nitrolife
link
fedilink
4
edit-2
4M

On the other hand, Durov was arrested in Europe, but the developers of the signal somehow does not.

Well, for some unknown reason, drug dealers still choose telegram. And they don’t just have an unfounded choice, but the profit depends on the messenger. Or say you that Durov was arrested for no reason?

P.S. in Russia now testing system for ban all messengers don’t hosted in Russia. They next after youtube. Telegram too. Information from first hands. =)

@Omniraptor@lemm.ee
link
fedilink
1
edit-2
4M

оо рекабушники в эфире. Реддит ещё у вас банить не собираются?

nitrolife
link
fedilink
24M

А кто его знает. Тут как ветер подует так и заблокируют. По телеграмму / ватсапу и т.д. хотя бы предупреждали телеком операторов ещё месяц назад.

Well, for some unknown reason, drug dealers still choose telegram.

How do you know that not 99% of drug dealers use Signal and 1% Telegram? Could very well be so. You don’t know because it’s all encrypted. That is the whole point. That is also why nobody from Signal got arrested. No law violated if you can deny all allegations.

nitrolife
link
fedilink
0
edit-2
4M

in telegram all crypted too. and public chats, if you don’t tell me that government check servers in another contry. And I repeat my question. Why signal developer not with Durov?

UPD: and you can read messages and listen calls in any chat in signal. I explain that next to comment line. That no private. As WhatsApp for example. And if you not private with encrypted what are you secure with encrypt?

Telegram chats are not encrypted by default, only Secret chat is which is not synced to Desktop and only works on one-to-one chats, no groups.

Why signal developer not with Durov?

Because almost all data is encrypted. They don’t even know who is messaging whom. How can they be charged with crimes they didn’t commit? They don’t know what their users are using the messenger for, so they can just deny everything.

UPD: and you can read messages and listen calls in any chat in signal.

No you can’t unless you have access to the phone itself. It’s impossible. You clearly have no idea what you’re talking about.

nitrolife
link
fedilink
1
edit-2
4M

No you can’t unless you have access to the phone itself. It’s impossible. You clearly have no idea what you’re talking about.

Page 47. https://odr.chalmers.se/server/api/core/bitstreams/527d7251-f7f4-4a6c-ac7b-f8253d174336/content

how often do you check encryption keys in chats? How does WebRTC relay work need to be explained?

The KDE would need to intercept every single message from start to finish because of forward secrecy. Mass surveillance of such sort would have been noticed by now, even if only 0.01% of people check their safety number with QR code or manual confirmation.

MITM attacks on specific high-level targets would be still possible of course. But if you consider yourself a high-level target outside of mass surveillance you can just check your safety number before initiating a conversation. Because of forward secrecy, you only need to check that once!

But all of that aside, Telegram has none of these things. Telegram is straight-up unencrypted with their default chats and group chats. Telegram is absolute dogshit.

nitrolife
link
fedilink
14M

But all of that aside, Telegram has none of these things. Telegram is straight-up unencrypted with their default chats and group chats. Telegram is absolute dogshit.

So, that’s why they call PUBLIC chats in first place. In private chats all work exactly like in signal (DH end-to-end crypto with key verifying). But after 5 years some journalist finally read the documentation and newspapers was exploded. I known that from first day.

Telegram also honestly declares that there is no need to rely on anyone in matters of privacy. For example: We do not store customer IP, says signal developers. And how should I check it? Teleram just honestly says, “You have an mtproto proxy, build any kind of proxying chains and we won’t even theoretically know your address.” Feel the difference.

And I still don’t understand why MITM can’t just match two DH keys so that Alice and Bob’s signature checks match. But maybe I just don’t understand the cryptography chain well.

I don’t want tell that signal have bad crypto or telegram greates private messager. I say that all of that messengers have same security in private messages. Yes, signal support group private chats too, but that’s all. And if anyone can’t read docs, that not a telegram problem.

@balsoft@lemmy.ml
link
fedilink
2
edit-2
4M

If Signal was to pull a MITM, it would have been noticeable as it requires active intervention in the protocol (it hasn’t been noticed yet), it would destroy all plausible deniability for them going forward, and it wouldn’t be possible on existing chats (once the key exchange between two parties happens, it’s impossible to do MITM). Telegram can just straight up read your messages, past, present and future, do whatever they want with them, with no way for anyone to check if that happens. It’s two different tiers of communication security.

To quote another commenter,

You clearly have no idea what you’re talking about.

Signal doesn’t provide such open and easily found chat rooms.
It’s really much more a messenger (with group chats, but those you have to manually set up)

So it’s not an “open” place like telegram and with that not as attractive for advertising illicit services or products.

besides that, Signal is the technically much more secure variant. No discussion about it.

nitrolife
link
fedilink
-4
edit-2
4M

So it’s not an “open” place like telegram and with that not as attractive for advertising illicit services or products.

