return to table of content

Telegram has launched a pretty intense campaign to malign Signal as insecure

ixwt
49 replies
6h42m

Another thing that wasn't pointed out: Du Rove said "Signal messages have been exploited against them in US courts or media."

This would be the same case for Telegram as well, if someone has your phone. I believe that Signal can have a lock on the client, and the database is encrypted.

The other part that Du Rove conveniently left out: Signal went against the US courts and won [0]. When subpoenaed to give all user information they gave them all that had: the unix timestamp of when the account was created, and the last date you connected to the signal service. That was in late 2021. I'm really curious as to what Telegram has told the FSB.

[0]: https://signal.org/bigbrother/cd-california-grand-jury/

noirscape
23 replies
6h30m

Telegram iirc moved it's lead developers to Dubai specifically because the FSB was demanding info from them, so you could argue that's an unfounded concern.

The bigger problem with Telegram is that it by default has insecure encryption settings (as opposed to Signal, where encrypted is the default, you need to manually activate it with Telegram + I think it's not possible to enable for all chats and clients) and to my knowledge, Telegram will outright co-operate with law enforcement agencies to just hand over unencrypted communications. I'd personally argue that's a security dark pattern - make privacy a big selling point, but then don't activate the security by default

1oooqooq
8 replies
6h1m

security dark pattern - make privacy a big selling point, but then don't activate the security by default

pretty similar to whatsapp. they boast end to end encryption, but business account (all of them now) uses the facebook server's key, so that the business can give access to several other clients to answer customers. they still call it end to end encryption, and this was actually the last crap the original founder accepted before leaving with lots of money on the table.

FiloSottile
7 replies
5h40m

“All of them” in what sense?

I use WhatsApp dozens of times a day, and interact with business accounts every couple months at most.

1oooqooq
6 replies
5h19m

Good for you, you probably do not live in a country under digital colonialism where the gov allowed facebook et al to force internet providers to tax the pop with absurdly low and expensive data limits and then "not count" things like facebook and whatsapp and one music app.

In most of the global south, 100% of business have a whatsapp. In those places it pretty much replaced telephone and the green whatsapp icon is now what the current young generation recognize as the we did the black telephone outline on a business front next to a number.

and if you own a business, or is self employed, it is even worse: you live by that app.

robertlagrant
4 replies
4h16m

Are you saying this is a worse alternative to other communication methods with businesses? What would you use with them that has better encryption?

xethos
3 replies
3h11m

The lack of encryption between myself and a business is less offensive than replacing an open standard (plain old telephone systems, eMail) with a proprietary and closed one, backed by a single, private corporation

robertlagrant
2 replies
3h0m

I don't think they've been replaced, though?

hughesjj
1 replies
2h12m

De jure or de facto?

robertlagrant
0 replies
1h26m

Neither.

IG_Semmelweiss
0 replies
1h26m

i completely agree with your sentiment, but i will also say this.

As an expat, this feature has enabled me to transact with locals from the convenience of my phone, even though i don't have any local line and i will not bother to get a local SIM card, nor do i want to have a US SIM and a local one interchangeably.

It also enables me to be very effective when requesting services on demand, and cutting thru the on-hold time, disconnected calls, or the needless chitchat.

I have many bad things to say about WA, but making living more difficult in a foreign country is not one of them.

deepsun
6 replies
5h37m

because the FSB was demanding info from them

But they gave the FSB info they asked for -- the vk.com website (facebook clone, at that time it had way more massive amounts of user data than telegram). They could have deleted the data, but no, they handed it over to FSB.

proxysna
3 replies
4h49m

vk.com and telegram have nothing in common, except the founder. Durov was forced to sell his part in the vk.com and telegram development started after that as a response.

ceejayoz
2 replies
4h27m

vk.com and telegram have nothing in common, except the founder.

This is a deeply funny sentence.

"Other than that, Mrs. Lincoln, how was the play?"

5e92cb50239222b
1 replies
4h18m

You conveniently forgot about the second part of that comment. Durov was forced out of the country and had to cell vk.com for peanuts because of his refusal to cooperate with the government. He is still pissed off at the country at large (not just the government) and refused to add the Russian translation for years, for example, despite it having absolutely nothing to do with Putin.

Since he is Russian in origin, it's okay to throw baseless accusations at him and spout nonsense like "maybe they're FSB agents" or "maybe they hired an FSB agent without knowing it". You see it here everywhere, and HN is one of the better sites in that regard. Well, maybe Signal has hired an NSA agent and doesn't know about it either? How does that sound?

ceejayoz
0 replies
4h9m

Durov was forced out of the country and had to cell vk.com for peanuts because of his refusal to cooperate with the government.

It wouldn't be the first time a cover story was ever used.

Well, maybe Signal has hired an NSA agent and doesn't know about it either? How does that sound?

You should presume they're trying. I, frankly, presume they've succeeded, either in placing an agent or by compromising something, in virtually every prominent messaging platform.

scott_w
1 replies
5h28m

I will point out, in their defence, they handed it over to an organisation that has a habit of assisting people in learning how to fly from windows. This isn't to say Telegram is secure but that it's unlikely they "could have deleted the data" and remained alive.

deepsun
0 replies
1h41m

FSB mostly wanted to prevent people organizing, and that would serve it well. They already had another popular service (odnoklassniki.ru) where to direct people.

znpy
2 replies
5h48m

I'd personally argue that's a security dark pattern - make privacy a big selling point, but then don't activate the security by default

I think it's a great approach instead: the secure, end to end encryption is there and it's ready to be used.

You can easily activated it but you aren't burdened by it for 99% of the time when e2e encryption is not needed.

input_sh
1 replies
5h22m

You can easily activated it but you aren't burdened by it for 99% of the time when e2e encryption is not needed.

So, in those 1% of the cases when you actually need it, you're instantly flagging yourself as doing something fishy? Because if it ever comes down to it, good luck proving otherwise in a court.

That's like the whole point of why it should be on by default. Not because me making dinner plans is something super-secret that needs to be e2e-encrypted, but because those two scenarios need to be indistinguishable from each other for e2e to be effective.

seanhunter
0 replies
3h30m

Yes. Additionally you are at bare minimum signalling that the metadata of the encrypted comms is worth further analysis.

For exactly the same reason if you have a paper shredder, you don't only shred confidential material, you shred a bunch of junk as well to make it harder to find which pieces to reconstruct.

viraptor
1 replies
5h32m

Telegram iirc moved it's lead developers to Dubai specifically because the FSB was demanding info from them, so you could argue that's an unfounded concern.

I'd argue it's not giving us any certainty. They could've moved away to escape. They could've moved away to a nice FSB-sponsored location while making good publicity. Ideally the tech should be good enough for this issue to not matter.

slac
0 replies
5h18m

To add to this: and they may have hired a FSB agent without knowing it.

ixwt
1 replies
5h58m

EDIT: Disregard below. I'm an idiot when it comes to maps. The statement regarding if the developers are still Russian I believe is still relevant.

Considering the state of Saudi Arabia, having it there is marginally better, but still problematic.

And if the developers are still Russian, there's nothing saying they aren't being squeezed unless their families came with them to Dubai.

rgrmrts
0 replies
5h54m

Dubai is in the UAE, not Saudi Arabia

pdimitar
20 replies
6h13m

Telegram has moved to Dubai long ago so no idea where you get the idea that FSB can strong-arm them from.

ixwt
6 replies
5h56m

As I stated in a sister comment, Dubai is marginally better, but not significantly better. If it's the same original developers, they could be squeezed through their family.

pdimitar
5 replies
5h50m

Same goes for Signal devs, or any devs really. You're only stating the obvious: humans can be forced and coerced given enough motivation and resources.

Singling out Telegram, or Signal, or any other service's devs is not advancing any argument forward.

StackRanker3000
3 replies
5h8m

There is more reason to be concerned about Telegram than most other similar services.

Partly because it’s insecure by default, which makes a large percentage of conversations vulnerable.

And also because the team behind it is very susceptible to pressure from the Russian government, which is especially bad when it comes to these things. Even if some of them are based out of Dubai now, it doesn’t mean that they aren’t still at risk of coercion, either directly or through for example threats against family members who remain in the country.

If you don’t trust Russia, which you shouldn’t, then don’t trust Telegram with anything sensitive.

5e92cb50239222b
1 replies
4h14m

Whom should we trust then? Have we already forgotten about Snowden?

fauigerzigerk
0 replies
3h29m

Can we trust some more than others without trusting anyone completely?

I for one trust that there are more Americans who would say no to the NSA when they have a legal basis for doing so than there are Russians saying no to the FSB.

The state of the rule of law is certainly not great anywhere in the world right now. But it's far worse in some places than in others. The difference still matters to some degree.

darby_eight
0 replies
2h29m

Even if some of them are based out of Dubai now

Not to mention there's not much reason to trust UAE any more than there is to trust Russia.

darby_eight
0 replies
5h17m

No, telegram is especially concerning given how insecure it is by default.

seanieb
3 replies
5h28m

Durov travels freely to and from Russia and several of their employees are still based in Russia. So yeah, the FSB have leverage if they need to use it.

looping8
1 replies
4h29m

You say it like it's a fact, so I assume you have proof? Durov is very vocal about being in exile so this looks doubtful.

phatfish
0 replies
3h7m

That's the tune of every Russian oligarch that doesn't want to get caught up in a sanctions regime that makes their Paris/Milan shopping trips a pain.

lawxls
0 replies
4h15m

Durov travels freely to and from Russia

This is incorrect. Check your facts. They're made up.

sbarre
2 replies
5h50m

Ah yes, Dubai the bastion of integrity, equality and human rights.

pdimitar
1 replies
5h39m

True, they aren't. Whether they're friends with Russia is another thing though.

sbarre
0 replies
5h17m

They don't have to be friends to turn a blind eye.

If Dubai had to pick between letting some nobody foreign national living on their soil get squeezed by a foreign secret police, or pissing off the Russians, what do you think they would do?

(This isn't a knock on Dubai specifically, substitute them for almost any non-NATO country in the world).

pdimitar
1 replies
5h38m

I heard. Your point?

frankharv
0 replies
5h37m

They have a long reach and like to be brutal for effect.

pdimitar
0 replies
5h39m

Okay, and your concussion in relation to the topic is...?

hggh
0 replies
4h37m

If russia wants to find and kill you they will.

If whatever State/Government wants to find and kill you they will.

seventyone
1 replies
5h56m

"Winning" would mean not having to comply with the subpoena...

ixwt
0 replies
5h47m

The winning in this case was they had to fight to be allowed to release what they provided.

As nice as it would be to not have to provide that information, Signal proved that the only information they have to give is largely useless to law enforcement.

hobs
1 replies
5h22m

The database is encrypted, and the password is right next to the database in a json file.

Tmpod
0 replies
5h10m

On desktop, on Android and iOS it uses the OS keystore. It really should do on desktop as well, Windows, Mac and Linux (through freedesktop standard) all have APIs for that, there really isn't much excuse. Desktop Signal has always had terrible security, unfortunately.

TacticalCoder
42 replies
6h46m

I don't know about Telegram being nasty towards Signal but Signal brought this upon themselves.

Metadata are more important than the content of the messages and yet Signal has always been about knowing your phone number, with handwaving when the subject is mentioned.

Sessions, a Signal fork, had its tagline right: "Share encrypted messages, not metadata".

Signal is a metadata exchanging app and it's about collecting your phone number and everybody else' phone number.

Now I don't think Telegram needs to "attack" Telegram: Telegram is immensely more successful and has reached take-off velocity.

To me Telegram is going after WhatsApp, not Signal.

Quiark
16 replies
6h41m

Not sure if metadata is more important but ok. Signal has launched support to use nicknames instead of phone numbers although it's true this took a long time.

I think Telegram is very wide-spread for running large group chats and communities, a use case that Signal is not interested in. Personally, I want my chats end to end encrypted and I'm grateful to Signal for pioneering this and inspiring Whatsapp, facebook messenger and others to adopt the same.

rfoo
8 replies
6h35m

Signal has launched support to use nicknames instead of phone numbers

You will still need a phone number to sign up for Signal. Signal still knows your phone number, you just hide it from your contacts. To me this only makes it even more suspicious.

OSI-Auflauf
7 replies
6h24m

You need a phone number to sign up for Telegram as well.

And you can correlate username to phone number not that hard in most standard setting cases.

nottorp
6 replies
5h55m

Yeah, basically both super duper encrypted privacy oriented services want your phone number.

Sorry, but that's not privacy. I don't care what they do to encrypt your messages, they are still tied to me, which makes the super duper encryption pointless.

OSI-Auflauf
4 replies
5h35m

You compare apples with oranges. Because if you'd compare the apples , you'd notice one of them has no usable E2E.

