Use services that store as little data as possible.
If data is stored, it can be given away and I would assume that it will be given away.
Telegram disguises itself as encrypted chat app, when it is actually just a regular centralized plaintext messenger that has an encryption feature that nobody uses.
No. It doesn't. This sentiment is pretty much confined to HN and seems to stem from the whole Moxie non-sense from years ago.
Telegram is a so much more than a messenger. It competes with WeChat, not Signal. It has an incredible API, bots, payments, apps/games, and is host to Onlyfans / Discord-like social groups.
It's time to stop parroting this idea that Telegram is some kind of secure messenger. Yes, it has secret chats, but that is not Telegram's defining feature.
* Simple
* _Private_
* Synced
* Fast
* Powerful
* Open
* Secure
* Social
* Expressive
It is not by accident that people think that Telegram is focussed on privacy.
If you're going to be that puerile then... I had to scroll past their list of available clients and their recent news section to get to this "Why Telegram" section that first mentions the word "private". So clearly, that far down the page, its not a priority.
Back in reality: The word "private" can mean anything. Every app and website that uses https claims to have privacy and security. If you bother to read their FAQ (which is always at the top of the page and, according to your logic, must be very important), there is a detailed explanation of exactly what is and isn't encrypted.
https://telegram.org/faq#security
I can already hear you typing, "but the average person doesn't read FAQs!" Well, the average person doesn't know or care about e2ee either. And the average person doesn't think Telegram is any more or less private than Facebook Messenger, WhatsApp, Twitter DMs, SMS, or email. The average person just doesn't think about privacy in this way.
100%. the same reason i avoid whatsapp and signal like the plague. "mobile number" is in itself a big identifier when you are living in a place where you have o do mandatory KYC so that the government knows which each mobile number is linked to the actual human being.
i dont care signal doesnt hold any messages. the government can ask for my number and they can use the xkcd spanner method to do the rest. the point is to AVOID PII in the first place, matrix does this wonderfully. no need for mobile number or email number or your real name.
living in an actual police state, i can attest to how important that is, americans/europeans can hardly imagine.
Whose number? How are the government going to "ask for your number" ? Signal doesn't hold any data that would let them answer that query if they wanted to.
And that from the SIM, you get IMEI, which can be cross ref'd with telecom logs to get geolocation?
Phone numbers are basically a glorified UUID. Also, in most jurisdictions it is required by law that telcos have tight integration with Law Enforcement, and even with the U.S., any type of investigation will start with a pull for the individual's phone number from whereever, cross ref that with SIM financial payment info, cross ref'd with bank accounts/credit card activity for purchase activity. Then cross-ref with Driver's license/civic/court records?
By DEFAULT. Third party doctrine. It ain't protected by the Fourth Amendment. In less zealous states, forget about principled restraint. The phone number is effectively your citizen Id.
When people like me start raising hell about the dangers of UUID primitives, this is what we're trying to protect you from.
No one can be trusted with the view created by the aggregation and cross-reference of this type of info. Every government/legislature/population will eventually "think of the children/criminals" their way to it anyway though, while law enforcement jumps up and down with glee at how complete a picture they can get through their fusion centers. Then it's just a matter of how long it takes for an autocrat to insert themselves into a place of power until the technological marvel that empowers law enforcement to "ensnare the bad guys", has "bad guys" surreptitiously crossed out and replaced with some signifier for a set of people that contains you.
If you don't think that happens, you ain't been paying enough attention. If you wonder why that hasn't been an issue before, it was because part of what puts a check on LE was the burden of physically referencing and cross-ref'ing data, which would put a fundamental cap on the ability for any abuse of power to materialize.
We're losing that check. Quickly.
does signal keep your mobile number? just that? not asking about metadata or actual message data, just number associated to an account?
