[HN Gopher] Is Telegram really an encrypted messaging app?
___________________________________________________________________
Is Telegram really an encrypted messaging app?
Author : md224
Score : 305 points
Date : 2024-08-25 19:34 UTC (3 hours ago)
(HTM) web link (blog.cryptographyengineering.com)
(TXT) w3m dump (blog.cryptographyengineering.com)
| kitkat_new wrote:
| The worst thing is that almost every non-techie who uses Telegram
| thinks Telegram in general is e2ee.
| podviaznikov wrote:
| 100% this. most people do not realize that all those non-
| secrete messages from private chats and group chats are stored
| in database that people at telegram has access to.
| lxgr wrote:
| Amplified by journalists, and most frustratingly to me even
| some techies that just can't be bothered to properly examine
| all available facts despite their technical capabilities to
| examine them.
| as1mov wrote:
| Anecdotal evidence, so take this with a grain of salt - I work
| with a bunch of people from Ukraine and almost all of them
| exclusively use Telegram to keep up with the news and family
| back home. From talking to them for a while, it's mostly
| because it's free, has excellent support for sync across
| multiple devices (including audio, video and other media), has
| support for proxies to circumvent any kind of blocking, public
| channels for news updates.
|
| Honestly it would be better if Telegram dropped the facade of
| having E2EE. It's generally very low on the priority list of
| most people anyway, as much as it would hurt anyone reading
| this, but that's the truth. People are not using it for secure
| messaging, but for a better UX and reliability.
|
| EDIT: Telegram does require a phone number to sign up.
| LudwigNagasena wrote:
| > doesn't require any personal identifier
|
| Do they still not require ID when you buy a SIM card in
| Ukraine?
| as1mov wrote:
| Actually I was wrong. Just checked and Telegram does
| require a phone number to sign up. I haven't used it myself
| much, but was relaying the general reasons why regular
| people use it.
| theshrike79 wrote:
| You need it to register, but afaik it's not shown to
| anyone in any way.
|
| You can just grab any prepaid SIM and use it if that's
| your style
| glitchc wrote:
| Yeah but the server can correlate it to all messages sent
| by you, and law enforcement can link server logs to your
| real identity thrpugh your telco.
| andrewyazura wrote:
| yes, you can just get a prepaid SIM virtually anywhere.
| though there is an option to add your ID for security
| purposes
| sundarurfriend wrote:
| Not a single person I know who uses Telegram cares about or
| thinks of it as e2ee. Whether "techie" or "non-techie"
| (whatever the definition of that is). People use it because it
| has a nice interface, was one of the first to have good
| "sticker" message support (yes, a lot of people care about that
| kind of stuff), and of course because of the good old network
| effect.
|
| It's only on HN I ever see people set up Telegram as some
| supposed uber-secure private app for Tor users and then
| demolish that strawman gleefully.
| smt88 wrote:
| Telegram is mostly used by people in the US for drug deals
| and chatting with people in Eastern Europe, so it's very
| common to believe it's a secure messenger.
| maqp wrote:
| You could also ask about whether they think it's private. And
| if they say yes, ask them what it means. Does it mean only
| sender and intended recipients can read the message, or is it
| fine if the service has someone check the content. Would they
| agree on the notion "it's OK my nudes I send to my SO are up
| for grabs for anyone who hacks Telegram's servers", or do
| they think should Telegram plug this gaping hole.
|
| Also, people tend to state they have nothing to hide, when
| they feel they have nothing to fight with. But I can't count
| the number of times I've seen a stranger next to me on a bus
| cover their chat the second I sit next to them. Me, a
| complete random person with no interest in their life is a
| threat to them.
| Aachen wrote:
| Do you read other news sites that mention Telegram or is this
| an N=1 situation?
|
| Today, on the same topic, another tech site which generally
| gets a lot of things right (but whoever is responsible for
| writing about Telegram, or maybe their internal KB, is
| consistently wrong and doesn't care about feedback) wrote
| that it is an encrypted chats service:
| https://tweakers.net/nieuws/225750/ceo-en-oprichter-
| telegram... ("versleutelde-chatdienst" means that for those
| fact checking at home)
| d0mine wrote:
| BS. Vast majority of non-tech users do not, for a simple reason
| that they can't know it even if they cared, and they do not.
| Even tech users can't be bothered to read links to the faq on
| tg site.
|
| There is so much misinformation around telegram that alone made
| me trust it more (if a known liar tries to discredit something,
| it increases chances of it being good--it is about comments
| here on HN).
| nickphx wrote:
| No, it is not.
| stavros wrote:
| I thought this was going to be just a big "NO." like the _are we
| X yet?_ pages.
| lxgr wrote:
| The article is still complying with Betteridge's law of
| headlines, though :)
| stavros wrote:
| It probably didn't want to get detained in France.
| AnotherGoodName wrote:
| If telegrams encryption is so bad why is Pavel Durov under
| arrest?
|
| The arrest cites that he was not cooperating with authorities to
| crack down on various drug illegal activities on telegram. None
| of the other social networks have their ceos arrested. Is it
| simply that telegram is the only one without backdoors for five
| eyes?
|
| It seems to me the secret chat feature actually works too well?
| StrLght wrote:
| I'd suggest waiting for more details from French officials,
| they have already said that they'll address it tomorrow. So far
| claims from the media sound like Durov's being prosecuted due
| to very little moderation on the platform, not because of E2EE.
|
| Even so, most messages sent on Telegram are plaintext, they're
| encrypted only in transport layer, but Telegram's servers see
| them in full. Secret chats (the only E2EE chats on Telegram)
| are hidden away from the users, hence the original link.
| kome wrote:
| > Even so, most messages sent on Telegram are plaintext,
| they're encrypted only in transport layer, but Telegram's
| servers see them in full.
|
| you contradict yourself in the same sentence
| rvnx wrote:
| He means that the messages are only encrypted during
| transport, like with HTTPS.
|
| Your browser sends a clear message over an encrypted pipe,
| and the server on the other side, sees this clear message.
| lxgr wrote:
| > If telegrams encryption is so bad why is Pavel Durov under
| arrest?
|
| He's under arrest precisely because it is bad enough that
| Telegram is in a position to share data with law enforcement,
| but it chooses not to.
| taikahessu wrote:
| Or maybe he is sharing with the other guys.
| lxgr wrote:
| Possibly so, but I doubt that that's why he's currently
| being held.
|
| It's probably not enough for French authorities to know
| that some other country's equivalent is getting a copy of
| all messages and metadata when they want it themselves.
| Avamander wrote:
| > Is it simply that telegram is the only one without backdoors
| for five eyes?
|
| Do you honestly think that any backdoor would be used for such
| mundane crimes? Even more so, it being in any way acknowledged
| that there might be a backdoor?
|
| On that topic, it's highly likely Telegram is cooperating with
| Russian LE. Services and people that don't get thrown out
| quickly in Russia.
|
| > The arrest cites that he was not cooperating with authorities
| to crack down on various drug illegal activities on telegram.
| [...] None of the other social networks have their ceos
| arrested.
|
| Because if you want to operate in any country, you're either
| cooperating with the authorities or you'll get shut down or
| arrested. Hiding evidence you have is not tolerated anywhere.
| rvnx wrote:
| https://www.zdnet.com/article/russia-unbans-telegram/
|
| and even eventually ended to become a major propaganda tool
| for the Russian army.
| worstspotgain wrote:
| Would you say that it's possible that the answer to the
| article's question is:
|
| - Telegram is not encrypted from Putin's perspective
|
| - Telegram is encrypted from everyone else's perspective
| cja wrote:
| Telegram is the comms system for the Russian military.
| littlestymaar wrote:
| As hilarious as it sounds, it's at least partly true.
| theragra wrote:
| I heard whatsapp is better in low signal conditions, so
| they use both
| littlestymaar wrote:
| I've also seen Discord being used on video footage from
| the war so I'm not surprised they'd use Whatsapp as well.
| Aachen wrote:
| We had a client who wanted us to do a security audit and
| communicate the results--unpatched vulnerabilities mind
| you--via Discord. They could not be dissuaded.
| mr_mitm wrote:
| Read this: https://fortune.com/crypto/2024/06/27/telegram-dark-
| net-blac...
|
| Telegram channels are public, unencrypted web shops for all
| kinds of illegal goods. I guess the French government alleges
| that Durov is not doing enough to stop these activities on his
| platform.
|
| It doesn't necessarily have anything to do with encryption.
| lxgr wrote:
| It indirectly has a lot to do with encryption, in that if
| Telegram was actually encrypted, they'd probably have no
| grounds on holding him in the first place.
|
| (At least at the moment, in most countries) it's not illegal
| to not ship a backdoor in your end-to-end-encrypted software
| upon government request, but in most it _is_ illegal to not
| share data you 're holding in a form accessible to you when
| you receive a warrant for it.
| mr_mitm wrote:
| Anyone can join these channels. How would encryption change
| anything?
| 3np wrote:
| Joins/leaves are visible to participants. Channel owners
| can decide if past history is to be made accessible for
| new joiners.
| jltsiren wrote:
| If anyone can access the data, it's not encrypted in any
| meaningful sense.
|
| If you have access to some data, the government can
| require you to share it with them. But if you can't
| access the data due to encryption, the government can't
| force you to create a backdoor to access it. At least not
| outside truly extraordinary situations.
| Aachen wrote:
| > Anyone can join these channels.