Yes oranges umm phone numbers is a problem. They have that both. Only one can additionally read the contents.

Thats for now the price for a normie interface.

First goalposts first.

rfoo
3 replies
4h41m

I agree with you that Telegram does not even have E2EE and that's bad.

But in this thread, GP was just talking about metadata. The goalpost here is metadata. GP particularly mentioned that Signal "fixed" the phone number issue and I just want to note that currently Signal isn't any better than Telegram in this aspect.

And then you moved orange back.

input_sh
0 replies
4h26m

...in secret chats, that are only available in 1-to-1 conversations via mobile apps.

So, not on by default (unlike Signal), no group chats (unlike Signal), no support at all in desktop apps (you've guessed it: unlike Signal).

Dudhbbh3343
0 replies
4h55m

SimpleX is the best E2E chat app that doesn't require phone numbers (or even any account signup) that I've tried.

shiandow
2 replies
6h29m

Not sure if you've got your sequence of events straight. End-to-end encryption was added to Whatsapp after it was bought by Facebook, before the co-founder of Whatsapp left to found Signal.

It's not as simple as Signal inspiring Facebook and Whatsapp, the sequence of events happened in reverse order.

tomek_ycomb
1 replies
5h20m

I think this not wrong but mildly misleading.

Whatsapp started encrypting messages after significant security issues in ~2012

It was purchased by Facebook under initially some administration separation terms in ~2014?

In 2016 it added e2e encryption. If I recall this was controversial because it limits fb ad potential on users.

I guess what I'm trying to say is that the timeline seems to me to still be pointing towards <<e2e came from Whatsapp not FB as an initiative, even if FB owned Whatsapp at the time.>>

Again you're not factually wrong, but I hope my restating of the timeline makes it more clear why i I think your reverse order point doesn't tell the same story.

shiandow
0 replies
5h3m

Your explanation is definitely better than mine. I just wanted to rebuke the notion that it was Signal who inspired Whatsapp to use e2e.

threeseed
1 replies
6h26m

No is arguing the metadata is harmless but it's significantly less of an issue than not having E2EE.

paulnpace
0 replies
6h14m

When they-them-those know who you are, knowledge of the full attack surface is the better way to compromise because it leaves the first step to compromise uncompromising-appearing. (The attack surface is broader than people generally consider, as it should include over-the-shoulder attacks, XKCD's wrench attack, etc.)

The success of such tactics can more easily be understood by even looking through the many, many comments right in this thread telling us Signal protects metadata because usernames are now a feature - guys, Signal has the metadata as the *services* are what is the topic of discussion here, not other users.

EVa5I7bHFq9mnYK
0 replies
6h12m

> Signal has launched support to use nicknames

Wow, really? ICQ had that in 1996 ...

OSI-Auflauf
11 replies
6h37m

Signal has got Usernames now.

You can block number discovery.

You can't resolve username to number.

Your main account ID internally is not your number anymore.

If 2 users add you using 2 different links or usernames. Its now harder to confirm its the same account.

alexpc201
6 replies
6h34m

Tell me, can you have a Signal account WITHOUT giving them your phone number?

Razengan
5 replies
6h25m

Can you sign up for Telegram without a phone number?

luuurker
1 replies
6h1m

Without "SIM card" and "without a number" are different things. Apparently you still need a number, a "blockchain-powered" number:

"[...] You can have a Telegram account without a SIM card and log in using blockchain-powered anonymous numbers available on the Fragment platform."

OSI-Auflauf
0 replies
5h42m

Irs super complicated to use. And you need an existing Telegram account to actually handle that cryptocurrency to buy these pseudo-numbers outside of the telephone namespace. Guess what you need to register those. An actual working phone number.

NicuCalcea
0 replies
5h41m

That's just buying a fake phone number, I don't see what would prevent you from using it with Signal the same way.

nottorp
0 replies
5h52m

Not everyone is commenting on signal vs telegram here, it may just be an opinion that the phone number requirement is dubious from both entitites.

Zedseayou
2 replies
6h30m

I'm not sure what the behaviour is now but certainly the default a while back was that anytime someone in your contacts joined Signal you would get a message. Imo this was a crazy behaviour that immediately told you something about certain people in your contacts in a very visible way (that they were on Signal). I couldn't tell from the settings whether this was now off by default.

amenhotep
1 replies
5h45m

Telegram has done and may still (I don't know personally) do the exact same thing. Stated noncombatively and without assumption about what argument you may or may not be making, but seems relevant to mention in this context. Astonishingly bad behaviour no matter which app!

OSI-Auflauf
0 replies
5h17m

Both do that.

navigate8310
0 replies
6h27m

You still need a phone number to sign up

raspyberr
3 replies
6h32m

But Signal specifically used phone numbers to leverage the already existing social graph on your phone. The numbers were never transferred or stored by Signal. You can literally see what information they gave when they were subpoenad: https://signal.org/bigbrother/central-california-grand-jury/

dooglius
1 replies
6h28m

If you read the PDF, the phone numbers are in the subpoena as the key for what's being requested, so yes they clearly were stored in a way Signal can access.

_djo_
0 replies
5h41m

Your account phone number, yes. But, most importantly, Signal doesn't store your social network in its servers in a way that it could give authorities the phone numbers of all the people you communicate with. Or, worse, the times and dates of those conversations.

So all it can tell authorities is that a person with x phone number uses Signal and still uses it.

nottorp
0 replies
5h54m

to leverage the already existing social graph on your phone

I have little trust in an entity that "leverages the social graph" though...

Your encryption may be great, but if you act like Farmville I'm going to trust you as much as I trust those facebook games that spam your friend list.

craigmart
3 replies
6h4m

You are speaking of metadata as if all metadata is equal. Signal does collect phone numbers (even though, since usernames have been introduced [1], this can be made opt in from now on), but not the contacts or social graph, neither many other relevant metadata [2]. What they can gather from this, is only when the specified phone number registered to signal services and its last connection to the server [3].

So, if you can call "metadata exchanging app" an app that simply has a list of numbers registered to the service, without any metadata assigned to them except their last access, the same label could be assigned to a much larger number of services.

It may not be anonymous, but it can hardly be disregarded as private.

[1] https://signal.org/blog/phone-number-privacy-usernames/

[2] https://signal.org/blog/sealed-sender/

[3] https://signal.org/bigbrother/central-california-grand-jury/

hifromwork
2 replies
5h18m

but not the contacts or social graph, neither many other relevant metadata [2].

Assuming you trust them (notice all your links point to signal.org own publications). Most of the privacy people are cautious/paranoid and assume that everything that can be collected is collected. Even assuming a lack of malicious intent, what's stopping NSA from hacking into Signal's infrastructure and logging who's talking to who along with timestamps? That's not to say I don't trust signal (it's the best mainstream solution right now), but it could do better to hide metadata from the protocol.

input_sh
0 replies
4h34m

Even assuming a lack of malicious intent, what's stopping NSA from hacking into Signal's infrastructure and logging who's talking to who along with timestamps?

Sealed Sender, the second link in the comment you've replied to. The indicator is off by default, but you can enable it under Settings → Privacy → Advanced. If I remember correctly, it doesn't work for the very first message you exchange with someone, but then it turns on and remains on.

In layman terms, it turns "from A; to B; content: <encrypted>" into "to B; content: <encrypted>". Their infrastructure doesn't need to know the "from" part to serve its purpose, so they strip it away.

If it was the other way around, they'd have to give that info to the (US) court. Same as any other US-based business, it's not optional, they can't ignore such requests, they can't lie, otherwise they'd be placing themselves in legal troubles for a random nobody that happens to be using their product. So, when I see this page, I fully believe them: https://signal.org/bigbrother/. If I didn't, my first step would be to look up those court cases from alternate sources.

craigmart
0 replies
4h55m

The point is that you don't have to trust them because the client (where the relevant cryptography is performed) is open source and the fact that my links point to signal.org is completely irrelevant, those blog posts are just ways to advertise facts that are freely verifiable. You can read the source code to check the implementation of sealed senders or how the social graph is handled.

NSA can hack into Signal's infrastructure, and what they will be able to gather are the same information provided by Signal in reply to subpoenas (the whole list here https://signal.org/bigbrother/), because everything else is end-to-end encrypted.

ecocentrik
1 replies
6h16m

Signal is still a significant improvement in security and privacy over SMS, Telegram, Discord, X, Whatsapp... It achieved the level of privacy that solutions like PGP tried and mostly failed to achieve for decades. Being tied to a phone number was part of the convenience of their solution. Allowing for nicknames now, might improve on the metadata leakage problem slightly.

I'm sure reactionists will immediately drop Signal because Elon the great said they should without considering that it still might be their best solution to communicate privately with their friends and family. But X makes *all* of it's money from collecting a lot more than metadata from their users, Tesla collects driving data and metadata from all of its customers, Grok trains it's AI on all of the data collected from X, Tesla and other sources without asking if users want to opt out of those training datasets. So I'm not sure Elon has a leg to stand on in this conversation.

GuB-42
0 replies
6h4m

I'm sure reactionists will immediately drop Signal because Elon the great said they should

Signal got a massive boost in popularity because "Elon the great" literally told people to "Use Signal".

rahen
0 replies
6h32m

Telegram also exchanges metadata. Only Sessions and Tox achieve full and decentralized privacy.

grandchild
0 replies
6h34m

As of a few weeks ago, you can hide your phone number on Signal, and it's even the default, even for existing accounts. You can even opt in to disable discovery by someone who already knows your number.[0]

To me Telegram is going after WhatsApp, not Signal.

They mention Signal by name in the referenced post.

[0] https://signal.org/blog/phone-number-privacy-usernames/

baq
0 replies
6h39m

To me Telegram is going after WhatsApp, not Signal.

yeah exactly so what is actually going on here?

gkbrk
40 replies
6h43m

You can download Telegram and many forked clients from F-Droid. All the builds are from source code, so you know the source code is up-to-date.

Any distro can have Telegram clients, both official and third-party, in their repository.

Compared to this

1. You cannot download Signal from F-Droid. You need to download it from the Google Play Store. The released source code has lagged behind the version on the Google Play store by long periods of time many times. One example was when they implemented cryptocurrency payments, pushed the update to everyone but no one could inspect the source code.

2. Signal has sent legal threats to repositories that package Signal. The repos either need to confuse users by offering the client under other package names or remove it.

3. They also send baseless threats to forks that use their server. Combined with their lack of federation, this results in people having to use multiple apps from different sources with a much larger attack surface.

4. They beg for donations in the app even though they made an app with payments and cryptocurrency integration with an obscure coin (which they were involved with and had ample opportunity to hoard before ever announcing it as a feature in Signal).

5. They claim to have privacy features that other messengers lack, but these features are based on known-to-be-broken technologies like Intel SGX.

OSI-Auflauf
9 replies
6h27m

Telegram Foss clients exist only because of unpaid volunteers that take Telegrams messy mix of open and closed parts and rip closed parts out and replace them. The Telegram organisation is notoriously late to release the source code to their current release. If they do, its a giant squashed commit without proper changelog. These releases must then be first wrangled by volunteers to be well buildable.

The Telegram Org itself gives no support to volunteers at all.

You can't register with Foss builds. Only official binaries. Nowadays a lot of features are premium only. You can only get premium with official binaries. That part is closed.

gkbrk
4 replies
6h23m

This doesn't affect the user that downloads these from distro repos or F-Droid because every single update they get comes from the source code. There is never a lag even for 1 second because without the source code there are no builds.

Pretty much all the packages on Linux repos come from package maintainers taking upstream source code, removing parts they don't like and then building that. This is a normal part of packaging and building open-source apps.

OSI-Auflauf
2 replies
6h19m

Yes and thats why users spend sometimes months on old builds.

Also which distro packages Telegram?

Fedora doesn't. Debian does but at times it was so old the client crashed from receiving server comms because it wasn't fully compatible. It actually crashed as in segfault.

kaba0
0 replies
5h58m

Nix, arch, basically everything packages it.

saagarjha
0 replies
5h9m

I take it you haven't been following Telegram for iOS and macOS.

tssge
2 replies
6h19m

Telegram has fully reproducible builds and is not that complicated to build, no issues there. They even have a guide on how to build & verify. [0] No need to wrangle or modify, generally builds as is (at least from my experience).

Granted yes, the version commits are squashed like you said. [1] However I haven't seen source release to lag behind store releases, any sources on that?

0: https://core.telegram.org/reproducible-builds 1: https://github.com/DrKLO/Telegram

OSI-Auflauf
1 replies
6h18m

That repo is not fully open.

Release lag -> Telegram foss needs to wrangle the release every time. Fdroid CI takes its time.

tssge
0 replies
6h16m

Which parts are missing?

A couple months ago I actually verified a build of Telegram on my friend's phone as he thought something might be off and didn't have any issues there (the build matched).

