Telegram is indistinguishable from an FSB honeypot
-
This post did not contain any content.
-
This post did not contain any content.
What jurisdiction does the FSB have over you? None, and it has zero interest in helping those that do. This is the rationale for not worrying about backend security on Telegram. Transport security is a another question.
-
This post did not contain any content.
The two decisions Telegram made (choice of infrastructure provider who happens to cooperate with the Russian FSB, and attaching a cleartext device identifier to encrypted messages) taken together reinforce surveillance capability of the FSB considerably more strongly than either of these decisions would have on its own.
-
This post did not contain any content.
For every smart educate person it is obvious that Telegram is honeypot created by Russian-Dubai oligarch
-
This post did not contain any content.wrote last edited by [email protected]
Telegram is very successful in getting people off Meta's ecosystem. It has open source clients and very good Linux support.
This is why western media is obsessed with Telegram and spend a lot of time smearing it.
-
Telegram is very successful in getting people off Meta's ecosystem. It has open source clients and very good Linux support.
This is why western media is obsessed with Telegram and spend a lot of time smearing it.
Telegram literally stores all your messages, metadata, etc. in plain text on their servers. This means that it provides considerably worse security than even proprietary messengers, such as WhatsApp and Facebook Messenger. Telegram has an option for encrypted chats, but it's not available for groups, lacks support for voice and video calls, and Telegram deliberately goes out of their way to make the experience of using encrypted chats as painful as possible.
You're even better off using WhatsApp, but if you actually want a good messenger, switch to Signal. It's free and open source (both the clients and the backend server), developed by a nonprofit organization, and it's basically the gold standard for encrypted communications.
-
Telegram literally stores all your messages, metadata, etc. in plain text on their servers. This means that it provides considerably worse security than even proprietary messengers, such as WhatsApp and Facebook Messenger. Telegram has an option for encrypted chats, but it's not available for groups, lacks support for voice and video calls, and Telegram deliberately goes out of their way to make the experience of using encrypted chats as painful as possible.
You're even better off using WhatsApp, but if you actually want a good messenger, switch to Signal. It's free and open source (both the clients and the backend server), developed by a nonprofit organization, and it's basically the gold standard for encrypted communications.
nothing you say will make me use a closed source app like whatsapp.
-
nothing you say will make me use a closed source app like whatsapp.
Literally no one here is advocating for the use of WhatsApp. Stop making up straw man arguments.
-
Literally no one here is advocating for the use of WhatsApp. Stop making up straw man arguments.
Just above you said "You’re even better off using WhatsApp".
I will use Signal if Signal devs get over their hate of F-Droid.
-
Just above you said "You’re even better off using WhatsApp".
I will use Signal if Signal devs get over their hate of F-Droid.
You're better off using WhatsApp compared to Telegram, but that's a very low bar, and it absolutely doesn't mean that anyone should use WhatsApp.
Signal, Threema, Wire and SimpleX are far better options. I prefer Signal, because it's very easy to use, the UI/UX is basically the exact same as on WhatsApp. It's also free, unlike Threema, and uses either phone numbers or user names as identifiers, unlike SimpleX, which requires you to share a QR code.
Signal is also the most popular of these messengers, so there's a larger chance that someone is already using it.As for F-Droid: It's not a good way of distributing such privacy/security-relevant apps like Signal. F-Droid doesn't have certificate checks built in, thus the APK could easily be modified without the user ever noticing. Again, I don't like Google, but you're better off downloading Signal from the Play Store.
The best option is to use Obtainium and automatically fetch the latest version of the Signal APK directly from their website https://signal.org/android/apk/
That way, you're at least getting the app from an official source, built and signed by the Signal developers, not a random third party.You can use AppVerifier to verify the integrity of the downloaded app aginast the certificate fingerprint on the website.
-
You're better off using WhatsApp compared to Telegram, but that's a very low bar, and it absolutely doesn't mean that anyone should use WhatsApp.
Signal, Threema, Wire and SimpleX are far better options. I prefer Signal, because it's very easy to use, the UI/UX is basically the exact same as on WhatsApp. It's also free, unlike Threema, and uses either phone numbers or user names as identifiers, unlike SimpleX, which requires you to share a QR code.
Signal is also the most popular of these messengers, so there's a larger chance that someone is already using it.As for F-Droid: It's not a good way of distributing such privacy/security-relevant apps like Signal. F-Droid doesn't have certificate checks built in, thus the APK could easily be modified without the user ever noticing. Again, I don't like Google, but you're better off downloading Signal from the Play Store.
The best option is to use Obtainium and automatically fetch the latest version of the Signal APK directly from their website https://signal.org/android/apk/
That way, you're at least getting the app from an official source, built and signed by the Signal developers, not a random third party.You can use AppVerifier to verify the integrity of the downloaded app aginast the certificate fingerprint on the website.
I don't trust an app that tells me to download from Google Play. Sorry, not going to happen. Signal has too many red flags.
-
I don't trust an app that tells me to download from Google Play. Sorry, not going to happen. Signal has too many red flags.
I don't trust an app that tells me to download from Google Play.
So almost any Android app in existence?
-
I don't trust an app that tells me to download from Google Play.
So almost any Android app in existence?
No, but an app like Signal claiming to care about privacy should at least make an effort to be on the largest open source appstore. The fact they don't, despite very loud complaints from the community, makes me question their commitment to privacy and security.
-
No, but an app like Signal claiming to care about privacy should at least make an effort to be on the largest open source appstore. The fact they don't, despite very loud complaints from the community, makes me question their commitment to privacy and security.
Again, I just explained to you that the "largest open source app store" is an insecure mess and isn't suited for apps like Signal. You don't need to use Google Play, you can find the APK on GitHub, or the Signal website, together with the certificate fingerprint.
makes me question their commitment to privacy and security.
That doesn't make sense. F-Droid neither secure nor trustworthy. Signal not being on F-Droid is a good security choice. I recommend reading through this thread.
-
Again, I just explained to you that the "largest open source app store" is an insecure mess and isn't suited for apps like Signal. You don't need to use Google Play, you can find the APK on GitHub, or the Signal website, together with the certificate fingerprint.
makes me question their commitment to privacy and security.
That doesn't make sense. F-Droid neither secure nor trustworthy. Signal not being on F-Droid is a good security choice. I recommend reading through this thread.
Signal devs accuse f-droid for not being secure, but do not offer any convincing arguments to back it up. Just saying it doesn't make it so.
F-Droid works. I have 20+ apps installed on my phone from F-Droid. I am not going to go back to installing apks from website or Google Play just so that I can use Signal.
-
Signal devs accuse f-droid for not being secure, but do not offer any convincing arguments to back it up. Just saying it doesn't make it so.
F-Droid works. I have 20+ apps installed on my phone from F-Droid. I am not going to go back to installing apks from website or Google Play just so that I can use Signal.
I linked you to a whole page of evidence, explaining the significant security issues in F-Droid before.
Here's that link again: https://privsec.dev/posts/android/f-droid-security-issues/
Just read it
-
I linked you to a whole page of evidence, explaining the significant security issues in F-Droid before.
Here's that link again: https://privsec.dev/posts/android/f-droid-security-issues/
Just read it
I read that article and had a good laugh about it. It is nonsensical. It does raise good points occasionally, but that is drowned by nonsense.
