Privacy

31859 readers

218 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

236

Telegram founder and CEO alledges signal has backdoors, they don't provide reproduceible builds, etc. (lemm.ee)

submitted 6 months ago by [email protected] to c/[email protected]

215 comments fedilink hide all child comments

Here's what he said in a post on his telegram channel:

🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷

🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕‍🦺

🕵️‍♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡

🕵️‍♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤

🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪

Original post: https://t.me/durov/274

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 24 points 6 months ago (2 children)

Still got server-side code closed source and by default messages are not encrypted.

[–] [email protected] 8 points 6 months ago (2 children)

Not sure if you're referring to telegram or signal. If you're referring to signal:

Is it private? Can I trust it? - Signal Support

Signal conversations are always end-to-end encrypted, which means that they can only be read or heard by your intended recipients. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time.

The complete source code for the Signal clients and the Signal server is available on GitHub. This enables interested parties to examine the code for security and correctness.

[–] [email protected] 17 points 6 months ago

Reasonably sure they mean telegram. Only secret chats are encrypted. Telegrams chat otherwise is basically transport layer encryption.

https://www.wired.com/story/telegram-encryption-end-to-end-features/

[–] [email protected] 6 points 6 months ago

Telegram :P

[–] [email protected] 2 points 6 months ago (1 children)

Server-side source code is a red herring. It's meaningless, it can't be verified.

The latter point is fair.

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago) (1 children)

Having server-side source code open can help into finding not on purpose backdoors. But yes, no one can verify that's the same exact version used by the actual servers.

[–] [email protected] 4 points 6 months ago

That's fair ... especially in the case of something Telegram like where the server is a major portion of the security model (for non-secret chats).

For truly private E2EE chats though the attacks on Telegram's lack of an open source server side (and Signal's presence of one) is fairly meaningless. If the client E2EE is correct and you're using a reproducible build the server, and even any MITM (man in the middle), shouldn't matter.