It’s official. Your private communications can (and will) be spied on - European Digital Rights (EDRi).
On 6 July, the European Parliament adopted in a final vote the derogation to the main piece of EU legislation protecting privacy, the ePrivacy Directive, to allow Big Tech to scan your emails, messages and other online communications.
Read in full here:
This thread was posted by one of our members via one of our news source trackers.
I used it ages ago, then deleted it, then reinstalled it and weird stuff started happening like phone calls from withheld numbers! No idea if it was connected but I deleted it and they stopped (probably just a coincidence!)
I too am using Telegram but it’s a far cry from the secure messaging platform it’s touting to be.
In a nutshell:
end-to-end encryption is not enabled by default, your regular chats are not encrypted, only “secret” chats are
for their end-to-end encryption they’re relying on a homegrown encryption, which makes it questionable at best how secure the encryption is and violating the first rule of cryptography: never roll your own
their HQ has been ping-ponging around, including Berlin, Singapore, London, somewhere in Russia, and now Dubai; when their HQ was supposedly in Berlin I was unable to find out where exactly, which they legally have to specify under German law AFAIK
At best all of this makes Telegram odd and at worst sketchy and untrustworthy. Decide for yourself.
Really baffling post you made here. On the surface it seems to show super strong negative bias based on very flimsy “evidence”. I might be wrong but, just a general impression.
And I very strongly disagree with you here – for a change, I guess?
…And? Are you a dissident journalist or an enemy of the state? I am not, and so aren’t 99.9% of all people.
You think WhatsApp and Apple Messages are end-to-end encrypted? They are not. Keys to the kingdom are right there in their HQ. Are there even any end-to-end and fully audited messengers today? IMO no and it’s a sad reality but I am trying to be a realist. Telegram, if it is like all others, at least is super convenient to use. So it seems like the least evil option.
Has Threema been ever audited?
Questionable? Yes, I agree, because we can’t see what’s going on exactly. Does it prove anything? No. They might hide it because else it might help adversaries? I will immediately agree that security through obscurity is a terrible practice, sure. But show some benefit of the doubt.
Signal hasn’t been forthcoming on their exact mechanisms as well. Moxie has been getting defensive when asked in a bit more detail and it left a sour taste in my mouth when I read about Signal’s practices some months ago.
…and why is 100% transparency the virtue here, by the way? Older versions of RSA were “100% transparent” as well until it turned out the NSA supplied predictable randomness function to it so it made it more or less easy to brute-force.
So is transparency the real hero we must look up to? One would think so but history has proven that hero to not be universally virtuous. So I have my doubts.
…And this is bad, because why exactly? I don’t follow. Again, benefit of the doubt: they might be under fire because they refuse to install backdoors. Durov at least claimed that’s why he ran away from Russia. Seems plausible to me. But not to you, it seems? Can you clarify further here?
“Far better alternatives” based on what criteria exactly, please?
Telegram is widely recognized as one of the best chat UX that is out there today, even in very conservative circles like HN (where it also periodically falls under fire due to people who can’t get over the fact that the “USA vs USSR” rhetoric doesn’t exist for decades now but it somehow very often turns into an ideological debate for reasons unknown – that’s a separate topic however).
The app has zero lag, has very convenient interface with many keyboard shortcuts (a rare blessing these days), is super easy to use, is very customizable, and is widely supported on all major OS-es. Signal in the meantime is barely limping along synchronizing histories which sometimes needs a full device or SD card wipe to function well (testified by people in Reddit and HN). Telegram just asks you to authenticate and you have all your chats in a minute.
“Far better alternatives” just thrown in your post like this makes me wonder if you argue in good faith. If I am reading you wrong then you’ll absolutely receive my sincere apologies but currently I find it hard to understand why did you say it. It’s not based on anything actually objective and provable. Just a subjective opinion (like mine).
I did, and as promised, you have my apologies. This is due to many people showing very unreasonable bias against Telegram, and one I don’t share, simply because people’s stance during those discussions often is:
I don’t like Telegram because they say stuff I don’t believe.
I like Whatsapp because they say stuff I believe.
…How is that a good argument, or a factual discussion at all? These arguments inevitably devolve into a belief war, one I am not willing to fight but one I’m very willing to point out and identify that it exists.
I agree with that but I don’t share your faith in Whatsapp / Threema. And it’s only that: faith.
