Telegram founder and CEO alledges signal has backdoors, they don't provide reproduceible builds, etc.

electric_nan , 25 days ago

Looks like a push to discredit Signal right now. While I know Signal isn't perfect, I do like it and I haven't seen anything that is better (on the whole). The 3rd "emoji-point" is quite an accusation, and I would love to see any evidence of this kind of thing, that didn't result from the cops unlocking a defendants phone, or having infiltrated a chat.

CaptainSpaceman , 25 days ago

The 3rd emoji is just bs. Then again, most of his post is bs

MajorHavoc , 25 days ago (edited 25 days ago)

While I know Signal isn't perfect, I do like it and I haven't seen anything that is better (on the whole).

Agreed. But it is worth mentioning that XMPP with OMEMO seems to be the current gold standard - runs almost everywhere, tons of available (free) servers, secure end to end messages, and fully auditable public source code.

electric_nan , 25 days ago

I have used xmpp a lot, but I can't really recommend it to friends and family as a secure messenger. There are too many compatibility issues between clients and servers. If your friend is on a client or server that doesn't support the same encryption protocols, then you can't have a secure chat. Basically there is too much user knowledge and effort required at this time, for xmpp to be a good, secure, general use chat. I very much look forward to this changing. I also really like Matrix, but it is still a bit rough around the edges as of my last check.

MajorHavoc , 25 days ago

Agreed on all points. It's not the best solution when I can't get both parties into it successfully.

That's why I still use Signal a good bit.

SLfgb , 24 days ago

I use xmpp all the time.
Biggest hurdle for certain fam/friends using xmpp has been certain android builds (samsung) and ios interfering with timely notifications.
User knowlege is not a problem as I can recommend the apps that are compatible encryption protocols with mine.

electric_nan , 24 days ago

That's great, and I'm happy it's working out for you. It's still kind of a bummer that this open protocol ends up fragmented across all those clients and severs. I've met other Linux enthusiasts online, connected with them via xmpp only to find we can't encrypt our chats. Neither of us wants to give up our preferred client for various reasons, so we have a non-working situation.

SLfgb , 24 days ago

Hmm, I see. But isn't there an obvious solution to this? One of you just run two different clients side-by-side?

electric_nan , 24 days ago

Sure there are workarounds, but every one of them erases a bit of convenience or is at odds with the benefits of federation. Again, I think XMPP is great, but I wish it was better. As it is now, it doesn't fully meet my needs better than Signal does.

SLfgb , 24 days ago

Yea, I hear you. I use both.

SLfgb , 24 days ago

Well if only those samsung & ios users that never get my messages until I see them and tell them to open their app had phones that didn't interfere with it running in the background / push notifications it would be working out for me even better, but that's not an issue with the protocol or client but with OS's being hostile to xmpp.

toastal , 24 days ago

client or server that doesn’t support the same encryption protocols

Outside of TLS which most any server uses by default, XMPP or not, the server is not responsible for E2EE. Conversations Compliance & Are We OMEMO Yet have existed for a long while & I never see anyone recommending a client not on these lists so while certain features may be fragmented, the communication essentials have been more or less established for years now. XMPP is an extensible format, and some applications that aren’t for chatting with your friends/family, don’t need many of these features which allows the protocol to morph into something stripped down for the task… which is why the base spec is basically barren, & community XEPs are what folks get behind for adding new features for different use cases.

refalo , 24 days ago

That may be true, but wake me up when they capture 0.5% of the messaging app market :)

possiblylinux127 , 24 days ago

Tin hat time:

I wonder if Russia's trying to get everyone on Telegram because they have control over it.

electric_nan , 24 days ago

This is probably just Telegram seeing an opportunity to peel some users away from Signal during a period of heightened paranoia in the West (anti-genocide organizing).

noodlejetski , 24 days ago

https://mastodon.social/@campuscodi/112410704497640450

Legend , 24 days ago

They moved from Russia because Russia tried some shit so no .

DaseinPickle , 24 days ago

Maybe not Russia, but they sure are working with a certain government:

https://mastodon.social/@alshafei/112413115927959085

rivvvver , 25 days ago

arent telegram chats unencrypted by default?

