A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 3.12K Posts
- 78K Comments
- Modlog
Telegram is good for citizen journalism (like what’s going on on the ground in Gaza and Ukraine), funny videos and memes, tech support, and casual conversation. Never privacy though.
What should be alarming is what thus means for other services. Can you get arrested for running a Matrix server in France? It seems like this is very slippery
I personally don’t like Telegram as it is centralized, not private and is to close to the Russian government. However, it should be allowed to exist.
If you own a house, can see crime is being committed there and take no action to stop it you are a criminal and should be arrested. If you own a farm, can see crime is being committed there and take no action to stop it you are a criminal and should be arrested. If you own a school, can see crime is being committed there and take no action to stop it you are a criminal and should be arrested. If you own an office building, can see crime is being committed there and take no action to stop it you are a criminal and should be arrested. If you own an internet service provider (ISP), can see see crime is being committed there and take no action to stop it you are a criminal and should be arrested. If you own any land, can see crime is being committed there and take no action to stop it you are a criminal and should be arrested. If you own a public forum, can see crime is being committed there and take no action to stop it you are a criminal and should be arrested. If you own a public messenger (because Telegram is very much not private or encrypted) can see crime is being committed there and take no action to stop it you are a criminal and should be arrested.
I don’t see this as a slippery slope.
What with public land? Do politicians need to be arrested?
yeah that doesn’t make sense, I meant private forum, public forums belong to the “public” thus nobody can be held accountable.
The fact that governments want to shut down Telegram and arrest its founder shows that Telegram is pretty good for privacy.
I wouldn’t go that far
Why not both? Telegram is bad for privacy, and governments still want to arrest the founders of systems they cannot control?
Because we jumped to the conclusion that he is being arrested for providing privacy, and thus our internal biases make it difficult for us to quit that idea. Much easier to force the facts to fit the conclusion than it is to reevaluate the conclusion.
And definitely much better than discord, contrary to what some say
I’m pretty sure no one actually says that
Why not? Unlike whatsapp and signal, telegram private chats are not synchronized. So if you lost your phone and started a new one, the chats will not magically recover as in whatsapp. Because recover is unsecure. So the telegram is quite private.
or do you mean that encryption is not enabled by default in every chat? This is not an indicator of the messenger’s privacy.
Although Tox takes them all by the head, of course.
There are way better options. Use Signal, Simplex Chat or even Matrix
Signal not good enough after check protocol.
Matrix is overkill. But I was hosted it some time ago.
So, I will check Simplex Chat. Thanks.
That’s not true. Signal stores all messages on device.
Encryption on Telegram only works in 1 on 1 chats and is turned off by default meaning no one use it.
It also only works in the mobile clients
Ok. Signal win one point.
so, I use the telegram crypto chat to get a credit card pin from my bank. do you want to do this with signal? =)
and in turn, this means that the FSB log collector is not connected in the third place. =)
P.S. Do you understand the absurdity of the situation? telegram is not safe enough, but for some reason it is preferred by drug dealers. The lives of these people literally depend on the messenger. and the European Union was so unable to cope with this that it arrested the developer for complicity.
Most people are technically illiterate. On top of that, most criminals are idiots (otherwise they’d have calculated risk/reward ratio rather than only looking at the reward side of things). The reason it is used by drug dealers is (1) Telegram is convenient, (2) Telegram is not moderated so they accumulate there due to “moderation selection”, (3) Law enforcement didn’t care enough to do anything about that. Now that (3) has changed and (2) is on shaky grounds, I expect a lot of them will move elsewhere.
Definitely I would do so in Signal and never Telegram. What a question
OK. Thanks for answer.
Chats are only synchronized in Signal on actively linked devices. If you link a new device, your chat history will be completely blank at first.
and this does not prevent you from connecting the FBI log collector in the background. He will always be active.