|
| Doesn't mean that the server operators could. Think Mega
| (the new version of MegaUpload): they have these
| hash/fragment parts in the URL which aren't sent to the
| server and so you can send links around but Mega can
| claim they can't read anything because nobody gave them
| the "join" link to the data they host
|
| But that's not what Telegram does and so they might
| reasonably have to implement automatic scans if there are
| an oddly high number of crimes being coordinated on the
| platform. (Sarcasm coming up:) It's really strange this
| would happen after they said it's for privacy nerds and
| then never implemented encryption for any of the
| useful/standard features
| Stagnant wrote:
| The difference between telegram and others is that in telegram
| you can type "<city> drugs" to global search and find groups
| with drug dealers and buyers near you instantly. I don't think
| his arrest has anything to do with the level of encryption at
| all.
|
| Personally I find Telegram kind of refreshing in nowadays
| internet landscape where everything is so sanitized. You can
| discover all kinds of niches you never knew existed.
| mihaaly wrote:
| The arrest was about the expected removal of illegal and
| harmful content in groups, that masses see, so no enryption
| involved. Did you not read the news - AND the blog - in
| full?....
| maqp wrote:
| >If telegrams encryption is so bad why is Pavel Durov under
| arrest?
|
| Because it was so bad he had access to all that content, and
| because he had access to it, he should have moderated it, and
| because he didn't he's now arrested.
|
| >Is it simply that telegram is the only one without backdoors
| for five eyes?
|
| Telegram doesn't have a backdoor. Its open source client can be
| used to verify it leaks every group message, and every desktop
| message you ever send, to the service provider without ever
| applying secret-chat grade encryption
|
| >It seems to me the secret chat feature actually works too
| well?
|
| Well, Signal can be used to verify its end-to-end encryption is
| actually used everywhere, but nobody's calling for arresting
| Moxie or Meredith. So maybe playing 5D-chess over the news
| isn't working, unless you're here just to amplify this
| ridiculously fallacious line of thinking.
| devjab wrote:
| I can give you some insight into why EU law enforcement and
| politicians dislike telegram. It's not because they can't snoop
| on you, it's because Telegram fails to comply with moderation
| requests for channels where illegal content is shared.
|
| We had a nice scandal of sorts here in Denmark where a bunch of
| young men shared pictures of young women without consent. If
| you're old enough to remember those old "rate this girl" web
| pages from the 90ies you'll know what the pictures were used
| for. Basically it was a huge database on hot girls in Denmark
| and where they went to school. Today around 1000 young men have
| that on their permanent record as Facebook worked with law
| enforcement to catch the criminals. Telegram doesn't do that.
| This was even a little more innocent that it may sound,
| considering the men were at least aged similar to the women
| they were sharing pictures of. Disgusting and illegal, but
| Telegram houses far worse and refuses to deal with it.
|
| I know a lot of tech minded people are up in arms over this,
| but it's really mainly about not wanting an unmoderated social
| network. Not because big brother is angry, but because people
| use it to organise bullying, share revenge porn, sell drugs and
| far, far, worse. There is also political factions within the EU
| who rants to kill encryption (though they were severely
| weakened when the brits left), but the anger against SoMe
| platforms is much more "European". In that we (and I say this
| as the EU culture in general, not as in 100% of us) tend to
| view the people who enable bad behaviour as being participating
| in that behaviour. Platforms like Facebook, Twitter, Instagram
| and YouTube have been sort of protected by being early movers
| with mass adoption. Being American companies probably helps as
| well considering EU / US relations. Telegram never had such
| advantages, and is further disadvantaged by how its almost
| exclusively used for crime in Western Europe.
|
| Obviously banning the platform won't help. There will just be
| another platform. But then, we've also been losing a drug war
| for 50+ years even though we can't even keep drugs out of our
| prisons.
| lxgr wrote:
| Telegram offers end-to-end encryption in the same way that
| McDonalds offers salads.
| ben_w wrote:
| Via a touchscreen? :P
| littlestymaar wrote:
| I love the comparison, stealing it.
| layer8 wrote:
| Overly chilled?
| rvnx wrote:
| Expired from the day before, but with a fresh date sticker on
| it?
| adrianmonk wrote:
| In opposition to something French?
| tpoacher wrote:
| yes. in that if you want it it's there, but nobody's forcing it
| on you if you just want a burger.
| maqp wrote:
| Oh, I must have missed this. Please tell me how to enable
| secret chats for groups. And my desktop chats. Also I'd like
| to turn on the setting for defaulting to secret chats
| whenever I open a new one. Oh? I can't. Sounds like it's not
| there if I want it, after all. Good thing they didn't force
| it to me though /s
| lcnPylGDnU4H9OF wrote:
| Technically but not practically.
| tamimio wrote:
| It's not encrypted by default, and even if it were encrypted, you
| should never trust any connected device with anything important.
| That being said, Telegram is hands down the best communication
| platform right now. It is feature-rich, with features implemented
| years ago that are only now being added to other platforms. It
| has normal chatting/video calls, groups, channels, and unlimited
| storage in theory, all for free. I just hope it doesn't go
| downhill after what happened these last days because there's no
| proper replacement that fulfills all Telegram features at once.
| mihaaly wrote:
| As far as I see there was no criticism targeted at anything
| else than the encryption part.
| icepat wrote:
| What's in Telegram that you don't see in Signal? Honest
| question, I only use Signal rather than Telegram.
| sundarurfriend wrote:
| People.
| jxi wrote:
| Signal has probably the worst UX of any messaging app. It
| also used to require sharing phone numbers to add contacts,
| which imo is already a privacy violation.
|
| Telegram is fast, responsive, gets frequent updates, has
| great group chat, tons of animated emojis, works flawlessly
| on all desktop and mobile platforms, has great support for
| media, bots, and a great API, allows edits and deleting
| messages for all users, and I really like the sync despite it
| not being e2e.
| tamimio wrote:
| > allows edits and deleting messages for all users
|
| And it has those little features like masked text and what
| not, features wise, telegram is just the best. I didn't use
| Signal for a long time, you can't edit the messages there!?
| ThePowerOfFuet wrote:
| Signal also allows edits and deletions.
| jxi wrote:
| I haven't used Signal in a while, so I probably
| misremember some of what it supported. I just looked it
| up though and Signal's delete feature seems to leave a
| "This message was deleted" placeholder like what Facebook
| Messenger does, which looks a bit annoying to me
| (https://support.signal.org/hc/en-
| us/articles/360050426432-De...). Telegram just directly
| removes the message for everyone.
| jwells89 wrote:
| You're also not stuck with the official client and all of
| its decisions like with Signal. In addition to the official
| Qt and Swift/Cocoa Telegram clients, you can find third
| party clients written in WinUI and GTK as well as a CLI
| client, which gives users the choice to use the one that
| fits their wants/needs best.
|
| I use both on desktop for different people and the desktop
| Signal client doesn't hold up well in comparison. In some
| ways it feels more clunky than the iMessage ancestor iChat
| did 20 years ago.
| p4bl0 wrote:
| > Signal has probably the worst UX of any messaging app
|
| Really? I don't see any real difference between the UX of
| WhatsApp and Signal for example. And they're really on-par
| feature wise.
|
| The only things in your list that are not available on
| Signal are "tons of animated emojis" and "bots". Recently
| they also introduced usernames to keep your phone number
| private. And Signal have had all the other things for a few
| years now, and with actual security.
| maqp wrote:
| >It also used to require sharing phone numbers to add
| contacts
|
| It no longer doesn't. It took them a while because you
| can't just slap features like that. It's not a string in a
| database like with Telegram.
|
| Telegram has great UX because you can build things fast and
| easy when you don't have to give two shits about the
| security side of things. You can cover that part with
| grass-roots marketing department and volunteering shills.
| TeddyDD wrote:
| Good desktop client.
| tamimio wrote:
| User base, large groups (I think the max is 200k members),
| channels, bots to automate work, animated stickers, video
| messages (not the calls one), and video/voice calls within
| the group (not sure if Signal has that), file storage and
| file sharing, multiple devices without worrying about losing
| messages -and you might mention the security part and that's
| ok, I want the accessibility, if I want security I will look
| somewhere else- among other features. Those are on top of my
| head.
| tpoacher wrote:
| This is one of those questions where it's hard to answer but
| it's obvious once you use it.
|
| What's the difference between a fiat and a ferrari? What's
| the difference between CentOS and Linux Mint? What's the
| difference between a macdonalds and a michelin burger?
|
| I have friends and groups on both platforms. On Signal, I'm
| basically just sending messages (and only unimportant one,
| like, when are we meeting. Sending media mostly sucks so I
| generally only have very dry chats on Signal).
|
| Whereas on Telegram, I'm having _fun_. In fact it 's so
| versatile, that my wife and I use it as a collaborative note-
| taking system, archiver, cvs, live shopping list, news app
| (currently browsing hackernews from telegram), etc. We
| basically have our whole life organised via Telegram. I lose
| count of all the features I use effortlessly on a daily
| basis, and only realise it when I find myself on another app.
| This is despite the fact that both Signal and whatsapp have
| since tried to copy some of these features, because they do
| so badly. A simple example that comes to mind: editing
| messages. It took years for whatsapp to be able to edit a
| message (I still remember the old asterisk etiquette to
| indicate you were issuing a correction to a previous
| message). Now you can, but it's horrible ux; I think you long
| press and then there's a button next to copy which opens a
| menu where you find a pencil which means edit, or sth like
| that. In telegram I don't even remember how you do it,
| because it's so intuitive that I don't have to.
|
| Perhaps that's why I find the whole "Telegram encryption"
| discussion baffling to be honest. For me, it's just one of
| Telegram's many extra features you can use. You don't have to
| use it, but it's there if you want to. I don't feel like
| Telegram has ever tried to mislead its users that it's raison
| d'etre is for it to be a secret platform only useful if
| you're a terrorist (like the UK government seems to want to
| portray it recently).
