I dont understand why threat actors / hackers use telegram which obtains your phone number and not simplex or even signal for that matter

@jet@hackertalks.com
link
fedilink
1
edit-2
1Y

A lot of it has to do with who your enemies are.

If you’re not worried about telegram, and the country telegram operates from. Then using them is probably a better idea than using a program based in a country you are worried about.

So if you’re big enemy is the United States intelligence services, using a messaging service based and centralized in the United States isn’t the best of ideas. Be it French government communication, or some peer-to-peer democratic revolution in a propped up tin pot dictatorship.

Simple x is interesting, but I think it’s still relatively new, there’s lots of UI and features that need to get hammered out. Before you would trust it operationally.

Briar is operational today, so I think it is being used by some groups. But it has limited functionality as well.

If your threat model has you communicating with people who already know who you are, registering with a phone number isnt a big deal.

A lot of the internet use of messaging, is anonymous communication, with people you don’t know or trust. So giving them your phone number becomes more of an issue.

  • Briar: agnostic
  • Signal: “western”
  • Whatsapp: “western”
  • Telegram: Qatari/Eastern
  • Session: “western” (centralized servers in Canada)
  • Simplex: not sure where the servers are.

So if you’re trying to bring women’s rights to Iran, you use the Western messaging services that aren’t blocked

If you’re trying to bring democracy to KSA, you have a harder choice but probably telegram

If you’re trying to do anything in north Korea, good luck… Dead drops and physical notes probably.

I think for the countries that block the internet completely, like North Korea and its Big brother neighbor… mesh programs like briar might be the only viable options to organize

poVoq
link
fedilink
1
edit-2
1Y

Simplex has multiple relays, but given how new it is there are only few and those could easily be compromised similar to how tor nodes are partially operated by government agencies.

Also with p2p stuff there is a higher risk if you don’t trust your communication partner, and in crime organizations the likelihood that someone has been turned by law enforcement as part of a plea deal is always quite high.

@jet@hackertalks.com
link
fedilink
1
edit-2
1Y

We often talk about threat models here in the privacy community. But I just want to illustrate how different threat models can be.

There is a universe of difference between worrying about what a district attorney can use in criminal court based on evidence rules for drug-related charges that could put somebody away for 5 to 10 years in prison.

And worrying about a totalitarian murder squad picking up your friends and family and torturing them just in case they know something. When members of your cell disappear based on suspicion no evidence required.

These threat models are massively different, doing anything that even raises suspicion gets people killed… I’m not saying it invalidates our online discussions, but when the stakes are higher what people actually use, and experiment with, and are willing to put up with changes.

And by raises suspicion, I’m not just talking about an intelligence officer, I’m talking about algorithms just saying oh this account’s interesting let’s target it. Just like Israel is currently doing right now, to automatically identify hamas-based targets of interest. We have no idea what’s going into that algorithm, it might be hey this phone has briar installed let’s bomb it

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 2.97K Posts
  • 74.6K Comments
  • Modlog