It was a many months transition, and it’s finally done
Fun thing, you can actually make a backup of all* your messages, groups, contacts, etc. So before leaving you can have all of your data in case you need that one contact or something
The final red flag was as that allegedly Russian authorities were messing with people’s deleted messages. Not for the first time there are news that they could read, modify, delete, see location, and etc. Screw it, this is unsafe, I’m out.
Also, these days telegram is really at the state of a pile of garbage, bloated, buggy, and shady messenger.
where did you moved to? i tried matrix but their android client (element) is terrible compare to telegram’s.
Try schildichat it seems more polished
Schildi is planning to be based on Element X later.
Try checking out Element X. It’s made to replace Element stable once it’s complete.
Deleted the app and account recently as well. I’m hoping that having the account deleted means that people don’t try to use it to message me there.
People who had you listed will just see “Deleted Account” instead of your name, and a little ghost as your avatar.
They will still see your chat history though.
The final red flag was as that allegedly Russian authorities were messing with people’s deleted messages.
I don’t know about “Russian authorities”, but the fact remains that if you can login anywhere and see your messages, then your public key is stored in the server.
Since Telegram requires authorization from an extant connection, I don’t know if that means your public key isn’t stored on the servers and it’s being sent from the authorizing device, or if that device is merely authorizing the Telegram servers to transmit that key to the new device.
Since they have a full e2e chat feature (Private Chats), I’m going to assume the latter.
So anyone who can get those keys can gain access to your chats.
I still say Telegram is far superior to anything from Fuckbook/Meta, because it’s not integrated into everying you do (even those of us who’ve never once been on Facebook, and yet have ghost profiles), not to mention the Facebook app integrated into Android on many vendor phones.
Even so, know Telegram for what it is - not ideal, just better than WhatsApp, and a step along the path to moving to more secure and privacy-respecting apps.l
Comparing telegram to WhatsApp is something really 2015 😅
Now we have many alternatives, and let’s just switch, fb and telegram both suck compared to signal, simplex, session, or even matrix (wait for the new matrix’ update where they add some new encryption stuff)
i use telegram, but i agree that signal and matrix is superior from both(i don’t about the others)
Session was at first a fork of Signal without usernames.
Now by design it uses their own custom tor-like service (instead of just… using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.
Regarding Australia’s 2018 bill…
The Australian Parliament passed a contentious encryption bill on Thursday to require technology companies to provide law enforcement and security agencies with access to encrypted communications. Privacy advocates, technology companies and other businesses had strongly opposed the bill, but Prime Minister Scott Morrison’s government said it was needed to thwart criminals and terrorists who use encrypted messaging programs to communicate.
Regarding the ‘vulnerability or cracking them later’ bit…
Messages that are sent to you are actually sent to your swarm. The messages are temporarily stored on multiple Service Nodes within the swarm to provide redundancy. Once your device picks up the messages from the swarm, they are automatically deleted from the Service Nodes that were temporarily storing them.
From Session’s own FAQ:
Session clients do not act as nodes on the network, and do not relay or store messages for the network. Session’s network architecture is closer to a client-server model, where the Session application acts as the client and the Service Node swarm acts as the server. Session’s client-server architecture allows for easier asynchronous messaging (messaging when one party is offline) and onion routing-based IP address obfuscation, relative to peer-to-peer network architectures.
I wouldn’t touch it with a 12ft ladder.
Between forking Signal to make their desktop and mobile clients, and forking Monero to make their cryptocurrency… I’m surprised they came up with Lokinet.
Edit: I’m pretty Session doesn’t even use Lokinet. So much for the claimed resiliency from “hackers”
Session does use the Oxen network which is the renamed Lokinet, unless they made a change I’m wholly unaware of.
I must have been thinking of their past implementations. Their FAQ says things were different:
Proxy routing was an interim routing solution which Session used at launch while we worked to implement onion requests. When proxy routing was in use, instead of connecting directly to an Oxen Service Node to send or receive messages, Session clients connected to a service node which then connects to a second service node on behalf of the Session client… The proxy routing system has now been replaced by onion requests.
It was even less clear to me because this is what it says in the app itself:
Session hides your IP by bouncing your messages through several Service Nodes in Session’s decentralized network.
Not “the Oxen network” but “Session’s network.”
And then it has a graph of
• You
• Entry Node
• Service Node
• Service Node
• Destination
You’re not wrong. Lokinet and Session are both products from the same parent company. Lokinet was renamed to the Oxen protocol, and they run all the servers AFAIK, so it would be like tor, if tor ran every guard, entry, and exit node. AKA worthless. So you’re spot on, it’s a joy to the intelligence community and after the Encrochat debacle and Session stopped using Signal’s encryption algorithms and code, I would suggest no one use it for anything sensitive.
then your public key is stored in the server
Did you mean private key?
I automatically read it as private key, good catch
Back to Facebook messenger?