|
| I get the point about "encryption by default", but this
| doesn't come for free, there are usability sacrifices that
| come with it, and not everyone cares for it. Insisting that
| not having encryption by default marrs the whole app sounds
| similar to me saying not having a particular set of emojis
| set as the default marrs the whole app. It feels disingenuous
| somehow.
| A4ET8a8uTh0 wrote:
| It is weirdly fascinating that this question has to be answered
| on a semi-regular basis. I am not sure if it is more of an
| insight into humans, ephemeral nature of software or concern that
| something major has changed.
| lxgr wrote:
| It's an unfortunate reminder in that propaganda sometimes works
| very well.
| kome wrote:
| Or it's just nerds who are stupid and don't understand what
| matters in real world security for most people.
|
| The fact that you can create a huge group and channels without
| sharing your phone and contacts is what made Telegram big.
|
| You couldn't do that on WhatsApp until a few months ago. And it
| has been on Telegram for years. Why Hong Kong protesters used
| Telegram and not Whatsapp? read this:
| https://x.com/Pinboard/status/1474096410383421452
|
| The fact that Telegram is massively used in both Ukraine and
| Russia shows that its model cannot be ignored.
| scott_w wrote:
| I think it's helpful because, as the author says, Telegram put
| effort into making you think it's secure and Signal isn't. As
| someone who's not close to this, it's handy to have regular
| reminders.
| ahmedbaracat wrote:
| Are there any pointers for work to try to make metadata private
| (I.e encrypted)?
|
| I was recently very curious about this question and asked similar
| ones here:
|
| https://news.ycombinator.com/item?id=41267877
|
| https://news.ycombinator.com/item?id=41270863
|
| On a side note, I was just recommending Telegram as alternative
| to WhatsApp (but I did mention that we need to enable Private
| chats for E2E). It is definitely not an ideal UX.
|
| https://barac.at/essays/on-leaving-meta
| lxgr wrote:
| > I was just recommending Telegram as alternative to WhatsApp
|
| If you care about privacy and security, please don't. Defaults
| matter, and private chats are effectively unusable for anyone
| using more than one device or needing group chats. And that's
| not even considering their strange home-baked cryptography.
| mr_mitm wrote:
| Why didn't you recommend signal?
| ahmedbaracat wrote:
| I am recommending both. The problem is that Signal (which I
| use along with the other messaging apps) is that it is not
| feature rich as the other 2 and Signal is not popular so ppl
| download it just to interact with one person (Me) whereas
| Telegram has more user base.
| on_the_train wrote:
| Signal lost all credibility with their cryptobro bullshit
| tptacek wrote:
| Only among people who pay attention to cryptobro bullshit.
| They remain the gold standard among cryptography engineers.
| Aachen wrote:
| Is Session's also good? They had this cryptobro stuff
| from the beginning so I never paid attention despite
| their claims that security is on par with Signal and the
| like (probably not the SGX and sealed sender bits, but
| the message contents encryption). Nobody ever talks about
| it but yesterday they apparently got a million users.
| Makes me wonder whether to start paying attention
| mr_mitm wrote:
| But telegram also launched a cryptocurrency: toncoin
|
| So why recommend telegram over signal?
| jraph wrote:
| I don't care for crypto bullshit, and I was not too happy
| to hear that Signal joined that party, but it turns out you
| don't run into this as a Signal user if you are not
| specifically looking into it.
|
| I don't believe they lost _any_ credibility with this, I
| thing people don 't know about it for the most part, or
| don't care for the majority of the remaining part.
| maqp wrote:
| https://support.signal.org/hc/en-
| us/articles/360057625692-In... and move on.
| codethief wrote:
| As mentioned in a comment to one of your posts, the GNUnet
| people have probably gone the furthest in the quest to
| obfuscate metadata. Unfortunately, to this day no usable
| messenger application has come out of this, partially because
| GNUnet has largely been a research project.
|
| As for applications in use today that address the metadata
| problem, have a look at Signal's Sealed Sender feature:
| https://signal.org/blog/sealed-sender/
|
| As for recommending Telegram for secure messages, I side with
| the sibling comments ("Don't").
| codethief wrote:
| Since you seem to focus on decentralized protocols, I should
| add: In practice, while we all like federated and p2p apps
| for the freedoms & this warm fuzzy feeling they provide us
| with, by default they tend to have a much greater attack
| surface when it comes to metadata. This is because, compared
| to a centralized approach, metadata is openly available to
| far more parties. As a result, 3-letter agencies often won't
| even need a warrant to get their hands on the metadata: They
| can simply run traffic analysis and/or participate in the
| network themselves.
| maqp wrote:
| I know a bit about this topic.
|
| For metadata you first want to remove the obvious identifiers,
| phone numbers, names. You'd want to use something like
| anonymous@jabbim.pl for your IM account.
|
| Next, you'd want to eliminate the IP-addresses from server, so
| you'd want to connect exclusively through Tor. So you'd set the
| IM client proxy settings to SOCKS5 localhost:9150 and run Tor
| client to force your client to connect that way. This is error-
| prone and stupid but let's roll with it for a second.
|
| Now jabbim.pl won't be able to know who you are, but unless you
| registered your XMPP account without Tor Browser, you're SoL,
| they already know your IP.
|
| A better strategy is to use a Tor Onion Service based XMPP
| server, say
| 4sci35xrhp2d45gbm3qpta7ogfedonuw2mucmc36jxemucd7fmgzj3ad.onion
| (not a real one), and you'd register to it via IM client. Now
| you can't connect to the domain without Tor, so misconfiguring
| can't really hurt.
|
| So that covers name and IP. We'll assume the content was
| already end-to-end encypted so that leaks no data.
|
| Next, we want to hide the social graph, and that requires
| getting rid of the server. After all, a server requires you to
| always route your messages through it and the service can see
| this account talks to this account, then to these ten accounts,
| and ten minutes later, those ten accounts talk to ten accounts.
| That sounds like a command structure.
|
| So for that you want to get rid of the server entirely, which
| means going peer-to-peer. Stuff like Tox isn't Tor-only so you
| shouldn't use them.
|
| For Tor-only p2p messaging, there's a few options
|
| https://cwtch.im/ by Sarah Jamie Lewis (great, really usable,
| beautiful)
|
| https://briarproject.org/ (almost as great, lots of interesting
| features like forums and blogs inside Tor)
|
| https://onionshare.org/ by Micah Lee. Also has chats between
| user and hoster
|
| https://github.com/maqp/tfc by yours truly, crude UX but the
| security is unparalleled.
|
| >On a side note, I was just recommending Telegram as
| alternative to WhatsApp
|
| Don't. Telegram and WhatsApp both leak meatadata, but WhatsApp
| is always end-to-end encrypted. Telegram is practically never
| end-to-end encrypted. I'd use WhatsApp over Telegram any day.
| But given that unlike WhatsApp, Signal is open source so you
| know the encryption works as advertised, it's the best everyday
| platform. The metadata free ones I listed above are for people
| in more precarious situations, but I'm sure a whistleblower is
| mostly safe when contacting journalists over Signal. Dissidents
| and activists might find Cwtch the best option however.
| cheptsov wrote:
| The author claims that everyone refers to Telegram as an
| encrypted messenger, but he only provides a single example to
| support that. I quickly checked Google News and couldn't find any
| media on the first page that did the same. It feels like a
| manipulation.
|
| UPDATE: anyone who downvote, I invite to check for themselves.
|
| Just a few known media:
|
| 1. https://www.aljazeera.com/amp/news/2024/8/25/telegram-
| messag...
|
| 2.
| https://www.washingtonpost.com/technology/2024/08/25/durov-t...
|
| 3. https://www.businessinsider.com/telegram-ceo-pavel-durov-
| arr...
|
| 4.
| https://www.theguardian.com/media/article/2024/aug/24/telegr...
|
| However, indeed, I've seen a few media that call it encrypted.
| This include France24, POLITICO, and The Times.
| lxgr wrote:
| Subjectively and qualitatively, roughly half of all news
| articles on Telegram I read contain the word "encrypted" or at
| least "secure" somewhere.
| Cynddl wrote:
| Just today, every French newspaper and hundreds around the
| world. Two examples:
|
| https://www.thetimes.com/world/europe/article/pavel-durov-te...
| "Chief executive of the _encrypted_ messaging app reportedly
| detained at an airport near Paris over alleged failure to stop
| criminal activity on the platform"
|
| https://www.tf1info.fr/high-tech/telegram-qui-est-pavel-duro...
| (one of the largest French newspaper) "Qui est Pavel Durov, le
| fondateur de la messagerie _cryptee_ Telegram arrete samedi en
| France ?"
| cheptsov wrote:
| It's called handpicking
| 331c8c71 wrote:
| I am null at cryptography but thie following does not sound too
| bad as a default tbh. And I think it is misleading to focus
| solely on e2ee and not mention the distributed aspect.
|
| https://telegram.org/faq#q-do-you-process-data-requests
|
| > To protect the data that is not covered by end-to-end
| encryption, Telegram uses a distributed infrastructure. Cloud
| chat data is stored in multiple data centers around the globe
| that are controlled by different legal entities spread across
| different jurisdictions. The relevant decryption keys are split
| into parts and are never kept in the same place as the data they
| protect. As a result, several court orders from different
| jurisdictions are required to force us to give up any data.
|
| > Thanks to this structure, we can ensure that no single
| government or block of like-minded countries can intrude on
| people's privacy and freedom of expression.
