this post was submitted on 25 Aug 2024
78 points (100.0% liked)
Technology
37719 readers
320 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Because it's a bad messenger which rolled their own encryption (a thing that should bever be done) and yet it's still only in one-one chats in very few contexts.
They have lied constantly about various things including never having ads etc, they just silently updated that they would and expected people to be fine with it.
Sure, piracy is okay, but there's lots of other bad things that go on it which is immoral and unethical and they don't care enough to do anything about it.
In short: It is not at all a private messenger and lacks any type of good moderation.
Instead, we have SimpleX, Matrix, XMPP, Briar and Signal. They're ultimately better than Telegram.
The main reason many sub-communities are stuck on Telegram (and Discord) are the public group chat/broadcast channel related features. Signal still has a 1000 member group size limit, which is more than enough for a "group DM" but mostly useless for groups with publicly posted invite links. Those same groups would also much rather have functional scrollback/search on join instead of encryption.
And that's fine and good, if you want that, I've no problem with people getting their needs met.
I just wish they wouldn't call it secure or private or think there will be no consequences for using it, there absolutely could be because there is no encryption in groups and bad encryption in one-to-one contexts.
Apart from the lack of moderation and refusal to comply with police etc from a distance, there isn't much keeping those who use it safe from arrest, discrimination etc.
SimpleX is not as good as other offerings yet, it is very lacking in features and frustrating to use for the few it does have.
Matrix has bad encryption: https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
XMPP also has not very useful encryption (though not bad imo, it's just not user friendly nor on all the time or in every client): https://soatok.blog/2024/08/04/against-xmppomemo/
Briar isn't there yet on every device, it doesn't have feature parity on all devices/OSs and can't be used on all devices/OS.
Signal is the only one really worth considering at the moment in my opinion for most users, good features, and for actually proven encryption.
I actually think that too. People just think that providing their phone numbers makes them less private when privacy does not mean anonymity.
Yeah. Phone numbers are less of an issue now what with usernames and with certain options chosen no one can find you by phone number on Signal.
I do agree with them to some degree that tying accounts to phone numbers should be removed or at least optional, but it's less of an issue now.
I think a lot of people make the mistake of thinking privacy means "the maxmimum amount of privacy at all times" and whilst that's understandable it's not a thing that is likely in this current world nor does everyone need it, which is why people can and should be doing accurate threat modelling for themselves, which most don't.
Yeah, people just think that providing their phone numbers makes local police able to easily find them and insert soldering iron into their rectum when privacy does not mean that that police will not easily find you for what you said on the internets. Wait, what?
Okay, I'll bite. But considering Signal has no data and very little metadata to give people, what exactly is the problem? What evidence would they have to arrest people on?
Especially now that people don't have to share phone numbers to add a contact and can stop others from finding them via numbers.
Message in big group chat and phone number. Message can for example say that war is bad, and as result you will be charhed with "discreditation of army".
Phone number that tied to your passport. Yep, not sharing phone number to add a contact will magically help here.
That's fair, one reason I stay out of big groups, though you can set it not to be displayed to anyone, so I'm not fully grasping your argument.
What do you mean by passport? It will a bit, if someone doesn't know the phone number of an account that sent a message.
Is it something new? I don't remember it being a thing.
In certain countries(Russia) you need passport to buy SIM card. So phone number is tied to person.
Fairly new, yeah.
Oh, right, yeah, that's bad.
Signal is bad then?
So in which direction you want it go? More private or more moderated?
Did Signal roll their own encryption? I am unaware of this if so. Even if it is the case, it has been audited heavily, something which telegram have repeatedly either failed to do or moved the goalposts every time it has been audited. Telegram is not a secure messenger.
I think I was explaining why people could see it as bad, not that I particularly want more global moderation. Having said that, there should probably be a way to throw off people, on any platform, who actually do material harm to other individuals, such as distributing CSAM.
Yes. Even entire new algoritgm - Double Ratchet.
Okay, interesting. I still think my points about it stand though.
Yeah. Why use X3DH when there are algorithms that already exist and we know are secure?
Privacy is good, but when the public chatrooms are distributing child porn, you can't use encryption as an excuse not moderating. Failure to moderate illegal content is a crime.
Let the pedos run their own Matrix server or something. You can't be knowingly providing comms and distribution to child pornographers.
Are you saying Signal uses bad encryption? I genuinely am not sure if this is sarcasm or genuine.
But where do you draw the line between catching these people and not invading the privacy of every single user of the software? Because so far no one has found a solution despite a decade or more of attempts.