An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media

source?? (i bet this ends up being a "they had full access to my unlocked phone" situation again)

also the whole thing abt US funded encryption is the same bullshit argument ppl use against Tor all the time.
it doesnt mean shit.

this just reads like someone desperately trying to get more market share by spreading FUD

penquin , 25 days ago

"an alarming number of important people" is the source. That's more than enough, right?

rivvvver , 25 days ago

im gonna assume ur joking.
its hard to tell sarcasm on the internet.

obviously i would like an actual source like at least one of those "important" ppl talking abt what happened to them

penquin , 25 days ago

😂. Of course I'm joking. That claim is bullshit. Hey I know a guy who sold a bridge, and he's wealthy now. Source: trust me, he told me.

jabathekek , 25 days ago

read: "all my rich white friends"

DaseinPickle , 25 days ago

“One rich dude I met once at a dinner party. Totally legit. “

Ilandar , 24 days ago

"Who work for Telegram"

possiblylinux127 , 24 days ago

"Signal is insecure"

• Putin probably

rdri , 24 days ago

arent telegram chats unencrypted by default?

Encryption is always there. Problem is, some people refer to anything "not e2e encrypted" as "unencrypted" for some reason.

fushuan , 23 days ago

And it infuriates me to no end. It's one thing to trust them and their servers and it's another thing altogether to send actual plaintext data around the net, that's crazy and it's what people are implying.

For the record, until WhatsApp implemented e2e their messages were indeed fucking plaintext, and it took a while before they were pressured into e2e. It helps for them that their platform is very mobile based vs telegram, where the service is more server based. Telegram did have enough time to implement a server based e2e 0 knowledge encryption protocol though, it's not really rocket science at this point.

rdri , 23 days ago

Telegram did have enough time to implement a server based e2e 0 knowledge encryption protocol though, it’s not really rocket science at this point.

What do you mean by server based e2e? From what I get, most people's complain is that Telegram doesn't support e2e in group chats, and that is what seems to be close to rocket science in my opinion. Also Telegram is historically filled with ever growing group chats, which means quite serious implications for server requirements from what I understand.

fushuan , 23 days ago

Tegram stores all the conversation in their servers, since you don't need to be connected in the phone or have the phone witchednon if you want to chat in the pc, or in another phone. This means that the authority is the server. WhatsApp it's not like that, if you delete a shared photo after a while it will be cached out and you will lost access to it, meaning that they don't store that stuff. The same thing happens with WhatsApp desktop or web, they stay in an infinite loading icon until you twitch on the phone or sometimes even unlock it.

This means that whatever telegram develops must not only keep the group chat encrypted in the server, but any valid client of a user must be able to decipher the content, so every client must somehow have the key to unlock the content. One way of doing it would be for every client of a single user to generate keys (which I'm sure they already do) and reform a key exchange between them, to share that way a single shared key, which is what identifies your account. Then toy could use that shared key to decipher the group chat shared key which telegram can store on their server or do whatever is done in those cases, I'm not that well versed.

The problem here lies in what happens when you delete and/or logout of all the accounts, currently you can login into the server again, because telegram has all the info required, but if they store the "shared key" then it's all moot, I guess they could store a user identifying key pair, with the private key encrypted with a password, so that it can be accessed from wherever. They should as always offer MFA and passkey alternatives to be able to identify as yourself every time you want to log into a new client, without requiring the password and so on.

This is some roughly designed idea I just had that should theoretically work, but I'm sure that there's more elegant ways to go about this.

It's work for sure to implement all of this in a secure way, provided that you have to somehow merge everything that already exists into the new encryption model, make everyone create a password and yada yada while making sure that it's as seamless as possible for users. However, I feel like it's been quite a while and that if they did not do it already, theybjist won't, we either trust them with our data or search for an alternative, and sadly there's no alternative that has all the fuzz right now.

rdri , 22 days ago

Sorry I have a hard time understanding the gist of your text. I don't think it's viable to be upset about what happens with access that was already acquired previously because that very fact already poses a bigger threat (which might have more to do with the nature of conversations vs how the platform works).

fushuan , 22 days ago

I wasn't talking about situations with compromised accounts, I was talking about legitimate accounts that were created in a typical way being converted to a zero knowledge encryption method, I was aknowledging that it's hard doing that conversion when a user might have several clients logged on (2 phones, 6 computers...).

My point was that if they have not put any motivation in the transition, they never will because the bigger the userbase, the harder for them to manage the transition. Also, I find that sad because they should have invested more effort in that instead of all the features we are getting, but whatever.

If you found the technical terms confusing, public/private keys are some sort of asymmetric "passwords" used in cryptography that secure messages, and shared keys would be symmetrical passwords. The theory between key exchanges and all around those protocols are taught in introductory courses to cryptography in bachelors and masters, and I'm sorry to say that I don't have the energy to explain more but feel free to read about the terms if you feel like it.