|
| > Telegram can be forced to give up data only if an issue is
| grave and universal enough to pass the scrutiny of several
| different legal systems around the world.
|
| > To this day, we have disclosed 0 bytes of user data to third
| parties, including governments.
| fsflover wrote:
| > Telegram can be forced to give up data
|
| That's all you need to know. Matrix and Signal can't be forced
| in any way.
| ThePowerOfFuet wrote:
| The admins of Matrix instances sure can be forced to give up
| data. The metadata is not encrypted, and many rooms are not
| either.
| fsflover wrote:
| With Telegram, even the data can be accessed. Also:
| https://news.ycombinator.com/item?id=41351227
| StrLght wrote:
| Problem with this claim is that it's hardly verifiable.
| Telegram's backend is closed source, and the only thing you can
| be sure of is that their backend sees every message in
| plaintext.
| ahmedbaracat wrote:
| I am wondering if there was any incident that disproved the "we
| have disclosed 0 bytes of user data to third parties, including
| governments." statement.
| littlestymaar wrote:
| Splitting stuff between multiple companies doesn't really
| protect anyone if the boss of all companies is held hostage.
|
| Also
|
| > To this day, we have disclosed 0 bytes of user data to third
| parties, including governments.
|
| Didn't they conclude an agreement with Russian gvt in 2021?
| kitkat_new wrote:
| I wonder if this is practically relevant at all.
|
| Given that users can access their messages without interaction
| with people at Telegram, automatic aggregation of the cloud
| data for single end points is in place.
|
| In consequence the data can be accessed from a single
| jurisdiction anyways.
| al_borland wrote:
| Wouldn't being forced to give up the password and logging in
| be a violation of the 5th amendment, at least in the US? I
| think it's a mixed bag of rulings right now, but it seems
| like it would make sense for it to fall that way at the end
| of the day.
| kitkat_new wrote:
| even if you have a password in Telegram as a second factor,
| Telegram can bypass it anyways; and the user isn't even
| asked
| episteme wrote:
| I do wonder if this would hold up though, if telegram stored
| each character of your chat in a different country, would a
| single country not be able to force them to hand over the data
| and either fine them or force them to stop operating if they
| wouldn't share the full chat? It seems like a loophole but I
| don't know what the precedent is.
| tamimio wrote:
| That's Telegram's CEO saying how he and his employees were
| "persuaded and pressured" by US FBI agents to integrate open-
| source libraries into Telegram (1).. There are a lot of
| questions to ask, like if the open-source libraries are indeed
| compromised, among other things. I take it as this arrest was
| the final straw to pressure him to give up and hand over some
| "needed" data, as all the accusations I read are laughable.
| Instagram is full of human trafficking and minor exploitation,
| drug dealers, and worse. The same goes with other social media,
| and I don't see Elon or Zuck getting arrested. I am confident
| that this arrest is to obtain specific information, and after
| that, he will be released, or spend 20 years if he doesn't
| comply.
|
| (1) https://youtu.be/1Ut6RouSs0w?t=1082
| tptacek wrote:
| You can coherently argue that encryption doesn't matter, but
| you can't reasonably argue that Telegram is a serious encrypted
| messaging app (it's not an encrypted messaging app at all for
| group chats), which is the point of the article. The general
| attitude among practitioners in the field is: if you have to
| reason about how the operator will handle legal threats, you
| shouldn't bother reasoning about the messenger at all.
| chadsix wrote:
| > if you have to reason about how the operator will handle
| legal threats, you shouldn't bother reasoning about the
| messenger at all.
|
| That's true.
|
| You need to run your own platform people. XMPP is plenty
| simple, plenty powerful, and plenty safe -- and even your
| metadata is in your control.
|
| Just self host. There's no excuse in 2024.
|
| Wake up people!
|
| Why should the arrest of someone else affect YOU?
| nrr wrote:
| "You need to run your own platform people." What problem
| does this solve?
|
| I'm someone who's been on the business end of a subpoena
| for a platform I ran, and narcing on my friends under
| threat of being held in contempt is perhaps the worst
| feeling I'm doomed to live with.
|
| "XMPP is ..." not the solution I'd recommend, even with
| something like OMEMO. Is it on by default? Can you force it
| to be turned on? The answer to both of those is, as it
| turns out, "no," which makes it less than useful. (This is
| notwithstanding several other issues OMEMO has.)
| immibis wrote:
| Note in particular that the Ethernet connection to
| xmpp.ru/jabber.ru's server was physically intercepted by
| German law enforcement (or whatever-you-think-they're-
| actually-enforcing enforcement), allowing them to issue
| fraudulent certificates through Let's Encrypt and snoop
| on all traffic. This was only noticed when the
| enforcement forgot to renew the certificate.
| https://news.ycombinator.com/item?id=37961166
| dylan604 wrote:
| As if it were that simple. Where are you going to host that
| self-hosted instance? What protections against law
| enforcement inspections do you have? What protections
| against curious/nefarious hackers? How are you going to
| convince every single person you interact with to use it?
|
| Gung-ho evangelists rarely convert like a reasonable take
| on the subject does
| maqp wrote:
| You're assuming end-to-end encryption doesn't exist, and
| that the only way to be safe is to have someone close to
| you self-hosting.
|
| Self-hosting is terrible in that it gives Mike, the
| unbeknownst creepy tech guy in the group 100% control over
| the metadata of their close ones. Who talks to whom, when
| etc. It's much better to either get rid of that with Tor-
| only p2p architecture (you'll lose offline-messaging), or
| to outsource hosting to some organization that doesn't have
| interest in your metadata.
|
| The privacy concern Green made was confidentiality of
| messages. There is none for Telegram, and Telegram should
| have moderated content for illegal stuff because of that.
| They made a decision to become a social media platform like
| Facebook, but they also chose not to co-operate with the
| law. Durov was asked to stop digging his hole deeper back
| in 2013, and now he's reaping what he sow.
| sroerick wrote:
| Sadly, you still have to pipe all messages through Apple's
| notification API if you want notifications on iOS
| godelski wrote:
| > Just self host. There's no excuse in 2024.
|
| I hate to break it to you, but there's plenty of excuses.
| We live in a bubble on HN.
|
| May I remind you what the average person is like with this
| recently famous reddit post:
|
| https://archive.is/hM2Sf
|
| If you want self hosting to happen, with things like
| Matrix, and so on, the hard truth is that it has to not be
| easy for someone who can program, but trivial for someone
| who says "wow, can you hack into <x>" if they see you use a
| terminal
| gospelsod wrote:
| The problem with this approach is that it relies on governments
| accepting your legal arguments. You can say "no, these are
| separate legal entities and each one requires a court order
| from a different country" all you want, but you also need to
| get the courts themselves to agree to that fact.
| lovethevoid wrote:
| https://www.spiegel.de/netzwelt/apps/telegram-gibt-nutzerdat...
|
| > Translated: Contrary to what has been publicly stated so far,
| the operators of the messenger app Telegram have released user
| data to the Federal Criminal Police Office (BKA) in several
| cases.
|
| https://torrentfreak.com/telegram-discloses-user-details-of-...
|
| > Telegram has complied with an order from the High Court in
| Delhi by sharing user details of copyright-infringing users
| with rightsholders.
|
| Anyways just some examples in which their structure doesn't
| matter. In the end, user data is still given away. It's also
| why e2ee should be the sole focus. Everything else is "trust me
| bro it's safe" levels of security.
| lxgr wrote:
| Yes: End-to-end encryption is technically quite difficult, but
| politically and legally feasible (at least currently, at least
| in most countries).
|
| Simply not cooperating with law enforcement is technically
| moderately difficult, but politically and legally impossible.
|
| Between a difficult and an impossible option, the rational
| decision is to pick the difficult one.
| tigeroil wrote:
| Indeed. Even being charitable and assuming that they're not
| lying (they say elsewhere that they've shared zero bytes with
| law enforcement, despite this being demonstrably false), in
| reality if say, they were to arrest the founder in an EU
| country (France, perhaps), all they need to do is threaten
| him with twenty years in prison and I'm sure he'll gladly
| give up the keys from all the different locations they
| supposedly have.
| yarg wrote:
| Is there a nice solution for multiparty (n >= 3) end-to-end
| encryption?
| dtx1 wrote:
| Have the room owner create an AES 256 key, send it to all
| Party members via 1:1 e2ee, encrypt room messages with that
| AES key.
| kitkat_new wrote:
| this is pretty much what Matrix does, if I understand
| correctly.
|
| Additionally the key is regularly updated to provide some
| degree of perfect forward secrecy and avoid encrypting
| for people who left the group chat
| maqp wrote:
| This kills the forward secrecy.
|
| IIRC Signal just has each group member send each group
| message to each recipient with the standard pair-wise
| encryption keys. It's the message's headers that lets the
| recipient know it's intended for the group and not the
| 1:1 group.
| lxgr wrote:
| Arguably WhatsApp's protocol scales reasonably well (nice
| description in this survey paper: [1]), at least well
| enough for maximum WhatsApp group sizes (times up to four
| devices per participant).
|
| [1] https://eprint.iacr.org/2017/713.pdf
| kitkat_new wrote:
| MLS scales best for large n, but WhatsApp/Signal or Matrix
| do pretty well for < 1k people
| yarg wrote:
| https://en.wikipedia.org/wiki/Messaging_Layer_Security
|
| https://github.com/facebookresearch/asynchronousratchetin
| gtr...
| _niki_s_ wrote:
| simplex.chat
| maqp wrote:
| The entire platform is a joke. It pretends to have no
| identifiers and heavily markets queues (a programming
| technique) as a solution to privacy problem.