I live in a country where, when crossing the border, they can request a phone for check chats, so I can roughly imagine how it works. Government has a much higher level of access. if the account is restored via SMS, this means that any FSB employee can connect your account to himself. if the conversation is not one-on-one, it means that the FSB log collector is somewhere in third place. This is the reality. I don’t understand why you think that your government collect data somehow another. may be from really bad people’s, but with same methods.
P.S. on telegram you have only one-by-one crypto chats. Protocol can’t connect anyone else.
Signal has been pretty throughly audited by data security experts. It’s as secure or more so than Telegram. It uses end to end encryption, same as Telegram. If you’re crossing the border, unlink your device, delete the app, and relink it later. Your account can’t be restore via SMS. I’m not sure what you mean by that. I’m sure my government can collect any data they want if they’re determined enough, but Signal is about as secure as it gets if you’re talking civilian digital communication.
Exactly. But telegram destroy basic tracking paradigm. You can register on really fake number for example, byed thought TON coin. That’s why Durov arrested in the first place.
And that really good for drug dealers. Or for russian opposition who don’t go out from Russia.
P.S. And experts check only Crypto part, by the way. What really happening on signal servers who known. In that part telegram con’t connect anyone to 1to1 chat (but maybe can hack keys. But I cant approve that after check client source code), but signal can convert that chat to 3 persons and connect logger without problems.
Russia banned Signal, but not Telegram, to make sure their citizens couldn’t plan any subversive activities against the state.
That’s all we needed to know for sure.
On the other hand, Durov was arrested in Europe, but the developers of the signal somehow does not.
Well, for some unknown reason, drug dealers still choose telegram. And they don’t just have an unfounded choice, but the profit depends on the messenger. Or say you that Durov was arrested for no reason?
P.S. in Russia now testing system for ban all messengers don’t hosted in Russia. They next after youtube. Telegram too. Information from first hands. =)
оо рекабушники в эфире. Реддит ещё у вас банить не собираются?
А кто его знает. Тут как ветер подует так и заблокируют. По телеграмму / ватсапу и т.д. хотя бы предупреждали телеком операторов ещё месяц назад.
How do you know that not 99% of drug dealers use Signal and 1% Telegram? Could very well be so. You don’t know because it’s all encrypted. That is the whole point. That is also why nobody from Signal got arrested. No law violated if you can deny all allegations.
in telegram all crypted too. and public chats, if you don’t tell me that government check servers in another contry. And I repeat my question. Why signal developer not with Durov?
UPD: and you can read messages and listen calls in any chat in signal. I explain that next to comment line. That no private. As WhatsApp for example. And if you not private with encrypted what are you secure with encrypt?
Telegram chats are not encrypted by default, only Secret chat is which is not synced to Desktop and only works on one-to-one chats, no groups.
Because almost all data is encrypted. They don’t even know who is messaging whom. How can they be charged with crimes they didn’t commit? They don’t know what their users are using the messenger for, so they can just deny everything.
No you can’t unless you have access to the phone itself. It’s impossible. You clearly have no idea what you’re talking about.
Page 47. https://odr.chalmers.se/server/api/core/bitstreams/527d7251-f7f4-4a6c-ac7b-f8253d174336/content
how often do you check encryption keys in chats? How does WebRTC relay work need to be explained?
The KDE would need to intercept every single message from start to finish because of forward secrecy. Mass surveillance of such sort would have been noticed by now, even if only 0.01% of people check their safety number with QR code or manual confirmation.
MITM attacks on specific high-level targets would be still possible of course. But if you consider yourself a high-level target outside of mass surveillance you can just check your safety number before initiating a conversation. Because of forward secrecy, you only need to check that once!
But all of that aside, Telegram has none of these things. Telegram is straight-up unencrypted with their default chats and group chats. Telegram is absolute dogshit.
If Signal was to pull a MITM, it would have been noticeable as it requires active intervention in the protocol (it hasn’t been noticed yet), it would destroy all plausible deniability for them going forward, and it wouldn’t be possible on existing chats (once the key exchange between two parties happens, it’s impossible to do MITM). Telegram can just straight up read your messages, past, present and future, do whatever they want with them, with no way for anyone to check if that happens. It’s two different tiers of communication security.