If you however found it confusing because I write like crap, I'm sorry for potentially offending you with the above paragraph and I'll blame my phone keyboard about it :)

rdri , 22 days ago (edited 22 days ago)

No that's not what I didn't understand. The problem itself as you described it seems either a non-issue or something very few people (who's already using telegram for some time) would care about. I don't understand the scenario that would pose a problem for the user. The moment some account legitimately gains access to some chat is probably what should trouble you instead.

VeganCheesecake , 24 days ago

https://www.spiegel.de/netzwelt/apps/telegram-gibt-nutzerdaten-an-das-bundeskriminalamt-a-0e4d3fcb-8081-4b87-b062-db412bbc294b

Well, Telegram seems to be giving user data to the German Federal Criminal Police Office, and if they're cooperating with the German authorities, I don't see why I'd presume they aren't cooperating with others as well.

All this is actually documented, compared to those nebulous "important people".

UnfortunateShort , 24 days ago

Tbf, they held a user vote in Germany (supposedly, although the app did ask me to vote) whether to work with them or risk to cease services. Iirc the backgrounds were extremist (terrorist?) groups operating on the platform

NoLifeGaming , 25 days ago

One is open source and you can check the code while the other is not completely open source and uses proprietary encryption. That's right, proprietary encryption.

Sneptaur , 25 days ago

This is also just a few days after Durov published Nazi dogwhistles in the latest Telegram update blog post.

https://plush.city/@PsyChuan/112336464469767051

clot27 OP , 25 days ago

mostly because he got interviewed by tucker carlson, he said he has also given interview to a liberal reporter so as to show he is neutral and everyone has right to free speech

Sneptaur , 25 days ago

Where's the interview with the liberal reporter, lol?

ReversalHatchery , 25 days ago

Haven't seen it published in his channel either

Zoop , 25 days ago

Dammit... Thank you for sharing this.

DaseinPickle , 25 days ago

Maybe he should focus on adding e2e encryption to the default chats and group chats instead of spreading FUD.

swooosh , 25 days ago (edited 24 days ago)

You can verify builds on android. That's just an iphone problem.

Use Grapheneos if you need good security and privacy

lemmyreader , 25 days ago

This comes a few days after Jack Dorsey confirmed that he had left the board of Bluesky and then starting to use Tw(X)tter and calling Tw(X)tter "freedom technology". Coincidence ?

homesweethomeMrL , 25 days ago

Why does it say Telegram, but it's about the Twitter/Bluesky guy?

Actually, nevermind. It's just confusing.

LiveLM , 24 days ago

?????
Is this guy stupid or what, current day Twitter could not be further than "Freedom technology".
You can barely even see Tweets while logged out for fucks sake

lemmyreader , 24 days ago

https://www.theguardian.com/technology/article/2024/may/07/jack-dorsey-quits-bluesky-board-urges-users-stay-elon-musk-x-twitter

Earlier on Saturday, he unfollowed all but three accounts on X: Edward Snowden, Stella Assange, the wife of the WikiLeaks founder Julian, and Musk.

“Don’t depend on corporations to grant you rights,” Dorsey tweeted. “Defend them yourself using freedom technology. (you’re on one).”

Despite his promotion of alternatives to the site he founded, Dorsey has publicly shared his admiration for Musk. In 2022, he called the multibillionaire the “singular solution I trust” for the future of Twitter, though a year later he criticised Musk for his “fairly reckless” moves after taking control of the site.

sneakyninjapants , 25 days ago

Telegram's server side software is closed source, owned and ran by them exclusively so they really have no room to talk. WhatsApp doesn't even have OSS clients so they're even worse in that regard

eager_eagle , 25 days ago (edited 24 days ago)

exactly, they (Telegram) don't need to put sketchy code in the clients when most messages are not E2E encrypted and they control the servers lol

rottingleaf , 23 days ago

Still the code in telegram desktop client may not be sketchy, but is ugly as fuck, so that too should be considered.

itsnotits , 24 days ago

and run* by them

jws_shadotak , 25 days ago

Why all the emojis? Why can't people just write an article?

clot27 OP , 25 days ago

he is maybe flexing the "custom emojis" feature of telegram, see original post

athairmor , 25 days ago

It’s like a memetic form of neoteny, “the retention of juvenile traits into adulthood.”

I’m waiting for the day when a politician responds to a motion on the floor with “bruh.”

snek_boi , 25 days ago

It seems like you’re passionate about emojis

eating3645 , 25 days ago

Lol telegram calling signal insecure is too funny.

rollerbang , 25 days ago

Isn't it that Telegram doesn't claim to be super secure, apart from possibly their encryption on mobile?

This doesn't prevent them from uncovering other possible plots in supposedly secure platforms.

possiblylinux127 , 24 days ago

True but in this case there credibility is low