|
| You ask the authors how they solved the problem of server
| needing to know to which client connection an incoming
| ciphertext needs to be forwarded, and they'll run to the
| hills.
|
| They're lying by omission about their security, and
| misleading about what constitutes as a permanent
| identifier.
| squarefoot wrote:
| A possible implementation using existing infrastructure
| where at least the client is open: modify the messaging
| client so that when it receives multiple pvt connections it
| routes every incoming message to all connected members. Now
| if you have say 10 users that want group encrypted chats,
| have one of them run the modded client too so that any user
| connecting to a pvt chat with that client will essentially
| enter a room with other users. Of course this requires
| trust between members, and adding another encryption layer
| on all clients might turn out necessary so that you don't
| need to worry about the carrier telling the truth (all p2p
| connections encrypted, etc)..
| mihaaly wrote:
| Maybe hijack the key and message before it gets distributed. Or
| just get after the pieces themselves if they are from Chinese
| or Russian authorities. Or just threaten to close the local
| data center if they do not collect the pieces from elsewhere,
| see if they can be convinced to hand over what they have,
| regardless where they put it.
|
| We can be null in cryptography, but handing over both the
| secret and the key to this secret to the very same person is
| quite a trustful step, even when they say 'I promise I will not
| peek or let others peek, pinky promise!' - with an 'except if
| we have to or if we change our mind' in the small prints or
| between the lines.
| Stevvo wrote:
| Clearly the investigating authorities are not buying that
| argument because, well, it's completely absurd. Both
| technically and legally, Telegram are in control of those keys,
| regardless of where they are hosted.
| maqp wrote:
| >To protect the data that is not covered by end-to-end
| encryption, Telegram uses a distributed infrastructure. Cloud
| chat data is stored in multiple data centers around the globe
| that are controlled by different legal entities spread across
| different jurisdictions.
|
| This is utter bullshit I debunked back in 2021.
|
| https://security.stackexchange.com/questions/238562/how-does...
| rckt wrote:
| This is such an old topic. Every time something related to the
| Telegram happens, somebody starts a discussion about how it's not
| an e2e-by-default. But the reality is nobody cares. And
| considering this, it's ridiculous now that Durov is detained on
| the accusations of being responsible for all kinds of information
| that's being spread in non e2e-by-default messenger.
| littlestymaar wrote:
| He's not in fact detained because information is being spread,
| he's detained for actively refusing to cooperate with law
| enforcement.
| sharpshadow wrote:
| Only the secret chat is e2e encrypted. All the other chat options
| are not. I think calls are also not encrypted since they appear
| in the normal chat history not in the e2e chat.
|
| Obviously if your phone is compromised your e2ee chat is not
| safe.
| jeroenhd wrote:
| Calls seem tm be e2e encrypted:
| https://core.telegram.org/api/end-to-end/video-calls
|
| No idea how secure the encryption is, but calling someone on
| Telegram is safer than sending texts.
| lxgr wrote:
| Depends on who your adversary is and how much you trust their
| protocol (some weird homegrown thing with clever/questionable
| cryptographic choices, the last time I checked) and
| implementation. Your texts don't generally run through
| Telegram's infrastructure, for example.
| aquatica wrote:
| Only 1-1 calls are encrypted, voice chats (group calls) are
| not
| maqp wrote:
| Too bad I can't send a secure text from my Telegram desktop
| client. Lucky for me, there's Signal.
| tamimio wrote:
| > Obviously if your phone is compromised your e2ee chat is not
| safe.
|
| Pretty much, a lot of people think that seeing E2EE means
| everything is safe, which I believe gives a false sense of
| security. You can have your phone compromised (especially when
| I know your phone number, Signal I'm looking at you) or be
| subject to other means of attacks, exposing everything. I would
| rather know that this app is not secure so I don't share
| anything important, while keeping secure communication to other
| means.
| qskousen wrote:
| Stealing someone's phone number wouldn't give you any Signal
| data, as all the messages have perfect forward secrecy,
| though, right? And all contacts would see an alert that your
| security number had changed. Not completely foolproof, and I
| would like Signal to use something other than phone numbers
| for accounts, but it's pretty good.
| tamimio wrote:
| Knowing someone's phone number is enough to potentially
| compromise it. Sophisticated methods can involve zero-click
| attacks, where just sending you an SMS that you won't even
| see can lead to a compromised device. You can check how
| Tucker got his Signal conversation exposed.
|
| Matrix is far better in terms of security than Signal, but
| Matrix is far behind compared to Telegram features.
| qskousen wrote:
| That's a good point. I looked into using Matrix before I
| switched to Signal, but the user experience just in
| creating an account was pretty abysmal, at least at the
| time. As I was recommending it to non-tech people, I
| ended up going with Signal.
| tamimio wrote:
| > but the user experience just in creating an account was
| pretty abysmal
|
| I agree it was, probably better now, but for the average
| person, it's too much to "process" compared to just
| adding your phone number and signing up.
| maqp wrote:
| You seem to be living on this weird balance of having no
| threat model. This is what your post implies
|
| 1. Signal is bad and insecure because registering user
| account requires giving a phone number. 2. Matrix is
| better, it fixes this by registering with emails
| (although emails also have zero click vulnerabilities) 3.
| Telegram is better than Matrix, it's more usable (even
| though it also requires a phone number like Signal)
|
| So pick a lane, is requiring a phone-number a litmus-test
| for you or not. Is zero-click vulnerability something
| that needs to be addressed? How do you deal with
| malicious contacts or people in public groups sending
| zero-click links?
| input_sh wrote:
| There's also an option in the settings that translates into
| taking over a phone number on a separate device isn't
| enough, you also need to enter the pin. (Not on by default
| though.)
| alerighi wrote:
| Not only that. If they want to intercept e2e chats it's
| possible with a MITM attack, that if you control the server
| it's not a difficult thing to do. Of course the users if they
| check the keys they see they are different, but practically
| no one does that.
|
| And I think WhatsApp probably does it, otherwise why the
| authorities never complied that WhatsApp did not let them see
| the conversations?
| tamimio wrote:
| > And I think WhatsApp probably does it
|
| Rule of thumb: never trust anything Facebook. I'm sure
| sending your messages through mail is more secure and
| private than WhatsApp these days.
| 0x_rs wrote:
| WhatsApp has defaulted to aggressively storing allegedly
| "E2EE" conversations without any form of encryption in
| Google Drive (freely) for _years_. And it would seem they
| are also currently in possession of the keys to decrypt
| them when you restore such backups from another device
| without the key stored on it (that lately cannot be
| extracted without exploits or root access anyway). Facebook
| /Meta has often expressed their love for the practice of
| client-side scanning or parallelly sending data to their
| servers, but it doesn't seem the case for WhatsApp yet, so
| what measures they take to remain compliant with the ever-
| increasing surveillance practices remains to speculation.
| For a somewhat educated user that knows to opt-out of
| online backups every time it's prompted by the application,
| I'd say it's probably safer than normal Telegram chats, but
| very far from flawless.
| maqp wrote:
| >You can have your phone compromised (especially when I know
| your phone number, Signal I'm looking at you) or be subject
| to other means of attacks, exposing everything.
|
| Knowing someone's phone number doesn't automatically let you
| compromise their device. This is such a ridiculous argument.
|
| >I would rather know that this app is not secure so I don't
| share anything important, while keeping secure communication
| to other means.
|
| This is nirvana fallacy. It's essentially saying "We should
| not talk about Telegram lying about its security, when in
| reality nothing is 100% secure". Yeah, nothing is, there's
| always an attack. That doesn't contribute anything of
| interest to the topic, it just tries to kill the criticism.
| And I'm saying this as someone who has worked on this exact
| topic for ten years: https://github.com/maqp/tfc
| NayamAmarshe wrote:
| > Obviously if your phone is compromised your e2ee chat is not
| safe.
|
| Yes, and that's where the 'practical' argument pops up. With
| all the E2EE buzz, is it really helping in the scenarios where
| it's supposed to work the best?
|
| This thread gives an overview on why Signal and other apps are
| not really practical:
| https://x.com/Pinboard/status/1474096410383421452
|
| > The broader problem of ephemeral or spur of the moment
| protest activity leaving a permanent data trail that can be
| forensically analyzed and target individuals many years after
| the fact is unsolved and poses a serious risk to dissent. But
| E2E is not the solution to it.
|
| > I feel like Moxie and a lot of end-to-end encryption purists
| fall into the same intellectual tarpit as the cryptocurrency
| people, which is that it should be possible to design technical
| systems that require _zero_ trust, and that the benefits of
| these designs are self-evident
| dboreham wrote:
| Perhaps the French authorities have some taste in UI/UX. They're
| going to keep him in jail until telegram is no longer painful to
| use.
| lxgr wrote:
| There's a long list of things I dislike about Telegram, but
| UI/UX is really not on it.
| formerly_proven wrote:
| Well yes, but actually no.
| dataflow wrote:
| Does anyone have any reason to believe that Telegram's E2EE
| doesn't have a backdoor? Because if not, then I fail to see why
| it matters whether the E2EE even exists in the first place.
| NayamAmarshe wrote:
| Pavel did mention that investigation agencies tried to lure
| Telegram developers to use certain open source libraries.
|
| It's no wonder why WhatsApp and other apps don't face much heat
| from the government, they're already with the government.
| maqp wrote:
| Telegram clients are open source. Anyone can verify that the
| client does the end-to-end encryption correctly.