To quote another commenter,
Signal doesn’t provide such open and easily found chat rooms.
It’s really much more a messenger (with group chats, but those you have to manually set up)
So it’s not an “open” place like telegram and with that not as attractive for advertising illicit services or products.
besides that, Signal is the technically much more secure variant. No discussion about it.
As telegram. If you think that some drug dealers create public chats with sell drugs, so… you are wrong. All work with darknet. In telegram all of them use only private one-by-one crypto chats.
If you want protect yourself for random network administrator on your network line, of course. If you want protect from anyone (government for example), of course not. Not necessarily in a bad way. Privatecrypto chats one-by-one are equally protected for the Russian opposition and for drug dealers. This is freedom of information. And that’s why Durov was arrested. and not because he can hack chats something but don’t do that. I think in really because that he can’t hack chats and don’t approve hack / insert backdoors for anyone.
Bullshit.
Telegram and Signal both use TLS. They are identically secure from transport-level attacks.
Of course yes. If you want a more private group chat, or an actually useful 1-on-1 encrypted chat that works across multiple devices, Signal is the only option (out of the two, there are way better alternatives like XMPP and Matrix). For 1 device-on-1 device E2E chats, Signal and Telegram are about the same level of security, except Telegram’s protocol sees less scrutiny from the crypto community.
LOL. I see drug ads on the street all the time. The one time I checked, it pointed to a publicly available Telegram bot.
Not “somehow”. The authorities know Telegram can indeed backdoor their service, since they know it already is. They also know Signal cannot.
Thus, since Telegram can but refuses, he gets arrested.
an interesting assumption. how can private encrypted chats be hacked? On custom self compiled clients if you think that client have hole. I learned telegram protocol and don’t find any case. XD
Your .ru domain makes your comments in this discussion meritless.
…
That’s why I started a domain in the ru zone. I can create domain anywhere else of course. If for you the nationality of the talker somehow affects the security of third-party software, then so be it. In the end, you can always not trust my words but familiarize yourself with the protocol.
Yeah I am a cryptographer, reverse engineer and (whitehat) hacker. I’m also well versed in the russian influence operations having run rampant in the west for a bit more than a decade.
The Telegram-supporters are out in force right now specifically to make sure people keep using Telegram, believing it to be secure. Russia has already made used of their backdoors against Ukraine in the war.
Russia banning Signal now was a huge blunder, since that proves there’s nothing in Telegram they don’t have access to, having allowed it to keep operating.
Maybe the difference is that the signal developers aren’t rich people flying around the EU on private jets? Maybe there’s no value in targeting the signal devs because they can’t legally be expected to moderate chats they literally can not access? Maybe it’s not worth backdooring because it’s open source?
Telegram is not first durov project. Durov create VK. That is number one Russian facebook.
Can them connect any number of users in chat? That mean that them have access in any chat. And them should follow all USA laws of course.
Telegram open source too. And have many open client apps. For example clients without AD API support. How much custom client apps have signal?
Telegram’s servers are not open source. Telegram’s client is. If you make a back door in a messaging software, you’d want to do it server-side which means the users can’t tell if it’s backdoored as Telegram’s server’s source code is not available.
Alternatively; Signal’s server code is open source, so if they put a back door in it they’d either have to lie to their users, or publish the back door in their code.
That’s why cryptography don’t trust ANY server side. For example signal server software can be don’t same as github signal server software. And that’s why alice and bob in crypto chats can check keys after handshake through server. But in signal you crypto for chat rooms with multiple clients. Can you check how much client in you chat? I don’t find how. In telegram you always know that 1to1chat only 1to1.
And what problem with that?
P.S. For example system of technical means to ensure the functions of operational investigative measures installed an all mobile operators anywhere. But someone tell you something about that? No. Because that a law, not backdor.
Signal doesn’t backfill your messages though, it just sends the new messages to both devices. I don’t see how this makes it less secure than Telegram.