this post was submitted on 23 Mar 2024
188 points (98.5% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

55072 readers
431 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 9 months ago (4 children)

You know Telegram is secure when every government in the world is trying to ban it.

[–] [email protected] 33 points 9 months ago (1 children)

Not actually, the end to end encryption is not active by default for example. Its just that telegram is more of a unmoderated social media than a messaging app.

Signal, Matrix and similar are way safer but don't usually have large piracy groups.

[–] [email protected] 5 points 9 months ago (1 children)

To be honest Telegram doesn't ban private groups "for piracy" and only takes out public groups that receive a DMCA.

I think the above user is pointing out a rather fun fact - if you're in some of the many private groups where shit is shared freely.....those wanting to ban it don't like the fact that they can't see in those private groups.

Like, is there any evidence of private groups being monitored by media corps or their lackeys in gov?

[–] [email protected] 3 points 9 months ago (1 children)

This doesn't make it secure for anything else. There are also plenty of private torrent trackers.

[–] [email protected] 1 points 9 months ago

Yeah, more my point is I was curious if Telegram has previously taken down private groups Vs public ones (I've seen a fair few of these obviously since they adhere to DMCA requests) but have never seen a private group taken down.

[–] [email protected] 8 points 9 months ago* (last edited 9 months ago) (1 children)

Just use Signal if you want an easy, relatively privacy friendly and secure messenger.

Telegram hands over data to goverments, is infested with spammers and scammers and its encryption is not end to end for group chat which lets Telegram access those chats.

Edit: Telegram is great for lots of things like big groups, communities, piracy, drugs etc but its just not the place where you should expect secure communication.

[–] [email protected] 11 points 9 months ago (5 children)

I'm not using Signal as long as Signal Foundation is based in the US. Also Signal is not on FDroid, so I can't use it anyway.

[–] [email protected] 6 points 9 months ago (1 children)

I installed Signal via Obtanium. Just use this URL when searching/adding the app

https://signal.org/android/apk/

[–] [email protected] 2 points 9 months ago (1 children)

Why would you need to use obtanium to get the Signal apk file from that link?

You can just download the apk from that website and install it. The app can update itself.

[–] [email protected] 1 points 9 months ago (1 children)

The app doesn't auto update for me.

[–] [email protected] 1 points 9 months ago

Huh, that's strange. On my 3 Android devices, I downloaded the APK from the website, and it always auto-updates.

It existed ever since they added the APK to their website as a compromise for people who don't want to get Signal from the Play Store.

[–] [email protected] 4 points 9 months ago* (last edited 5 months ago) (1 children)

But RusSSian/UAE-based Telegram is fine? 😂

Also, it really doesn't matter where Signal is based, as long as it's client code is open source and it uses E2EE by default. Telegram doesn't encrypt chats by default, and even if you enable 'secret chats' it uses a pretty weak encryption protocol.

Btw the official version of Telegram isn't available on F-Droid either, only a fork called Telegram-FOSS. You can get the exact same thing for Signal from a 3rd-party repo: https://www.twinhelix.com/apps/signal-foss/, or use Molly.

[–] [email protected] 1 points 9 months ago (1 children)
[–] [email protected] 3 points 9 months ago

Absolutely not.

[–] [email protected] 4 points 9 months ago (1 children)

This might not be relevant because you have other reasons not to use Signal, but you can get android signal directly from their website and via aurora store (on fdroid)

[–] [email protected] 0 points 9 months ago (2 children)

It's more the attitude that bothers me. Signal's refusal to support alternative appstores and clients is very disturbing. It gives the impression that Signal is a honeypot.

[–] [email protected] 15 points 9 months ago

You seem to have really high standards around who you trust and in the same moment you call Telegram secure. I feel like you should atleast use the same amount of scepticism for Telegram that you use for Signal.

[–] [email protected] 0 points 9 months ago (1 children)

The official version of Telegram isn't available on F-Droid either, and it doesn't use end-to-end encryption by default, so it's much more likely that it is a honeypot

[–] [email protected] 1 points 9 months ago (1 children)
[–] [email protected] 1 points 9 months ago (1 children)

That is not the official Telegram app. It is a fork called "Telegram-FOSS". If you go to the F-Droid page and click on 'Source code', you will see that it links to this repo: https://github.com/Telegram-FOSS-Team/Telegram-FOSS

This is the description of that GitHub repository:

Unofficial, FOSS-friendly fork of the original Telegram client for Android

[–] [email protected] 4 points 9 months ago (1 children)
[–] [email protected] 2 points 9 months ago

It's Signal Foundation's hostility to open and non-Google platforms that is very disturbing.

[–] [email protected] 3 points 9 months ago (1 children)

Signal releases their own self-updating apk on their site, and this release doesn't use Google services for push notifications. There are legitimate reasons why publishers sometimes avoid f-droid.

Also there's Molly, which is a signal fork that allows database encryption; or Session, which doesn't require a phone number for account registration and is decentralized. Both of these forks have repos that you can add to f-droid.

I do understand the hesitance to use a platform that has its infrastructure in the US, but I will say that international compliance with the US is a problem even if the infrastructure is located elsewhere. Session is a really promising option, since it's decentralized, and I'd love to see more people using it.

[–] [email protected] 2 points 9 months ago

It would be better even if they just hosted an F-droid repo for their app. If they don't trust the f-droid organization with building the app, that's fine I guess. But as I'm aware, they had said no to allf of what is f-droid.

[–] [email protected] 3 points 9 months ago (1 children)

The CEO is a Russian, the company is based out of Dubai, and messages aren't encrypted by default. In fact, only private messages can be encrypted, group messages cannot. Telegram is not a trustworthy platform and a champion for user privacy like most people think, Signal is what you're looking for.

[–] [email protected] 0 points 9 months ago

All of that is more reliable then an entity based in the US.

[–] [email protected] -2 points 9 months ago

WTF is this ignorant "I know what they want but I'm smarter" crap, if you don't know how it works you know nothing, and "what they want" you get from news.

I know of a few governments not trying to really. Like the Russian one.

Read something about its internals before saying something as stupid.

XMPP with OMEMO is secure (not for targeted attacks, in that case you'll just get a trojan on your Android device via some unclosed vulnerability and finita la comedia, or rubber hose cryptanalysis will be applied).