Privacy

46649 readers

1335 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

619

Signal Founder Moxie Marlinspike: Telegram is not private. There is nothing private about it. They've done a really amazing job of convincing the world that this is an encrypted messaging app (cdn.imgchest.com)

submitted 12 hours ago* (last edited 12 hours ago) by Wudi@feddit.uk to c/privacy@lemmy.ml

231 comments fedilink hide all child comments

“Telegram is not a private messenger. There’s nothing private about it. It’s the opposite. It’s a cloud messenger where every message you’ve ever sent or received is in plain text in a database that Telegram the organization controls and has access to it”

“It’s like a Russian oligarch starting an unencrypted version of WhatsApp, a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. Somehow, they’ve done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives in Russia, and their families are there.”

" What happened in France is they just chose not to respond to the subpoena. So that’s in violation of the law. And, he gets arrested in France, right? And everyone’s like, oh, France. But I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn’t have access to the data and couldn’t respond to that same request. To me it’s very obvious that Russia would’ve had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment"

you are viewing a single comment's thread
view the rest of the comments

[–] daychilde@lemmy.world 5 points 7 hours ago (1 children)

Sure… and my point is that you have to trust those services that aren't hosted in the USA. It's a choice you have to make. I'm not judging either way, just pointing out because what I responded to in the comment to which I replied was:

The problem is that you just have to trust them

Which is true of open source unless you read the code and can verify nothing nefarious exists; which is true if you use a service in a country you trust; which is true no matter what you're doing.

Not all entities are deserving of the same level of trust - some are more trustworthy than others - but you are still making a decision to trust someone unless you write the code yourself or verify the code yourself.^[And had the capability and time to do so]

[–] dessalines@lemmy.ml 4 points 6 hours ago* (last edited 6 hours ago) (1 children)

Which is true of open source unless you read the code and can verify nothing nefarious exists

Not at all. Not everyone needs to audit open source, only a few interested experts do. Most importantly, auditing is possible because its out in the open.

The just trust me model of signal means its impossible to audit, unless they give us their centralized database and server code.

[–] daychilde@lemmy.world -3 points 5 hours ago (1 children)

If you are not auditing the source code, you are trusting those that are.

[–] zo0@programming.dev 2 points 4 hours ago (1 children)

I not sure what you are trying to argue.

Even if you audit the code yourself, you still need to trust your OS, you need to trust the hardware the OS is running on, and you need to trust the proprietary drivers of each component in that hardware. Then at that point you gotta trust the person who sold you the hardware hasn't modified it.

Ok and?

[–] daychilde@lemmy.world 1 points 3 hours ago

There's a difference between trusting something written for general purpose use not to have harmful code vs. something written specifically for communications people want to keep private that would therefore be a target.

So either I felt I was making a valid point for consideration that I thought was valuable to make, or I'm a troll wasting everyone's time.

I know what I am. And I'm starting not to care what you or others think. Go blindly and trust whatever you want, it's no skin off my back. Frankly, I use Telegram because none of my comms are particularly sensitive, and I have no problem with that. I'd rather my private conversatiosn not be actively posted somewhere, but in the case of a breach, it wouldn't be the end of my world. So I've no problem trusting Telegram thus far, personally, in my case.

Anyway, have a nice time. Understand my point or don't.