Post AlJv4uaTzLLSbRCGVE by GrapheneOS@grapheneos.social
(DIR) More posts by GrapheneOS@grapheneos.social
(DIR) Post #AlJ8TAf8yesvegJbCy by GrapheneOS@grapheneos.social
2024-08-24T22:43:04Z
2 likes, 3 repeats
Telegram has full access to all of the content of group chats and regular one-to-one chats due to lack of end-to-end encryption. Their opt-in secret chats use homegrown end-to-end encryption with weaknesses. Deleting the content from the app likely won't remove all copies of it.
(DIR) Post #AlJ8TC4hj6vQ2FHWgi by GrapheneOS@grapheneos.social
2024-08-24T23:39:41Z
1 likes, 2 repeats
Telegram has heavily participated in misinformation campaigns targeting actual private messaging apps with always enabled, properly implemented end-to-end encryption such as Signal. Should stop getting any advice from anyone who told you to use Telegram as a private messenger.
(DIR) Post #AlJ8TDNWsbZs4v64fY by GrapheneOS@grapheneos.social
2024-08-24T23:39:46Z
3 likes, 3 repeats
Telegram is capable of handing over all messages in every group and regular one-to-one chat to authorities in France or any other country. A real private messaging app like Signal isn't capable of turning over your messages and media. Telegram/Discord aren't private platforms.
(DIR) Post #AlJCnqyFmm3yTpN4hk by ruza@mastodon.social
2024-08-24T23:05:15Z
1 likes, 0 repeats
@GrapheneOS Does it still apply to MTProto 2.0?https://en.wikipedia.org/wiki/Telegram_(software)#PrivacyI do not consider Telegram to be a good solution for private communication. it seems that they can still have copies of encrypted and unencrypted messages on the server and the server decides on the encryption parameters.
(DIR) Post #AlJgeJtWOHF3ukWnCq by palin@mastodon.social
2024-08-25T00:35:15Z
0 likes, 1 repeats
@GrapheneOS CEO of Telegram was just arrested in France and Putin is mad because the guy may have Russian intelligence that France can now tap into.
(DIR) Post #AlJgeTCzlFAOnkhyJE by SupportGrapheneOS_667@social.tchncs.de
2024-08-24T23:51:33Z
0 likes, 1 repeats
@GrapheneOS https://www.reuters.com/world/europe/telegram-messaging-app-ceo-pavel-durov-arrested-france-tf1-tv-says-2024-08-24/
(DIR) Post #AlJv4uFZF6cBYZPYu0 by somatalos@mastodon.social
2024-08-24T23:24:35Z
0 likes, 0 repeats
@GrapheneOS I was testing SimpleX chat... 🤔
(DIR) Post #AlJv4uaTzLLSbRCGVE by GrapheneOS@grapheneos.social
2024-08-24T23:40:42Z
1 likes, 2 repeats
@somatalos SimpleX is a real private messaging app with end-to-end encryption, and unlike some other non-Signal E2EE messaging apps has perfect forward secrecy.
(DIR) Post #AlKosjZIj4tUNzPjTU by GrapheneOS@grapheneos.social
2024-08-25T04:54:05Z
0 likes, 0 repeats
A major example of how Telegram's opt-in secret chat encryption has gone seriously wrong before: https://words.filippo.io/dispatches/telegram-ecdh/.The practical near term threat is for the vast majority of chats without end-to-end encryption: 100% of Telegram group chats and the regular 1-to-1 chats.
(DIR) Post #AlKoskSxO9PhAbSBE0 by GrapheneOS@grapheneos.social
2024-08-25T19:06:58Z
0 likes, 0 repeats
Companies should treat user data as toxic waste rather than as something they want to gather and hoard for business models like targeted advertising. It's not a good thing to have a bunch of sensitive data which could be obtained by adversaries or requested by a government.
(DIR) Post #AlKosl8QtwafFErIsC by GrapheneOS@grapheneos.social
2024-08-25T19:07:05Z
0 likes, 0 repeats
Not using E2EE creates a lot more legal risk than using E2EE at least while E2EE is still legal in most of the world. Not using E2EE gives the technical capability to moderate, provide data, etc. and therefore governments expect that to be done. That's why they hate E2EE.
(DIR) Post #AlKoslhWnSfB05HKZk by GrapheneOS@grapheneos.social
2024-08-25T19:07:11Z
0 likes, 1 repeats
Apps like Signal and SimpleX can't access messages, media and profiles. Telegram has access to all content in private group chats and regular private messages unless people used a secret chat. They can automatically scan it, moderate and provide data to authorities based on it.
(DIR) Post #AlKosn0LwxJd2l5sYa by GrapheneOS@grapheneos.social
2024-08-25T19:07:26Z
0 likes, 0 repeats
Telegram chose to have the technical capability to see all private group chats and regular direct messages. In doing so, they put private user data at risk of seizure by governments. The scramble to try to delete data shows lack of basic threat modelling:https://x.com/sambendett/status/1827712700299821277
(DIR) Post #AlKosoMitGntGQZG40 by GrapheneOS@grapheneos.social
2024-08-25T19:13:57Z
1 likes, 1 repeats
Even Facebook's WhatsApp uses end-to-end encrypted direct messages and group chats and WhatsApp is clearly not a private messaging app. It's not a niche feature. Telegram shouldn't have been heavily marketed as private/encrypted when most user data can be handed to governments.
