Post AmuUDBhFFLyrOwhrdo by strypey@mastodon.nzoss.nz
(DIR) More posts by strypey@mastodon.nzoss.nz
(DIR) Post #AlPPedFlskeZgNG2lc by rysiek@mstdn.social
2024-08-27T14:08:42Z
0 likes, 0 repeats
I am liking how this time around a lot of people are outright calling the media out on their parroting Telegram's PR bullshit about how "encrypted, secure, private" the service is.(it is not.)As in, not just writing about how Telegram is neither of these things, but very clearly pointing a finger at the media and going: "stop spreading this misinformation, you are putting people in danger."Keep this pressure on!#Telegram #Media #InfoSec
(DIR) Post #AlPPedrLd2i9Yuq3Ky by rysiek@mstdn.social
2024-08-27T14:21:21Z
0 likes, 1 repeats
Yesterday I shared my own write-up on Telegram's failings, today I came across Matthew Green's stellar blogpost:https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/And this blogpost *starts* with calling the media out on this.Fantastic.At this point it's clear Telegram has no interest in fixing their stuff. We should not be talking to them, we should be talking about them to the media so that they stop promoting it.Because as I said yesterday: that constitutes journalistic malpractice.#Telegram #Media #InfoSec
(DIR) Post #AlPPeeg2aZGE68YXLs by strypey@mastodon.nzoss.nz
2024-08-28T00:26:35Z
0 likes, 0 repeats
Great post, hits the nail right on the head. Thanks for sharing this @rysiek.This kind of journalistic malpractice is usually caused by ignorance, in which case they need to be called in and patiently educated. But in some cases I think there is an intent to mislead, by people who ought to know better. They need to be contacted in private and given a chance to retract and apologise, and if they don't, they need to be publicly called out on their wilful malpractice.#journalism #TechJournalism
(DIR) Post #AlPQ3kqoluQgU9Z7B2 by rysiek@mstdn.social
2024-08-28T00:31:11Z
0 likes, 0 repeats
@strypey I am a bit less generous. Journalists should not need to be told that journalism is more than parroting PR statements and marketing materials…
(DIR) Post #AlPXLhjvmDVZjCqmES by strypey@mastodon.nzoss.nz
2024-08-28T01:52:52Z
0 likes, 1 repeats
"Indeed, it no longer feels amusing to see the Telegram organization urge people away from default-encrypted messengers, while refusing to implement essential features that would widely encrypt their own users’ messages. In fact, it’s starting to feel a bit malicious."#MatthewGreen, 2024https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/#TeleGram
(DIR) Post #AlPXLmkp8KC3HQJ3om by strypey@mastodon.nzoss.nz
2024-08-28T01:52:52Z
0 likes, 0 repeats
#Telegram always smelt like a honeypot to me; * centralised, tick (like Signal)* encryption doesn't work for groups, only 1:1, tick (like Signal)* opt-in E2EE for 1:1 chats while heavily promoted as "encrypted messenger", tick (unlike Signal)* Roll-Your-Own cryptography, tick (maybe like Signal, but crucially...)* no source code published for server, so no independent auditing of cryptographic primitives or implementations, tick (unlike Signal)I can't fathom why anyone uses it.
(DIR) Post #AlPZybKziInx4erTay by strypey@mastodon.nzoss.nz
2024-08-28T02:22:19Z
0 likes, 0 repeats
One more honeypot quality of Telegrab;* Setting up an account requires a working phone number, tick (unlike Signal as of Feb 2024)In countries (eg China) that don't allow unregistered mobile connections ("burner" phone numbers), this associates a 'secure messaging' account with an identifiable person.Signal had the same problem for most of it's history, and until Feb 2024, it shared the phone number with anyone the account chatted with;https://www.androidcentral.com/apps-software/signal-rolls-out-usernames#HoneyPot #Telegram #Signal
(DIR) Post #AlPsMefql75ZXxEgrY by lindi2@mastodon.social
2024-08-28T05:48:03Z
0 likes, 0 repeats
@strypey telegram is in f-droid and Debian, it reportedly has around 900M users. So most popular instant messaging app with a free software client application.
