this post was submitted on 08 May 2024
225 points (80.0% liked)

Privacy

32120 readers
327 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Here's what he said in a post on his telegram channel:

🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷

🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕‍🦺

🕵️‍♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡

🕵️‍♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤

🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪

Original post: https://t.me/durov/274

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -2 points 6 months ago* (last edited 6 months ago) (1 children)

Tbf not all the chats being E2E encrypted is a UX compromise. It makes Telegram a lot nicer to use across devices and allows just accessing your messages from anywhere without needing your phone to be on. Plus no need to back up chats etc. because they're all just on the server. As opposed to secret chats, which of course are bound to one particular device and can only be accessed from there.

I'm all for E2E by default but I must say I actually like the idea of having a choice in this particular case.

[–] [email protected] 2 points 6 months ago (1 children)

There's no reason for secret chsts to not be stored on the server and to not be synced to all your devices. We've had double ratchet for a while. Telegram rolling their own crypto is dumb for many reasons

[–] [email protected] 2 points 6 months ago (1 children)

Correct me if I'm wrong, but even with double ratchet, retrieving and decrypting the message history is tricky / impossible, no? Afaik signal does allow you to receive new messages on multiple "linked devices", but a new linked device doesn't have access to any messaging history.

[–] [email protected] 1 points 6 months ago (1 children)

That behavior would be a major improvement to telegram

[–] [email protected] 3 points 6 months ago

From a privacy POV, sure, not trying to argue that. Just saying that Telegram does have a bunch of features like that that wouldn't really work if all chats were always E2E encrypted, so there's a reason that it's opt-in. Whether it's a good one or not is up to you to decide for yourself.

Though I definitely think that Telegram could do a much better job explaining the trade-off, especially in a world where many major messengers are always e2e encrypted, and people somewhat expect it to be the default.