I wouldn’t put a lot of trust in Telegram. Not only is their cryptography off by default, it’s a bespoke hand-rolled non-standard algorithm that might not work as well as they say. Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.
Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.
From the very start rather.
And there's been a few cases where not FSB, but mundane police was reading suspects' messages before arresting them.
Don't trust Telegram, I use it because, eh, most people use either that or VK DMs in Russia as the default IM. But never trust it for something which should be secret.
You can even have "opposition"-themed channels there or call for rebellions, but don't ever expect anything to be secret or even pseudonymous. Even without ill intent regularly flaws are found which allow to get a lot of information, and the code quality is sewer-level.
In general, people are wise to use ciphers and protocols that have been examined by the global cryptography community and have held up to that scrutiny.
The algorithm was neither proposed nor designed by the US government, it was made by (what is now known as) Signal, a 501c nonprofit.
The claims of signal being "state-sponsored" come from assuming how money flows through the OTF - Open Tech Fund - which has gotten grants from government programs before. (IIRC)
It wouldn't make sense for the US Gov. to make such a grant to make a flawed protocol, as any backdoor they introduce for themselves would work for any outside attacker too - it's mathematics. It works for everyone or for no one. Would they really wanna make tools that they themselves use, just to have it backdoored by other state actors?
Even if it were encrypted and the backdoor was controlled by the Russian state, logically that would make it safer than Facebook for anyone living in Western jurisdictions. The Russian government cannot get them and is hardly going to exchanging intelligence with its enemies.
Yes, yet telegram isn't a piece of shit of an app that runs slowly on every device, can't sync messages because "something went wrong" and doesn't depend on electron to run. Also, not funded by the CIA.
Could you not apply this "funded by the CIA" argument to other things such as... The Tor Network? Which was created by the US Military Naval Research? Also some US government departments have donated to Tor. Does that mean Tor is breached?
completely agree with you. I can't believe why you are getting downvoted. Promoting a platform which is funded by the CIA, US gov and Israel. Completely insane really I don't understand how people are still believing this. They really need to wake up to the truth otherwise things will never change. Privacy will stay an illusion we give ourselves to believe that nobody can read our messages (even if they absolutely can)
The CEO also claims that users' Signal messages have popped up in court cases or in the media, and implies that this has happened because the app's encryption isn't completely secure. However, Durov cites "important people I've spoken to" and doesn't mention any specific instance of this happening.
[...]
The Register could not find public reports of Signal messages leaking due to faulty encryption.
Claims made without evidence can be dismissed without evidence.
Durov's entire criticism seems to be based on implications and have no actual evidence of any technical problems with Signal. He's basically just throwing shade at a competing business, which amounts to whining.
Edward fucking Snowden has recommend Signal and I think if anyone knows whether it's secure, it's probably him and the NSA.
That and he is paranoid to a point where he physically kills all mics and cameras on his devices, so if he claims anything is secure, I will believe him unconditionally.
This is how you know the brain has rotten and become a slick turd.
Agreed. Making it a contest of "this talking head seems smarter" means exactly that.
Try explaining that to normies though. They don't want to understand shit, and they want to think they are safe without understanding shit. That this is impossible they just don't want to believe, because they don't understand shit.
so if he claims anything is secure, I will believe him unconditionally.
That's much more stupid than just using Facebook and unencrypted e-mail with Outlook address for communication, but knowing how safe exactly those are.
I know that Telegram has a lot of users, so I'm not describing all of them here. But I've noticed that it seems especially popular among people who kind of like to "play pretend" as underground hackers. You know, the kind of person who likes to imagine that the government would be after them.
This mudslinging feels like more of a marketing campaign than anything else. An info op that will work well on the Telegram users who like to imagine that they have outmaneuvered all the info ops.
Signal is fully open source! You can run it on-premises, if you know your business!
Why are we not talking about it?
Unless something has drastically changed recently, the official Signal service won't interoperate with anyone else's instance. That makes its source code practically useless for general-purpose messaging, which might explain why few are talking about it.
My point is that you have all the open source software components needed to run secure communications, on your own premises, for your own users/community in case you are not trusting Signal's infrastructure.
If you know any other similar alternative with strong encryption open source protocols please let me know! I love learning new things everyday!