(DIR) Post #AlPteqNg4UpP1OyNpA by bengo@mastodon.social
2024-08-28T06:02:49Z
0 likes, 0 repeats
@strypey > * encryption doesn't work for groups, only 1:1, tick (like Signal)Can you elaborate on what you mean by the '(like Signal)'?(2014) https://signal.org/blog/private-groups/(2020) https://eprint.iacr.org/2019/1416.pdf
(DIR) Post #AlQ04bFtWujlMfzszw by brawaru@mstdn.social
2024-08-28T07:14:30Z
0 likes, 0 repeats
@strypey it's the other way around, lol. signal and telegram both always required a phone number, but telegram always had usernames and after mass bruteforcing during hong kong protests they also added option to make you impossible to find by phone number. signal got those features only recently, and it still requires a phone number. worse, it always sends codes over SMS whereas telegram now tries to send codes to other devi- oh right, signal doesn't support multiple devices*
(DIR) Post #AlR2caLhnejJSy0Zf6 by Patton@liberdon.com
2024-08-28T19:17:47Z
0 likes, 0 repeats
@strypey Hello,I think you've made a mistake, because the Signal groups are probably well encrypted.https://www.reddit.com/r/signal/comments/a2ogk2/this_is_how_signal_protocol_encrypts_group/
(DIR) Post #AliDHYX5lAzqw0pOb2 by drewfer@qoto.org
2024-09-06T02:06:32Z
0 likes, 0 repeats
@strypey To add to this, the 2027 Steel Dossier included intelligence that Telegram's encryption was compromised but that little tidbit was overshadowed by the Trump 'pee-pee tapes' accusations.
(DIR) Post #AmM0CwAIwNQVhU29JI by strypey@mastodon.nzoss.nz
2024-09-25T06:49:30Z
0 likes, 0 repeats
@brawaru> it's the other way around, lol. signal and telegram both always required a phone number, but [details]I appreciate the clarifications, but they're orthogonal to my point, which is that speaking as a veteran of numerous direct action campaigns in the late 90s and noughties, both of these centralized chat silos smell suspiciously like honey to me.This topic comes up a *lot*. I must finish that blog post laying out my take on it.
(DIR) Post #AmM0zJgEobvKWz2Uwy by strypey@mastodon.nzoss.nz
2024-09-25T06:57:41Z
0 likes, 0 repeats
Thanks for the links @bengo. A lot of thought has been put into how private group chats on Signal might be encrypted, as those links indicate. But the last I heard they're still not encrypted by default in the Signal service. If my info is out-of-date, I'd appreciate a link where I can confirm that.
(DIR) Post #AmM1711g3TUwzbjr5k by strypey@mastodon.nzoss.nz
2024-09-25T06:59:19Z
0 likes, 0 repeats
@drewfer> the 2027 Steel Dossier included intelligence that Telegram's encryption was compromisedI believe Matthew covered that in the blog post I linked. Must check that...
(DIR) Post #AmM1EwMZHAx6qaHyK0 by strypey@mastodon.nzoss.nz
2024-09-25T07:00:58Z
0 likes, 0 repeats
Me:> I can't fathom why anyone uses it@lindi2> telegram is in f-droid and Debian, it reportedly has around 900M users. So most popular instant messaging app with a free software client applicationSee above.
(DIR) Post #AmM1SxCgwmOfVbLr4i by strypey@mastodon.nzoss.nz
2024-09-25T07:03:34Z
0 likes, 0 repeats
@Patton> I think you've made a mistake, because the Signal groups are probably well encryptedDoes this link to any primary sources that disconfirm my claim, or is this just the reckons of someone on dReddit?
