Quoting @matthew_d_green from the hellsite:
“Telegram has launched a pretty intense campaign to malign Signal as insecure, with assistance from Elon Musk. The goal seems to be to get activists to switch away from encrypted Signal to mostly-unencrypted Telegram”
@bascule
As much as I'm not a fan of Signal and of anything really, relying on phone numbers, no one can deny that Double Ratchet itself is solid and sound design and has been adopted in Matrix and in XMMP as OMEMO and numerous other messengers not using standardised protocols.
Bringing up Telegram as being superior is just laughable 😩
@intermobility
Yes, that is news to me, however, there are still cases when you can't trust your cell carrier. Speaking of Telegram, there have been known and confirmed cases when this was exploited by malicious state actor, it was the reason why password authentication was added in addition to OTPs sent via SMS.
@bascule
@intermobility
I do understand why many IMs rely on it, it's the most straightforward way to prevent pam and not making the number public is a nice compromise, but I'm still too paranoid to find it acceptable 😅
@bascule
@intermobility @m0xee @bascule
Unfortunately they were funded by the CIA. If there is not backdoor in there, I'd be surprised
@intermobility @m0xee @bascule
Your right. We don't know the facts here. There is too many unknowns. However there are quite a lot of posts on this. Also the fact that Session is a fork of Signal. The devs involved in Session was part of signal and the project forked when sinal got their big investment. Likely from the CIA. I suspect that the Session guys did not agree with the direction. This is just speculations from my side. I stay away from Signal, but it is a better option than most.
@johndoe
I don't trust Telegram for similar reasons: I don't have direct proof, but there is an hint that would be unwise to ignore. Remember when Russia was still officially blocking Telegram? At the same time, in the later stages of it, but before they had the ban officially lifted, Rostelecom — a state-owned telco owning a cell carrier operating under Tele2 brand in Russia had a paid-for option to exclude Telegram traffic from your plan.
@intermobility @bascule
@johndoe
This means that either they had the IP addresses Telegram servers are using or otherwise had means of separating its traffic, meaning they could block it as well. And this is coming from the one who was taking part in the protests against Internet censorship in Russia — I wouldn't stop using Telegram without a good reason. For me this alone has the cover blown — even though I don't have papers proving it's operated by KGB or something like that 😅
@intermobility @bascule
@m0xee @intermobility @bascule
Yeah Telegram is not a secure messenger. It does not enforce end to end encryption. In order to use use encryption users need to use "secret chat". However this is not a good implementation as they do not really have end to end encryption. Encryption is only enforced in transit. Meaning telegram and others who are allowed access can can actually access messages.
Group cheats are not encrypted.
@feld @bascule @johndoe @intermobility
Yes, that's the whole point: if they had a way to separate Telegram traffic, they had a way to block it too — which is what they should've done at the time as Telegram was officially banned. But they didn't — which makes the statewide bad nothing more than a PR stunt.
@intermobility @m0xee @bascule
Yeah, their threat model is “everyone everywhere”. It’s probably a subtle troll account - newly registered, I’m the first follower, etc.
@m0xee @bascule As a side note, while Signal still couples your account with your phone number (they are giving a few reasons for keeping it that way), exposing your phone number is now completely optional. Now, by default, other parties won’t see your phone number and won’t be able to find you by your phone number (but you can still switch it on as an option).
#SecureMessaging #Privacy #SignalMessenger #SignalApp #Datensicherheit