There's no oversight for any of these agencies and they have the means and incentive to backdoor cryptography, what would stop them from doing this morality? There's no possible way that they both aren't compromised and all we're seeing now is them firing pot shots at each other trying to convince the reader to join their honeypot because its sweeter.
Signal and Telegram are not rivals, though? Signal aims to be a E2EE chat platform, while Telegram works like a public forum in realtime chat format. Signal/WhatsApp are different from Telegram/Discord. They are not the same type of platforms.
Durov is comparing apples and oranges, and anyone falling for this whining, calling Telegram bad is an idiot.
I'm always amazed how people come out of the woodwork to defend Signal any time any criticism of it comes up. It's become a sacred cow that cannot be questioned. Whatever you may think of Telegram should bear zero weight on your views of Signal.
The reality is that developers of Signal have close ties to US security agencies. It's a centralized app hosted in US and subject to US laws. It's been forcing people to use their phone numbers to register, and this creates a graph of real world contacts people have. This alone is terrible from security/privacy perspective. It doesn't have reproducible builds on iOS, which means you have no guarantee regarding what you're actually running. These are just a handful of things that are publicly known.
And then we know stuff like this happens. NSA suggested using specific numbers for encryption that it knew how to factor quickly. The algorithm itself was secure, but the specific configuration of how the algorithm was implemented allowed for the exploit https://thehackernews.com/2015/10/nsa-crack-encryption.html
These kinds of backdoors are very difficult to audit for because if you don't know what to look for then you won't have any reason to suspect a particular configuration to be malicious. Given the relationship between people working on Signal and US government, this is a real concern.
The same kind of scrutiny people apply to Telegram and other messaging apps should absolutely be applied to Signal as well.
I’d just like to add that you can use a temporary phone number service to sign up to Signal as you only need a phone number to register, not to actually use Signal.
Matrix is shit atm mate stop recommending it maybe one day it will become good but that day is not today also they are said to be scattering metadata and bashes XMPP for no real reason . Briar and SimpleX is the gold standard for now only if they had more users .
The whole area of XMPP vs Matrix is quite subjective. Rather than fighting over which open interoperable communication standard works the best, we should just collaborate and bridge everything together. The more federation and interoperability the better.
No, they are not. They might fit a certain niche (or could once they mature) but neither is a good general-purpose messenger, because their goals and designs inherently limit usability.
No messaging platform fits every use case, but Matrix is great for general-purpose private messaging that anyone, anywhere can easily use, without Google services, without a phone number, and without being vulnerable to shutdown if a single country's laws turn unfavorable. It has other advantages as well. It's not flawless, but is constantly improving, and is already very useful to many people.
If you have a specific criticism that you can actually support with facts, you could bring it up for discussion. Slinging vague attacks that look a lot like something one might see in a poorly-informed reddit post doesn't help anyone.
Telegram CEO Pavel Durov issued a scathing criticism of Signal, alleging the messaging service is not secure and has ties to US intelligence agencies.
Durov made his remarks on his Telegram channel on Wednesday, pushing a variety of points against the rival messenger app, including alleging it has ongoing ties to the US government, casting doubt over its end-to-end encryption, and claiming a lack of software transparency, as well as describing Signal as "an allegedly "secure" messaging app.
The comments seem to have been inspired by a City Journal report that detailed the origins of Signal, which was kickstarted by a $3 million grant from the US government's Open Technology Fund.
The report says that Maher was an "agent of regime change" during the Arab Spring, and communicated with dissidents in the Middle East and North Africa.
The CEO also claims that users' Signal messages have popped up in court cases or in the media, and implies that this has happened because the app's encryption isn't completely secure.
It's hard to say, but Durov may be making a reference to Sam Bankman-Fried, whose Signal messages were a key part of the trial that resulted in the ex-CEO being convicted.
The original article contains 671 words, the summary contains 199 words. Saved 70%. I'm a bot and I'm open source!
Idk how secure telegram is but cmon signal is shady AF . They won't let fdroid have it cause they want to sign their own keys or some shit but there is a speculation its because they can roll out custom apk to targets which governments want which is just not possible if it is hosted by someone like fdroid . Even telegram allows that and they even allow third party apps which signal won't .
SimpleX and briar is the best option if your actually worried about privacy .
This comment is copy pasted from another thread where I had the same opinion
Signal stans do not have an answer to this. OMEMO is verifiable, rest of the stuff around it is not. Signal even had a time when they did not update the backend open source code for over 6 months.