2OEH8eoCRo0
0 replies
6h15m

Good point- I forgot that the FOSS clients were 3rd party.

hiq
8 replies
6h22m

Your points have little to do with security (which is the main angle of Matthew Green's thread), especially because of reproducibility.

Even then

You need to download it from the Google Play Store.

Factually incorrect, just go to https://signal.org/android/apk/ (and the apk will then update itself) or build it yourself.

pushed the update to everyone but no one could inspect the source code.

That was for the server code, which you shouldn't care about from a security standpoint for an E2EE messenger such as Signal. AFAIK that was not the case for the clients.

Regarding your other points, they have reasons that have been discussed elsewhere[0] to avoid federation, notably a lot of the progress on the Signal protocol would be way harder in a federated setting. There's no other messenger that has the same usability ("my grandfather can use it and won't have problems using it afterwards") while being at this level security-wise.

[0]: https://signal.org/blog/the-ecosystem-is-moving/

gkbrk
7 replies
6h6m

Factually incorrect, just go to https://signal.org/android/apk/ (and the apk will then update itself) or build it yourself.

That page tells me that the safest way is to have a Google account, with Google Play Services installed on my phone, and to download it from the Google Play Store.

It then gives me an APK link after saying "Danger zone" and "most users should not do this".

If the app developer tells me it's dangerous and I shouldn't do it, can you even expect users to do this?

skybrian
1 replies
5h49m

Do you disagree? The main issue I see with sideloads is that you don’t get automatic updates. I’d do that for an app I built myself, but not if the app is in the Play Store.

Tmpod
0 replies
5h6m

With Signal you actually do. The APK gotten from their website isn't the same from GPlay. It has an auto updater (will prompt you with a notif when a new version comes out, which you can click to install), and doesn't come with a FCM push notification system.

nevi-me
0 replies
5h35m

Well, the page is correct. That's the safest way.

I don't know how to verify the SHA fingerprint without Googling (I know how it works, just don't do it often to know the exact openssl or equivalent command).

If I'm downloading the APK directly on the phone, there's a lot that's not under Signal's control that could happen.

What if I'm directly under attack, and I'm trying to move to Signal? The attacker could MITM the connection and intercept the download.

I think that's a fair warning to show a user, because indeed most users will likely want to install apps through Play Store, that'll reduce/remove supply chain risks. Users who know enough about APKs would be able to verify the hash, or build it themselves.

Even if I download the APK, I still have to accept a similar warning when installing it on my phone.

ethbr1
0 replies
5h54m

If the app developer tells me it's dangerous and I shouldn't do it, can you even expect users to do this?

If you care about reproducible builds and avoiding trusting Google, you're already in the class of not-most-users.

Signal seems to have usually taken a pragmatic stance of defaults mattering.

Afaicr, that was the argument for linking to phone numbers (it allowed for more lazy users to use it) and encryption by default (few turn on opt-in-encryption).

And it seems accurate to say 'for most users, who don't know what they're doing and don't want to play personal-IT-department, using the Google Play store is more safe and secure.'

ctxc
0 replies
5h54m

You know what you're doing, so you can ignore those errors. Seems like a much better alternative to endorsement of apk downloads directly from websites for non tech-literate users.

YPPH
0 replies
5h49m

You're moving the goalposts now. Your comment was factually incorrect on a very basic point, own it and move on.

TrueDuality
0 replies
5h54m

Google Play, for all its failings, IS the safest way to get an APK right now.

F-Droid for as much as I love the open platform, does not provide any security guarantees about what you're downloading. It is a volunteer run project and does not have the extensive security policies and practices that Google has. From https://f-droid.org/en/about/

Although every effort is made to ensure that everything in the repository is safe to install, you use it AT YOUR OWN RISK.

Likewise downloading and side-loading it from their website, requires you to disable some security guarantees by doing things like enabling developer mode.

nicoco
3 replies
6h29m

2. Signal has sent legal threats to repositories that package Signal. The repos either need to confuse users by offering the client under other package names or remove it.

Not that I really want to defend Signal (XMPP FTW!), but the legal threats were about using the Signal name, not making an unofficial client per se. I know a bit about it because I develop an alternative signal client (a signal-XMPP gateway to be more accurate). That said, they don't help 3rd party client devs at all.

marcinzm
0 replies
6h9m

The official Signal stance has been last I checked:

we really don't want forked versions of the app maintained by other parties connecting to our servers.
londons_explore
0 replies
6h11m

I can understand that if they didn't compile it themselves they don't want 3rd parties using the 'Signal' name.

The name is what their reputation is staked on, and if a third party compiled it they have no idea if malware is secretly packaged in there too.

Having said that, the smart move is to dedicate a few engineer hours to packaging it for every linux distribution and every app store, even the smallish ones, to prevent others trying to 'be helpful' and requiring you to send a takedown.

1oooqooq
0 replies
5h57m

the legal threats were about using the Signal name

that's just misleading misdirection.

Firefox have issues with the legal name, that's why the source is called by other names and the branding is added later on.

signal ties the branding with the code, so it is impossible to build from the canonical source without triggering the branding issue.

So, in practice, it is a convoluted way to annoy anyone releasing from source. And as we know, actually using open source software without a "distro" is insanity. You cannot trust 1000s devs. you trust the distro, the distro trust 10s of package maintainers, the package maintainers trust 10s of devs. and everyone is happy. I trust f-droid just fine. But i don't trust the person who is publishing every apk on random sites like signal.

croes
2 replies
6h26m

Does Telegram still use their own crypto algorithm?

If so, up-to-date source code us pretty useless.

How many people check their app's source code?

With third party clients it's pretty easy to get malicious ones

upofadown
1 replies
5h45m

It's more the case that Signal uses their own crypto algorithms. Extended Triple Diffie-Hellman and Double Ratchet for example. Telegram uses extremely well known and boring algorithms. Messaging isn't really all that complicated, you shouldn't need anything exciting.

croes
0 replies
3h13m

But Telegram uses it's own protocol MTProto which isn't extremely well know and tested.

ants_everywhere
2 replies
6h21m

Telegram rolled their own crypto and is used for a lot of intelligence operations like monitoring dissident groups, promoting propaganda, recruiting agents, etc. That probably explains the push to discredit more private apps like Signal.

Researchers of Telegram's protocol have said in some ways it's weaker than TLS.

E.g.

- https://www.wired.com/story/the-kremlin-has-entered-the-chat...

- https://therecord.media/telegram-blocks-chatbots-used-by-ukr...

- https://www.oporaua.org/en/polit_ad/and-telega-is-still-ther...

- https://www.pravda.com.ua/eng/news/2024/05/8/7454849/

- https://time.com/6280190/cia-recruit-russian-spies-telegram/

- https://www.cia.gov/stories/story/cia-launches-telegram-chan...

- https://nordvpn.com/blog/is-telegram-safe/

- https://portswigger.net/daily-swig/multiple-encryption-flaws...

kaba0
1 replies
5h56m

“Rolling your own crypto” is discouraged for programmers, not for field experts. It’s not your average joe’s first try at encryption writing a caesar cypher…

ants_everywhere
0 replies
5h12m

It's discouraged for field experts too. In practice, real crypto schemes go through several rounds of analysis by multiple teams of experts, often working against each other. It's unusual these days for a single company to come up with a custom crypto scheme. It was probably more usual toward the beginning of cryptography.

For example of this sort of vetting, take a look at the standardization around AES or the post-quantum schemes.

In crypto you're almost always relying on hardness assumptions that aren't provable yet. So you need to guard against things like accidentally haven chosen the wrong constants that collapse a problem's hardness. Or, more mundanely, making a seemingly reasonable engineering choice that is known to weaken the protocol and which would be caught by a big org with a thorough review, but a startup may not catch.

ale42
2 replies
6h35m

All true. But where are the sources of Telegram server? They are not open source, simply! What are they actually doing with our messages? Only they know. And they can read them because by default there's no E2E encryption.

riffraff
1 replies
6h8m

would it matter if the server was open source? You'd know have no proof what is what they run on the actual server anyway, nor can you use a custom server.

ale42
0 replies
4h55m

It can matter if you can trust them to do the proper thing, i.e. if you assume they are not a malicious entity. In this case, checking the server source code can give experts insights about possible security risks.

If you assume they are malicious, (a) I wouldn't use their product in the first point, and (b) of course they can do whatever they want independently from the published code.

sigmar
0 replies
6h13m

The released source code has lagged behind the version on the Google Play store by long periods of time many times.

Seems like FUD. This took me 30 seconds to check just now:

-Telegram's android source code git hasn't had a tagged release in more than two months and is several versions behind the android app (10.12.0 vs 10.9.1)[1]

-Signal's android source has a tagged release two days ago that is two releases ahead of the stable version on google's app store, and also lists the tagged release for the version that is on the app store.[2]

[1] https://github.com/DrKLO/Telegram/releases

[2] https://github.com/signalapp/Signal-Android/tags

jojobas
0 replies
6h25m

Can these alternative telegram clients be sure the keys the server sent are from the other client, with no MITM? (Honest question, I don't know the answer.)

Matrix or bust.

drunkan
0 replies
4h57m

Pure smear comment. Signal was and is the choice of personal messaging app for anyone I know who has ever worked in security or intelligence. That should say it all. Aside from apple, who did it because of them, it has set the gold standard for e2e chat. People moan about the phone number and “metadata” when in reality all this can be used for is to say yes x has a signal account and this is when they last used it. That’s it. It’s effectively useless to anyone. People moan about it leveraging the local social graph of the device it’s a necessary convenience for the adoption of any modern chat app. They go into great detail about how it is and isn’t used in a way that it cannot be used/viewed by others. Frankly I’d bet half the people smearing it have X and Facebook apps installed on there phones and really aren’t serious people. If I wanted to smear off topic I’d point out that telegram, along with the usual suspects, is a gold mine for intelligence gathering for what I’ve heard.

bratwurst3000
0 replies
5h52m

Sources please !

bloqs
0 replies
6h20m

This is astroturfing. Telegram has never been secure

benoliver999
0 replies
6h30m

This isn't entirely untrue, particularly the part about source code releases lagging, but I would say:

- You can download an apk from signal that self-updates

- Telegram isn't encrypted by default and uses a home-brew protocol

Sakos
0 replies
6h25m

This comment sounds like astroturfing to me. Telegram doesn't even provide secure chats by default. Everybody I've talked to was unaware that the chat was unencrypted until I pointed it out. That's before considering that 1) I don't consider the company behind Telegram in any way trustworthy, 2) the servers for Telegram are closed source and it's unclear what's running there. Signal's server code is open source and the github is actively updated. We also know who works on Signal, as well as their credentials, and they're reasonably trustworthy compared to alternatives.

Dunedan
0 replies
6h25m

You cannot download Signal from F-Droid. You need to download it from the Google Play Store.

You can also download the APK directly from their website: https://signal.org/android/apk/

When doing so Signal uses its own update mechanism to stay up-to-date.

OSI-Auflauf
10 replies
6h38m

On Signal vs Telegram:

Telegrams Encryption is off most of the time. They have serverside access to messages. The optional E2E is annoying to use and isnt even available on every platform. For example Tdesktop afaik still has no E2E support. (And has a very brittle software architecture.) You can't register Telegram accounts with the open source client anymore. This should be a non-Discussion.

MG implying that just because other messengers like Whatsapp use Signals encryption scheme does not make them more more trustworthy.

Yes you can verify in a binary if the stuff is implemented well. But if a vendor has control over the update channel or beta rollout features its kinda easy to hide targeted features. Wasn't Whatsapp caught exfiltrating chats in ways that don't involve the normal channel bypassing E2E?

Btw there is no Signal in Fdroid but nowadays there is an accepted by upstream third party implementation. You could separate software and infra vendor. Look at Molly.im

Better to bring non tech folk to Signal than to other messengers that do the same but less protected.

Matrix? Lol!

raxxorraxor
6 replies
3h40m

Both services are relatively insecure because they require phone authentication. In the EU at least the number can always be traced back to you if you don't buy specific burner phones.

The level of encryption isn't as important anymore at that point. It is less probable you get into problems by using a service that doesn't know your identity.

Marsymars
4 replies
3h0m

Both services are relatively insecure because they require phone authentication.

That hasn't been the case for Signal for some months: https://signal.org/blog/phone-number-privacy-usernames/

You still require a phone number for sign up for Signal, but your phone number isn't visible to anyone you chat with.

Sebb767
3 replies
2h33m

but your phone number isn't visible to anyone you chat with.

That's irrelevant - the phone number is known to Signal and can be request by law enforcement. And, since it's been made pretty much impossible to buy a SIM in the EU without showing identification [0], this will allow law enforcement to link the account to you.