(DIR) Post #AlKuBytITsw7BGlRB2 by breadguy@kitty.social
2024-08-25T02:17:15.749Z
0 likes, 0 repeats
@GrapheneOS@grapheneos.social signal requiring a phone number is still a tough sell
(DIR) Post #AlKuBzruqVQSDH7qfA by robloblaw@mastodon.social
2024-08-25T05:26:01Z
0 likes, 0 repeats
@breadguy @GrapheneOS https://theintercept.com/2024/07/16/signal-app-privacy-phone-number/
(DIR) Post #AlKuC0p7IOmTAsp7wG by robloblaw@mastodon.social
2024-08-25T05:34:28Z
0 likes, 0 repeats
@breadguy @GrapheneOS Session doesn't need a phone number. Not sure if it has been audited.https://getsession.org/Edit: the FAQ links to a security audit PDF.
(DIR) Post #AlKuC1Ak004uFwwOe0 by GrapheneOS@grapheneos.social
2024-08-25T06:17:27Z
0 likes, 0 repeats
@robloblaw @breadguy SimpleX doesn't require one but still has forward secrecy. Session lost PFS for unclear reasons in their new protocol.
(DIR) Post #AlKuC1wx6kdufTUtn6 by Orca@nya.one
2024-08-25T06:28:47.813Z
0 likes, 1 repeats
@GrapheneOS@grapheneos.social @robloblaw@mastodon.social @breadguy@kitty.social Session lost forward secrecy because they can't implement it right with their onion routing network (servers running their crypto server node software) so they decided to handwave "who want PFS and Deniable Encryption? it's not like they would be necessary anyway, because our servers auto delete messages every x days" (which is bullshit).Their explanation:https://getsession.org/blog/session-protocol-technical-information
(DIR) Post #AlKuC2Q1MftY7d676G by GrapheneOS@grapheneos.social
2024-08-25T06:55:45Z
0 likes, 1 repeats
@Orca @robloblaw @breadguy Well, regardless of the reason, we don't want to recommend an app without PFS.
(DIR) Post #AlTd3RwV9GTxsXFSd6 by QueerMatters@mstdn.social
2024-08-29T21:51:15Z
1 likes, 0 repeats
@GrapheneOS The depressing part about this, is that I always thought that companies would want to treat "confidential" data like nuclear waste. Turns out I was really freakin wrong.
(DIR) Post #AlTd3VAR9uPbscn8Ge by doerk@nrw.social
2024-08-25T06:41:36Z
0 likes, 0 repeats
@GrapheneOS Did anyone ever believe that communication over Telegram or Discord is secure???
(DIR) Post #AlTd3VkF0n3HffXj4i by GrapheneOS@grapheneos.social
2024-08-25T06:51:52Z
1 likes, 0 repeats
@doerk Many people do, look at the angry replies to the same thread on X including harassment directed at our team because of it which is not something we expected. Russian military and special forces uses both for operational communications including coordinating artillery strikes, etc...
(DIR) Post #AlTd9B5eiZjvLjGHgW by GrapheneOS@grapheneos.social
2024-08-29T19:52:32Z
1 likes, 0 repeats
@kkarhan @signalapp @zulip @delta @monocles @gajim You're spreading blatant misinformation about Signal and are recommending people use non-private messaging systems without end-to-end encryption among your recommendations...
(DIR) Post #AlTdDvc5giNGnShL3g by GrapheneOS@grapheneos.social
2024-08-29T20:37:57Z
0 likes, 0 repeats
@kkarhan @signalapp @delta PGP is legacy technology with tons of legacy cryptography like still using SHA-1 for fingerprints in practice. It doesn't have forward secrecy like a proper secure messaging system. The main implementation of it that's widely used is horribly implemented with massive security flaws throughout it (GPG). The web of trust nonsense is badly designed and always in use even to simply verify a specific file with a specific key from a file. Keyservers are another big mess.
(DIR) Post #AlTdDwaM4ea1oMtSzY by GrapheneOS@grapheneos.social
2024-08-29T20:39:10Z
1 likes, 0 repeats
@kkarhan @signalapp @delta Most of your claims here are horribly wrong and you're giving lots of bad advice. You're claiming things are scams which aren't and are posting inaccurate claims and misrepresentations about Signal and other things.
(DIR) Post #AlTdILderuQyffXSXg by winfried@fosstodon.org
2024-08-25T14:18:01Z
0 likes, 0 repeats
@GrapheneOS @L3p0 end-to-end encryption of group chats is pointless anyway if you don’t know each group member personally
(DIR) Post #AlTdIMdLAZm3kyOiga by GrapheneOS@grapheneos.social
2024-08-25T17:29:41Z
1 likes, 0 repeats
@winfried @L3p0 Having potentially untrustworthy people in the chat who might leak it is a much different thing from mass surveillance of all chats being trivial.
(DIR) Post #AlTdKyan0hzW3yRyCW by alxlg@mastodon.social
2024-08-25T17:38:53Z
0 likes, 0 repeats
@GrapheneOS Okay, this is not new though. The news is that the owner of a messaging platform has been arrested because he didn't give to the authorities the informations about users they asked (legitimately or not).I'd expect a comment on that, not a criticism of the implementation of said messaging platform.
(DIR) Post #AlTdKzVVbpMStszGbo by alxlg@mastodon.social
2024-08-25T17:46:03Z
0 likes, 0 repeats
@GrapheneOS Also, since you are clearly using "homegrown" as a derogatory term here, it would be fair to mention the reasons given by Telegram for this choice, even if you don't agree with them, to let people have their own opinion, since it's about politics and not a technical matter.
(DIR) Post #AlTdKznaWbp5nxRhmy by GrapheneOS@grapheneos.social
2024-08-25T17:56:06Z
1 likes, 0 repeats
@alxlg It's not about politics and is a technical matter. We linked to an article about the encryption being broken due to their design approach to the cryptography not following best practices. They continued not following best practices and cryptographers still have the consensus that multiple of the design choices are weaknesses which can and should have been avoided. Cryptography falls apart very easily from tiny errors. Why not read the article we linked in the 4th post?