|
| Telegram has had its own history of really weird issues with
| its encryption protocol, like the IGE, 2^64 complexity pre-
| computation attacks, IND-CCA vulnerability and whatever the
| hell this was https://words.filippo.io/dispatches/telegram-
| ecdh/
|
| But these are not the big issues here. The issues Green's blog
| post highlighted were
|
| * Telegram doesn't default to end-to-end encryption.
|
| * It makes enabling end-to-end encryption unnecessarily hard
|
| * It has no end-to-end encryption for groups
|
| Those matter gazillion times more than e.g. a slightly older
| primitive would.
|
| End-to-end encryption matters because Telegram is not just a
| social media or Twitter wall. It's used for purposes that
| deserve privacy, and Telegram isn't providing.
| SXX wrote:
| Reason to believe is that all their apps are open source and
| have reproducible builds:
|
| https://core.telegram.org/reproducible-builds
|
| Their custom encryption is questionable, but since it open
| source someone would find out by now if there was obvious
| backdoors.
| bryanlarsen wrote:
| Try the mud puddle test: log into your account on a new device
| using the password recovery flow. Can you see your old messages?
|
| If the answer is yes then law enforcement can too.
|
| https://www.forbes.com/sites/anthonykosner/2012/08/05/how-se...
| lxgr wrote:
| Note that the mud puddle test was originally described on
| Matt's very blog:
| https://blog.cryptographyengineering.com/2012/04/05/icloud-w...
| :)
| ASalazarMX wrote:
| And it only works because a corporation likely would want to
| offer this to its users as a convenient feature. If they were
| actively trying to hide this, they can rig the test and keep
| access to themselves.
| tigeroil wrote:
| Indeed and this is the other thing - even if Telegram don't
| themselves co-operate with law enforcement, it'd be fairly easy
| for law enforcement to request access to the phone number from
| the carrier, then use it to sign into the Telegram account in
| question and access all of the messages.
| nucleardog wrote:
| You can set a password that's required to authenticate a new
| device.
|
| Once that's set, after the SMS code, then (assuming you don't
| have access to an existing logged in device because then you
| are already in...), you can either reset the password via an
| email confirmation _or_ you can create a new account under
| that phone number (with no existing history, contacts, etc).
|
| If you set a password and no recovery email, there is no way
| for them to get access to your contacts or chat history
| barring getting them from Telegram themselves.
| rvnx wrote:
| Also the same with Skype "encryption". The data is "encrypted",
| but you receive the private key from the server upon sign-on...
| So, just need to change that password temporarily.
| baxtr wrote:
| Would love to see a side-by-side comparison of iMessage,
| Signal, WhatsApp and Telegram on this.
| tptacek wrote:
| You already know how Signal is going to come out here,
| because this is something people complain incessantly about
| (the inconvenience of not getting transcripts when enrolling
| new devices).
| Reisen wrote:
| I agree with the principle here wholeheartedly. One
| addendum though is I think this isn't quite the same as the
| mud puddle test. The idea behind the mud puddle test is if
| you've forgotten everything, but then manage to recover
| your data, then the principle must be that someone other
| than you has to have had access. With Signal, they
| intentionally refuse to sync data as an extra security step
| even if you have the keys, the software just refuses to do
| the syncing step. I'm glad they do personally and I'm not
| contradicting your point, just adding some notes. Just
| thought it worth noting.
|
| Edit: Actually, yeah that proves your point.
| maqp wrote:
| It's a bit unfortunate there isn't a mechanism to establish
| a key between your desktop and smart phone client that
| would allow message history to be synced over an E2EE
| connection. It's doable, but perhaps it's an intentional
| safety feature one can't export the messages too easily.
| fsflover wrote:
| Matrix doesn't allow this. You need a dedicated chat key in
| addition.
| alerighi wrote:
| Well of course, but this is a feature of Telegram. It's the
| only messaging app where messages are stored on the cloud. This
| of course has security implications, but also allows you to
| have a big number of chats without wasting your device memory
| like WhatsApp does, or having to delete old conversations, and
| allows you to access your chats from any device. By the way you
| can also set a password to log in from another device (two
| factor authentication, also on WhatsApp now you have this
| option).
|
| To me it's a good tradeoff, of course I wouldn't use Telegram
| for anything illegal or suspect.
| pandog wrote:
| I think a high definition photo taken on a recent phone takes
| up an awful lot more device memory than a "big number of
| chats"
| SonOfLilit wrote:
| Yeah, but Whatsapp chats tend to be full of those... and
| videos.
| akx wrote:
| (On Android), if you don't care about the (old) WhatsApp
| media, just delete it from your phone. It's all just
| loose files in `/storage/android/data/com.whatsapp` (or
| thereabouts). The text content of the chats will remain
| available.
| hn_throwaway_99 wrote:
| But that's literally the entire point of this article. That
| is, in this day and age, when people talk about "secure
| messaging apps" they are usually implying end-to-end
| encryption, which Telegram most certainly is not for the vast
| majority of usages.
| KennyBlanken wrote:
| Also, iMessage is very secure...but then all your stuff is
| backed up on iCloud servers unless you specifically disable
| it. That includes all your iCloud encryption keys and
| plaintext messages.
|
| Worse, iPhones immediately start backing up to iCloud when
| set up for a new user - the only way to keep your network
| passwords and all manner of other stuff from hitting iCloud
| servers is to set the phone up with no network connection
| or even a SIM card installed.
|
| Did I mention there's no longer a SIM slot, so you can't
| even control that?
|
| And that iPhones by default if they detect a 'weak' wifi
| network will switch to cellular, so you can't connect the
| phone to a sandboxed wifi network?
|
| You shouldn't have to put your phone in a faraday cage to
| keep it from uploading plaintext versions of your private
| communications and network passwords.
| xattt wrote:
| Luckily, microwave ovens make easy Faraday cages.
| talldayo wrote:
| 15 seconds on low, then 120 seconds on high.
|
| Oh, you meant... oh.
| jofla_net wrote:
| Well summed-up. Its crazy how efficient theese things are
| at working together to strip users of any agency or
| control, across many different domains.
| walterbell wrote:
| iCLoud can be disabled by MDM profile installed by Apple
| Configurator at setup.
| codetrotter wrote:
| Can I enroll my personal iPhone in MDM myself? And if I
| can have MDM with just my personal phone, do I need to
| buy some kind of subscription for it from Apple? Or pay
| some third-party?
|
| I thought MDM was only for enterprise businesses and
| schools and universities, but I may very well be mistaken
| about that.
| macintux wrote:
| Apple supplies a free application for managing MDM.
|
| https://support.apple.com/guide/apple-configurator-
| mac/welco...
| alephnerd wrote:
| ^^^ Highly recommend this. If you are technical enough, a
| family managed Apple Configuration is more than enough to
| protect for most situations and from most threat actors.
|
| If you're threat actor has the resource to break that,
| get a CC or a good lawyer on retainer I guess.
| walterbell wrote:
| MDM profiles are just XML files. They can be created with
| any text editor and distributed to the phone by email or
| web server. Apple provides the free "Apple Configurator"
| app in the MacOS app store. There are also websites
| and/or OSS tools to generate profiles, e.g.
| https://github.com/ProfileCreator/ProfileCreator.
| ummonk wrote:
| That is the correct default. Every day users are far more
| likely to accidentally lose their data than to run into
| government snooping.
| fsflover wrote:
| It might be the correct default, but it doesn't make it
| secure (makes it insecure actually).
| glitchc wrote:
| > That includes all your iCloud encryption keys and
| plaintext messages.
|
| Are these stored encrypted or in the clear? If the
| latter, please cite your source.
| wrs wrote:
| They are stored encrypted but whether Apple has the key
| depends on whether you've turned on "Advanced Data
| Protection" (aka "I don't expect Apple to bail me out
| when I lose access to all my devices"). The table in this
| support article details the treatment of various data
| categories under the two options:
|
| https://support.apple.com/en-us/102651
|
| The default for many categories is that your keys are in
| iCloud so Apple can recover them for you. With Advanced
| turned on, the keys are only on your personal devices. A
| few categories, like the keychain, are always only on
| your devices.
|
| Specifically, see Note 3: "If you use both iCloud Backup
| and Messages in iCloud, your backup includes a copy of
| the Messages in iCloud encryption key to help you recover
| your data." Under normal protection, Apple has the key to
| your backups, but with Advanced they don't.
| 3np wrote:
| > It's the only messaging app where messages are stored on
| the cloud.
|
| Instagram. FB Messenger. Skype. LINE. KakaoTalk. Discord.
| Slack. Teams. iMessage.
| Dalewyn wrote:
| >It's the only messaging app where messages are stored on the
| cloud.
|
| So do all the others with the exception of something like
| IRC.
| wkat4242 wrote:
| Not really. WhatsApp only keep them temporarily (and E2EE!)
| until they're delivered to each device. Signal too.
| Telegram keeps everything for all time. Which is kinda
| handy too I have to say.
|
| Of course you can send your backup to Google for WhatsApp
| and signal but that's optional. You can keep it locally
| too. And it's encrypted too. With WhatsApp you can even
| choose to keep the key locally only.
| ASalazarMX wrote:
| WhatsApp? The closed source app that AFAIK has never been
| externally audited, owned by one of the most privacy-
| disrespecting corporations in the world? You say I can
| trust it wholeheartedly as long as I don't upload backups
| to the cloud?
| lolinder wrote:
| > It's the only messaging app where messages are stored on
| the cloud.
|
| Besides Slack and Discord and Teams and whatever the heck
| Google has these days and iMessage and...
