Telegram founder and CEO alledges signal has backdoors, they don't provide reproduceible builds, etc.
Telegram founder and CEO alledges signal has backdoors, they don't provide reproduceible builds, etc.
Here's what he said in a post on his telegram channel:
🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷
🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕🦺
🕵️♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡
🕵️♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤
🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪
Original post: https://t.me/durov/274
It's hard to overstate what a nothing-burger this article really is! Let me break it down:
- Signal got $3 million from the Open Technology Fund at some point in its development
- Some anonymous source alleges that the OTF's ultimate goal is to promote US foreign interests
- The current chairman of the board Katherine Maher worked at the National Democratic Institute and Wikipedia before
- The same anonymous source says she was recruited because of connections to the OTF
- She has at some point voiced the opinion that a completely free internet without regulation just reproduces existing power structures, and that balancing regulation and 1st amendment rights is a tough problem
- Signal doesn't have reproducible builds on iOS (it absolutely does on Android btw)
- Some people feel like Signal chats come up more often than they should in court cases and media reports
That's it, that's the whole story. That's the reason why the Telegram guy of all people thinks you should be careful, and better use his chat service instead, and the Twitter guy agrees.
I mean, reproducible builds on iOS would be nice, but that platform has much bigger problems from a privacy/security/sovereignty/freedom standpoint anyway. And the rest is just nothing turned up to 11.
Maybe he should focus on adding e2e encryption to the default chats and group chats instead of spreading FUD.
Looks like a push to discredit Signal right now. While I know Signal isn't perfect, I do like it and I haven't seen anything that is better (on the whole). The 3rd "emoji-point" is quite an accusation, and I would love to see any evidence of this kind of thing, that didn't result from the cops unlocking a defendants phone, or having infiltrated a chat.
arent telegram chats unencrypted by default?
An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media
source?? (i bet this ends up being a "they had full access to my unlocked phone" situation again)
also the whole thing abt US funded encryption is the same bullshit argument ppl use against Tor all the time. it doesnt mean shit.
this just reads like someone desperately trying to get more market share by spreading FUD
Go read the GitHub issue. The main difficulty in implementing reproducible builds is the code signing Apple requires as well as other tweaks Apple makes to modify the binary from what the dev submits to what gets downloaded from the App Store. Note that Android already has reproducible builds. Also the reason the GitHub issue was closed wasn’t “refusal” to implement the feature, they wanted to move the discussion to their forums.
This comes a few days after Jack Dorsey confirmed that he had left the board of Bluesky and then starting to use Tw(X)tter and calling Tw(X)tter "freedom technology". Coincidence ?
Okay first things first Jack Dorsey is a tool
The US government / CIA did in fact develop the protocol back in the day, with the goal of helping people in China and other countries message securely, probably with ulterior motives.
But the protocol itself is open source, and you can use it without any affiliation with the US government.
The claim " It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕🦺" is therefore so stupid it almost invalidates everything else being said because the person writing is either an idiot or purposely misrepresenting the facts.
Not having reproducible builds is definitely weird though. Does anybody have more information on that?
Maybe fix Telegrams privacy problems.
https://www.404media.co/this-tool-shows-some-telegram-users-approximate-physical-location/
This is also just a few days after Durov published Nazi dogwhistles in the latest Telegram update blog post.
Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github.
Not true. Signal has a very similar client verification process to Telegram's, described here. The lack of an iOS reproducible build is an Apple limitation / nuisance.
It’s very complicated, the 2nd jailbroken device is necessary because there’s no other way to download the .ipa, but even if you manage to do that and bit-for-bit reproduce the .ipa you downloaded from source, there’s no way to know if the App Store is sending every user the same .ipa or if your other, non-jailbroken iPhone downloaded a backdoored one.
Telegram docs even acknowledge these limitations.
Ultimately, this client verification is not the selling point Telegram's founder makes it sound like, since most messages are not E2EE and the server code is closed.
Saw someone post that City Journal article on mastodon a couple days ago and I'm amazed that so few people picked up that the City Journal and the article's author are basically puppets of the Manhattan Institute, a conservative think tank. I know most people aren't tuned to look out for think tank propaganda but it came off as really obviously FUD-y and unsubstantiated.
One is open source and you can check the code while the other is not completely open source and uses proprietary encryption. That's right, proprietary encryption.
Points 0 and 1: None of this is new. This goes back to 2011 or 2012.
Point 2: If someone gets hold of your phone and unlocks it (meaning, they can interact with it), they have access to your Signal messages on-board. This is why additional security measures (not using biometrics, encrypting your phone natively) are recommended. If your phone is off and someone dumps the data from it, they get encrypted data.
I logged into Telegram today to this update from Durov. It reads like a bunch of hogwash from someone who is hiding something. They are eyeing investor funding soon, right? (EDIT: eyeing an IPO https://www.techopedia.com/news/telegram-eyes-ipo-as-it-aims-to-become-profitable-in-2025) A lot of things seem to be coinciding with him slinging mud about his competitors.
You can verify builds on android. That's just an iphone problem.
Use Grapheneos if you need good security and privacy
The article about Maher is written by a conservative who can't accept that we can limit individual freedom to reach true collective freedom.
Also he wrote for FoxNews lol
Stop spreading propaganda please, it's just a CEO trying to shill its product
There is briar . Check it out .
Dorsey isn't that the guy who fell into the anti vacation rabbit hole and backed
JRFK Jr ? I mean let's be honest. If these guys are concerned then I am pretty sure it's safe.I find it weird how any discussion about Signal will inevitably have a bunch of people piling on dismissing any criticisms of it. Believing that Signal is perfect has become like a religion at this point. Whatever people might think of Telegram is completely irrelevant when it comes to the question of whether Signal is actually a secure tool or not.
The fact that people working on Signal have direct ties to US intelligence agencies cannot be ignored. No can the fact that Signal is a centralized system based in US. These two things alone should make everybody very concerned.
I'll stick to Threema and Session, and SimpleX for those who use it. But thanks.
On a different note, did anyone noticed a link to discussion on privacy, referencing this post (2x) on threema blog, see post: Chat Apps, Government Ties, and Transparency ?
PD, on the other hand ...
&
Then, PD chimed in
refs to this: --> https://lemmy.world/post/15169047
which was federated through .world but originally posted on ml.
rip rd
Let's all just be adults and start using Matrix
I feel hustled, bc I recommended Signal to others :-( However, ANY contact with the US elite is a clear sign of the NSA/CIA/NED propaganda/spying network. I think It is safest for everyone, to voluntarily adopt the Russian, Chinese, Iranian, etc blocklist/firewall of western big-tech propaganda and spy methods, and seek out trustworthy open source. Oc Lemmy/federation as well as any other point of contact with the commoners are valid targets for these guy's, but a minimum of defense like that seems to be the only way to keep the US Capitalist elite out of our lives.
Anyway, bye bye Signal. Gnu? Alternative ?