The only private one
Me here waiting for the autys to miss the sarcasm and spread some weaponized autism about the most secure ways to chat… Just no EncroChat or Session, please.
Session is better than Facebook by a long shot. The issues many people have with it seem pretty minor compared to me. At least compared to Signal.
At least compared to Signal
Please enlighten me
what’s wrong with session?
Good for you. I’m still don’t know how to move my friends and relatives to Signal. Any tips with that?
One day I said that in the future I will only be available via Signal. If not there then there is still SMS. And so far everyone I have contact with regularly installed it eventually.
That’s exactly right.
Install a family XMPP server like Snikket or otherwise. Show them the benchmarks of how little battery & data plan drain is used from Conversations forks. Explain how bloated Electron apps are & how you don’t wish that on your loved ones vs. Dino, Gajim, or a TUI client. Sidecar a Movim server so y’all can share long-lived, non-ephemeral posts instead of losing memories like photos in some long group thread. Let them know their data is safe with you as the operator instead of some massive for-profit corporation—and if they don’t trust you, they are empowered to start their own server to interop.
(This tactic has yet to work for me, but I will keep running into that wall til it breaks 😃)
Easy! Just replace their usual SMS app with Signal, and then every contact they have that does use Signal is private and secure!
Oh. Wait. That’s exactly the functionality that Signal removed in their effort to ensure that Signal is never widely adopted…
I didn’t agree with their decision at all at the time, but now that I realize they made it a little while after it gained widespread adoption and people stopped using it because “Signal isn’t actually secure!” … seems like people were expecting a secure messenger to be, well, secure. So they would chat about anything and everything thinking “I am using a secure messenger, these messages can’t be read…” and tech ignorance is a dangerous thing if you’re trying to be secure. I would’ve preferred a colored window and un-closable message for SMS chats, but oh well. I like that they’ve introduced usernames so you don’t have to give out your real number.
Do what I did. Let everyone you care about on TG that you’re closing that crap, with your reasons for doing so. Inform them of your moving to signal, session, whatever. Be clear that, otherwise, they can try calling you and wish them good luck. Close TG on the day you set as deadline. I did that and whomever didn’t get a Signal or Session account has to call me. I’ve never looked back.
Like that, also, a few months prior to the deletion turn off the notifications, and come there every few days, so people need to wait for your reply for days, and when you come you say “oh, I’m not using tg, I switched to signal/session/simplex/bird mail”
These are allngreat suggestions. Another huge advantage is that this help detoxify from the constant pinging with others.
My family is all on iMessage. I told them if they didn’t install Signal I wouldn’t reply to their texts.
At first, whenever they texted I would just reply with something that looked automated like “This user is no longer available via text message. Please install Signal if you wish to communicate.”
That’s freaking epic. Love it.
I did something similar and just sent a link to Signal when IPhone friends and family SMS’d me, worked…eventually :) (am on Android)
Keep bugging them. I almost exclusively use signal for messaging these days and it’s fantastic. It took longer to convince some people than others
I never got with these russian authority claims. Telegram is not based in russia, sure its founders are born in russia but they have taken citizenship of France for a long time now, its based in saudi arabia. I never saw a single proof of them giving data to russian authorities, they were banned in russia for that iirc but eventually got unbanned due to mass adoption. At this point these russian claims just seem racism to me.
- I never said that telegram collaborates with Russia (I don’t know if they really do, but tg is pretty insecure, and Russian govt is happy to crack it)
- They were banned in Russia until they realized why would they ban it if they can read it (unbanning of something in Russia is another sign of something shady going on)
- I’m Russian myself, so your gaslighting won’t work, also are you Russian or Slavic too? 🤣
- Show me the proof, don’t talk on hunches
- They really didn’t care, they are banned in Iran too which is their 3rd biggest market. They got unbanned because Russia failed to unban it, there are no cases known yet in which telegram handed over users data to Russian authorities https://www.reuters.com/article/idUSKBN23P2DY/
- I am not Russian
It’s the usual foreign fearmongering. It’s never phrased this way if the subject is a western company (even though we know they cooperate with the US government).
Specially since we know for a fact that Meta hands over any and all information the US government wants from all their apps.
I’m glad I never used it
What happened with Telegram? I’m unfamiliar with those particular rumors.
… But also definitely not a fan of it in general. Their app has had terrible encryption (when it’s even used) for a long time.
There have been rumors from its start. I have no idea of their validity. Like anything, it’s hard to find the truth.
As for its encryption, while I dislike it’s not open source, and it’s deserving of some criticism, there have been no reported cracks of it that I’m aware.
That said, it seems to store your public key on the server (though I’m not sure of this), which is not ideal, for sure.
The “no reported cracks” thing is a red herring. You can make an intentionally broken cryptography system and claim it’s unbroken too.
And even if it was sound, it doesn’t really matter because the messages are decrypted by the server for all desktop and group chats, and probably most one-on-one chats too.
