Privacy @lemmy.ml ☆ Yσɠƚԋσʂ ☆ @lemmy.ml 4mo ago

Telegram Hands U.S. Authorities Data on Thousands of Users

www.404media.co Telegram Hands U.S. Authorities Data on Thousands of Users

The number of data requests fulfilled by Telegram skyrocketed, with the company providing data to U.S. authorities on 2,253 users last year.

94 comments

And now you know why we've been telling you not to use Telegram.
- What seems crazy to me is how many people they managed to convince that they were private when they most definitely are not.
- I hear signal is not a good alternative. What is a good one, then?
  
  Signal is an excellent alternative if you're looking for an E2E encrypted SMS replacement your grandmother can use.
  
  Matrix, simplex, xmpp.
  
  Where are you hearing this?
  
  https://lemmy.ml/comment/15999861
  
  In the blog posts I read where the author, a security engineer, audited and/or reported vulnerabilities with two E2EE chat protocols commonly recommended as Signal alternatives--Matrix and XMPP--both had implemented half-baked solutions or refused to solve the issue at all in some regards, and both had evangelists that gave dismissive responses. The XMPP chud dev gave a laughably childish response, and the Matrix dev even admitted the team being aware of the olm vulnerability and deliberately refused to fix it for years. Not that Signal cultists are any better and not negating the legitimate security and trust issues with the Signal platform, but Signal is still a decent platform for most people's threat model, though it would be nice if there was an alternative that could compete with Signal to recommend to most people instead. If you care about metadata resistance and your threat model involves high stakes if your assets are compromised, the blog author suggests Tor-based solutions such as Cwtch and Ricochet Refresh.
  
  I would encourage you to think critically about the nonsense being shared here. Do some research and read about people who actually know things about security and you'll find a common pattern: basically all of them hold Signal up as a gold standard in privacy and security.
  
  I imagine Signal is probably fine unless you're doing some real weird shit.
I know Lemmy hates telegram but it should be common knowledge that all platforms process requests from authorities.

https://www.malwarebytes.com/blog/news/2021/12/heres-what-data-the-fbi-can-get-from-whatsapp-imessage-signal-telegram-and-more

The repeated posting of this story the last few days seems artificial.
- I don't really have any special hate for Telegram myself, and I never saw it as a secure communication platform. I have more problem with Signal because people treat it like it's paragon of privacy and security.
  
  I'd be curious to hear your criticisms of Signal! While I haven't seen anyone describing it as a "paragon of privacy and security" I do think it is a highly accessible SMS replacement that is also open source, end-to-end encrypted, and operated by a nonprofit.
  
  Many Signal alternatives also have security issues of their own, often making them less secure than Signal. This includes Matrix and XMPP. In the blog post regarding XMPP+OMEMO, the author replies to a question about which would be better than Signal, Matrix, and XMPP with this suggestion:
  
  Anyone who cares about metadata resistance should look at Cwtch, Ricochet, or any other Tor-based solution. Not a mobile app. Not XMPP. Not Matrix.
  
  In regards to Ricochet, not having a mobile app version makes it difficult to recommend to less tech savvy people.
- I think the point is not that Telegram (the company) sucks, it is that Telegram (the app) sucks. A proper messenger like Signal leaves the provider with no information to hand over.
  
  Many people still seem to be under the false impression that Telegram is private, so it's worth spreading around.
No one uses telegram for privacy They use for unlimited broadcasting channels Free unlimited file hosting Large groups and communities Powerful bots and mini apps etc

94 comments