|
| I think you mean it's the only messaging app that purports to
| have a focus on security where messages are stored in the
| cloud, which is true, but also sus. There's a reason why none
| of the others are doing it that way, and Telegram isn't
| really claiming to have solved a technical hurdle that the
| E2E apps didn't, it's just claiming that you can trust them
| more than you can trust the major messaging apps.
|
| Maybe you can and maybe you can't, the point is that you
| can't _know_ that they 're actually a safer choice than any
| of the other cloud providers.
| maqp wrote:
| >it's just claiming that you can trust them more than you
| can trust the major messaging apps.
|
| All the cool kids in the block eliminated the need to trust
| the provider decades ago. PGP: 33 years ago, OTR 20 years
| ago, Signal 14 years ago.
| dijit wrote:
| You have to trust the provider with signal; they are
| fiercely anti-third party clients, control the network
| and have released version of the code that are not
| tracked by sources- in extreme cases we're aware of years
| old code being in there (mobile coin for example).
|
| Signal evangelicalism needs to halt, you mean the Whisper
| protocol.
| maqp wrote:
| No serious project wants to collaborate with a bunch of
| hobbyist projects who may or may not keep their code up-
| to-date. Years ago, the Matrix ecosystem was a prime
| example of even basic features like end-to-end encryption
| being in many cases missing.
|
| Having a single client gives you insane boost to security
| agility over decentralized alternatives.
|
| Feel free to strive towards functional decentralized
| ecosystem that feels as good to use, then switching will
| be a no-brainer.
| A4ET8a8uTh0 wrote:
| I don't completely agree. I am perfectly fine with there
| being multiple options for various use cases. Signal has
| its place. So does Telegram for that matter. Even
| Whatsapp..
|
| That said, what I would love to see ( and likely won't at
| this point ) is the world where pidgin could exist again,
| because everyone is using some form of sensible standards
| that could be used.. right now it is mostly proprietary
| secret mess of things.
|
| And don't get me started on convincing anyone in group to
| moving from one ecosystem to another. Fuck, I just want
| email for chat that is not owned by one org.. Is it
| really so much to ask ( it is rhetorical, I know the
| hurdles are there and only some deal with human nature )?
| thisisabore wrote:
| Matrix also keeps your message on the server. Except you
| can run your own server. And the messages are end to end
| encrypted. And you can keep a proper backup of the keys.
|
| Granted it can be clunky at times, but the properties are
| there and decentralised end to end encrypted messaging is
| quite and incredible thing. (Yes, Matrix nerds, it's not
| messaging per se it's really state replication, I know :))
| sroerick wrote:
| Doesn't Matrix replicate all chat metadata to any linked
| federated servers?
| immibis wrote:
| My Matrix messages are, I presume, not encrypted, because
| every device I have prompts me to sign this device's keys
| with the keys of another device (which doesn't exist) and
| the option to reset the encryption keys and lose access
| to old messages doesn't work either (it just crashes
| Element).
| maqp wrote:
| This is such a misrepresentation. Telegram could at-will feed
| the cloud-2FA password to password hashing function like
| Argon2 to derive a client-side encryption key. Everything
| could be backed up to the cloud in encrypted state only you
| can access. Do they do that? No.
|
| So it's not as much as trade-off, as it is half-assed
| security design.
| thisisabore wrote:
| I'll have you know they had maths PhDs design their
| security, sir. Eight of them!
|
| Yeah, it's a bit of a joke.
| maqp wrote:
| Yeah, put a geometrician* to do the job of a
| cryptographer. This is what you get.
|
| * I'm being serious, Nikolai Durov's PhD dissertation
| title was "New Approach to Arakelov Geometry"
|
| https://bonndoc.ulb.uni-
| bonn.de/xmlui/handle/20.500.11811/31...
|
| https://arxiv.org/pdf/0704.2030
| avery17 wrote:
| You never know what may suddenly become illegal.
| beefnugs wrote:
| Yeah, and the only way to get government to learn about why
| e2ee is important is to show them that if law enforcement can
| get it, then so can hackers/phishers. We need as many
| politicians dark secrets hacked and ousted as possible. It
| should be a whistblower protected right codified into law to
| perform such hacks
| wkat4242 wrote:
| > If the answer is yes then law enforcement can too.
|
| Is it technically possible for them to see it: yes
|
| Does Telegram let them see it: I don't think so. That seems to
| be the core issue around Durov being arrested.
|
| They probably should implement E2EE for everything. Then they
| will have a good excuse not to cooperate, because they simply
| don't have the data.
| alephnerd wrote:
| > Does Telegram let them see it: I don't think so. That seems
| to be the core issue style Durov being arrested
|
| The UAE requires decryption keys as part of their Telco
| regulations.
|
| If Telegram can operate in the UAE without VPN (and it can),
| then at the very least the UAE MoI has access.
|
| They (and their shadow firms like G42 and G42's shadow firms)
| were always a major buyer for offensive capabilities at
| GITEX.
|
| On that note, NEVER bring your personal phone to
| DEFCON/Blackhat or GITEX.
|
| Edit: cannot reply below so answering here
|
| Cybersecurity conferences.
|
| DEFCON/Blackhat happen during the same week, so you have a
| lot of script kiddies who lack common sense trying to pwn
| random workloads. They almost always get caught (and charged
| - happens every year), but it's a headache.
|
| GITEX is MENA and Asia's largest cybersecurity conference.
| You have intelligence agencies from most of the Middle East,
| Africa, Europe, and Asia attending, plus a lot of corporate
| espionage because of polticially connected MSSPs as well as
| massive defense tenders.
| mubu wrote:
| Sorry, but as someone who's completely out of the loop with
| these things. What's DEFCON/Blackhat or GITEX about and why
| shouldn't you bring your personal phone?
|
| I'm genuinely interested.
| jijji wrote:
| defcon and blackhat are hacker/computer security
| conferences started by Jeff Moss (aka DT or Dark Tangent)
| in 1993 and held at the end of July or early August every
| year in Las Vegas.... The reason you don't bring your
| phone is it might get hacked
| Account_Removed wrote:
| Scaremongering (unless you have old/unsupported phone).
| Why would anyone want to potentially burn their hundreds
| of thousands- worth exploit on your phone?
| https://zerodium.com/program.html
| 2snakes wrote:
| For the lulz
| sroerick wrote:
| Telegram is the only messaging app that I know of which
| brought attention to the fact that your messages go through
| Google/Apple notification APIs, which seems like it would
| utterly defeat any privacy advantage offered by E2EE
| h4x0rr wrote:
| I don't think the plaintext is required to be part of the
| API call
| wkat4242 wrote:
| The app can decrypt the notification before it's displayed.
| qwertox wrote:
| Why? I think Google suggests that you send the payload
| encrypted through the notification. Google then only knows
| which app to send the message to, they don't know from whom
| the message originates (only "a Telegram server") nor what
| the content is.
|
| Also, you could just send a notification instructing the
| app to fetch a new message from your server.
|
| From the docs:
|
| Encryption for data messages
|
| The Android Transport Layer (see FCM architecture) uses
| point-to-point encryption. Depending on your needs, you may
| decide to add end-to-end encryption to data messages. FCM
| does not provide an end-to-end solution. However, there are
| external solutions available such as Capillary or DTLS.
|
| https://firebase.google.com/docs/cloud-messaging/concept-
| opt...
| bonoboTP wrote:
| If the text appears on your screen I'm pretty sure there
| are ways for Google to capture it. I don't need to know how
| android's API works, knowing it probably just makes one
| blind to the big picture. You have to trust your OS/phone
| maker not to do a MITM.
| pcl wrote:
| This claim is what really makes me skeptical of Telegram's
| privacy story. Their assertion is completely incorrect.
| (Source: have implemented end to end encrypted payload
| delivery over APNs / GCM.)
|
| And if they are so off base on this, they must either be
| incompetent or liars. Neither of which builds trust.
| fsflover wrote:
| And yet Telegram doesn't allow to have e2ee chats on a
| Linux desktop or phone. You must rely on Google/Apple.
| SXX wrote:
| Most of Telegram clients except initial mobile apps was
| actually open source projects that was choosen by company
| to become "offcial" ones.
|
| They just dont implement E2EE since almost no one uses it
| on Telegram.
| thisisabore wrote:
| That's it. The article could be just that. You log back in and
| all your messages are there without you having to provide a
| secret or allow access to some specific backup? Your data just
| lives on the server. The only thing preventing anyone from
| accessing it is the goodwill of the people running the server.
| codethief wrote:
| Thanks for the blog post, now I finally have a good resource I
| can point people to next time they claim Telegramm is secure.
|
| > I am not specifically calling out Telegram for this, since the
| same problem [with metadata] exists with virtually every other
| social media network and private messenger.
|
| Notably, Signal offers a feature called Sealed Sender[0]. While
| it doesn't solve the metadata problem entirely, it does at least
| reduce it a bit.
|
| [0]: https://signal.org/blog/sealed-sender/
| fsflover wrote:
| With Matrix, you can use your own (or trusted) server. Doesn't
| it solve the problem with the metadata? At least when two
| trusted servers interact.
| Aachen wrote:
| This is part of what I love about Mastodon: if you PM
| someone, very often you're talking between two random servers
| and odds are good that the admin is a friend of a friend. No
| dragnet statistical analysis stuff, just friends running some
| software that normal people can also use. Distributed systems
| at their best
| upofadown wrote:
| Sealed sender doesn't really solve the metadata problem at all:
|
| * https://www.ndss-symposium.org/wp-
| content/uploads/ndss2021_1...
|
| Generally you need something like TOR to hide who is talking to
| who.