[0] IIRC the Netherlands is the only country left where you can buy SIMs without ID.

growse
1 replies
1h36m

That's irrelevant - the phone number is known to Signal and can be request by law enforcement.

So how does this work? Law enforcement asks signal if they have an account for a phone number, signal saying "yes, here's when they created it".

Then what?

The_Colonel
0 replies
47m

"Get me all the numbers which talked to X, including all the numbers".

You won't get the actual plaintext messages, but the contact graph + metadata (timestamps) are pretty sensitive.

Marsymars
0 replies
2h5m

That's irrelevant - the phone number is known to Signal and can be request by law enforcement.

Maybe I'm missing something here, but if usernames are treated as ephemeral, what's the threat model here?

EasyMark
0 replies
38m

Anonymity and Encryption aren't flip sides of the same coin, they can be used together or separately, and are orthogonal in lots of use cases.

nurumaik
2 replies
6h19m

You can buy "anonymous number" on fragment without using any client and without providing any personal information and use it as much as you can

When signal becomes at least remotely as popular as telegram it will implement same protection to fight against spammers because you can't have free unrestricted registrations and don't drown in spam

Telegram currently makes it as accessible as possible: either use it freely but register using phone number and official app or pay and use anonymously as you want

tapoxi
0 replies
5h13m

Signal is already extremely popular, their anti-spam by default is that you need to get matched to the user's local contact list or the spam becomes an allow/deny prompt. They also require a confirmed phone number and handle registration throttling.

aniviacat
0 replies
5h16m

I just looked at the fragment.com site to see how much such a number costs. The lowest possible bid you can currently make, and that is for an auction that has six days to go, so probably not even the final price, is over 100$. That is an unacceptable price for basic privacy.

rigid
9 replies
6h52m

Signal has reproducible builds for android now? Why not f-droid then, too?

kuschku
8 replies
6h49m

Signal's definition of "reproducible" meant for quite a while "download this binary docker image and build Signal inside of it". I don't know if that has changed since.

Signal rejects F-Droid for a different reason, though: They only want to distribute through channels where they get download statistics and control update rollouts.

rigid
7 replies
6h24m

Hm f-droid provides privacy friendly https://fdroid.gitlab.io/metrics/ for some time now.

I'm not sure what sort of "control" they have over the Play Store compared to f-droid, but I'd rather have a trusted 3rd party do the building transparently and verifyable.

noirscape
3 replies
6h13m

F-Droid uses a package maintainer-esque process where the maintainers of F-Droid can intervene and prevent an update to an app from reaching users if it's deemed to be malicious or to add anti-features.

It's of particularly high need on mobile since popular apps, even those who were originally FOSS, are sold to scummy publishers who fill it with ads and subscription schemes (oft called anti-features, since removing them could be seen as a feature in and of itself), ruining the original. You can't really trust mobile app devs because the track record is downright awful. Recently that happened with the "Simple" collection of apps, where the Play Store version got filled with junk but the F-Droid maintainer froze the version and marked the apps as outdated since nobody could conceivably want the new versions.

Of course, that strokes poorly with developers who a. don't want to deal with potential third parties in their distribution chain rejecting their updates or b. are planning to add anti-features to their apps later down the line. With signal, I'm gonna guess it's mainly a; the Play Stores checks and balances are much less invasive than the sort of thing an F-Droid maintainer might check for. (As I understand it, Google Plays checks mostly are anti-exploit and keyword scans.)

rigid
1 replies
5h46m

where the maintainers of F-Droid can intervene and prevent an update to an app from reaching users if it's deemed to be malicious

That sounds like a feature you want when using FOSS.

Imagine distros wouldn't have been able to intervene quickly and malicious xz would be still deployed through their channels just because the authors want to.

noirscape
0 replies
5h30m

Oh yeah, it's an absolutely wonderful feature. F-Droid is pretty much the main app store I'd recommend to get "the basics" from if you're ever in the unfortunate position of having to manage the mobile devices of family members. Having a maintainer "on the lookout" gives so much peace of mind. Not suddenly having the gallery app turn into a data collection machine and baiting less tech-savvy people into vaguely defined subscriptions is a value that's too good not to pass up on.

FOSS isn't really the important part for me there; it's nice, but the real value is that F-Droid is pretty much the only app store that has some reckoning on how the relationship between mobile devs and mobile customers should be far more adversarial than on any other platform due to the poor track record of mobile devs and empowers users to be able to deal with that in a way that restores some degrees of trust.

It's a fucking shame there's not an equivalent on iOS where you can just say "yeah, what you find here can be trusted" and then not have that gets polluted a year down the line. Apple used to somewhat police the App Store back in the early 2010s for similar peace of mind, but that's not the case anymore.

kuschku
0 replies
5h21m

With signal, I'm gonna guess it's mainly a; the Play Stores checks and balances are much less invasive than the sort of thing an F-Droid maintainer might check for. (As I understand it, Google Plays checks mostly are anti-exploit and keyword scans.)

It might have been b as well – Signal did keep their server code proprietary for many months to add their custom cryptocurrency to it, and added this cryptocurrency for microtransactions into the app as well. There may be many more features like this planned, some of which F-Droid might oppose.

CorrectHorseBat
2 replies
6h11m

Their problem is that F-Droid releases are signed by F-Droid, not by Signal. This way F-Droid could potentially insert a backdoor in an update.

CorrectHorseBat
0 replies
5h34m

I should have checked before I posted something from memory. These are the reasons they list:

https://community.signalusers.org/t/signal-android-app-on-f-...

F-Droid with reproducible builds signed by both parties seems the best of both worlds to me, now I don't understand why Signal is so stubborn about this.

danielbln
4 replies
6h53m

A nitter instance that still works? What is this sorcery?

rglullis
1 replies
6h34m

Nitter still works if you configure the instance to use valid accounts.

viraptor
0 replies
6h8m

* enough valid accounts. If the instance gets popular, you're going to need hundreds of them to get past rate limits according to the announcements some time ago (maybe the rate limits have changed though)

LoganDark
0 replies
6h51m

Lack of widespread use most likely. Maybe some people put Nitter on their personal user account and it works until it has too many users.

gardenhedge
1 replies
6h33m

Woah, people are still doing that thing where they break a post into 10+ tweets?

EasyMark
0 replies
34m

Of course, it's either that or a png of the text from a text editor or pay for blue check account, neither of which are optimal for most people

tetris11
0 replies
6h35m

Ah so that's how Telegram got reproducible iOS builds:

you need a jailbroken (old) iPhone. And at the end you still can’t verify the whole app. Some files stay encrypted

So basically, it works you just have to bend over backwards to verify that it's truly reproducible.

imjonse
28 replies
6h40m

Telegram were claiming they were more secure even when they had their own home-rolled crypto. Security is not Telegram's strong point and it never was.

treprinum
10 replies
6h36m

Why is home-rolled crypto inherently insecure?

martinralbrecht
0 replies
3h40m

Telegram's symmetric cryptography has been reviewed by cryptographers: https://mtpsym.github.io/

danpalmer
1 replies
6h19m

It's inherently risky – cryptography is hard and building secure software is hard, so starting it from scratch rather than re-using well-vetted code increases the risk unnecessarily.

It's not inherently broken, but it's sufficiently risky that it may be fair to assume it is broken. History has proven that software that's not known to be secure is typically insecure when it gets to the really hard crypto implementation. I think it's fair therefore to approximate it as "inherently insecure".

kaba0
0 replies
5h0m

It’s insecure if done by your average full stack developer, that barely passed high school math. That’s why the usual mantra. It’s waaay different when done by math experts specialized in this topic, as is the case with telegram.

martinralbrecht
0 replies
3h41m

We explain this under the heading "A Somewhat Opinionated Discussion" here: https://mtpsym.github.io/ which is our security analysis of MTProto's symmetric cryptography.

hcks
0 replies
6h31m

It’s not been audited by CIA approved programmers

ale42
0 replies
6h28m

Because doing proper crypto is VERY hard. You might think you've gotten the ultimate security and one year later someone will defeat it (or cryptanalize within a practical limit, which boils down to the same), because you forgot a detail. Even just implementing a crypto algorithm properly in a way that doesn't leak information is very complex, reason for which most applications tend to use well-established crypto libraries.

OSI-Auflauf
0 replies
6h33m

Because theirs was particularly bad. They xored a server provided nonce in their modified DH scheme making their side able to mitm the key exchanges.

GuB-42
0 replies
4h55m

To add to the idea that crypto is hard, it is not just hard in the same way that, say, making a physics engine is hard. It is hard because there is no telltale sign you did it wrong.

All crypto algorithms, even weak ones output what looks like random numbers that can be deciphered back into the original plaintext. Just by looking at it, there is no way to differentiate between secure and insecure crypto. Contrast to a physics engine, it is hard to get right, but at least, if you did it wrong, it tends to be obvious.

Also, like everything security-related, it is adverserial. You may have some of the smartest and most resourceful guys on the planet working to break your thing. It is worse than even critical systems. Aircraft engine control is critical, people may die if it goes wrong, so robustness and correctness are crucial, but at least, pilots won't go out of their way to break it.

bozey07
10 replies
5h7m

Why is MTProto considered "home-rolled" but the Signal Protocol isn't? Both are boutique and written from scratch to fit their respective systems.

lynndotpy
9 replies
4h32m

Of course. But the history of the Signal protocol and implementation traces back 20 years. It's good enough that Facebook, WhatsApp, and Skype use it for E2EE messages. Telegram's traces back 10 years, the first version was very bad, and both versions have had a lot of scrutiny for weird design decisions.

Crypto schemes which get broken usually follow a pattern of "something smells wrong", "we have weakened it a little bit", "we have weakened it a little bit more", "this is now completely broken", "my god why are you still using MD5, it's 2017".

We're in the "something smells wrong" or "we have weakened it a little bit" phase for MTProto2, depending on how you view it.

reportgunner
5 replies
3h11m

It's good enough that Facebook, WhatsApp, and Skype use it for E2EE messages.

Wait if it's the same why don't we just use Facebook, WhatsApp and Skype instead of Signal?

lynndotpy
2 replies
3h1m

It's only the protocol for their E2EE chats. There are two big caveats:

- Facebook and Skype E2EE messages are optional, and people rarely use that option, and - Those apps collect a huge amount of data outside the contents of the messages.

reportgunner
1 replies
2h56m

Still I think mentioning the greatest data collection projects in human history in the same sentence as Signal which is supposed to fight that is not very good.

lynndotpy
0 replies
2h36m

Only that the protocol is an accepted standard. Very, very, very little of what's shared over Facebook is E2EE.

palata
0 replies
2h27m

Don't forget that Signal is the name of the app, and "Signal Protocol" is the name of the E2EE protocol. The parent was talking about the Signal Protocol.

The fact that Facebook, WhatsApp, etc. use the Signal Protocol kind of shows that it is an accepted standard. But of course there are many reasons to use Signal (the App) instead of those apps, for instance:

- The Signal App is open source. You can check the protocol implementation before you use it. For Facebook, WhatsApp and Skype, you have to trust them (or some audits).

- E2EE is only one part: it ensures that nobody except the recipient can read the content of your messages. But there is a whole story around the metadata. The metadata say who writes to whom, and when. It essentially helps build a social graph. Facebook is very interested in this social graph. It would appear that the Signal Foundation is not. And even if it is not perfect, Signal does a lot to try to minimize the amount of metadata it has access to (and quite obviously Facebook has a huge incentive not to do that).

This said, IMHO it is still a lot better to use WhatsApp than to use Telegram, because at least you benefit from a good E2EE.

noman-land
0 replies
2h59m

Why don't you go to the local casino to chat with friends? They serve the same beer.

palata
2 replies
4h14m

But the history of the Signal protocol and implementation traces back 20 years

Are you sure about that? TextSecure was created more 10 years ago than 20. 20 years ago, we did not have smartphones.

As I remember, TextSecure started with SMS (but that was not the Signal protocol) and added "internet" messages right after WhatsApp got bought (which was about when Telegram was started).

I love the Signal protocol, but I would say it's more 10 years old (like Telegram). Or am I missing something?

lynndotpy
1 replies
3h28m

Signal/TextSecure (/DRA/Axolotl) has a pretty strong throughline from the "off-the-record" protocol (OTR) from 2004/2005. Signal themselves describes TextSecure as a derivative of OTR (https://signal.org/blog/simplifying-otr-deniability/).

It's close enough that if, say, a novel attack against OTR were discovered today, the first thing I'd want to know is if there are any implications against Signal.

palata
0 replies
2h34m

Oh right. It does come from OTR which is 20 years old. Thanks for the clarification!

fastball
5 replies
4h19m

Technically Signal is using their own home-rolled crypto, too – right?

api
3 replies
3h28m

Sort of, but it's heavily peer reviewed and generally regarded as very good.

