balsoft

I'm not sure you should "cheap out" on headphones per se. The really cheap ones are usually horrible, both in terms of sound quality, usability and comfort (well, except for wired Apple ones, allegedly, though they never fit me right). It's just that it makes no sense to go for really expensive ones, unless you're really into audio and love hearing the tiny sound reproduction differences between them, or enjoying the different tech etc. The middle ground of $50-$100 for in-ears and $100-300 for over-ears will often offer you good/great/excellent sound quality and the same usability&comfort as more expensive ones.

Problem is not how weak or strong the encryption is

Here it's definitely part of discussion. The context was

It’s encrypted anonymous communication capabilities.

It's barely anonymous, and poorly encrypted. The latter is the reason Durov is in custody while Signal devs are scott free. He could easily turn illegal stuff over to French authorities, but doesn't.

The bigger problem is that people somehow assume this a huge threat, while all previous cases didn’t involve anything like that.

There have absolutely been cases where a backdoor/weakness/lack of encryption used to catch criminals before: https://en.wikipedia.org/wiki/Operation_Trojan_Shield https://en.wikipedia.org/wiki/Ennetcom https://en.wikipedia.org/wiki/EncroChat . I distinctly remember that there were also arrests of opposition activists in Russia based on personal messages in VKontakte, but can't find the news right now.

real criminals do their stuff everywhere (especially on telegram) for years, staying safe.

Some are staying safe, others are being caught precisely because of this.

Problem is not how weak or strong the encryption is, but that once you are under oppression and do opposition activities, you’re going to learn by yourself how to deal with it.

Using better encryption schemes is definitely part of that.

Toy may call it TLS but it’s a custom protocol.

Sure, it's mtproto. The security it provides for non-encrypted chats (which are the absolute majority of chats) is not any different from just having TLS for transport. It's potentially even worse as it's not as well-audited.

Data is not kept unencrypted on their servers, according to their docs.

That just means that they store both your data in some encrypted way and the key. They can still read it trivially. You don't even have to know the protocol to understand why: you can add new devices without having any other device online, and read all non-secret chats. It might also just mean disk encryption, in which case it's plain-text in RAM while the server is running.

telegram is not safe enough, but for some reason it is preferred by drug dealers. The lives of these people literally depend on the messenger.

Most people are technically illiterate. On top of that, most criminals are idiots (otherwise they'd have calculated risk/reward ratio rather than only looking at the reward side of things). The reason it is used by drug dealers is (1) Telegram is convenient, (2) Telegram is not moderated so they accumulate there due to "moderation selection", (3) Law enforcement didn't care enough to do anything about that. Now that (3) has changed and (2) is on shaky grounds, I expect a lot of them will move elsewhere.

Signal chats can read messenger developers with basic hack (add one more person in chat and collect messages on disk)

How exactly do you think that would work? To add a new recipient the client needs to explicitly encrypt messages with a key available to that recipient. What command in the Signal protocol would trigger that action without first establishing trust in the recipient? (FYI when adding a new device, there is a key-exchange and verification process, which requires access to some other device with keys already on it).

Tell me how Durov, or someone else get access to my one-to-one crypto chat, if I compile mtproto self from github?

As a separate statement: they can't (probably).

In context of the discussion: they don't need to, because secret chats are so inconvenient and fussy that they are seldom used. There is a lot of crime happening in public groups/channels, in "private" groups chats that can not be encrypted, or in 1-on-1's that are not secret. Telegram has the ability to stop all of that with just some moderation, or turn messages over to the authorities, but they don't. Which is precisely why Durov is in custody right now. If he actually made a messenger with good, convenient end-to-end encryption, he would be in the same situation with Signal authors, who have perfect deniability since they can't read anything their users have sent up until this point.

Bullshit.

If you want protect yourself for random network administrator on your network line, of course.

Telegram and Signal both use TLS. They are identically secure from transport-level attacks.

If you want protect from anyone (government for example), of course not.

Of course yes. If you want a more private group chat, or an actually useful 1-on-1 encrypted chat that works across multiple devices, Signal is the only option (out of the two, there are way better alternatives like XMPP and Matrix). For 1 device-on-1 device E2E chats, Signal and Telegram are about the same level of security, except Telegram's protocol sees less scrutiny from the crypto community.

As telegram. If you think that some drug dealers create public chats with sell drugs, so… you are wrong. All work with darknet. In telegram all of them use only private one-by-one crypto chats.

LOL. I see drug ads on the street all the time. The one time I checked, it pointed to a publicly available Telegram bot.

If Signal was to pull a MITM, it would have been noticeable as it requires active intervention in the protocol (it hasn't been noticed yet), it would destroy all plausible deniability for them going forward, and it wouldn't be possible on existing chats (once the key exchange between two parties happens, it's impossible to do MITM). Telegram can just straight up read your messages, past, present and future, do whatever they want with them, with no way for anyone to check if that happens. It's two different tiers of communication security.

To quote another commenter,

You clearly have no idea what you’re talking about.

There’s user to server encryption, just not e2e.

That's exactly what the comment said: The only encryption that applies to most chats on that platform should be transport encryption via TLS. It's about the same level of encryption as Lemmy PMs.

The fact that Telegram doesn't cooperate with French authorities doesn't mean that it doesn't cooperate with other authorities or sell your data to the highest bidder. They have all the technical means for it.

Don't use a regular Telegram chat if your life depends on the messages being private. Use XMPP, Matrix with E2EE, or at the very least Signal. Heck, even WhatsApp is (reportedly) better, as it claims to provide E2EE and that's been checked by some security professionals who have been given access to the source code. If you absolutely must use Telegram for something like that, only use secret chats.

Telegram is categorically less encrypted than Signal for most chats. It's mostly the same level of security as Facebook Messenger, Instagram DMs, even Email (SMTP/IMAP over TLS) or SMS: it only encrypts communications between the client and the server. Telegram can read everything you send in regular chats. The only way to get end-to-end encryption (such that Telegram technically can't access your communication) is by starting a fussy and inconvenient "secret chat". It can only be done between two people (so no E2E group chats at all), only when both are online at the same time, and it only works on the devices on which the secret chat was initiated and accepted; in other words, as a frequent user I've only used it once for some really sensitive personal information. Even then Telegram still has access to a lot of metadata about messages: phone numbers of both parties, when the messages are sent, how big they are, etc.

I'm not saying that cooperating with intelligence/LE agencies is always an ethical, or even a good choice, but Telegram demonstrably had the ability to do so.

Navalniy and his team openly supported the annexation of Crimea (and destruction of Ukrainian and Crimean Tartar culture).

Not really: https://www.nytimes.com/2014/03/20/opinion/how-to-punish-putin.html ; this is just days after the annexation. I'm no fan of Navalny for various reasons (his nationalist views, xenophobic comments and narratives, etc), but he was very much against all Putin's shenanigans in Ukraine, and vehemently anti-war.

The recently exchanged “dissidents” also showed their true colours by supporting the annexation of currently occupied territories in Ukraine.

What are you on about? Name one of them who supported the war. Most of them were jailed due to their anti-war positions.