As telegram. If you think that some drug dealers create public chats with sell drugs, so… you are wrong. All work with darknet. In telegram all of them use only private one-by-one crypto chats.

besides that, Signal is the technically much more secure variant. No discussion about it.

If you want protect yourself for random network administrator on your network line, of course. If you want protect from anyone (government for example), of course not. Not necessarily in a bad way. Privatecrypto chats one-by-one are equally protected for the Russian opposition and for drug dealers. This is freedom of information. And that’s why Durov was arrested. and not because he can hack chats something but don’t do that. I think in really because that he can’t hack chats and don’t approve hack / insert backdoors for anyone.

@balsoft@lemmy.ml
link
fedilink
1
edit-2
4M

Bullshit.

If you want protect yourself for random network administrator on your network line, of course.

Telegram and Signal both use TLS. They are identically secure from transport-level attacks.

If you want protect from anyone (government for example), of course not.

Of course yes. If you want a more private group chat, or an actually useful 1-on-1 encrypted chat that works across multiple devices, Signal is the only option (out of the two, there are way better alternatives like XMPP and Matrix). For 1 device-on-1 device E2E chats, Signal and Telegram are about the same level of security, except Telegram’s protocol sees less scrutiny from the crypto community.

As telegram. If you think that some drug dealers create public chats with sell drugs, so… you are wrong. All work with darknet. In telegram all of them use only private one-by-one crypto chats.

LOL. I see drug ads on the street all the time. The one time I checked, it pointed to a publicly available Telegram bot.

troed
link
fedilink
44M

Not “somehow”. The authorities know Telegram can indeed backdoor their service, since they know it already is. They also know Signal cannot.

Thus, since Telegram can but refuses, he gets arrested.

nitrolife
link
fedilink
-24M

an interesting assumption. how can private encrypted chats be hacked? On custom self compiled clients if you think that client have hole. I learned telegram protocol and don’t find any case. XD

troed
link
fedilink
-14M

Your .ru domain makes your comments in this discussion meritless.

custom self compiled clients

nitrolife
link
fedilink
-3
edit-2
4M

That’s why I started a domain in the ru zone. I can create domain anywhere else of course. If for you the nationality of the talker somehow affects the security of third-party software, then so be it. In the end, you can always not trust my words but familiarize yourself with the protocol.

troed
link
fedilink
24M

Yeah I am a cryptographer, reverse engineer and (whitehat) hacker. I’m also well versed in the russian influence operations having run rampant in the west for a bit more than a decade.

The Telegram-supporters are out in force right now specifically to make sure people keep using Telegram, believing it to be secure. Russia has already made used of their backdoors against Ukraine in the war.

Russia banning Signal now was a huge blunder, since that proves there’s nothing in Telegram they don’t have access to, having allowed it to keep operating.

“Access to the Signal messaging app is blocked in connection with violation of the requirements of Russian legislation which must be complied with to prevent the use of messaging apps for terrorist and extremist aims”

  • Roskomnadzor

Russian authorities began to block access to Telegram, a widely used messaging app, in 2018. The action interrupted many third-party services, but had little effect on the availability of Telegram in Russia.

  • Reuters

The main draw of telegram is not that it is secure it’s that it’s basically unmoderated. As a Russian I’ve had nothing but bad experiences with government censorship (dissent being equated to extremism and treason, LGBT advocacy equated to pedophilia) and it leads me to be deeply distrustful of the concept in a way similar to first amendment fanatics in the US (the first amendment is one of the uniquely good things about america you can’t get in other “civilized” “western” countries). I suspect durov might have similar sentiments (though ofc I don’t condone all the bad shit posted in the network and would prefer if it was moderated).

Still, whatever its faults, Telegram is the last remaining open social network in Russia where you can write whatever you like to a large audience and the government won’t be able to remove it. They censored and blocked pretty much all the other ones.

nitrolife
link
fedilink
-1
edit-2
4M

No no no. Tell me how Durov, or someone else get access to my one-to-one crypto chat, if I compile mtproto self from github? You white hacker? Great. Try it and if you can you will be money rewarded. 500 dollars. OK?

P.S. If you will have problem with get money from Russia as we have problems to get money from Europe, I can send you money with crypto.

@balsoft@lemmy.ml
link
fedilink
1
edit-2
4M

Tell me how Durov, or someone else get access to my one-to-one crypto chat, if I compile mtproto self from github?

As a separate statement: they can’t (probably).