There has been multiple breaks, like the good old 2^64 bruteforce attack when they used too short session identifiers, malleability issues that could let the server/hackers change your messages, reordering attacks, etc.
What the issue with them storing the public key?
Aside from not storing anything you don’t absolutely need to store, there shouldn’t be an issue there.
Typo
You forget to mention they gave informations to german police, seems like they forget the point of the app
The final red flag was as that allegedly Russian authorities were messing with people’s deleted messages
I’m gonna need a source on that, since the creator himself was persecuted and telegram had layers of fake companies to stop Putin from getting to it.
Here’s what I found:
Over the past year, numerous dissidents across Russia have found their Telegram accounts seemingly monitored or compromised. Hundreds have had their Telegram activity wielded against them in criminal cases. Perhaps most disturbingly, some activists have found their “secret chats”—Telegram’s purportedly ironclad, end-to-end encrypted feature—behaving strangely, in ways that suggest an unwelcome third party might be eavesdropping. These cases have set off a swirl of conspiracy theories, paranoia, and speculation among dissidents, whose trust in Telegram has plummeted. In many cases, it’s impossible to tell what’s really happening to people’s accounts—whether spyware or Kremlin informants have been used to break in, through no particular fault of the company; whether Telegram really is cooperating with Moscow; or whether it’s such an inherently unsafe platform that the latter is merely what appears to be going on. … Elies Campo, who says he directed Telegram’s growth, business, and partnerships for several years, confirmed this general characterization to WIRED, as did a former Telegram developer. In other words, Telegram has the capacity to share nearly any confidential information a government requests. Users just have to trust that it won’t.
https://www.wired.com/story/the-kremlin-has-entered-the-chat/
I have been living under a rock, what happened to Telegram?
It is not considered a good alternative as a messaging app for privacy folks and because the source code is not open, it is not E2E encrypted by default (you need to start a secret chat or something to make your conversation encrypted) if I remember correctly.
You remember incorrect. All Clients are open source:
Telegram apps are open source and support reproducible builds. Anyone can independently verify that Telegram apps you download from App Store or Google Play were built using the exact same code that we publish
In Fdroid there are also forks. But yes, their servers are closed source and centralized.
Still its not recommended. It requires Phone number and as you said its E2ee is not on by default and is not soooo good.
Russian authorities usually just hijack login sms confirmation codes. This is a common practice in Russia. Not denying that something else shady might be going on, but I do know mobile providers there don’t even bother to ask why - they just provide shit on demand.
Gonna have to disagree. Telegram is the ONLY chat app with ACTUALLY NATIVE code clients on desktop and mobile. Its the only one that isn’t website in a box trash that’s slow heavy and buggy. I use discord mostly because it’s where everyone is but i fucking hate everything about it and wish people would use telegram.
If you think other chat apps don’t read/process metadata from your dms and such your an idiot. Nothing is safe short of self hosted matrix with full E2E encryption or similar and ain’t nobody doing that.
At least Matrix lets you encrypt data. Telegram is hostile to that.
And no, taking your most personal data in a decrypted state for no good reason and promising to keep it encrypted is not the same thing. If anything, it’s worse
Nothing is safe short of self hosted matrix with full E2E encryption or similar and ain’t nobody doing that.
Well, I’m doing that. But I’m nobody, so I guess your point still stands 😅
But also, I don’t judge the chats mainly by their client, but the protocol. Telegram is not open and so can’t be audited properly, that’s my concern.
Afaik the protocol is documented[1] and the clients are open source[2].
No code available for the backend though.
Is it even possible to get a telegram account these days? I heard their SMS service was down or something making it impossible to sign up and they don’t support email.
Stop it with the creative commons link in your comments.
Also, there is nothing wrong with Telegram logins or new accounts.
Stop it with the creative commons link in your comments.
No.
Also, there is nothing wrong with Telegram logins or new accounts.
Just gave it a shot. Doesn’t work.
I get notifications of new contacts that join Telegram so it does. I don’t need to try it myself.
And I don’t understand your cc link and your down votes speak for themselves so stop the silliness.
And I don’t understand your cc link and your down votes speak for themselves so stop the silliness.
Do you fear what you don’t understand? “I don’t understand it, so stop”.
And I don’t care about downvotes. Go on, downvote. It has no real life effect.
Your link also has no real life effect.
A lot of speculation that does end with this in the article:
"After discussing her case with experts, Matsapulina now believes her Telegram messages may have been compromised by a form of spyware. When she was told that a hacking device would need to be physically nearby to infiltrate her phone, a memory resurfaced: At times before her arrest, she had noticed an unmarked truck with a dome on its roof parked outside her building. She had even jokingly mentioned it to friends on Telegram. Now, she remembered, as the police were banging on her door that morning, she’d spotted the same mystery vehicle parked outside. By the time the police stormed her home, the vehicle was gone.
Matsapulina has since started using Telegram again."
Most messaging apps are vulnerable on the client side with spyware, no matter what E2EE exists along the way.