(DIR) Post #AmM7D4D7j8hKKeMSa8 by bengo@mastodon.social
2024-09-25T08:07:52Z
0 likes, 0 repeats
@strypey I think you might be confusing signal with telegram. telegram has some stuff that is not encrypted by default. signal is always encrypted and always has been, regardless of groups/1:1https://support.signal.org/hc/en-us/articles/360007318911-How-do-I-know-my-communication-is-privatehttps://www.reddit.com/r/signal/comments/ohn71i/are_all_groups_encrypted_on_signal/
(DIR) Post #AmMBGfkT1D1RRGvqjo by cjd@pkteerium.xyz
2024-09-25T08:53:17.456451Z
1 likes, 0 repeats
Telegram is not "encrypted" in any meaningful sense of the word. You can FORCE it to setup an encrypted chat, but that's not only person-to-person, but actually device-to-device, so it doesn't share the conversation even between your phone and computer.It acts roughly as a front office for the Russian mafia, allowing Kremlin authorized criminal enterprises to interface with their customers.Lastly, Durov is not in any way a dissident, he is fully integrated in the Russian oligarchy. He projects himself as an outsider in much the way Elon Musk projects himself as an outsider of the US oligarchy despite being the defacto administrator of the US space program.
(DIR) Post #AmMboXyF2YndyEBjSy by drewfer@qoto.org
2024-09-25T13:50:38Z
0 likes, 0 repeats
@strypey just realized that I fat fingered 2027 instead of 2017. Apologies.
(DIR) Post #AmRjN9zrpx77DpCTo0 by strypey@mastodon.nzoss.nz
2024-09-28T01:09:08Z
0 likes, 0 repeats
@drewfer> just realized that I fat fingered 2027 instead of 2017My brain must have autocorrected it, I didn't even notice : P
(DIR) Post #AmlNjndvOUvKSCnAZc by strypey@mastodon.nzoss.nz
2024-10-07T12:40:51Z
0 likes, 0 repeats
@cjd> Durov is not in any way a dissident, he is fully integrated in the Russian oligarchyEven if we assume he is a dissident, so what? So was Kim DotCom. He was still a liar and conman, and so is Durov. Regardless of his political status in Russia.Along with Melon Husk, they're the human equivalent of finding dried cat vomit on your sofa cushions first thing in the morning. Unwelcome, hard to Ignore, and hard to get rid off.
(DIR) Post #AmlreEq2MnkHgbioU4 by cjd@pkteerium.xyz
2024-10-07T18:15:58.932548Z
0 likes, 0 repeats
I have nothing negative to say about Durov or Dotcom as people. I just don't know enough about them.Musk, well, hating Musk is butthurt. I mean his trans daughter, hit ex-wife, whatever, they have a right to hate him. They personally know him so they they have a right to whatever their opinion may be.But everyone who never met him, doesn't know him, never interacted with him... For them (i.e. you and me), Musk is an immigrant who did a startup, got found by PayPal, became CEO and then exited... and then went on a mind-bending tour de force, pushing the auto industry to electric, re-starting the space program, and now seemingly preparing to make the human race inter-planetary.You can dislike his politics, you can even think he's a foul person, but actually HATING him is butthurt. Butthurt because he came up from nothing and became an industrialist and rewriter of history and you... you came up from nothing and became, well, a hater.You don't hate John Kerry, or George Soros, or Rockefeller, or any of those old fucks - because they're old money, you can't identify with them, they're something abstract, something far away, something DIFFERENT.But Musk, he's just like you, except that by cunning and grit, HE made it to the top.He shows you for what you are, that makes you mad.Now as I say this, I know that Elon has done things beyond MY wildest dreams as well. I know what I'm not and I'm ok with that. I also know that he's probably a tough person to be around, he probably doesn't make time for his family, he probably does have a short temper... But that's ok, the world is objectively better for his contributions. And when the political dust finally settles and they go to write the history books, he will undoubtedly have a chapter.I can only dream that maybe I will be worthy of a footnote.But all the people who hate on him and are butthurt by his success, what do you think they'll amount to? Even a passing mention?Envy is a female trait, and it's the worst female trait. So to anybody hating on Elon, or Zuck, or Bezos, Ellison, or Jobs - I say stop being a little bitch.