Apple’s iMessages might be end-to-end encrypted – not sure – but their iCloud backups are encrypted with a master key that only Apple has. All it takes is one knock on the door from FBI / CIA / NSA et. al. and they’ll have any chat history they like. The only solution is to turn off iCloud which is only a technical possibility because it’s not a realistic usage scenario for a lot of people.
I did some digging on WhatsApp but sadly the 2-3 articles I’ve read about two years ago – that said that WhatsApp provides golden keys to authorities – are no longer around (makes you think about how permanent or unbiased the internet really is… what happened to freedom of speech and acknowledging the dissenting voices?) so we’re left with the official PR fluff pieces which I have no reason to trust blindly. Facebook is really big and has influence. You think they aren’t in bed with authorities? I personally am very sure that they are but, yet again, belief war right?
I don’t trust US-based companies in general. Even if they have the very best and purest of intentions the justice system there is completely broken. If they want to get your data, they will. A famous example:
Remember Lavabit shutting down because of Snowden? They basically said “we couldn’t do anything legal to prevent the US intelligence agencies getting your data so we prefer to shut down and nuke the data”. What does that say about all US companies? To me it says “if you want privacy, don’t trust anything US-based”. (Although I wonder how can you do that, like 50% of the internet is hosted in AWS anyway. )
Additionally, Moxie rejects the idea of LibreSignal using Signal’s servers and branding (says as much on the Wikipedia page). Why not? He only said “federation is not as relevant today as it was a while ago”. Is that a good explanation?
You talk about “sketchy” and “untrustworthy”, I think it’s only fair we include this piece of info in that area as well.
I mean OK, you can think Durov is shady and I am not going to try and refute a belief with another belief (which I don’t hold strongly) but Moxie doesn’t look very good either. Reading through his various statements, he seems hell-bent on promoting privacy (and his own product) while having no problems defending his own territory like every savvy business owner. How much credibility does that take away from him? To me – a lot.
Absolutely, I am all for it. But if we judge Telegram, then please factually and beyond any doubt prove that Threema and Whatsapp are doing better. What they say is of no interest to anyone with a critical thinking ability. Of course they’ll claim they are secure. That’s a modern marketing funnel and everybody and their dog is claiming that their products are secure. Empty words.
I never questioned that I want our comms private and I will absolutely never use the completely flawed argument of “I have nothing to hide”. I’m 100% on your side there.
I am only saying that I doubt it that anyone is really actually trying to do it (Telegram included; I am sure they haven’t lost sleep worrying about the privacy of our chats… but then again, nobody is). That’s all really.
OK, I can stand corrected on that but I am 50/50. Not like people haven’t bought green approval badges in the past so I wouldn’t believe anyone saying they were thoroughly audited (and I don’t believe Telegram was as well, for what it’s worth).
I am saying this: transparency gives you some extra points. It doesn’t completely nullify any objections against your product. As an example I cited the previously-broken RSA encryption by NSA. The whole thing was transparent alright, minus one detail that people didn’t think to inspect for a long time.
I never said closed source is better. I am just skeptical if open source really improves things as much as people seem to believe.
Same as we only have the word of Whatsapp and Threema. Let’s judge all fairly and equally.
I probably could have collapsed all my replies into two sentences and probably should have because I’ve spent an exorbitant amount of my Saturday on this discussion (but that’s 100% on me of course):
“Well, it’s only your opinion. Without us being able to look under the hood the whole thing is just ‘my belief is better than yours’ so we can never truly agree during such a discussion.”
In the end, my main goal was not to shill for Telegram. Meh. I have nothing to gain for it. It’s just super convenient for me but I’d have zero qualms ditching it tomorrow if the need calls for it. The truly important people in my life I can reach through multiple comm channels – I am a paranoid techie and I took care of that long ago.
My main point here is: let’s judge everyone equally. And when Telegram is mentioned, many people – you included – seem willing to just believe in other parties’ claims and just take them on their word without any criticism, while inspecting Telegram closely under a looking glass for every single thing they say or publish on their website.
I would like you to recognize that this is not a fair treatment. It smells of negative bias.
Finally, I prefer to think this:
“They are all backdoored and any intelligence agency can get any chat history they want as long as they put the effort for it”.
Convenience, dude. I want to press a button, type my message, press Send and be done with it. I get all the benefits from end-to-end encryption but my life doesn’t only revolve around technology. If it can’t be convenient then meh.