Ignoring the context.

Don’t pirate over Telegram, it’s no longer safe in terms of privacy and legal safety.

  • @[email protected]
    link
    fedilink
    English
    922 months ago

    Meh, you never could trust them.

    Group chats were NEVER encrypted, so I’m surprised that people are just now figuring out that if it’s not encrypted = people can read it.

    If it wasn’t a 1:1 “secret chat” encrypted message, then congrats, you weren’t as opsec-y as you thought you were.

    • Luke
      link
      fedilink
      English
      462 months ago

      This kind of confusion illustrated by Telegram users is exactly why it was the right thing to do for privacy when Signal removed support for SMS because it’s not encrypted. People still whine endlessly about it, but most users are not very savvy, and they’ll assume “this app is secure” and gleefully send compromised SMS to each other. All the warnings and UI indicators that parts of the app were less secure (or not at all in the case of SMS) would be ignored by many users, resulting in an effectively more dangerous app. Signal was smart to remove those insecure features entirely.

      • @[email protected]
        link
        fedilink
        English
        142 months ago

        Yeah. You can’t offer a half-secure and half-private platform and expect your average person to be able to figure out which half is which, which leads to crazy misconceptions, misunderstandings, and ultimately just a bunch of wrong and misleading information being passed around.

        I’d argue, though, that Telegram probably did this on purpose, and profited GREATLY from being obtuse and misleading.

        • Venia Silente
          link
          fedilink
          English
          92 months ago

          Don’t Google hold the keys to the kingdom on that one? I see it as unlikely that Signal adds support.

          • @[email protected]
            link
            fedilink
            English
            32 months ago

            At the moment, essentially.

            The way Google got carrier buy-in for yet another messaging platform was to basically run it for them at no charge.

            The carriers COULD run their own RCS infra, but if you’re getting the milk for free, why buy the cow?

          • @RamblingPanda
            link
            English
            22 months ago

            I’m not sure, at least iMessage will add RCS. But this has the benefit to get the correct chat bubble color for Google. I’m not sure if there’ll be anything to gain for them to include Signal. Maybe the EU will force them.

            • Chewy
              link
              fedilink
              English
              12 months ago

              RCS isn’t E2E, and it doesn’t minimize metadata.

              Moxie Marlinspike has been strongly against federation in Signal because of how it makes avoiding metadata almost impossible.

              I’d say there’s basically zero chances Signal will add RCS.

              • @RamblingPanda
                link
                English
                52 months ago

                E2E is not in the standard, but the Google implementation uses it.

                Google added end-to-end encryption to their Messages app using the Signal Protocol as the default option for one-on-one RCS conversations starting in June 2021,[88] [89] (83] [90] In December 2022, end-to-end encryption was added to group chats in the Google Messages app for beta users and was made available to all users in August 2023.

                Source: https://en.wikipedia.org/wiki/Rich_Communication_Services

                • Chewy
                  link
                  fedilink
                  English
                  32 months ago

                  You’re right. I’ve read somewhere that Apple plans to work with GSMA to add encryption to the official RCS standard, so this major issue hopefully gets fixed at some point.

    • @[email protected]
      link
      fedilink
      English
      2
      edit-2
      2 months ago

      That’s why I stopped using it. They require a phone number, phone numbers require kyc with an ID around here, and there’s just too much illegal shit on there.

      It’s of course possible to get a more pseudonymous experience, but honestly, what they offer isn’t worth the hastle.

  • @[email protected]
    link
    fedilink
    English
    362 months ago

    Telegram never was private, group chats never were encrypted (and that’s not an opinion: the feature simply is missing). If anything, they are just removing their false and deceiving claims. That they remained there for so long is something I can’t wrap my head around.

    • adr1an
      link
      fedilink
      English
      72 months ago

      They were cutting files in smaller parts and spreading over multiple locations and countries. At least that was the claim in the early days, so anything illegal would require lawyers on many jurisdictions sending the same letter (e.g. DMCA takedown)

      Ironically, it did work but now that Durov is in jail channel admins would do good to take precautions.

  • @[email protected]
    link
    fedilink
    English
    322 months ago

    What kind of system that depends on centralized servers can ever be secure from government snooping?

    That kind of architecture is completely hopeless in that regard.

    Is a encrypted, distributed, P2P architecture realistic though?

    • Fonzie!
      link
      fedilink
      English
      132 months ago

      XMPP with the OMEMO extension is close, no? While Matrix isn’t distributed, it is decentralised like Lemmy and Mastodon, and E2EE by default. That could be the closest thing to what you mean?

      • Chewy
        link
        fedilink
        English
        42 months ago

        I’d argue XMPP is less ideal than Matrix because groups are located on a single server, which makes them easier to take down than Matrix’ replicated state.

        Running any P2P/decentralized protocol over I2P seems to be the best for privacy and censorship-resistance. I2P already works great for torrents, except for it’s speed and lack of users/seeders.

        @[email protected]

        The problem always comes down to usability and barrier to entry. Telegram is popular because it’s great to use, and doesn’t moderate much. More private services rarely (never?) reach the level of usability most people expect, often simply because of it’s architecture.

        • @[email protected]
          link
          fedilink
          English
          62 months ago

          I’d argue XMPP is less ideal than Matrix because groups are located on a single server, which makes them easier to take down than Matrix’ replicated state.

          That is true, but it’s never been a problem in my relatively long experience with XMPP: some server software can be used as a cluster and distributed, making it highly available (basically, the whole of WhatsApp runs on a fork of ejabberd), and the comparatively tiny resource usage of XMPP contributes to its stability.

