this thread because we saw many people concerned about the French government or others seizing Telegram data. Not so much in our community but more broadly, including many people clearly believing Telegram couldn't access their messages outside secret chats too. Look at the replie on X and the quote tweet.
@GrapheneOS @Orca ok, understood. Still irks me how much this weak encryption thing is being pushed though.
@odr_k4tana @Orca It doesn't take much for encryption to be completely broken previous versions of their protocol were found to be completely broken. It took time before the issues were turned into a working way to exploit it.
@GrapheneOS @Orca well. That's how it is sometimes. Thanks to everyone who participated, enjoyed the exchange!
@odr_k4tana @GrapheneOS
No, but would you want to use something that probably has backdoored its encryption algorithm before?
No, but would you want to use something that probably has backdoored its encryption algorithm before?
@Orca @GrapheneOS why exactly "probably". This is what bugs me. There's academic verification of the model (which also has implementation issues. If I can trust the papers, you *really* shouldn't use third party clients for TG)
> talos ▉@GrapheneOS I was testing SimpleX chat... 🤔
@somatalos SimpleX is a real private messaging app with end-to-end encryption, and unlike some other non-Signal E2EE messaging apps has perfect forward secrecy.
@GrapheneOS Cheers for the feedback. I've had a look at the info on their website, even trying out the app it seems like they're doing something pretty unique in the private messaging scene.
WerySkok 
@GrapheneOS while there are actual security concerns about Telegram's way of handling data, there has been no known case of the messenger disclosing actual conversations, which means that they still respect the privacy of their users, even if it only stands on their word of honor.
Also, claims about lack of moderation are also fake, Telegram is known for banning channels and users for various reasons.
Overall, all of this is a test of a right for privacy, which Telegram actually was respecting