Lots of people are looking for secure chat platforms and stuff like that. So I thought I'd create a poster.

I excluded Telegram because it's pretty much like WhatsApp. And this iddqd.press/2019/12/11/telegra

I would've included Signal, but I'm being skeptical here and Signal looks a bit suspicious since it requires your phone number etc.

What are your thoughts on this?




@darksky good call on Telegram. It's actually worse than WhatsApp, WhatsApp is end-to-end encrypted by default, Telegram is not, but the way they portray themselves makes users think it is. Also, no way to end-to-end encrypt groups.

Not sure about Session here. They have a cryptocurrency token tie-in that somehow is supposed to make the network "safer" (than Tor), but some small amount of mined tokens is hard-coded to always go to the organization behind Session:
mastodon.social/@rysiek/106542

🤔

@rysiek @darksky The Telegram is a honeypot link is flat out dumb.

1. Telegram is very open that they are not end-to-end encrypted by default and never portray themselves as anything else. Secret chats are e2e and nothing more.
1. Cloud chats are encrypted in transit and in storage. Encryption keys are broken up into pieces and stored in various jurisdictions, making it virtually impossible to legally force giving up data to governments.
1. Whatsapp is never secure. As there have been countless exploits in it where you can gain full access to the remote device. No such exploit, or really any, has ever existed in Telegram.
1. TG accepts 3rd party clients to it's open API.
1. TG let's you validate that the mobile client you install on your phone is the same as the source code published in their public repos
1. The backend is closed source but I always thought that was a dumb thing to mention because you have no idea what's actually running on the servers in the end.
1. Signal has suspect funding (read Surveillance Valley)
1. Signal does not allow 3rd party clients to use it's open API (suspect!) and also no way to verify your clients
1. Afaik, no government has ever been successful in forcing TG to give up any data.
1. There is a still unclaimed 6 figure bounty for anyone that can break their encryption (for years now)
1. Finally (I could go all day) I think they are the most open about whatever is going on. That comes off as genuine to me.

Yes, obviously I do like to use Telegram but I wouldn't use it, or any similar service, to send anything that was truly sensitive. Also, does appear to collect more metadata than I'd like but it's still fairly minimal.

Just my $0.02

Follow

@petersanchez @rysiek

I can agree with some points that you made.

But what about Telegram handing out the data to Germany authorities?

@darksky @rysiek They're very open about cases of terror being specific to work with authorities.

I can see how that can be abused by governments though.

Sign in to participate in the conversation
Linux.Pizza

A instance dedicated - but not limited - to people with an interest in the GNU+Linux ecosystem and/or general tech. Sysadmins to enthusiasts, creators to movielovers - Welcome!