this post was submitted on 08 May 2024
236 points (80.6% liked)
Privacy
31931 readers
1144 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Telegram: There are backdoors in Signal encryption!
Also Telegram: not encrypted
Telegram secret chats are e2e encrypted though
Secret chats only. With their own, in-house encryption, that, if I remember correctly, the apps don't use according to the specifications.
Maybe I'm mixing up mtproto 1 and 2 with that second part, though.
AND only available on mobile.
AND 1-on-1 chats only, no e2ee for group chats available at all.
I don't mind in-house encryption (the Signal protocol didn't just appear out of nowhere either), however the latter part is worrying.
In any case, I personally don't trust Signal or Telegram.
What do you trust? It seems like something like Molly is the best for compatibility and security.
Molly still depends on Signal's centralized servers.
Best solution I know of currently is SimpleX, though Veilid (and VeilidChat by extension) also seem promising, though it might take a while for those to be usable.
From a cryptographic and usability perspective Signal still has a few benefits. However Simplex is promising.
The best is to not trust the centralized server of either of these platforms. Set up your own XMPP server & gives these the boot.
No thanks. XMPP is old and dead
XMPP is battle-tested* and thriving*
I don’t think you know how many commercial use cases are relying on XMPP, nor how much the community has been working on updates. Older technologies tend to have maturity is spec but also in implementations where the servers are robust & already at the point of optimization over chasing features. We see this with how little specs it takes to run a server & have Conversation forks on Android have some of the best battery life & data plan usage in the chat space. The network is massively decentralized too… unlike Matrix where almost everyone is on Matrix.org or a server provided/hosted by Matrix.org giving them all the metadata.
Molly is just Signal with a different name and on more depositories
And no proprietary software or dependencies
The Signal servers it connects to run proprietary or unauditable software, no?
All server side software is proprietary as you don't control it. With that being said having a centralized design isn't great but Signal is well known and pretty well proven.
There are other messagers but don't though Signal out so quickly.
But extremely hard to use to the point that nobody uses them. I send a secret chat to someone and they write me back in the unencrypted chat.
It shouldn't be possible to send anything unencrypted
Tbf not all the chats being E2E encrypted is a UX compromise. It makes Telegram a lot nicer to use across devices and allows just accessing your messages from anywhere without needing your phone to be on. Plus no need to back up chats etc. because they're all just on the server. As opposed to secret chats, which of course are bound to one particular device and can only be accessed from there.
I'm all for E2E by default but I must say I actually like the idea of having a choice in this particular case.
There's no reason for secret chsts to not be stored on the server and to not be synced to all your devices. We've had double ratchet for a while. Telegram rolling their own crypto is dumb for many reasons
Correct me if I'm wrong, but even with double ratchet, retrieving and decrypting the message history is tricky / impossible, no? Afaik signal does allow you to receive new messages on multiple "linked devices", but a new linked device doesn't have access to any messaging history.
That behavior would be a major improvement to telegram
From a privacy POV, sure, not trying to argue that. Just saying that Telegram does have a bunch of features like that that wouldn't really work if all chats were always E2E encrypted, so there's a reason that it's opt-in. Whether it's a good one or not is up to you to decide for yourself.
Though I definitely think that Telegram could do a much better job explaining the trade-off, especially in a world where many major messengers are always e2e encrypted, and people somewhat expect it to be the default.
But for some reason they don't develop features for e2ee like the other chats. Perhaps it's just hard
It's encrypted though?
You are trusting their server security and them as a company, sure, but it is encrypted against the server for sure.
It's not as good as ir could be but that's no reason to spread misinformation.