| codethief wrote:
| Interesting, I feared Sealed Sender might be susceptible to
| statistical analysis (hence my phrasing "reduce it a bit")
| but it's worse than I expected ("Signal could link sealed
| sender users in as few as 5 message"). Thanks for the link!
|
| As for TOR, that wouldn't really help much, would it, given
| that the described attack is at the application level of
| Signal. Or are you talking about not using Signal altogether?
| upofadown wrote:
| Yeah, I used TOR as a general example. Briar uses TOR for
| example to hide the connections between users.
| maqp wrote:
| Some other options
|
| https://cwtch.im/ (has better UX and security than Briar)
| https://onionshare.org/ chat feature
|
| Also https://github.com/maqp/tfc by yours truly if you
| need hardware-enforced endpoint security for your keys.
| rhelz wrote:
| Fascinating. I might have missed it, but I don't think the author
| mentioned the possibility of steganography. Just code the
| encrypted text such that it resembles a normal conversation.
| waynecochran wrote:
| Would you use an image for this? Is there a clever way to do
| this with text?
| rhelz wrote:
| You could use an image. But you could use text as well. E.g.
| you could agree on a code phrase to be said when some "dirty
| deed done dirt cheap" has been completed. Or you could encode
| a binary string by alternating British English spellings with
| American English Spellings: e.g. "color" means 0, "colour"
| means 1; "gray" means 0, "grey" means 1, etc etc. and then
| just use those alternate spellings in a normal conversation.
| tazu wrote:
| Am I the only one who uses Telegram mainly for p2p e2ee audio
| calls? It's great for that.
| TheChaplain wrote:
| I use it for friends, family and partner, videocalls and normal
| chat.
|
| Sure, it may not be on the same level as Signal when it comes
| to security but it simply is leagues above others in terms of
| usability, stability and bells&whistles. It's like comparing a
| Ford Zephyr with a Volvo EX30.
| tamimio wrote:
| I agree, but I wouldn't compare Signal to a Zephyr. Classic
| cars have that charm and magic. I would say Signal is more
| like a Honda Civic; its users are loud and annoying, and yet
| it's mediocre in all categories. :)
| ziofill wrote:
| > One of the biggest privacy problems in messaging is the
| availability of loads of meta-data -- essentially data about who
| uses the service, who they talk to, and when they do that
| talking. [...] the same problem exists with virtually every other
| social media network and private messenger.
|
| Is this true for Signal too? I thought it wasn't.
| lxgr wrote:
| Avoiding any metadata leaks without generating tons of cover
| traffic (to frustrate timing correlation attacks) is very hard.
|
| Signal does indeed use an architecture (at least for chats with
| contacts, or optionally everyone when you enable the "sealed
| sender" option that makes you a bit more prone to receiving
| spam) where Signal doesn't know who's _sending_ a given message
| from a given IP address, and only which account it 's destined
| for.
|
| But any entity in position to globally correlate traffic flows
| into and out of Signal's servers can just make correlations
| like "whenever Alice, as identified by her phone's IP, sends
| traffic to Signal, Bob seems to be getting a push notification
| from Apple or Google, and then his phone connects to Signal, so
| I think they're talking".
| fsflover wrote:
| > But any entity in position to globally correlate traffic
|
| Also, Signal relies on AWS, which could also perform such an
| attack it seems.
| ziofill wrote:
| How accurate does the timing need to be? I imagine there must
| be many Bobs getting notifications around the same time.
| Also, if I use Signal behind a VPN is it still known that I'm
| talking to the Signal servers?
| daneel_w wrote:
| _> Is this true for Signal too? I thought it wasn't._
|
| It is, because you cannot use Signal without giving them your
| mobile phone number, and from that point onward they (and
| anyone they might be sharing data with) know the who/what/when,
| and more. My gut feeling, notwithstanding any apologist and
| their weak arguments, is that the design choice is exactly
| about the who/what/when because it's mandatory despite being
| entirely unnecessary from a technical perspective.
| ahmedbaracat wrote:
| I would recommend reading these resources:
|
| The Internet Is Broken: https://secushare.org/broken-internet
|
| The Hitchhiker's Guide to Online Anonymity:
| https://anonymousplanet.org/guide.html
|
| Pointers to more resources:
| https://discuss.grapheneos.org/d/15005-books-or-sources-on-p...
| innagadadavida wrote:
| I am amazed at the low quality comments here. Encryption really
| doesn't matter as much as the trust of the app here. Any
| malicious app author can 100% secure encrypt everything in wire
| and yet leak 100% of your data to some state actor. Anything you
| type into the chat box is only encrypted by the app after you
| type and probably storing it in the clear in some local SQLite
| db. It gives them a whole bunch of options to mess with that
| plain text data. Even if the app source code is published as you
| don't know if they backdoored it before they submitted to App
| Store.
| __MatrixMan__ wrote:
| The malicious app need not be the messaging app either. It
| could be your keyboard.
| medo-bear wrote:
| Telegram is not Signal, it is a waaay better Discord
| kome wrote:
| that gives a better explanation on why telegram is safer in real
| world settings than whastapp or other popular messengers:
| https://x.com/Pinboard/status/1474096410383421452
| alerighi wrote:
| It's not e2e encrypted, so what? It's something the majority of
| users does not need, and that doesn't increase security that much
| given their downsides.
|
| Of course for Telegram is much more convenient to not have
| end2end encryption. Given that they store everything on their
| servers, it means years of chat history that probably weights Gb
| for each user, contrary to what WhatsApp/Signal do, of course if
| 10 million people send eachother the same meme it's stupid to
| have 10 million copies of the same images on their servers just
| because it is end2end encrypted. They probably have a store where
| they index each media with its hash and avoid to have multiple
| copies, that is fine. This is the reason Telegram can offer you
| to have all your messages, including medias that can be up to 1Gb
| each, stored on a cloud for free.
|
| As I user I prefer Telegram just because it's the only app that
| works perfectly synchronized among multiple devices (Android,
| Linux, macOS) with good quality native clients, without wasting
| space on my phone for data.
|
| By the way, end2end encryption it's not that safe as they claim.
| Sure, the conversation can not be intercepted, however:
|
| - you can put a backdoor on endpoints, that is compromise the
| user phone (something they do)
|
| - you can make a MITM attack on the server (don't know if they do
| that, but technically possible)
|
| - you can access the data that is backed up on other platforms
| (i.e. WhatsApp makes by default backups on Google Drive or Apple
| iCloud, trough which you can access all the conversations in
| clear text).
| Timber-6539 wrote:
| Reads like a hit piece on Telegram from a crypto expert who
| couldn't be bothered to explain in _more_ than _one_ paragraph
| why the app he is calling _not_ an encrypted app (according to
| how he personally thinks everyone refers to when talking about
| encryption) actually uses _some_ encryption technology that he 's
| _not_ exactly sure of but _suspects_ is insecure.
| cheptsov wrote:
| Double that. The entire article reads to me as handpicked and
| manipulative.
| mfiro wrote:
| In my opinion, Telegram is more of a social network than a
| messenger. There are many useful channels and in many countries,
| it plays an important role in sharing information. If we look at
| it from this point of view, e2ee does not seem very important.
|
| We should also not forget that, in the time when all social media
| (Reddit, X, Instagram etc.) close their APIs, Telegram is one of
| the only networks that still has a free API.
| maqp wrote:
| That's the dangerous part. It's a messaging app that took in
| the function of a social media platform. It did so without
| robust security features like end-to-end encryption yet it
| advertised itself as heavily encrypted. Like Green stated in
| his blog post, users expect that to mean only recipient can
| read what you say, i.e. end-to-end encryption.
|
| Telegram would be fine if it advertised itself as a public
| square of the internet, like Twitter does. Instead, it lures
| people into false sense of security for DMs and small group
| chats, which is what Green's post and thus this thread is
| ultimately about.
|
| Free API doesn't mean anything until they fix what's broken,
| i.e. provide meaningful security for cases where there's
| reasonable expectation of it.
| fredgrott wrote:
| Simple question denotes whether its encrypted.....
|
| Does cloud server store the message and key.....
|
| If answer is yes, ITS NOT FULLY ENCRYPTED!
|
| Sounds contrary right?
|
| If key and message is on server any LEO org can get it....for it
| to be fully encrypted cloud server should never store the
| keys....
|
| So how many services claiming encryption have this flaw? All....
|
| Why do you think Telegram has shell companies to avoid gov
| subpeonas?
|
| Because it knows that its encryption is faulty to real world LEO
| and laws as it stores the keys on the cloud which means its can
| be subpoenaed for those keys and messages.
| jbk wrote:
| The worst is that Telegram Secret Chats are limited in
| functionalities, compared to the normal ones, for no reasons.
| Stickers set don't work, for exemple, and that's one of the main
| feature of Telegram chats.
| hippich wrote:
| Something that might be interesting in this topic - forked
| version [0] of telegram client made during protests in Belarus in
| 2020 (and appears to be actively maintained to this day). Can't
| vouch for it, but found it interesting.
|
| [0] https://github.com/wrwrabbit/Partisan-Telegram-Android
| lvl155 wrote:
| I remember having this same conversation on here nearly a decade
| ago. I stopped using Telegram then.
| ementally wrote:
| >One of the biggest privacy problems in messaging is the
| availability of loads of meta-data -- essentially data about who
| uses the service, who they talk to, and when they do that
| talking.
|
| >I am not specifically calling out Telegram for this, since the
| same problem exists with virtually every other social media
| network and private messenger.
|
| In fact, https://simplex.chat/ is the only messenger with the
| least amount of metadata.
___________________________________________________________________
(page generated 2024-08-25 23:00 UTC)