this post was submitted on 20 Aug 2023
83 points (68.4% liked)

Privacy

32191 readers
597 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Many in the crypto and privacy community mistakenly trust Telegram because it's "end to end encrypted", but there are huge issues including not hiding the metadata, censorship, centralization, and phone numbers.
Send this video to your friend that asks why you won't join: https://video.simplifiedprivacy.com/why-telegram-sucks/

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 112 points 1 year ago (2 children)

nobody "trusts" telegram. but at least it s not whatsapp.

[–] [email protected] 28 points 1 year ago (2 children)

You shouldn’t trust anything.

[–] [email protected] 8 points 1 year ago

I trust myself sometimes, its occasionally useful.

[–] [email protected] 2 points 1 year ago

Can't trust nobody and nothing.

[–] [email protected] 107 points 1 year ago (2 children)

Can we stop doing videos as news and opinion please? They're an inefficient, annoying, and intrusive way to communicate this kind of information. If it doesn't need to be visual, it is in video format only for monetization reasons, which I'd think would be more concerning to this community.

[–] [email protected] 23 points 1 year ago (1 children)

Videos are also much more likely to be out of date.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 73 points 1 year ago (1 children)

A cringe video made by someone selling a Blockchain messaging solution.

load more comments (1 replies)
[–] [email protected] 36 points 1 year ago* (last edited 1 year ago) (6 children)

Wow, not to pick on the narrator, but this comes off like the worst small town used car dealership TV advertisement I've ever seen.

Here's a real rundown I've put together over the years:

Pavel Durov's argument is that there should be a high functioning UI/UX experience for "non-secure" communication, and when you need it there's something much closer to Signal's very secure client-to-client encryption.

Arguably Telegram secret chats are even "close enough" to cloud chats an adversary might not notice you're doing the "super secret things" (making it harder to identify what to target).

MTProto Cloud: https://core.telegram.org/file/811140746/2/CzMyJPVnPo8.81605/c2310d6ede1a5e220f

MTProto Secret (Wrapped in MTProto Cloud): https://core.telegram.org/file/811140633/4/hHw6Zy2DPyQ.109500/cabc10049a7190694f

They also provide verified builds even on iOS (though it's a bit of a hack, not "really" quite the same thing).

The only things that can really be said about Telegram's secret chat crypto are that:

  1. It's not "the default"
  2. It's their own crypto (i.e., they broke "rule #1" and "rolled their own")

Ultimately though, it's been just shy of 10 years since Telegram entered the scene, and nobody has actually broken Telegram crypto in any meaningful way -- AFAIK, to this day. Still, there are hypothetical holes in the crypto when scrutinized vs something like signal. So, is it as good as Signal or Threema? Eh, probably not, is it good enough for the average person that isn't target by a nation state? I'd say probably.

load more comments (6 replies)
[–] [email protected] 35 points 1 year ago* (last edited 1 year ago) (2 children)

Isn't metadata leakage a problem that this messenger shares with nearly every other (popular) messenger out there?

In case you actually want some useful info on that topic: https://www.messenger-matrix.de/

[–] [email protected] 6 points 1 year ago

Nice comparison site! I've always referenced the below site. But I'm glad to have another thank you

https://www.securemessagingapps.com/

[–] [email protected] 2 points 1 year ago

That's a cool website!

[–] [email protected] 23 points 1 year ago (5 children)

Stop posting videos and post well written articles.

load more comments (5 replies)
[–] [email protected] 11 points 1 year ago (1 children)

Thats why Element(Matrix) is the way. Ideally selfhosted+federated, but even the default matrix.org is much better than most other chat apps.

[–] [email protected] 4 points 1 year ago (1 children)

Why Matrix and not XMPP? XMPP is also flawed, but much less bloated, easier to selfhost and doesn't have so many people being on central instance like matrix.org (there are other arguments as well).

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Because there's not a single good app for XMPP and nobody uses it.

Their bleeding edge app is Conversations which costs money (already unviable), and the app looks like it's designed in 2012.

load more comments (1 replies)
[–] justastranger 9 points 1 year ago

The only reason telegram was unbanned in Russia is because they started collecting and handing over identifiable data about Russian users.

[–] [email protected] 9 points 1 year ago (2 children)

The only thing Telegram has going for itself is that it's Non-Meta and Non-Western.

Anyone who has a closer look at Telegram's reputation knows that their privacy claims are dubious. If you want end to end encryption, even WhatsApp is better. But these things depend on your individual threat model.

[–] [email protected] 12 points 1 year ago (1 children)

If you want end to end encryption

You use Signal.

[–] [email protected] 9 points 1 year ago (1 children)

Yeah, end to end encryption in a closed source app can't be proven outside of the company and the company can't be held accountable by the public even if it gets a third party audit at some point because it can always just change the source.

Open source, client side, end to end encryption is the only serious standard.

[–] [email protected] 1 points 1 year ago (1 children)

open source can also change over time. The only time you can trust it is when it does have an independent third party audit and even then they have very specific language saying what they found and in what version.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

open source can also change over time.

This is true, but those changes are visible. It's much harder to get away with back dooring something that's open source. At the very least, you need to be clever about it so as to not draw suspicion to your changes. I'm reminded of this story: https://www.theverge.com/2021/4/30/22410164/linux-kernel-university-of-minnesota-banned-open-source

[–] [email protected] 1 points 1 year ago

Telegram can be E2E, no reason to switch to Meta's app for it

[–] [email protected] 5 points 1 year ago

I try to explain that to people all the time, they only use E2E for so called secret chats and comply with every country as soon as a ban is on the table, there are even reports about a case in Dheli where they did so for Audiobook piracy!

[–] [email protected] 4 points 1 year ago (1 children)

Why isn't this video uploaded to peertube instead of some dude's personal bog?

[–] [email protected] 9 points 1 year ago

Because its just that. All it is a personal blog. It is not a valid source

[–] [email protected] 4 points 1 year ago

I like mixing it up, even mid conversation, between Threema, Signal and Session. Put the puzzle together feds xD

[–] [email protected] 2 points 1 year ago

Indeed it is. Use Threema 😉

load more comments
view more: next ›