I really dislike the "hand rolled is bad" meme. Someone rolled all crypto. The questions are "who is doing the rolling," "do they know what they are doing," and "was it peer reviewed or directly and faithfully built from a peer reviewed design?"

Sebb767
2 replies
2h26m

I really dislike the "hand rolled is bad" meme.

Crypto is notoriously easy to get wrong, even if you know a lot about it - and most people do not. Secondly, proving something secure is pretty hard as well. If the crypto isn't a bog-standard algorithm in a well-known and reviewed implementation, assuming it to be insecure is a pretty good rule of thumb.

api
1 replies
2h4m

My take on "don't roll your own" is:

The people who take this advice are people who have respect for the difficulty of things like crypto and should be the ones implementing it, or at least on-ramped into learning how to do so.

The sorts of people who ship bad crypto because they don't bother to learn anything about the field are going to ignore this advice.

So I think as a strategy for fighting bad crypto it's neutral or maybe even net-negative by discouraging the right people from learning crypto and having no effect on overconfident fools.

deepsun
0 replies
1h32m

should be the ones implementing it

Someone (Bruce Schneier?) said that the best way to get into actually inventing/implementing crypto is to first get handy inventing attacks / hacking into other algorithms and tools.

imjonse
0 replies
3h37m

Telegram had some weird primitives which they said we should trust because they were made by their top team of mathematicians. Signal builds on widely used crypto primitives even if their protocol is their own (vetted by actual cryptographers though)

dangoodmanUT
27 replies
7h5m

Telegram has always felt like the catch-up of the messenger apps. I don't know a single person who uses it.

vbezhenar
8 replies
7h3m

I don't know a single person who doesn't use Telegram.

umanwizard
6 replies
7h1m

What country do you live in?

vbezhenar
2 replies
6h58m

Kazakhstan.

umanwizard
1 replies
6h39m

That makes sense, AFAIK Telegram is most popular in the post-Soviet countries.

baq
0 replies
6h30m

That in itself is a red flag. Things don't 'just happen' in those places. Don't ask me how I know.

nexoft
2 replies
6h44m

Same In the EU, no ones that's legit uses Telegram, except scammers that you can run into in local "graigslist" website.

hifromwork
1 replies
5h13m

"Same in the EU" - but you're actually make an opposite statement than the GP (GP said "everyone i know uses telegram" and you said "nobody uses telegram")

nexoft
0 replies
4h13m

indeed you are right, I did read the opposite for some reason.

baq
0 replies
6h33m

I don't know a single person who does.

Yeah, plenty have accounts, but nobody uses it to actually chat.

TacticalCoder
3 replies
6h51m

I don't get this. I'm in the EU and nearly everybody I know has Telegram.

Telegram has a huge advantage versus WhatsApp: it's not Meta. Then the Telegram UI is really excellent.

When you tell people all your friends and family are using it and that's it's not from Facebook, they usually install it on the spot. Then they're hooked.

conradfr
1 replies
6h41m

I'm in France and don't know anyone using it.

Except the government, as reported in the news.

Actually the only time I used it it's because I needed to chat with a Russian SaaS personnel.

rahen
0 replies
6h23m

I know few people who use Telegram either. All my contacts and I use Signal here.

yodsanklai
0 replies
6h31m

I don't mind WhatsApp being Meta but Telegram is more lightweight and UI is far superior (for instance, ability to edit messages). Unfortunately, most people still use WhatsApp, you can't really avoid using it.

lukan
2 replies
7h4m

Many do. But most use it as a forum software, or to send files, than as a messenger.

sitzkrieg
1 replies
7h3m

i use it for messaging and everyone else i know does too. "most"? any sources?

lukan
0 replies
6h59m

"Most" was anecdota here.

Oh and I also use it for messaging sometimes. But my main use case is participating in various groups, like in a forum way. And my peer group does the same and I have not met a single person that uses telegram mainly for messaging. Most also have signal or whatsapp for that.

billpcs
2 replies
7h1m

I use it since 2014 and have felt that it's very performant (more so than Signal or Whatsapp, Messenger, or Viber).

Also, it adds many useful features that other messengers didn't always have and many still don't have, for example Saved Messages, Scheduled Messages, Spoiler Messages, Reply to Message, message formatting (bold, monospace, etc), just to name a few off the top of my head.

kreyenborgi
1 replies
6h42m

Signal has "Scheduled Messages, Spoiler Messages, Reply to Message, message formatting (bold, monospace, etc)". I don't know what Saved Messages are, maybe it doesn't have those.

Oh, and it's end-to-end encrypted by default.

billpcs
0 replies
6h35m

It does, in Signal it's called "Note to Self". I am saying that in general, Telegram is the first to offer such new feautres.

troupo
1 replies
6h59m

As with any messenger, it depends on countries and regions and groups of people.

Everyone in my friend group is using it.

In terms of functionality, speed, fluidity of the interface everyone is trying to catch up to Telegram. And doing a half-assed job of it

lyu07282
0 replies
6h29m

I don't think Signal is even trying tbh

HatchedLake721
1 replies
6h56m

?!

Telegram is often praised here for their features that helped them to grow and made people keep using it. Something that Signal should consider doing.

They have 900million monthly active users.

dannyw
0 replies
6h43m

Yes, their app and UX is absolutely delightful.

oytis
0 replies
6h50m

For Russian language content it feels a lot like pre-enshittification internet. You get blogs on all possible topics without ads or "Algorithm". Just read what you subscribed to, in whatever order you want.

I would never trust in with any confidential information though.

konart
0 replies
6h41m

Can say the same for Viber and to a lesser extent Whatsapp. Not to mention Signal. I'd guess popular IRC servers have more real users than Signal.

kome
0 replies
6h47m

This is the most out of touch comment. Everybody is running after telegram, they are innovating all the time. If you want to see what Whatsapp will look like in a year, use telegram now.

filleokus
0 replies
6h58m

I know a quite a lot of people (including me) who use it as a kinda RSS reader to keep up to date with Russian cyber security threat actors.

kome
8 replies
6h10m

this is honestly quite surprising... why are they so adamant? we know telegram is not super safe, but at least is not facebook.

lynndotpy
2 replies
5h48m

Facebook actually has had optional E2EE with the Signal protocol since at least 2016 (in my experience), as "secret chats". This puts it on a better security standing than Telegram.

saagarjha
1 replies
5h1m

Telegram has a similar feature I believe.

lynndotpy
0 replies
4h39m

Yes, but Facebook (and others) uses the Signal protocol in its optional E2EE chats, because it has withstood the test of time. But Telegram uses its custom protocol (MTProto2) in its optional E2EE chats, which has a host of problems and has not withstood the same weathering.

jimkleiber
2 replies
5h59m

Ironically I saw that FB Messenger started adding E2EE by default to my chats, whereas Telegram I believe still requires opt-in.

kome
1 replies
5h57m

yes, but that's the point: it's not a technical problem, it's an institutional problem. Facebook is pure surveillance capitalism. They live by scooping your data. E2EE is hardly a concern or a solution.

jimkleiber
0 replies
5h40m

While metadata can leak a lot about conversations, it doesn't leak nearly as much as plain-text data of conversations. I've argued for years that companies have an incentive to do E2EE on private messages so they don't have to be held liable or have to get involved in a lot of investigations if they don't have any access to the info. Telegram has access to the plain-text data of the conversations, as far as I know. Signal, WhatsApp, and Messenger (more and more), seem to not have much, if any, access to the plain-text data of conversations.

But the Meta companies are lying about E2EE, I don't know? Signal has seemed to me to be the company (org actually, nonprofit) that cares the most about privacy in terms of intentions and implementation.

supriyo-biswas
0 replies
6h3m

It’s ultimately a distinction without a difference, as it is an appeal to the morality of the corporation behind the product, which can change from based on their incentives. E2EE protects against that.

cryptoboy2283
0 replies
5h44m

My theory is - Telegram gained some extra traction after Carlson's interview

r721
3 replies
6h12m

Here's the other side:

https://news.ycombinator.com/item?id=40301508

https://news.ycombinator.com/item?id=40336005

https://news.ycombinator.com/item?id=40330694

https://news.ycombinator.com/item?id=40308241

https://news.ycombinator.com/item?id=40299313

https://news.ycombinator.com/item?id=40298608

https://news.ycombinator.com/item?id=40279661

https://twitter.com/jack/status/1787895769183268948

https://twitter.com/elonmusk/status/1787908190799278360

https://twitter.com/elonmusk/status/1787589564917490059

cryptoboy2283
2 replies
5h50m

Are you pointing out that Mr. Durov is in conspiracy with... Jack Dorsey and Elon Musk?

r721
1 replies
5h10m

In my opinion this has started as part of Rufo's campaign against Katherine Maher (see https://news.ycombinator.com/item?id=40341993), then Dorsey and Musk boosted that article because it aligns with their political views. Durov decided to add Telegram vs Signal angle in his post.

cryptoboy2283
0 replies
2h48m

Thanks, this is helpful. Still kinda hilarious that their target for damage control is... Telegram. Musk and Dorsey never even mentioned it

ants_everywhere
3 replies
6h3m

Yeah, the pro-encryption and pro-privacy people sure seem to be trying to tell us something about Telegram

cryptoboy2283
2 replies
5h45m

Perhaps you're right, and all of them have the "greater good" intentions, but it's ridiculous how their "regular reminders" popped up in the same 24h interval

ants_everywhere
1 replies
5h20m

have the "greater good" intentions,

It's getting harder and harder to tell because bot activity has gotten so good, but Matthew Green has been around a while and is a genuine old school crypto dude. There is a group of people who just believes that crypto and privacy are good things and want to promote them.

The reason it gets harder is because you can spin up a handful of "expert" accounts shilling for this or that privacy VPN or bitcoin scam etc. So it's hard to just pull up a list of statements and know whether it has any weight. In this case, Matthew Green has a lot of weight because I've followed him for a while and I know what he's about.

cryptoboy2283
0 replies
3h42m

There is a group of people who just believes that crypto and privacy are good things and want to promote them.

Doesn't mean one can't become a sellout eventually.

Especially in Green's particular case - he had invested a lot of attention to Margaret Salter, e.g. https://twitter.com/matthew_d_green/status/13578907313697095...

lynndotpy
1 replies
5h51m

This seems organic to me. I was a security researcher, and for years I've been telling anyone who would listen that Telegram is not as secure as their marketing says it is, while Signal is.

The reasons why are already pretty well listed in the thread above. Telegram's E2EE is hand-rolled and not the default. Signal's E2EE is always on, and it's _the_ industry standard protocol. (Outside of iMessage, I believe the Signal protocol is used on every well-adopted messaging service which offers E2EE chats.)

People also aren't aware that phone numbers and usernames are tied on Telegram. When a former friend of mine joined Telegram, I searched up his username, and found his _very_ explicit Reddit account. This identity compromise issue isn't mentioned more often.

You can add me to the list. There is no good reason to pick Telegram over Signal, unless you don't care about security. It DOES have more sticker packs.

kelthuzad
0 replies
4h51m

People also aren't aware that phone numbers and usernames are tied on Telegram.

But you can, under Privacy & Security, switch Phone number visibility to "nobody". You can also change your username anytime you want to. A new feature called "anonymous numbers" allows you to purchase and use virtual numbers (they start with +888).

I think the bigger problem here is that Telegram has not e2e encryption enabled by default, which is definitely suspect.

jxi
1 replies
6h4m

That was my impression too, that this was more of a thread to slander Telegram than anything.

The main leg that Signal has to stand on is it uses standard encryption, but it has all kinds of shady components like it used to require sharing phone number to contact someone, and the cofounder Moxie launched some MOB crypto scam which went to 0 and he has now quit the project too.

jsheard
0 replies
6h1m

As I recall they went out of their way to hide that they were working on that shitcoin integration as well, Signals open source releases went dark for a year or so without explanation and then it turned out to be because they didn't want people to know about MobileCoin. Compromising the transparency of the project to obfuscate the development of a feature that they surely knew would be unpopular isn't a good look.

Intermernet
18 replies
6h48m

There seems to be a concerted effort to discredit Matthew's claims. Even here on HN. I find this suspicious. The Signal protocol has been heavily audited by many different people from many different countries. It's usually found to be sound. The telegram protocol has been found to have issues that are, if not malicious, amateur level mistakes.

Once again, this is not my opinion. This is the result of independent auditors who have no affiliation with either the USA or Russia.

There are positives to the UI of Telegram, there are negatives to the UI of Signal. None of these has much to do with the underlying protocol of either.

Personally I'd rather we all put our collective efforts into something like the protocol suggested by Matrix, but if only given the choice of Telegram or Signal, I'd avoid Telegram like the plague. They are either malicious or amateur. Either one isn't a good choice for security.

vetinari
13 replies
6h21m

The telegram protocol has been found to have issues that are, if not malicious, amateur level mistakes.