          XMPP does have a spec for F-MUC (distributed rooms somewhat like Matrix, many years before Matrix) and my rationale as to why it never picked up despite a whole decade of “competition” from Matrix is that it’s a problem that just doesn’t need solving. The price to pay for it is hefty: Matrix resource usage (bandwidth, CPU, RAM) is insane, its protocol complexity makes it a single-vendor implementation (which is risky on very practical grounds), and it’s not even bulletproof for the niche use-case it set to tackle: in the end, your identity server on Matrix remains centralized.

          You can tell that I’m partial to XMPP, but that’s only after having been a service operator for years, with my original expectations largely favouring Matrix.

        • @[email protected]
          link
          fedilink
          English
          52 months ago

          I just signed up for Matrix because you mentioned it.

          I installed the Element front end, because that seems to be the most popular.

          It looks like IRC, which is fine if that’s all you need.

          It also appears that anything beyond text has to be hotlinked, which is understandable, given that the amount of data transmitted for redundancy between home servers is exponential with the number of home servers.

          Really very similar to Lemmy, where the identity of each group is tied to a particular server, e.g. lemmy has [email protected] but Matrix has #anime:matrix.org

          So what happens if matrix.org goes away or decides the server admin wants to be hostile to #anime?

          • Chewy
            link
            fedilink
            English
            3
            edit-2
            2 months ago

            Really very similar to Lemmy, where the identity of each group is tied to a particular server, e.g. lemmy has [email protected] but Matrix has #anime:matrix.org

            So what happens if matrix.org goes away or decides the server admin wants to be hostile to #anime?

            A matrix room can have multiple identities/adresses set by the room admin. E.g. the admin of !anime:matrix.org could add another adress for the same room on !anime:myanime.instance. Because the room is replicated on all other participating servers, this would let the room continue to exist on the network (besides all matrix.org users not being able to access it).

            Matrix does have a single “room id” per room, which looks like it gives the original creating home server more rights, which it does not. E.g. !ehXvUhWNASUkSLvAGP:matrix.org

            Any server admin does not have any more rights over a room than another server admin. They can ban the room for their local users, but this does not stop federation as a whole.

            [1] https://github.com/element-hq/element-meta/issues/419
            [2] https://app.element.io/#/room/#synapse:matrix.org/$htJmba92wLTP9AoFg4eEWi9IXpgwvXr6G9Sa-kBsNNs
            [3] https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#delete-room-api

            It also appears that anything beyond text has to be hotlinked […]

            Matrix allows for media to be hotlinked, but it can also be replicated across servers.

            I.e. if I send an image in a room and look at the source (available on many web clients), the image url looks like the following "url": "mxc://matrix.org/qGgUKuZuHcRsWAhSfqKnmtiX". The actual image (and preview) then gets fetched by your server from my server [4], and then gets send to your client.

            It’s important to note that a server isn’t required to download all media. If a user does not read a room, it might not download the media from another server, until the user actually wants to view it (or rather that part of the room history). Or a server admin might clean up the media store to free up space.

            [4] https://matrix.org/docs/spec-guides/authed-media-servers/

            @[email protected]

          • SK
            link
            fedilink
            12 months ago

            thats a possibility, that is why either you sign up with a provider you trust or run your own server. that is the appeal of distributed network.

          • JackbyDev
            link
            fedilink
            English
            12 months ago

            Really very similar to Lemmy, where the identity of each group is tied to a particular server, e.g. lemmy has [email protected] but Matrix has #anime:matrix.org

            So what happens if matrix.org goes away or decides the server admin wants to be hostile to #anime?

            Same thing that happens when a Lemmy instance goes away, right?

    • @[email protected]
      link
      fedilink
      English
      12 months ago

      What kind of system that depends on centralized servers can ever be secure from government snooping?

      With properly implemented E2EE it can be less of a problem because at least the message content isn’t readable to them. Metadata though

  • @[email protected]
    link
    fedilink
    English
    242 months ago

    Telegram was never safe. All anyone ever had was their word that some chats are end-to-end encrypted.

      • @[email protected]
        link
        fedilink
        English
        12 months ago

        I wonder how many terrorist (and “terrorist”) plots that were foiled were from compromised telegram messages. How many Ukrainian airstrikes were called from similar sources. My gut says a whole lot more than people think. Since nothing is encrypted, one backdoor is all the NSA needs to read everyone’s group messages. Like the much lamer version of Crypto AG, because in this case it’s an open secret.

  • @[email protected]
    link
    fedilink
    English
    132 months ago

    They could turn on end to end encryption and the fact that they aren’t doing that is telling imo.

  • JokeDeity
    link
    fedilink
    English
    122 months ago

    Every time something like this gets posted a bunch of snobby elitist types come out to point and laugh and talk about how obvious it is that the thing wasn’t safe. Well what is? What’s the special secret you’re keeping from everyone else? If you don’t have one to share, STFU with the smarmy attitudes.

    • foremanguy
      link
      fedilink
      English
      2
      edit-2
      2 months ago

      The best way would be using SimpleX do doing such stuff

  • Communist
    link
    fedilink
    English
    32 months ago

    Signal is not better than matrix in any way… or xmpp

      • @[email protected]
        link
        fedilink
        English
        42 months ago

        Have you seen an XMPP setup these days that doesn’t have installed all the extra stuff to allow encryption, voice and a lot of other bells and whistles?

      • Communist
        link
        fedilink
        English
        12 months ago

        I had no idea XMPP wasn’t encrypted, JFC that’s garbage

    • JackbyDev
      link
      fedilink
      English
      3
      edit-2
      2 months ago

      Why do you say Signal is no better?

      Edit: misread as comparing to telegram, not matrix.

      • Communist
        link
        fedilink
        English
        12 months ago

        Signal being centralized just ruins it compared to matrix.