this post was submitted on 09 Aug 2024
200 points (97.6% liked)

Technology

59311 readers
5006 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 39 comments
sorted by: hot top controversial new old
[–] Banichan@dormi.zone 44 points 3 months ago (1 children)

Can't have secret talk amongst the peasants

[–] woelkchen@lemmy.world 14 points 3 months ago (2 children)

Telegram, including secret chats, is not blocked because Russian elites happen to use that, too.

[–] brrt@sh.itjust.works 45 points 3 months ago (1 children)

I could put on my tinfoil hat and say if signal is blocked but telegram isn’t, maybe that means that telegram isn’t as secret as they make it out to be.

[–] woelkchen@lemmy.world -2 points 3 months ago (3 children)

It's open source. Look can up the encryption yourself.

[–] Varcour@lemm.ee 21 points 3 months ago (2 children)

No need, all you have to do is read the whitepaper. they home brewed the encryption algorithm and nobody actually knows if it's worth a damn. That's not exactly a secret.

[–] Andromxda@lemmy.dbzer0.com 4 points 3 months ago

And it isn't even encrypted by default, you manually have to enable that. By default, all your plain text messages are stored on their servers.

[–] woelkchen@lemmy.world 3 points 3 months ago (1 children)

nobody actually knows if it’s worth a damn.

After all these years, security researchers still don't know if the encryption is any good?

[–] HarriPotero@lemmy.world 10 points 3 months ago (1 children)

On that level it usually falls on computer scientists. Formal methods can prove that any implementation is correct, but proving the absence of unintended attacks is a lot harder.

Needham-Schroeder comes to mind as an example from back when I was studying the things.

[–] woelkchen@lemmy.world -1 points 3 months ago (1 children)

On that level it usually falls on computer scientists.

And not a single one has been able to analyze the encryption in all these years? Fact is, Telegram is the tool the Russian opposition and even Ukrainians use to communicate without Putin being able to infiltrate.

[–] HarriPotero@lemmy.world 2 points 3 months ago* (last edited 3 months ago)

No. It kind of falls on Dijkstra's old statement. "Testing can only prove the presence, not absence of bugs."

You can prove logical correctness of code, but an abstract thing such as "is there an unknown weakness" is a bit harder to prove. The tricky part is coming up with the correct constraints to prove.

Security researchers tend to be on the testing side of things.

A notable example is how DES got its mixers changed between proposal and standardisation. The belief at the time was that the new mixers had some unknown backdoor for the NSA. AFAIK, it has never been proven.

[–] doodledup@lemmy.world 12 points 3 months ago (1 children)

They don't have reproducible builds afaik (unlike Signal). You can have a completely different code running on your phone than on GitHub.

Besides, who is using Secret Chat anyways? All default chats and group chats are unencrypted.

[–] woelkchen@lemmy.world 0 points 3 months ago (1 children)

You can have a completely different code running on your phone than on GitHub.

Just use the F-Droid version if there is any doubt.

Besides, who is using Secret Chat anyways?

Probably Russians who used Signal before.

[–] doodledup@lemmy.world 7 points 3 months ago (2 children)

The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

[–] Nonononoki@lemmy.world 1 points 3 months ago

It's reproducible if you compare it with F-droid's tarball, which has all the source code in it.

[–] woelkchen@lemmy.world 0 points 3 months ago

The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

F-Droid builds from source, so any suspicion whether the Google Play version has been tampered is completely irrelevant for the F-Droid version.

[–] catloaf@lemm.ee 3 points 3 months ago (1 children)

Can it be proven that that encryption is what's used in practice?

[–] woelkchen@lemmy.world -5 points 3 months ago (1 children)

Just use the F-Droid version if there is any doubt.

[–] Andromxda@lemmy.dbzer0.com 2 points 3 months ago (1 children)
[–] woelkchen@lemmy.world 1 points 3 months ago (1 children)

What about iOS users?

Apple is not selling iPhones in Russia after the beginning of the invasion.

[–] Andromxda@lemmy.dbzer0.com 1 points 3 months ago (1 children)

Ah yes, because everyone just throws away their phone after 2 years. People definitely haven't purchased iPhones before the invasion.

[–] woelkchen@lemmy.world 1 points 3 months ago

It's not about everyone, it's about people needing to hide their communication from the Putin regime.

[–] lemmylommy@lemmy.world 15 points 3 months ago (1 children)

Telegram is shady as fuck and also afaik only uses end to end encryption in „secret“ one on one chats.

[–] woelkchen@lemmy.world 0 points 3 months ago

Telegram is shady as fuck and also afaik only uses end to end encryption in „secret“ one on one chats.

I was very explicitly referring to secret chats.

[–] Treczoks@fedia.io 42 points 3 months ago (1 children)

Youtube, signal blocked. What is Putin afraid of?

[–] lemmylommy@lemmy.world 28 points 3 months ago

Details or continued news of Ukraines special military operation to denazify Russia?

[–] JoMiran@lemmy.ml 16 points 3 months ago (1 children)

Signal over Proton VPN Stealth protocol. All free, specifically for these types of situations.

[–] independantiste@sh.itjust.works 3 points 3 months ago (2 children)

Signal needs a phone number though

[–] JoMiran@lemmy.ml 6 points 3 months ago* (last edited 3 months ago) (2 children)

They did away with that some time ago.

EDIT: To clarify, it no longer shows the number.

https://signal.org/blog/phone-number-privacy-usernames/

[–] Wildly_Utilize@infosec.pub 11 points 3 months ago* (last edited 3 months ago) (1 children)

They never stopped requiring a phone number to sign up.

They just let you hide this from other users now

I'm planning to get a prepaid burner to try signal but I'm a bit concerned about the fact my contacts are associated with a phone #

We are using simplex ATM

[–] JoMiran@lemmy.ml 3 points 3 months ago

Yes. I clarified that in a different comment. My original reply was not meant as "Signal is the best solution" but as a heads up that Proton Stealth can not only bypass the block but also disguise the traffic if you want to continue using Signal.

[–] independantiste@sh.itjust.works 1 points 3 months ago

That's not really the issue though, if you want to stay anonymous and not tell the government you use signal, since sms is insecure

[–] Andromxda@lemmy.dbzer0.com 3 points 3 months ago

Works with VoIP numbers though

[–] treadful@lemmy.zip 8 points 3 months ago* (last edited 3 months ago) (1 children)
[–] neme@lemm.ee 3 points 3 months ago

Not seeing paywall myself, clearing cookies and other site data might also help.

[–] Socsa@sh.itjust.works 5 points 3 months ago

Snowden unavailable for comment.

[–] pineapplelover@lemm.ee 1 points 3 months ago

I wonder what messaging service the Russian govt will use.

[–] Resol@lemmy.world 1 points 3 months ago (1 children)

I hope Roskomnadzor doesn't chase after the fediverse next.

[–] Deceptichum@quokk.au 1 points 3 months ago (1 children)

How would you? You’d have to block every instance.

[–] Resol@lemmy.world 0 points 3 months ago

They could start by blocking the biggest instances, then slowly chasing after the smaller ones.

There's not an infinite amount of instances, even if new ones are made, they'll get all of them eventually. So this is basically a cat and mouse game.