A lot of speculation that does end with this in the article:

"After discussing her case with experts, Matsapulina now believes her Telegram messages may have been compromised by a form of spyware. When she was told that a hacking device would need to be physically nearby to infiltrate her phone, a memory resurfaced: At times before her arrest, she had noticed an unmarked truck with a dome on its roof parked outside her building. She had even jokingly mentioned it to friends on Telegram. Now, she remembered, as the police were banging on her door that morning, she’d spotted the same mystery vehicle parked outside. By the time the police stormed her home, the vehicle was gone.

Matsapulina has since started using Telegram again."

Most messaging apps are vulnerable on the client side with spyware, no matter what E2EE exists along the way.

It stands for Long Range, so would otherwise have been LR.

I’m reading this on Boost (once off payment) and no ads…

Brave Search

Paid Proton Mail with my own domain name and own PGP keypair. Although it now has a way to securely search mail, I use the bridge service to allow Betterbird mail to sync my mail to my PC for searching.

Surely we need some context with this, as what we post is basically publicly visible. Even if we defederate the posts are anyway visible. Our IP addresses are probably visible to the home instance we connect to (or our VPN IP address etc) but how does our IP address then travel off with the federated post to someone following us on Threads? It’s only what travels out through the ActivityPub federation.

What would help with this post was, instead of just a link, maybe extracting the two or three issues that look problematic, and say why. That gives us something definite to actually debate.

For those who have friends stuck on Threads still, this maybe a good way for them to stay in contact. The Threads user gets their login times, IP address, location, etc tracked by Meta, and the Lemmy user with their Lemmy app, only identifies with their Lemmy instance. Threads should only be seeing the post and time that a Lemmy user posts something that is followed by a Threads user.

I think it is quite well known that only Telegram Secret Chats are true E2EE. That said, Telegram is still not in the business of selling metadata actively like Whatsapp/Facebook/Meta are. As far as plain features go, Telegram is streets ahead of Whatsapp. But if I needed real “secret chat” I’d probably use Threema, SimpleX, Nostr, Jami, etc where I’m not tied to my mobile phone number or e-mail address.

Yep too similar, and often both in a Linux gaming environment ;-)

They have just updated the ToS tho to now exclude using your data without permission for training AI. But Jitsi Meet is still a better option ;-)

No it’s not more secure going via Gmail. But what I did was to get the paid Proton Mail and I used my own domain name. So yes plenty pain and time now to slowly update my email address everywhere away from Gmail to my own domain name with Proton Mail.

But hopefully it’s the last time I have to update the email address everywhere, because even if I leave Proton Mail, my mail address is not tied to them, but to my own domain name so I can point that to any other mail provider.

So every mail address I’m changing now, is one away from Gmail. But if course 99.9% of businesses don’t Encrypt mail, so I’m only really cutting Google out of the loop (assuming the other party is not using Gmail of course).

I’m not sure RCS is yet complete enough. It was really designed with replacement of SMS in mind. It also needs to work independently of any phone number and ensure full E2EE.

RCS is more carrier based messaging and the whole stack is not built with proper E2EE as far as I know. No I’m thinking more like XMPP type open protocol, but endorsed by an international open standards body. I’m fearing that RCS is too tied to carriers just like SMS itself was.

Interesting that we already have a W3C standard for social networking but messaging itself seems to elude us…

I deleted Whatsapp a few years ago when I stopped working (would have been more difficult at my work). So now about 90% of my friends etc are on Telegram, and the rest have to phone or e-mail me. I see a few businesses offer some sort of Whatsapp line, but I phone or e-mail them. Just my fridge repair guy has this irritating habit of doing my card payment here and says the receipt will be sent electronically, but obviously it gets sent by Whatsapp and I don’t get it. I detest that assumption that “everybody is just on Whatsapp”. It’s not any sort of official standard like SMS is.

Personally, I really want to see E2EE open standards coming to messengers, like we have e-mail talking to other e-mail servers.

Actually no, sorry I see SimpleX is via a server. But why would Berty not work as it is offline and does iOS as well? Tox is another option https://en.wikipedia.org/wiki/Tox_(protocol) but bear in mind their point made, that if there is no central server used, both (or all) clients needs to be actually online for any connection. There is no store and forward server in the middle.

iOS especially is a problem for WiFi enabled apps or cell to cell direct. Could also maybe look at SimpleX https://simplex.chat/.