this post was submitted on 12 Jun 2024
106 points (93.4% liked)

Ukraine

7678 readers
732 users here now

News and discussion related to Ukraine

*Sympathy for enemy combatants in any form is prohibited.

*No content depicting extreme violence or gore.

founded 2 years ago
MODERATORS
lisko@sopuli.xyz
doo@sh.itjust.works
Burstar@lemmy.dbzer0.com
106
Signal’s founder warns Ukrainians about using Telegram. Here’s why (www.fastcompany.com)
submitted 3 weeks ago by Beaver@lemmy.ca to c/ukraine@sopuli.xyz
31 comments fedilink hide all child comments
all 32 comments
sorted by: hot top controversial new old
[–] HelixDab2@lemm.ee 42 points 3 weeks ago

Reached for comment, a spokesperson for Telegram disputed that data is stored in plain text on the company’s servers, saying “everything stored in Telegram’s cloud is securely encrypted.” The spokesperson also said, “This kind of FUD is not surprising, coming from a minor competitor (and typical for this one). That said, we can confirm that we have neither developers, nor [servers] in Russia and we don’t see any of the mentioned risks.”

Okay, so, the spokesman said, a. No Telegram developers are in Russia, and b. There are no Telegram servers in Russia. Pretty straightforward, right?

...Except that's not what Marlinspike said at all. What they actually said was,

Every msg, photo, video, doc sent/received for the past 10 yrs; all contacts, group memberships, etc are all available to anyone w/ access to that DB

Many TG employees have family in Russia. If Russia doesn’t want to bother w/ hacking, they can leverage family safety for access.

The Telegram spokesperson didn't actually address any of the claims made by Marlinspike. They didn't even talk about having a database that stored messages, and then strawmanned the arguments about how Russia could gain access to said database. It's not the FSB knocking on a developer's door demanding access to the database, it's the FSB calling a developer and letting them know that their uncle is in custody, and something bad might happen if they aren't given the access they're asking for.

Seriously, don't use Telegram for anything that needs to be secure.

[–] Beaver@lemmy.ca 22 points 3 weeks ago (2 children)

More Ukrainians should also look into the Matrix protocol as it is end to end encrypted, the service is decentralized and the company that is behind the protocol is based on the UK.

The app element is good app to get started.

Ukraine could have multiple matrix servers for everyone to use.

5 for civilians. 8 for military branches and 3 for government.

[–] skillissuer@discuss.tchncs.de 15 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

polish MoD has siloed matrix instance that they use for their own communications, with their own client. it's e2ee but not for classified information

[–] Beaver@lemmy.ca 5 points 3 weeks ago (1 children)

Damn that’s great inspiration!

Is there a reason for it not being e2ee for classified information?

[–] skillissuer@discuss.tchncs.de 9 points 3 weeks ago* (last edited 3 weeks ago)

maybe they feel it's not safe enough. client is called DSI Merkury 2.0 if you want to look it up more closely

e: lol it's just element clone, they even left original theme in the same shape. it has forced 2FA and as governmental app could be tied to governmental qualified electronic signature infrastructure (every citizen can get one for free) but not sure about it

behold this pixellated screencap:

[–] narc0tic_bird@lemm.ee 12 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

[...] the most secure messaging app in the world, Signal.

That's a very bold claim the author of the article makes.

[–] doodledup@lemmy.world 33 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

I'm not aware of any messenger that is more secure. In fact, almost every other encrypted messenger uses the same algorithm.

It might not by the most anonymous messenger (as there is Session and Threema for example that don't require a phone number) but it's probably the most secure.

[–] Hawke@lemmy.world 8 points 3 weeks ago (1 children)

Signal no longer requires a phone number either.

[–] doodledup@lemmy.world 7 points 3 weeks ago (1 children)

It does. You can share your username with others. But for registering it still requires one and your account is still linked to one.

[–] Hawke@lemmy.world 1 points 3 weeks ago (1 children)

Well, that’s true but it barely affects anonymity.

All that can be determined from that is that the number in question has a signal account, and how recently the account has checked for messages. It doesn’t tie messages or contacts to the number. (Any more)

[–] narc0tic_bird@lemm.ee 2 points 3 weeks ago

Well even then it's not the most secure but one of the most secure, no?

[–] INHALE_VEGETABLES@aussie.zone 1 points 3 weeks ago (3 children)

Here is where I gave up reading lol

[–] missphant@lemmy.blahaj.zone 13 points 3 weeks ago (2 children)

WhatsApp does use that same Signal protocol for its messages but that's very poor writing considering all the tracked metadata arguably makes it just as insecure as Telegram.

[–] Zorsith@lemmy.blahaj.zone 14 points 3 weeks ago

Ownership by Facebook renders WhatsApp inherently untrustworthy.

[–] Yearly1845@reddthat.com 0 points 3 weeks ago (1 children)

So the Hunter Biden case is a complete farce but I found it alarming that they were proving WhatsApp messages as evidence during the trial. Clearly the messages aren't encrypted against Meta, or they hold keys users don't know about or they wouldn't be able to furnish messages.

[–] partial_accumen@lemmy.world 19 points 3 weeks ago (1 children)

Or possibly a user's phone who was a party to the Whatsapp conversation was collected as evidence and unlocked by the user.

[–] Yearly1845@reddthat.com 4 points 3 weeks ago

Good point, had not considered that.

[–] Dayroom7485@lemmy.world 6 points 3 weeks ago

I might be missing the point, but isn’t this a decently dumbed-down description of the difference between services that are end-to-end encrypted and those that are not?

[–] borari@lemmy.dbzer0.com 1 points 3 weeks ago (1 children)

Are you saying that is wrong?

[–] INHALE_VEGETABLES@aussie.zone 0 points 3 weeks ago (1 children)

'Truly secure' and 'whatsapp' don't belong in the same sentence, I don't know what else to say but that it is laughable.

[–] borari@lemmy.dbzer0.com 2 points 3 weeks ago

Ah, gotcha. I thought your gripe was with the encrypted vs end to end encrypted bit.

[–] beerclue@lemmy.world 5 points 3 weeks ago (1 children)

Reached for comment, a spokesperson for Telegram disputed that data is stored in plain text on the company’s servers, saying “everything stored in Telegram’s cloud is securely encrypted.” The spokesperson also said, “This kind of FUD is not surprising, coming from a minor competitor (and typical for this one). That said, we can confirm that we have neither developers, nor [servers] in Russia and we don’t see any of the mentioned risks.”

[–] CrypticCoffee@lemmy.ml 9 points 3 weeks ago

Haven't Telegram been throwing shade for a while at competitors?

People in glass houses should not be throwing stones...

[–] skillissuer@discuss.tchncs.de 3 points 3 weeks ago (1 children)

they said the same about matrix

[–] Beaver@lemmy.ca 3 points 3 weeks ago (1 children)

Could you please offer a source for that claim?

[–] skillissuer@discuss.tchncs.de 1 points 3 weeks ago (1 children)

i don't have it on hand, but dessalines had some receipts about it ("Why not Signal" piece)

[–] Beaver@lemmy.ca 1 points 3 weeks ago (1 children)

I will look in that direction.

[–] skillissuer@discuss.tchncs.de 5 points 3 weeks ago

notice that dessalines covers a very specific threat model and signal would still be an improvement over, say, whatsapp