They can still beat you with a wrench to divulge your information even if it’s on Matrix or even pen and paper.
this does not scale as easily. sure if you are an actual target, your goose is probably cooked anyway but what about the masses? i am just saying, what we call "mass surveilance" and wrench beating dont go hand in hand. mobile number helps them in mass surveilance which can give them more leads.
if that limb is removed, they can still do it but it is a bit harder so the hope is they will focus their time on only serious cases as opposed to everyone willy nilly because it is just so easy
Only Signal leaves your message on their servers totally encrypted at-rest whose keys stays at your phone. No court order can ever hope to compel Signal what was said. The court will instead need one of the parties' phone for that, if it hasn't expire-deleted yet and doesn't have 9-alphanumeric characters or longer password length.
That cannot be said true of Telegram, WhatsApp, WeChat (that I've reversed engineered).
Americans and Europeans have the desire to learn this lesson the hard way. They lack the wisdom to learn from others and instead believe their governments are the noble governments that would never violate their rights for power.
That's a minor inconvenience compared to not being able to communicate with most people who use these mainstream networks.
I'm more worried about the lack of encryption and trustworthiness aspect of them than giving away a phone number.
Telecom companies have full records of who had what IP, for what duration and when as does your ISP. If a phone number will get you pinched (based on no decryptable data) then so will anything else.
Use Matrix clients (Element, Fluffy chat) or Session, Briar (no (video)calls), Delta (no (video)calls), Jami, not recommending Threema because they can tie you through payment and it's centralized
Here simple chart to see what to use and not use (use translate feature):
>Use Matrix clients (Element, Fluffy chat) or Session, Briar...
With Telegram I can see at least appeal in using it as news source, chat room or for bots, but what offers Signal besides hype about The Current Thing?
Signal uses centralized server with closed source (they hidden code for one year until they finally gave up when users nagged them, nobody knows what they did during that year), Signal requires your phone number, Signal doesn't allow third party apps officially and tried to push some shady crypto, I mean how many red flags you need to avoid such POS app?
I might be misremembering though
Signal uses centralized server with closed source (they hidden code for one year until they finally gave up when users nagged them, nobody knows what they did during that year), Signal requires your phone number, Signal doesn't allow third party apps officially and tried to push some shady crypto, I mean how many red flags you need to avoid such POS app?
There's not a truly solid secure anonymous implementation that I've found.
Where does it do this?
Best description of Telegram that I've seen so far.
I do trust Signal to keep the phone numbers safe with their methodology for doing that, but probably wouldn't anyone else.
Don't use messengers that ask for your phone number. Period.
They can knowingly launder billions of dollars for drug dealers plus terrorists and not even face a day in jail, comments like this make me chuckle.
The only "CEO"s facing jail are the people with 100 employees who shouldn't even have the title in the first place.
> Justice Prathiba M. Singh in the order dated November 24 said the names of admins, the phone numbers and IP addresses of some of the channels as are available with Telegram have been supplied.
Of course, I can't independently verify this, but the article claims pretty clearly that the data has already been provided.
This is partly why Govts are so persistent about data-localization norms while in the past companies got away by storing data in a more privacy-friendly country. Here too, Telegram tried to make the argument that the data is stored in Singapore, but the courts got their way.
One of the more recent E2EE private messaging apps with metadata shredding and no registration requirement for is https://xx.network/messenger
It's available for Android & iOS.
F-Droid users can build Android version from the source (https://git.xx.network/elixxir/) and load it themselves.
There's no registration and the app doesn't collect your phone number, device ID and similar crap. Is it mature and polished? No, it has its quirks and rough corners. But it won't let you down on security and encryption.
Then the sewer system would be a bucket brigade: You fill a bucket at home and bring it over to your neighbor, and they pass it on in a long stinky chain of wastewater until it gets to the treatment plant or the ocean.
There would be no such thing as faucets, pipes, or protected water sources. It would just be a cycle of spraying it all into the air and bucket-brigading back to the source.
And that's today's Internet.