Please provide evidence of such issues. Because at most, the issues with MTProto were at the level of "we are not familiar with this, but seems ok". Which seem to be inflated by Signal activists into maliciousness.

You do make bear service here.

Intermernet
8 replies
6h14m

"You do make bear service here."

I'm not sure what this means.

vetinari
4 replies
6h6m

The meaning of "bear's service" originally comes from a fable about a man and a bear. The bear wanted to help the man by killing a gnat which sat on his forehead. As a result both the gnat and the man died.

Basically, by being proactive you do more damage as if you didn't do anything.

Intermernet
2 replies
5h54m

Thanks for the explanation. I'll try to be less proactive, I guess...

vetinari
1 replies
5h24m

Proactive is fine, if you know what is the overall impact.

There's another: proactive idiot is worse than the class enemy[1].

[1] "Class enemy" or "třídní nepřítel" (cz) might be an unknown term in itself - https://en.wikipedia.org/wiki/Enemy_of_the_people#Soviet_Uni...

Intermernet
0 replies
4h57m

Ok, apparently I can now reply to this comment... Weird HN delays aside.

I don't care if the people who can decrypt Telegram chats are allied with any one side or another. I believe the idea of "Class enemy" to be abhorrent, and the moral / social threats of "the overall impact" to be negligible when compared to the fact that using compromised communications platforms will inevitably lead to greater problems than the act of calling them out.

This is the equivalent of "You'll keep quiet if you know what's good for you".

If Telegram is broken, certain people need to stop using it. The socio-political climate of the areas most likely to be using Telegram just makes this more urgent. This applies independent of if / how / why it's broken, and who, if anyone, may benefit from this.

Intermernet
0 replies
5h14m

Replying to this, as I can't reply to your down-thread reply for some reason.

What if the gnat isn't a gnat? What if the gnat is another man who now knows the communications of the first man? I'm not saying the Bear should kill both, but I'm pointing out that the analogy falls apart when the gnat isn't just a mildly annoying third party.

EVa5I7bHFq9mnYK
2 replies
6h6m

This is a literal translation of a Russian idiomatic expression.

viraptor
0 replies
5h50m

Or a Polish one. (I guess the expression will be popular across Eastern Europe)

It's funny to see the basic cultural stuff float to the surface in comments like that. Like when there was a large number of "American" accounts some time ago on Twitter responding to financial news, but putting USD after the numbers... (To be clear, I'm not suggesting anything specific about the author here, just that sometimes you see enough opinions about something with the origin "leaking" through the side channel and wonder how organic it is)

vetinari
0 replies
5h28m

Slavic, not Russian.

vetinari
1 replies
6h8m

From your own link:

Recently, in [MV21 ] MTProto 2.0 (the current version) was proven secure in a symbolic model, but assuming ideal building blocks and abstracting away all implementation/primitive details.

Translation: it is secure, except for bugs, if any.

Intermernet
0 replies
5h56m

That's a generous translation! They were shown to be double-encrypting, using nonces where they weren't required, and generally making a bunch of mistakes that would be fine if they were writing a student level implementation of a secure messenger protocol, but not one that went on to be tacitly endorsed by a bunch of nation states!

It's like a clunkier version of the backdoor in Dual EC DRBG. When problems like this are found, you can either assume deliberate malice (as in the case of NIST) or accidental incompetence. Either should be immediate grounds for not using the software. This isn't Flappy Bird. This is meant to be secure comms. The "This Is Fine" mentality doesn't cut it.

FabHK
2 replies
6h25m

Eh, split any important message into pieces, put a piece each in Signal, WhatsApp, Telegram, Threema, Line, and then the Americans, Russians, Swiss, and Koreans will each have some parts, but if you're lucky, nobody has all...

viraptor
0 replies
5h52m

At that point you're giving the metadata to everyone. That's not a great thing if you actually care about being protected from all of them.

Intermernet
0 replies
6h6m

I didn't even know Line was still a thing!

medo-bear
0 replies
6h22m

You can have a secure verified protocol but an insecure implementation of the protocol (the app). Note though that Im not saying that Signal the app is insecure. However I do think that Signal can certainly do more to make itself more transparrent and to accomodate libre 3rd party implementations of their protocol

pydry
13 replies
6h59m

Given the location of Telegram's servers (Dubai), and the nature of the government (neutral dictatorship) and the lack of encryption, my default assumption would be that not only are they selling access to your data to major governments, they've probably even streamlined the bidding process.

vbezhenar
9 replies
6h54m

Both Russians and Ukrainians use Telegram, including confidential messaging with their agents on the foreign territory. So that's a prove enough for me, that it's safe enough.

ceejayoz
3 replies
6h47m

Which bits of this war scream “good judgement and opsec” to you?

https://www.nytimes.com/2023/01/04/world/europe/ukraine-russ...

Ukrainian artillery targets Russian soldiers by pinpointing their phone signals. Despite the deadly results, Russian troops keep defying a ban on cellphone use near the front.
pydry
1 replies
5h5m

The part where they make up stories about the other side doing dumb shit in order to boost/maintain their team's morale.

It's especially critical to drip-feed feel good news when you losing.

ceejayoz
0 replies
4h46m

I mean, the Russian Ministry of Defense admits it.

“It is already clear that the main reason of what took place included the massive use, contrary to the ban, of personal mobile phones in the range of enemy weapons,” the Russian Defense Ministry said in a statement. The cellphone data allowed Ukraine, it said, to “determine the coordinates of the location of military service members to inflict a rocket strike.”
teekert
0 replies
6h42m

You're scared, likely to die face down in the mud. Would a little higher chance of death be worth completely cutting yourself of from your family?

lukan
2 replies
6h47m

"including confidential messaging with their agents on the foreign territory"

Possible, as many ridiculous things happened around the whole war. (Recently german generals on a video chat were targeted by the russians, wasn't too hard, they did not use any encyption at all)

Sources would be nice though.

But it really would not be a reason for me to trust telegrams security.

Rather a confirmation again, that also secret services can show great incompetence.

vetinari
1 replies
6h19m

Recently german generals on a video chat were targeted by the russians, wasn't too hard, they did not use any encyption at all

They used Webex. Doesn't Webex use any encryption at all?

lukan
0 replies
6h11m

It can use encryption. But they choose not to for probably lazy reasons. Which is bad for normal persons, even worse for generals who should lead by example - and ridiculous for generals with an background in IT who really should know better. But as far as I know, there were no real consequences so apparently it was not such a big deal.

https://en.m.wikipedia.org/wiki/German_Taurus_leak

teekert
0 replies
6h44m

I would guess that those two would turn encryption on?

IDK, the whole anti-Signal post really makes me suspicious of Telegram whereas I wasn't really before. Are trying to be the universal honeypot for agencies?

martin_a
0 replies
6h46m

Sounds like another part of the product, so you just pay for the other side not being able to snoop on you.

XorNot
2 replies
6h55m

Yep. The magic of "you could turn on encryption" is that nearly all people using it won't.

"Ah, but if you need encryption then you'll..." - well, two things now. Suddenly you're the person who has encryption switched on. And also more likely, someone they talk to will forget to switch it on and just blab everything into cleartext anyway.

The entire importance of Signal's model is that it is always encrypted. It's why LetsEncrypt is also important: to have effective security you need to be able to hide in the crowd. If encryption usage is rare, then who's using it itself (or suddenly starts using it) becomes an extremely valuable datapoint.

(so I'd add: Telegram absolutely sell timeline details of which user accounts change their frequency of encrypted chat usage).

piaste
1 replies
6h41m

Addressing only one point, not your main one which I agree with:

And also more likely, someone they talk to will forget to switch it on and just blab everything into cleartext anyway.

I expect that if you enable a Telegram Secret Chat with Bob, Bob cannot unilaterally un-secret it. I would be very surprised if that was the case.

Of course Bob can then share the contents with Carol via an un-encrypted channel. But every encrypted channel has that weakness.

nani8ot
0 replies
6h13m

Last I used Telegram, creating an e2ee chat with someone added an encrypted chat in addition to the unencrypted chat. This means if your not careful in which chat with a single person a message is sent to it's easy to accidentally send unencrypted data.

I'd guess this is possible because Telegram e2ee chats aren't multi-device capable, so it's necessary to be able to use unencrypted chats while using Telegram on something else than the phone with e2e.

yreg
8 replies
6h56m

So the entire argument for "Telegram isn’t a secure messenger, full stop." is that E2EE is opt-in?

If that's all there is to it, then the opinion is rather weak.

edit: maybe post a comment in addition to pressing the downbutton. I'm curious what's so problematic about what I've said.

tifik
3 replies
6h50m

It's not just opt-in, it's a non-default option you have to actively seek out and enable with every new conversation you start. So yes, by default, without additional steps taken, telegram is not e2e encrypted.

yreg
2 replies
6h47m

"Non-default option" is exactly what "opt-in" means, no?

FabHK
1 replies
6h41m

You can opt in to something and then have it enabled by default. Not so with e2ee in Telegram.

yreg
0 replies
6h34m

Ah, I see.

akie
1 replies
6h53m

Defaults are important because (very) many people don't change them.

snvzz
0 replies
6h20m

Most.

Stagnant
0 replies
6h41m

I'd guess telegram can be secure if used correctly but the fact that their desktop client doesn't support secret chats at all feels weird. It has been one of the most requested features but they seem to have no interest in implementing it and have closed the issue on github.

FabHK
0 replies
6h43m

The non-standard crypto was also problematic, at least initially. Furthermore, as outlined, the claims on reproducible builds vis-a-vis Signal are debatable - both provide them on Android, neither satisfactorily on iOS.

xyst
7 replies
6h59m

It’s a Telegram psyop that uses emotion, particularly fear and paranoia, to switch to their shite platform.

robertlagrant
5 replies
6h52m

Is it possible to link to primary or neutral secondary sources, rather than hatchet-jobs?

ceejayoz
4 replies
6h51m

That’s what the underlined bits throughout are, including to Rufo’s own tweets.

But here, primary: https://christopherrufo.com/p/the-zen-koans-of-npr

This week, I have been engaged in a campaign to expose NPR’s new CEO, Katherine Maher, and her anti-speech, anti-truth philosophy.
robertlagrant
3 replies
5h46m

How does that show he wants to use Telegram in a "psy-op"?

joemazerino
1 replies
3h59m

Still not seeing any connection here. Seems like a reach to attack Rufo.

IG_Semmelweiss
0 replies
1h14m

Agreed. There's no solid evidence presented.

vetinari
3 replies
6h16m

Well, if you think that AES-256 that MTProto uses[1] is some wonky algorithm...

[1] https://core.telegram.org/mtproto

rakoo
2 replies
5h53m

Going from "AES is safe" to "Any protocol that uses AES is safe" is the kind of leap that will ban you from any cryptography work

vetinari
1 replies
5h30m

GP was talking encryption, not protocol. Randomly changing topics will get you banned from any crypto work too.

rakoo
0 replies
3h59m

Because saying "AES" is enough to talk about encryption ? Nothing else is involved ? Because if we're going in this direction everyone should just use XORs for encrypting and everything would be fine, and the rest would be implementation details.

huhtenberg
0 replies
6h44m

They rectified that around the time it surfaced.

If you follow the discourse, the crypto quality is no longer brought up in factual Telegram-to-Signal comparisons, except as low-effort swipes at Telegram's general credibility.

nubinetwork
6 replies
7h3m

Telegram is full of scammers. Something something bricks and a glass house.

izacus
5 replies
6h51m

I've started getting a lot of spam scam messages on Signal as well lately. What's going on with these platforms?

hmmm-i-wonder
2 replies
5h30m

Personally I've never received a scam or spam message on Signal.

cuu508
1 replies
3h46m

I am in a Signal group which has an invite link discoverable on public internet (it's a local OpenStreetMap group). From time to time, a bot joins and proceeds to spam the group's members one-on-one.

RicoElectrico
0 replies
3h28m

The same happens on the Telegram OSM group. Now, the easy and 99% effective mitigation is to make a "bridge group" where you need to click something to join the real deal but changing that would invalidate any existing links.

swores
0 replies
4h28m

Isn't it an expected issue with popular services, particularly ones with proper e2e encryption?

Things like WhatsApp and iMessage get scam messages too, and the less visibility the operators have for contents of messages the harder it is to proactively filter out spam.

epicide
0 replies
3h43m

It feels like any platform that allows for one-way initiation of a conversation is bound to increase in spam as the platform grows in usage (phone calls, email, SMS, various social media, various messengers, etc.).

Do any platforms require that both parties add one another? (And/or allow for restricting an account to such a mode)

e.g. if user123 and user789 wish to communicate, then user123 must add/contact user789 AND user789 must add/contact user123. Until both do so, then nothing happens.

