• gedaliyah@lemmy.world
    link
    fedilink
    English
    arrow-up
    117
    ·
    2 months ago

    Wait, the centralized service that security experts warned for years could be easily compromised because a centralized messaging service is inherently insecure has now been compromised? Surprised Pikachu face

    • MehBlah@lemmy.world
      link
      fedilink
      English
      arrow-up
      49
      ·
      edit-2
      2 months ago

      Owned by a fake rebel russian who has somehow managed to keep from falling out of a window on a high floor. Cough, cough plant.

    • Star@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      12
      ·
      2 months ago

      Not to discredit your arguement but isn’t Signal also centralised?

      • lemmylommy@lemmy.world
        link
        fedilink
        English
        arrow-up
        21
        ·
        2 months ago

        It is. But it is open source and the encryption is solid. All communication data is end-to-end encrypted. They have been subpoenaed before and all they could provide was when the account was first registered and when it was last used. The signal protocol is well documented and open source. The foundation and LLC behind it are registered in California and are run by reputable people.

        Telegram is run by shady people, supposedly out of Dubai, while it is registered in the British Virgin Islands. Its clients are also open source, however the encryption, if enabled, is of the home cooked variety, although it was improved over time. Unfortunately it is not enabled by default, you need to enter a „secure chat“ for that, which only works with single contacts, not with groups. Despite having access to everything else, and working like a social media-messenger-hybrid, telegram is very reluctant to get rid of clearly illegal content.

      • gedaliyah@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        ·
        2 months ago

        The data is not centralized in the same way, making it slightly better, but yeah. A lot of the same pitfalls of centralization happen there. The whole system doesn’t operate without the corporate servers in the middle, even though they don’t see or store the data. They have total access to Metadata. The organization could be sold for profit, shut down, change terms, etc.

        If security is important, you’re better off with something decentralized like matrix. I’m not an expert, so hopefully, a lot of people here who are smarter than me will fact check these statements, but at least those are my impressions.

      • MiltownClowns@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        2 months ago

        It is, which is why the comment didn’t advocate for it. Signal has more robust encryption than telegram, but its not zero-trust. They should really be using private hosted services instead of public or pgp, but when battle kicks off you use whatever works and then go back and revise as needed when you’re not dodging bombs.

  • 0laura@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    14
    ·
    2 months ago

    telegram chats are also not end to end encrypted to my knowledge, only the secret chats which have some limitations afaik. and group chats also aren’t encrypted. unless that changed recently. id even trust Whatsapp more than telegram, at least they say they’re end to end encrypted.

  • triptrapper@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    2 months ago

    I know nothing about cyber security, but it’s funny to me that depending on the time of day these comment sections either mostly criticize Telegram or mostly support it. I have no idea what to believe or whether it’s safe for me to use Telegram.

      • mitram2@lemmy.pt
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 months ago

        Honestly curious, what was missing on Signal and what was complicated? I can’t even remember the sign up process and never felt I was missing out on features, at least not on features available elsewhere

          • mitram2@lemmy.pt
            link
            fedilink
            English
            arrow-up
            3
            ·
            2 months ago

            Oh, I never knew Signal had such humble beginnings. I think you would be very surprised if you ever give it another shot. It’s pretty much “install an app and talk” (with the pretty stuff!]). Never heard of SimpleX, might give it a look someday. Thank you!

  • Korkki@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    2 months ago

    I would never risk any third party messaging service in military or critical state matters. It’s just common sense, even for a layman. Everything is compromised, Telegram is, Whatsapp is, Signal is, all of them are.

      • TheTechnician27@lemmy.world
        link
        fedilink
        English
        arrow-up
        18
        ·
        edit-2
        2 months ago

        It’s not, unless they’re some sort of cryptography expert with a peer-reviewed white paper pending publication. The Signal protocol (GPLv3) is extremely robust and has almost no capacity for metadata generation, and both the app and server-side code are under the AGPLv3 (technically if they were compromised they could use different, unaudited server-side code, but refer back to “basically no metadata”). Signal has essentially no capacity to be compromised; they can’t even bait and switch users with a pre-compiled app whose source code isn’t the publicly available one and actually has a backdoor because their builds are reproducible and it would be caught immediately.

        Maybe they take issue with the crypto bullshit, which is valid but doesn’t compromise messaging security. Maybe they don’t like that they took away SMS, which I completely agree with, but also actually makes it marginally more secure. Either way, I seriously doubt if they had any mathematical insight into Signal being “compromised” that they would be here hanging around on Lemmy right now.

        • Kwozyman@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          2 months ago

          Be that as it may, it’s still an incredibly short sighted decision to use a centralized service that is under 3rd party control for real security sensitive applications.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            7
            ·
            2 months ago

            Yeah, that does bother me. But it’s also a lot easier to build a centralized service like that than to get people on a decentralized one.

            If you really want something private and are willing to jump through a few hoops, Simplex exists. But most people aren’t willing to jump through a few hoops, and even Signal (a pretty low bar) is a hard enough sell as it is. And that’s why I use Signal, because it’s my best chance to get people onto something better. In other words, don’t let perfect be the enemy of better.

  • Wilshire@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 months ago

    I presume this will have zero effect, especially since it includes this huge exemption.

    Those who use Telegram “part of their job duties” will not be affected by the move.

    • andrew_bidlaw@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 months ago

      SMMs for officials, volunteers and military would keep posting, right. It’s inside communications that are a concern. And as some ukrainians wrote, in some places it was an obvious rule from the very start.