In context of the discussion: they don’t need to, because secret chats are so inconvenient and fussy that they are seldom used. There is a lot of crime happening in public groups/channels, in “private” groups chats that can not be encrypted, or in 1-on-1’s that are not secret. Telegram has the ability to stop all of that with just some moderation, or turn messages over to the authorities, but they don’t. Which is precisely why Durov is in custody right now. If he actually made a messenger with good, convenient end-to-end encryption, he would be in the same situation with Signal authors, who have perfect deniability since they can’t read anything their users have sent up until this point.

troed
link
fedilink
14M

if I compile mtproto self from github

You didn’t understand why I quoted that part the first time around. Let’s try it again.

nitrolife
link
fedilink
1
edit-2
4M

And why? because no one do that in real? So, you see on it different if you life or your freedom depends on the messenger. No all countries looks like EU. In my Android phone self compiled linphone and self compiled telegram client. That’s my reality.

P.S. On the other hand, apple still fulfills all the requirements of the Russian authorities in the Russian store. By the way, the store works great. Why do you think that the same thing is not being done in other countries?

@nitrolife @troed

What made you think Telegram was secure in the first place?

nitrolife
link
fedilink
34M

Personally, I am studying the protocol. Do you have any exact data on how to hack a one-to-one crypted chat? I am ready to buy this information from you for money, if it is real.

Maybe the difference is that the signal developers aren’t rich people flying around the EU on private jets? Maybe there’s no value in targeting the signal devs because they can’t legally be expected to moderate chats they literally can not access? Maybe it’s not worth backdooring because it’s open source?

nitrolife
link
fedilink
-1
edit-2
4M

Maybe the difference is that the signal developers aren’t rich people flying around the EU on private jets?

Telegram is not first durov project. Durov create VK. That is number one Russian facebook.

Maybe there’s no value in targeting the signal device because they can’t legally be expected to moderate cats they literally can not access?

Can them connect any number of users in chat? That mean that them have access in any chat. And them should follow all USA laws of course.

Maybe it’s not worth backdooring because it’s open source?

Telegram open source too. And have many open client apps. For example clients without AD API support. How much custom client apps have signal?

kali
link
fedilink
24M

Telegram’s servers are not open source. Telegram’s client is. If you make a back door in a messaging software, you’d want to do it server-side which means the users can’t tell if it’s backdoored as Telegram’s server’s source code is not available.

Alternatively; Signal’s server code is open source, so if they put a back door in it they’d either have to lie to their users, or publish the back door in their code.

nitrolife
link
fedilink
1
edit-2
4M

Telegrams servers are not open source. Telegram client is. If you make a back door in a messaging software, you’d want to do it server-side which means the users can’t tell if it’s backdoored as Telegram’s server’s source code is not available.

That’s why cryptography don’t trust ANY server side. For example signal server software can be don’t same as github signal server software. And that’s why alice and bob in crypto chats can check keys after handshake through server. But in signal you crypto for chat rooms with multiple clients. Can you check how much client in you chat? I don’t find how. In telegram you always know that 1to1chat only 1to1.

Alternatively; Signal’s server code is open source, so if they put a backdoor in it they’d either have to lie to their users, or publish the back door in their code.

And what problem with that?

P.S. For example system of technical means to ensure the functions of operational investigative measures installed an all mobile operators anywhere. But someone tell you something about that? No. Because that a law, not backdor.

kali
link
fedilink
14M

But in signal you crypto for chat rooms with multiple clients

Signal doesn’t backfill your messages though, it just sends the new messages to both devices. I don’t see how this makes it less secure than Telegram.

nitrolife
link
fedilink
1
edit-2
4M

I don’t see how this makes it less secure than Telegram.

Telegram less secure than signal in normal chats. Key saved on server side and, technically, anyone can read all messages. That’s argument was used when men says that telegram don’t secure some time ago.

But what kind of secure you expect? Random admin in your internet provider can’t read telegram and signal messages anyway. Messengers developers can’t read signal messages in base case, but can read telegram public chats. That’s true.

But what happened if we go to next level and check telegram 1 to 1 crypto chats vs signal chats. Signal chats can read messenger developers with basic hack (add one more person in chat and collect messages on disk). Or can read FBI by law. That mean in signal, as in telegram public, all work on trust, not in cryptography. Telegram 1to1 chats only 1to1. No one can’t access to that (without change keys). And for best secure rekeing happens every 100 messages or 1 week. And one more, you can register telegram account without number and hide your IP with mtproto-proxy. That’s why Durov arrested in frist place. And after that men tell that signal more secure then telegram… An what place?

@balsoft@lemmy.ml
link
fedilink
1
edit-2
4M

Signal chats can read messenger developers with basic hack (add one more person in chat and collect messages on disk)

How exactly do you think that would work? To add a new recipient the client needs to explicitly encrypt messages with a key available to that recipient. What command in the Signal protocol would trigger that action without first establishing trust in the recipient? (FYI when adding a new device, there is a key-exchange and verification process, which requires access to some other device with keys already on it).

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.12K Posts
  • 78K Comments
  • Modlog