It's more work to legitimately establish contact with someone, but that seems like it pales in comparison to the effort produced by spam/scams.

Same thing with verifying identities. In order to actually establish proper contact with someone, you need to communicate with them via some outside means (ideally in person) in order to establish the connection. Requiring both parties to enter/scan some ID/code/whatever seems like it would only facilitate proper verification (though not guarantee it, of course).

I'm sure that I'm missing something, though. I assume I'm just not familiar enough with these platforms and that some/all of them provide such a feature. It's just odd to me that spam sounds like such a problem when it feels like the above solution would be highly effective and simple to include.

sschueller
5 replies
6h56m

and who runs privacyguides.net ? the FSB or CIA?

lynndotpy
3 replies
5h36m

No, it does not.

Let's enumerate the purported problems:

- "Elon Musk said so", which does not matter. - Signal attachments can be viewed by an attacker with local access to the client. This is not Signal's job to protect against. - Signal offers an optional `--no-sandbox` flag which only has security options if enabled on Linux. - Weaknesses in sealed sender. This is the only one that might be an actual problem (two theoretical and one empirical attack, but the latter comes from an 18 page paper that I have not read). But this does not compromise the integrity of the chats, and is not something Telegram improves on.

Given how the posted described the optional `--no-sandbox` flag as "no sandbox on Linux", it's clear that they don't understand anything they're sharing, and they just want to spread FUD.

---

edit: Per discussion below, I was wrong about the `--no-sandbox` flag. It's enabled by default. The risk is that an attacker could figure out how to use Signal to run arbitrary JavaScript. I take back my insult- it was I who did not understand the linked issue.

I still stand by Signal > Telegram. The risk here is that an attacker could figure out how to abuse Signal to run arbitrary Javascript, e.g. through a specially crafted message.

ementally
2 replies
5h19m

Given how the posted described the optional `--no-sandbox` flag as "no sandbox on Linux", it's clear that they don't understand anything they're sharing, and they just want to spread FUD.

Could you elaborate as you seem to be more "knowledgeable". This flag is clear at what it does and shouldn't be shipped into production. https://no-sandbox.io/

You can have a look where they specifically chose to force it https://github.com/signalapp/Signal-Desktop/commit/1ca0d8210...

lynndotpy
1 replies
4h59m

You're right. It seems I am eating my words on that item, the `--no-sandbox` flag does seem to be on in most Linux installs. From context and search, it looks necessary for it to work on Debian.

Can confirm with `cat /usr/share/applications/signal-desktop.desktop`.

This still would require a pretty sophisticated attack to take advantage of, but I wouldn't rule it out as an attack surface. (We regularly see iPhone exploits that attack font and image rendering, after all.)

I'll amend my post given this.

ementally
0 replies
4h50m

No worries, but it is a legitimate attack vector given that sandboxing on Linux sucks unlike Windows and macOS, so it is much needed.

There's an issue open to provide a flatpak for the app.

https://github.com/signalapp/Signal-Desktop/issues/1639

rglullis
4 replies
6h25m

Go on, keep defending the overlord you believe have your best interests at heart while the other 57 of us go worry-free, using Matrix or XMPP.

cookiengineer
3 replies
6h0m

You will eventually revise your opinion once you find your chat logs 20 years later in some randomly occuring IRC logs because that one guy was using an IRC bridge.

You cannot critique missing guaranteed end to end encryption when effectively matrix cannot guarantee it either.

rglullis
0 replies
3h42m

If one guy gets their device compromised or decides to publish the contents of a conversation, is it that a problem of E2E? Of course not.

Sebb767
0 replies
2h16m

You will eventually revise your opinion once you find your chat logs 20 years later in some randomly occuring IRC logs because that one guy was using an IRC bridge.

E2EE can not prevent the receivers from sharing the message (they are one of the "end"s in "end to end-encryption" after all"). The same thing could happen because one person in the group chat ends up getting some ransomware on his phone; E2EE can not prevent that.

MattJ100
0 replies
4h9m

Yes it can. End-to-end encryption is enforced by your app, not by the protocol you use. This is a key part of how end-to-end encryption works.

pt_PT_guy
4 replies
6h15m

They want to do this because they want more traction for their blockchain: TRON, which, IIRC, is the payment method for ads, usernames and "stuff" inside Telegram.

However Du Rove is right about a bunch of things:

- Signal clients suck, specially the Desktop one where they ship (or used to) pre-built binaries like their own lib: https://github.com/signalapp/ringrtc - Also you can't have Signal without Google Play Store - Signal client suck in usability. I wish I had Telegram client (android) and desktop (qt) instead of this electron garbage. Telegram clients are super-duper-awesome - I would say that removing phone number requirement is their #1 request. yet they take so much time to address it, specially when they cry about phone number validation SMS costs - BTW, telegram is implementing a very nice idea of a crowd sourced sms validation, where they use their users phone numbers to send the validation sms - They have a very questionable crypto integration with MobileCoin, which have a obscure value: they depend on IntelSGX and is 95% pre-mined

r0ks0n
1 replies
6h9m

ton and tron are not the same thing

pt_PT_guy
0 replies
2h53m

ty. you're right

luuurker
1 replies
3h16m

you can't have Signal without Google Play Store

You can use Signal without the Play Store. Download the apk from Signal's website and it will use a background connection to receive calls and notifications. The downside is that it's heavier on the battery.

pt_PT_guy
0 replies
2h53m

just that? then why not a f-droid release?

FabHK
4 replies
6h36m

An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media.

Any sources for this except the private testimony of a Signal competitor talking about his important friends? (ETA: Or is it when the court/media obtains your unlocked phone, in which case Telegram won't protect you either...)

daedalus_j
1 replies
3h19m

My guess would be that their phone was taken from them, unlocked, and their messages were accessed that way.

I know several large IT orgs that have done this when Legal got involved. Literally using a 2nd phone to take pictures of Signal chats on the phone in question.

nabakin
0 replies
46m

Or some sort of spyware like Pegasus

2OEH8eoCRo0
4 replies
6h20m

So since Signal has a board member who worked at a place that some people don't like then the Signal app must be backdoored/compromised/honeypot?

That's one hell of a leap. How far has our requirement for evidence fallen?

mtremsal
0 replies
4h27m

AFAICT Signal is collateral damage in this disinformation campaign. The original attack seems to be aimed at the CEO of NPR, coming from an assortment of right wing (and some Russian-aligned) voices. She happens to also be on the board of Signal which, through the prism of conspiracy theory, now extends their crusade. Given that Telegram is commonly understood to be aligned with the Russian government, this maps neatly on the US/left vs Russia/right axis through which such people already understand the world.

mikeyouse
0 replies
5h24m

Yes. The crew pushing for this is 100% bad faith, it’s pretty contemptible.

gitfan86
0 replies
6h12m

It is kind of too late at that point. Good security requires proactive measures.

Tycho
0 replies
6h13m

Um, yes. When the “place that some people don’t like” is all sorts of CIA-connected NGOs and you’re a member of group defined by its paranoia about privacy, then absolutely this becomes disqualifying.

sschueller
3 replies
7h1m

I don't trust either side and having a cryptography expert located in Baltimore, MD trying to prove that the other side is wrong seems just as off as a Russian owner trying to prove the opposite.

In the end it doesn't matter if you are using a smart phone from Apple or Google as your soft-keyboard is such an easy target there is no need to decrypt anything.

verisimi
0 replies
6h58m

Yes, afaik the whole point of all this tech is that it is compromised by design and intended to allow agencies/governments/corporations fine grained access to each individual.

I use both these apps fwiw. I'm under no illusions that anything is really private online.

alfiedotwtf
0 replies
6h56m

For what it’s worth, Matt has a pretty damn good track record

abdellah123
0 replies
6h29m

-__- I need to make my own OS

thih9
2 replies
7h4m

Tweet not found
red_trumpet
0 replies
6h56m

Works for me.

deepsun
3 replies
5h21m

It seems like a twitter thread of multiple messages. How can I read the rest of the messages, not just /1? There's no links to them.

dathos
0 replies
5h8m

I use threadreader app for this.

axegon_
3 replies
5h27m

Let me set a few things straight: Telegram is for the most part tiktok for people that don't mind putting some effort into reading on a few odd occasions. Saying that I have a lot of Ukrainian friends would be an understatement and the are the only reason I have telegram-all of them favor it, which, all things considered, is a grave mistake. In practice, telegram is far more closely related to tiktok and twitter than a messaging app and by extension it is heavily used to spread misinformation: telegram channels are ultimately under the complete control of their admins and they have the ultimate authority with no way of doing anything about it. Twitter was forced to put some effort into it through community notes but that hasn't even made a dent: it literally takes two google searches to find tens of thousands of bot accounts spreading misinformation. In that regard, telegram is much worse since it's an infinite source of cognitive dissonance: People are willfully joining echo chambers, which are openly advertised as such.

I am really glad that telegram is nowhere nearly as big in western countries compared to eastern Europe. It pains me to say this but, but even till this day, us eastern Europeans are way more susceptible to propaganda than the western world, although, for a million and one reasons that seems to have a huge effect on the western world as well. In that sense, telegram is an active contributor.

10/10 times I'll sit firmly behind Signal, despite the many shortcomings: there is no developer integration, if you want to create a signal account for your own personal bots or whatever, you can but only through a hacky repo that's on github.

Yes, the people behind telegram know all this very well and they don't like the fact that people who are aware of it as well are favoring signal infinitely more than telegram.

5e92cb50239222b
2 replies
4h8m

And that's good, that's their strength. I use it to read information from all sides of the conflict and decide for myself what's "disinformation" and what's not. A grown person doesn't need a gatekeeper that pushes their own interests and shuts up anyone daring to contradict them.

axegon_
1 replies
3h24m

Oh yeah, "both sides". Sure... Wanna ask the two orphans living at my cousin's where their parents are and who killed them? How many thousands of such examples do you need? I'm sure as hell I can supply you with a sufficient amount, even worse than straight up shooting a child's parents in front of their eyes.

Sebb767
0 replies
2h13m

Wanna ask the two orphans living at my cousin's where their parents are and who killed them?

Applying an emotional argument to shut up discussions against censorship is propaganda 101.

simion314
2 replies
7h6m

Maybe walled submissions should not be a,lowed unless an alternative way to reading the content is presented

xyst
0 replies
7h5m

I wish there was a way to auto hide any submissions from a site (ie, “hide all twitter.com submissions)

redbell
2 replies
5h55m

Telegram has launched a pretty intense campaign to malign Signal as insecure, with assistance from Elon Musk

I got a bit confused here! Didn't Musk support and encourage people to "Use Signal" three years ago?! https://twitter.com/elonmusk/status/1347165127036977153

shafyy
0 replies
5h18m

I was also initially confused. But then I remember that Musk is a jabroni and nothing he says should be taken at face value. Fuck him.

mmmdaaa
2 replies
6h49m

This is a response to the following post from Telegram creator Durov

https://t.me/durov/274

danpalmer
1 replies
6h11m

- "I don't like where one of their board worked" (find someone high up in the cryptography ecosystem who hasn't been involved in this sort of thing somewhere in their career)

- "I don't like where their funding comes from" (US govt regularly funds secure software because they depend on it for their own operations, see: Tor)

- "An alarming number of people think their chats were leaked". It's easy to state things without sources. Also an alarming number of people think Facebook listens to them through their phones' mic. People are bad at opsec. Not news.

- "No reproducible builds. They closed a GitHub request from the community." Well, except Android is reproducible, and they explicitly state on that closed issue that they don't do feature requests via GitHub and asked the reporter to raise in the proper channel.

- "Telegram is the only service with reproducible builds". Telegram barely has encrypted chats, reproduce all you like, that doesn't make the chats secure. Signal has E2E encryption and verifiable builds for Android, that's a strictly better security position.

nabakin
0 replies
43m

An alarming number of people think their chats were leaked

Easily explained by direct access to the phone or Pegasus (or Pegasus-like) spyware. Both of which Telegram is also vulnerable to.

lukan
2 replies
6h40m

To quote one comment (Phillip.png):

"With assistance from Elon Musk" is a pretty big accusation. I held off replying until I read your whole thread, and then you didn't mention that at all. What the hell?"

Seriously, what the heck has Elon Musk to do with this? Unless we also want to debate what we all think of Elon Musk when we talk about chat protocols?

lukan
0 replies
6h22m

Thanks for the missing context, I think that qualifies as "boosting".

kome
2 replies
6h37m

Stating that Telegram is unencrypted is incorrect. It offers optional end-to-end encryption; however, by default, it uses encryption in transit. Of course, there is a trade-off between convenience and encryption, and having access to all messages on all devices is beneficial.

