Why Telegram is insecure? https://gitlab.com/edu4rdshl/blog/blob/master/why-telegram-is-insecure.md #privacy #telegram
Delighted to see this in one place. Laughing at the recommendation of Threema at the end though, isn't that a proprietary, closed-source app?
@paulfree14 @x0rz In terms of raw security, Signal's protocol is best but they do have the ability to add devices to an account, Australian-spy-style. But it will at least warn other users about "safety number changed". I overall recommend Signal, even though it's centralised and doesn't federate. XMPP's protocols look strong if used correctly.. but "used correctly" is always the failure point. So I'd never recommend to my tech-fail family.
@paulfree14 @x0rz Briar is fairly new on the scene, so I'll remain cautious for a while. And, it's hard to model threats in P2P, there is usually a trade-off. Take Fediverse as an example: despite being free of overt, "legal" surveillance capitalism, the Fediverse generally is easier to crawl and monitor than, say, Twitter or Facebook. So illegal or covert surveillance is substantially easier here.
@x0rz Threema is proprietary software and shouldn't be trusted as well.
@x0rz all those things don't make Telegram "insecure" though
Some out of date data, and many debatable arguments (like i.e. those about contact sharing and link preview)... But an eventually interesting reflexion
Very interesting article. Wouldn't Signal have the same vulnerability to somebody spoofing your SMS?
@x0rz What do you think of Wire?
@x0rz The arguments aren't wrong, but I disagree with the conclusion.
Some of the things are unnecessary (Phone number link), others (cloud storage, contact "theft") are integral to a good messaging experience.
I'm a proud Telegram user. While I'm also starting to explore alternatives again, I'd much rather have everyone use it than WhatsApp.
Imo it's by far the best compromise for now that's ready for the masses.
@coda Good question. Hearing of it for the first time here. Thx!
@coda There's no iOS client, and it's based on Java. That's already two hard criteria not to use it. And “based on XMPP”… means, it's probably somewhat similar to XMPP, but not really, so it's not compatible with XMPP (which most people already don't know what it is). Wording on encryption is super vague. (“… *can* be secure”… (emphasis mine))
I can really understand why nobody would care to even consider it.
@MacLemon @coda AFAIK it *is* compatible with the XMPP network, meaning you can be reached by XMPP and contact anybody on any reachable XMPP server.
That's cool if some of your contacts don't like to provide their phone-number, but you and the majority of your friends want to use something like Signal, Telegram or (shudder) WhatsApp where everybody is identified by his/her phone-number.
@coda @x0rz @switchingsocial My two cents:
When I worked in marketing, the 3 big reasons people didn't use a product were 1) just plain had never heard of it, 2) there was a value-perception issue or 3) there was a technical hurdle that made adoption an issue.
#1 is most-quickly solved by $ (ads) and most-economically solved by human effort (manual promotions). #2 is solved by identifying and resolving the end-user doubts or mistrust. #3 is the tech version of #2's emotional issue, and resolves when the tech issue is fixed.
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!