(DIR) Post #Amm9pyL5KoE9AGzNZI by Patton@liberdon.com
2024-10-07T21:39:50Z
0 likes, 0 repeats
@strypey Hi,Just check directly the signal blog:https://signal.org/blog/private-groups/And this is an 2014 article so this feature has been around since many years:)
(DIR) Post #Amoz8QN3bvYDofVeeO by strypey@mastodon.nzoss.nz
2024-10-09T06:23:57Z
0 likes, 0 repeats
@bengo> Signal is always encrypted and always has been, regardless of groups/1:1The closest thing I can see at the first link is;"... messages and calls cannot be accessed by us or other third parties because they are always end-to-end encrypted."Please quote me the text I missed specifying that *groups* are encrypted.The second link is a claim by a *deleted* user on dReddit. I don't believe what I read on toilet walls, and neither do I take anything said or web forums as gospel truth.
(DIR) Post #AmpOIzqZ44HXaoRv6W by bengo@mastodon.social
2024-10-09T11:06:06Z
0 likes, 0 repeats
@strypey I find this pretty funny. "A Signal group is built on top of the private group system technology." https://support.signal.org/hc/en-us/articles/360007319331-Group-chatswhich links to https://signal.org/blog/signal-private-group-system/which links to the IACR paper from 2019 I linked to a month ago.."Signal groups are built on top of the new private group system technology we previewed last year, which gives you a modern group chat experience while keeping your groups private"https://signal.org/blog/new-groups/If this stuff doesn't convince you, nothing I say will
(DIR) Post #AmuUDASfq2jNZSsiI4 by strypey@mastodon.nzoss.nz
2024-10-11T22:05:49Z
0 likes, 0 repeats
(1/2)Me:> Along with Melon Husk, they're the human equivalent of finding dried cat vomit on your sofa cushions first thing in the morning@cjd> hating Musk is butthurtI don't hate cat vomit. It's just...> Unwelcome, hard to Ignore, and hard to get rid off.@cjd:> You don't hate John Kerry, or George Soros, or Rockefeller, or any of those old fucksI don't hate anyone. But they too are cat vomit, like all corporatist parasites following the Powell Memo plan;https://the.levernews.com/master-plan/
(DIR) Post #AmuUDBhFFLyrOwhrdo by strypey@mastodon.nzoss.nz
2024-10-11T22:05:49Z
0 likes, 0 repeats
(2/2)@cjd> Elon has done things beyond MY wildest dreams as wellMelon Husk was born with a silver spoon in his mouth, and he's been failing upwards ever since. He made a fortune from having his failing company (the original X.com) bought by Thiel an co, and merged into what became PayPal.He's been using that fortune buying startups (including Tesla) and then bigger companies, and taking personal credit for their innovations ever since.Cat vomit, pure and simple.
(DIR) Post #AmuWjPy9uqlIqJ78l6 by strypey@mastodon.nzoss.nz
2024-10-11T22:34:06Z
0 likes, 0 repeats
@Patton> Just check directly the signal blogUrggh. I'm pretty sure I already responded to this 2014 blog post. But thanks to Mastodon's dopey data retention policy, the server I'm on has already stuffed it all down the memory hole.From memory, that post is about *potential* ways to encrypt private group chats. Please quote me the text at that link confirming that group encryption is a) implemented, and b) turned on my default.
(DIR) Post #An9ofC0F7TGJlgIZpg by strypey@mastodon.nzoss.nz
2024-10-19T07:35:32Z
0 likes, 0 repeats
@bengo > If this stuff doesn't convince you, nothing I say willWhat would convince me is a link to a page that contains both the words "groups" and "encrypted", not just one or the other. I'm confused as to why you think anyone ought to be convinced by anything less. Of the three links in your last post, one *one* does that;https://signal.org/blog/signal-private-group-system/Which just shows how inclined some people are to take positive claims about Signal on faith, while demanding robust sources for negative claims.