However, technicalities are not the point: both Ukrainians and Russians trust Telegram—despite being at war. Telegram has managed to distribute its servers and legal presence across multiple countries, making it challenging for courts to track. This provides a level of security that American-based entities cannot offer.

There is a great discussion by Pinboard on why telegram is more safe, and it is preferred by activists in Hong Kong: https://twitter.com/Pinboard/status/1474096410383421452 "There's a disconnect between critiques of Telegram and its practical use that have made me uneasy about joining technical pile-ons around how it's not really encrypted messaging. Let me use the example of Telegram use in the Hong Kong protests..."

If anything, all this animosity toward telegram has always been a bit suspicious to me. But anyway, assume your cellphone to be extremely unsafe.

darthrupert
0 replies
6h27m

Having in-transit encryption in your communications software is kindergarten level stuff. It's the most minimum of hurdles to pass, so it's not worth mentioning anymore. Thus encryption always refers to E2E encryption in these discussions.

Intermernet
0 replies
6h23m

Optional E2E encryption is effectively not encryption. The default encryption in transit is useless if you don't trust the server. The argument about convenience is ridiculous. Whatsapp provides better default encryption than Telegram. The (probably deliberate) flaw in Whatsapp encryption is the default backup method, but E2E encryption is enabled by default with no loss in convenience. Telegram is not encrypted by default, and their encryption scheme has been shown to have rookie level mistakes in it. Just because it's "preferred by activists" doesn't mean said activists have any idea about secure communications.

I'm not saying that you should jump on Signal (or anything else). I'm saying Telegram is almost certainly broken. Maybe maliciously, maybe accidentally, but almost certainly.

For reference, I don't use either Signal or Telegram anymore, but Telegram sets off so many alarms I'd steer clear of it.

benterix
2 replies
6h25m

As far as we can tell, they are both insecure: Telegram is closed source and Signal published their source but basically forces users to use the Google Play version which lags behind the OS version and you can never be 100% sure what it does, not to mention things like SGX.

viraptor
0 replies
5h55m

What do you mean by SGX? SGX, even if it's fatally flawed, won't be worse than not using SGX. That's the worst case - they added a broken sandbox. Best case - they added a working one.

braiamp
0 replies
6h18m

Signal self publishes their apk. You can drink directly from the source.

Semaphor
2 replies
7h2m

Not a huge fan of Signal (phone number requirement [0], crypto push a while ago), but there are worlds between those two, and every time the Telegram CEO makes a post it looks more like a scam than before.

[0]: Yeah, might be changing or has already. Now, after ages.

jraph
1 replies
6h56m

phone number requirement. Yeah, might be changing or has already. Now, after ages.

A phone number is still required for registration. As of a few weeks, it's not necessarily communicated to your contacts anymore, which solves a few concerns (but not all).

crypto push a while ago

I was worried about this, but I use Signal daily and I haven't even noticed anything in the UI about this, it seems like a non event in the end.

nani8ot
0 replies
6h23m

The crypto payments have to be manually enabled under Settings -> Payments, which is the correct way to handle such features imo.

novaRom
1 replies
5h46m

There are multiple layers where interception can happen:

1) On-screen keyboard - by default most phones do send what is being typed - a lot of phones also have 3rd party keyboards of doubtful origin preinstalled

2) "Enable backup" scam - on starting an app (like Google Photos or WhatsApp) chances you or your wife accidentally press "ok" on a pop up message

3) Hardware drivers - non open source binary blobs with back doors

4) Operating system - you basically don't know what information is logged and sent back to phone's vendor

orbital-decay
0 replies
1h30m

>by default most phones do send what is being typed

That's extraordinary if true. Do you have anything to back it up, though? Even Google (!) wasn't brazen enough to log everything typed on Gboard, they implemented federated learning.

mikae1
1 replies
5h51m

I can only see the first message in this thread. What does it say?

YPPH
0 replies
3h57m

They can't be compared because Signal's criticism of Telegram is legitimate and warranted, Telegram's criticism of Signal isn't. Telegram isn't even an encrypted messenger.

jwells89
1 replies
2h49m

I think Signal could stand to gain popularity by either prioritizing overall niceness and polish in their clients (especially on desktop) or by allowing third parties to build clients which prioritize those things.

iMessage, Telegram, and Signal all get usage from me, with the vast majority of that usage weighted heavily on the former two because that’s where most people in my circles are. When comparing user experience between the three, it’s easy to see why.

altairprime
0 replies
2h27m

Allowing third party clients that provide identity verification signatures would be totally excellent, and I would support that.

Signal does this today by verifying phone numbers themselves, so they’d have to continue doing so centrally; “never trust the client” applies to their own client just as much as anyone else’s, and “allow unverified users to initiate contact with strangers” is the spam vector infecting all modern telephony (thus STIR/SHAKEN).

So with that need resolved, the biggest risk of third party clients would be intentionally compromised code within an attractive wrapper — but the only way to defend against that is to not allow third party clients at all.

So.. I guess I no longer support third-party clients, having worked through the timelines of what will occur. Ah well.

VMG
1 replies
7h4m

Non X version?

Razengan
1 replies
6h27m

Telegram is just as bullshit as WhatsApp etc as long as it requires:

* A phone number

* Access to your contacts

WHY do messaging apps need ALL our contacts? Why can't we add only the people we want to stay in touch with on a particular app?

WHY doesn't Apple let us choose WHICH contents to let an app steal, just like we can with limited photos access?

EVa5I7bHFq9mnYK
0 replies
5h56m

It asks for, but does not require access to contacts. As of lately, it does not require phone number either.

GaggiX
1 replies
6h47m

This just seems like a knee-jerk reaction to Durov promoting his own platform as usual, what does Elon Musk have to do with this for example? Is there any evidence that the authorities have ever had access to private conversations? At the end of the day, the issue comes down to the fact that Telegram is such a superior messaging app compared to anything else.

zug_zug
0 replies
2h55m

In theory somebody could just make a client that takes your message, generates a random string, XORs your message by that, and sends the XOR via Signal and the rest via Telegram.

vtrenc
0 replies
2h14m

Du Rove made the original post on May 8th 7:31, judge it yourself if it is 'pretty intense'.

Boast that end-to-end encryption is absolutely safe is obscurantism. If you want most security in transmission, share your GPG public keys face-to-face.

Du Rove made this post after the founder of Twitter forwarded an article about Signal. Instead of Elon Musk who has turned Twitter into a easy to surveillance platform. It was also Elon Musk who used to be very direct and later learned to be smart these days.

I strongly recommend reading the original post yourself first.

vasilipupkin
0 replies
6h40m

Do use Telegram as a news source, to subscribe to channels Do not, for the love of all that is holy, use it for any communications. It is not secure and most likely has been hacked up the wazoo by the FSB.

treprinum
0 replies
6h33m

Which messaging app applies US, Russian and Chinese encryption on each message/metadata at the same time that neither agency can break it alone?

suck-my-spez
0 replies
6h40m

Telegram is a cesspit full of spammy bots & scams. Easy pass…

reportgunner
0 replies
3h5m

Not being in either Telegram/Signal camp I see a lot of tribalism in the comments. It seems that any arguments for/against either one end up in politics.

Like I understand that Telegram is probably not very secure, but seeing what proponents of Signal are saying doesn't really make me trust Signal either.

kornhole
0 replies
4h24m

Which big centralized messenger operator can be more trusted to run the SW they say they are running is always a contentious shifting argument. If you host your own or use a small hoster, these arguments about who might have been compromised or compelled are not relevant. Decentralized and federated protocols such as Simplex.chat, XMPP, Nextcloud Talk, Matrix, Session, and Delta Chat eliminate this concern.

kelipso
0 replies
4h46m

1. Accuse Telegram of conducting a campaign against Signal

2. Conduct an astroturfed campaign for Signal

3. ???

4. Crypto profits!

imjonse
0 replies
6h32m

Durov's exile and distancing from Russia after the VK takeover may be just for show and for selling Telegram as 'the dissident app'. It is popular, easy to use and insecure.

hacker_88
0 replies
6h15m

Concerning

dncornholio
0 replies
5h25m

Where are the facts? This is just made-up drama. No tech involved in this. Ah let's throw Elon Musk in there for some extra points.

I'm sad to see so many people swallow this up.

danpalmer
0 replies
6h6m

This issue is sadly all just identity politics. Telegram is frequently associated with fringe groups, conspiracy theorists, anti-vaxxers, and "the right". Signal is pushed by the sort of lefty-liberals who quit Twitter, by journalists, and more associated with the mainstream media.

This is not to group everyone, I realise there are communities that cross that divide, and this is no judgement of people using either. But I think this divide will continue as the political trends continue. Both sides believe they are right, both more than they perhaps should given the evidence. That said, I'll stick with the one the cryptography/security nerds are using, not the one they think is a honeypot.

crazywulf
0 replies
6h28m

If you really have secrets which you don't wanna share, then you should not trust any of these services. Develop your own service or stick to PGP mails.

cookiengineer
0 replies
5h58m

Maybe just don't use either one and switch to briar or tox instead?

bloqs
0 replies
6h16m

Telegram has never AFAIK been open, and is thus insecure and always has been

azubinski
0 replies
6h50m

Life will be much more boring if we cannot find humour even in the most boring things.

So, it's good that the personal involvement of the illustrious Elon turns even obvious political influence operations into a circus with talking horses and scary clowns.

It's good :)

aurelien
0 replies
6h46m

I do not see the demonstration of the way they brake the cryptography ... Maybe they have some interest in that propaganda.

api
0 replies
5h28m

I've always at least strongly suspected that Telegram is a FSB honeypot.

It's insecure by default so I guess it could be an everyone-honeypot. I'll keep using Signal for my secure messaging thank you very much. Honestly I trust Apple iMessage encryption more than Telegram.

ants_everywhere
0 replies
5h24m

Here's some global context from the past week or so. I'm just piecing this together, maybe someone more informed can comment:

- The Polish spy chief is warning that Russia intends to invade a NATO state in the near future [0]

- Poland is strengthening its border with Belarus [1]

- Germany is considering conscripting all 18 year olds in the face of what it perceives as Russian aggression [2]

- Russia warns of "enormous danger" if NATO troops are sent to Ukraine [3]

- Russia threatens to use "special ammunition" against NATO [4]

Headlines were starting to read like this immediately before the Russian invasion of Ukraine. We saw troop buildups and threats for a while before any action was taken.

Amidst all this, there's a sudden push to move people off of Signal and onto the Russian-developed Telegram, which is widely regarded as less secure and is even not encrypted by default.

Telegram now operates out of the UAE, which has long been a partner with Russia. Wikipedia has this to say about the strengthening of UAE-Russia relations since the invasion of Ukraine:

trade between the two nations strengthened with many Russians relocating to the UAE to invest in real estate, business, or "escape financial restrictions in Europe". Trade between the two countries has doubled to $5 billion since 2020 and there are approximately 4,000 companies with Russian roots that are operating within the country.

So, my take here is that this push toward telegram smells pretty bad given the timing. Telegram has always had kind of a smell about it, given that it rolled its own crypto and given Durov's involvement with the VK social network which was, in Durov's POV (again according to Wikipedia), taken over by Putin's faction.

Personally, I like Signal. I have some of the same concerns folks here have brought up. But it's been well vetted by experts and is highly regarded by people I trust. That doesn't mean you have to like Signal. Its crypto improvements have been spread to other apps, and many people are probably just fine using something like iMessage.

And while I don't know anything about Durov or his motives, I have yet to see any successful cryptography app anywhere in the world that didn't eventually have to compromise with a government. And Russia seems especially good at applying pressure, with a history of institutional tips and tricks that go back at least to the Soviet secret police, and possibly even further back to the Tsars.

As much as I think we can't objectively trust the US government in all matters, I think we can generally trust the cryptography experts. They tend to be skeptical of all governments when it comes to cryptography, even in democracies.

So that's my two cents. I wouldn't switch from Signal to Telegram. If you're on Telegram and you have especially interesting activity (like you fight in a war), then you should probably assume that Russia can see everything you're doing. That may change if Telegram gets the sort of robust cryptographic scrutiny Signal has. If you're not warring, you're not doing exotic fancy crimes, and you live in a democracy, you're probably fine with either app but possibly a little better off with Signal or iMessage.

[0] https://www.newsweek.com/russia-ready-launch-offensive-nato-...

[1] https://abcnews.go.com/International/wireStory/poland-streng...

[2] https://www.telegraph.co.uk/world-news/2024/05/11/germany-co...

[3] https://www.telegraph.co.uk/world-news/2024/05/11/germany-co...

[4] https://timesofindia.indiatimes.com/world/rest-of-world/form...

EasyMark
0 replies
40m

meanwhile they use a proprietary encryption protocol and unencrypted groups