Quoting @matthew_d_green from the hellsite:
“Telegram has launched a pretty intense campaign to malign Signal as insecure, with assistance from Elon Musk. The goal seems to be to get activists to switch away from encrypted Signal to mostly-unencrypted Telegram”
Musk claimed that Signal has unpatched security vulnerabilities. As a cryptography expert I’m not aware of any: instead Signal has top-notch state-of-the-art encryption which has been adopted by its competitors it’s so good.
Telegram isn’t end-to-end encrypted by default. It has no group chat encryption whatsoever. It uses a bizarre, badly designed “MTProto” protocol about which dozens of cryptography papers have documented myriad unfixed flaws.
@bascule
As much as I'm not a fan of Signal and of anything really, relying on phone numbers, no one can deny that Double Ratchet itself is solid and sound design and has been adopted in Matrix and in XMMP as OMEMO and numerous other messengers not using standardised protocols.
Bringing up Telegram as being superior is just laughable 😩
@m0xee @bascule As a side note, while Signal still couples your account with your phone number (they are giving a few reasons for keeping it that way), exposing your phone number is now completely optional. Now, by default, other parties won’t see your phone number and won’t be able to find you by your phone number (but you can still switch it on as an option).
#SecureMessaging #Privacy #SignalMessenger #SignalApp #Datensicherheit
@intermobility
Yes, that is news to me, however, there are still cases when you can't trust your cell carrier. Speaking of Telegram, there have been known and confirmed cases when this was exploited by malicious state actor, it was the reason why password authentication was added in addition to OTPs sent via SMS.
@bascule
@intermobility
I do understand why many IMs rely on it, it's the most straightforward way to prevent pam and not making the number public is a nice compromise, but I'm still too paranoid to find it acceptable 😅
@bascule
