“That’s why Telegram Secret Chats never show message content in push notifications. Since 2013, Secret Chats have remained the most secure usable way to communicate. US gov funded Signal has too many questionable dependencies on other US companies (AWS, MS, Intel SGX…)”
”Turning off notification previews won’t remove the risk — you never know whether the people you message have done the same. Telegram’s Secret Chats design is the only solution. Disabling previews hurts usability, hence two types of chats: Secret and Cloud.”
The way that defends his own app by dismissing users in his thread…
I mean, I’m pretty sure he relies in other proprietary services too, like Google billing APIs for TG Premium. Talks like his app is bullet-proof, and it’s not even E2E by default.
This does make me wonder, though: is there any mechanism in Signal we can use to prevent our message contents from appearing in the recipient’s notifications regardless of how they have configured the setting to do so? It was hard enough to get my friends and family to start using Signal as it is, and in most cases, I’m not sending anything I would be worried about, so I do not think it is feasible or reasonable to convince them to accept such a huge loss of convenience from what they are used to for the few times when I send messages I would be worried about.
So 99% of your users aren’t even using an e2ee messenger and therefore their chats are vulnerable to data breaches and remote LE requests. I will say that is probably a teeny bit worse than needing to break into a confiscated iPhone.
No, and there won’t be. Regardless of service used, the only way is that all participants in conversation are equally aware of risks and consequences.
It is similar with 3rd party apps and matrix bridges. You can not be sure what other side is using on their device. Even you agree to use e.g. Signal, without notification messages, they can install some malware app, leave unlocked phone on train station, etc.
Maybe solution is to call (via Signal) and say important thing, or even better, meet in person.
…and if I am? Unfortunately, I think a lot of people I know are at higher risk of such than they realize.
To a certain extent, yes, of course. Everyone should be aware of the risks and consequences. But at the same time, I can still see something like this helping to reduce risk.
For example, it is much easier for me to personally verify that they install a legitimate version of Signal than to make sure they keep a specific setting enabled. From there, their OS and app store can make sure updates are valid. They could install some other malware, yes, or leave their phone unlocked in public, yes, but those are both situations that I think are more likely to be immediately and obviously unwanted by the average person, and they are more likely to want to prevent such things actively without my pressuring them to do so.
For particularly important things, yes. But even outside of that, I think it would be nice to be able to do so for things that are “potentially risky to say, perhaps in the future if not now”. I am not terribly concerned that the FBI is going to find out that I tell my mom I love her. If I were telling her about my plot to take over the world, obviously I would be. If I were discussing politics in general with her? It would seem like overkill to both of us to meet in person or call every time such a topic came up, but at the same time, it isn’t completely out there to think that discussions about politics could put us at risk at some point in the future.
At the end of the day, it isn’t a huge deal for me, personally, but I do think it would be a relatively cheap feature to add (as the machinery to hide the contents of a notification already exist), and I can only see it improving the situation, or at worst, making no difference.
Since 2013, Secret Chats have remained the most secure usable way to communicate.
Ah yes, the secret chats that
Are not available for groups so 0% of group chats use them
Are not enabled by default so 99% of users don’t use them at all
Are not available for any desktop clients so you can’t use them without forcing you and your contact (who’s always lazier than you) to whip out the phone hundreds of times per day, when the desktop-client is alt-tab away, and thus that is unusable in practice and thus only exists on paper and online debates about Telegram’s supposed security. So 80% of users who try Secret Chats eventually give up using them giving Telegram access to all messages.
When enabled, yield extremely valuable metadata about user explicitly trying to hide their communications from Telegram with a selected contact.
The secret chats that are / have been riddled with issues from
2⁶⁴ complexity attack, to
IND-CCA vulnerabilities, to
graphical-pixel-map-only safety numbers you can’t communicate over authenticated line
The grifter in charge tries to gaslight people into thinking E2EE comms is an item on a feature list you can glue on top, like stickers. It’s not. E2EE is the foundation of the application, and you build all features over that foundation. Like Signal does.
EDIT: Oh whoa, I expected the Twitter thread to be like 90% of TG shills doing damage control. Instead it’s 95% annoyed people calling them out.
I don’t think there is any idiot-proof solution for privacy. And when i write “idiot-proof”, i don’t mean to insult anyone, the idiot can be me or anyone at times. It’s just an expression to qualify an architecture and emphasise that whatever the tool, the weakest points of a communication between two humans are often the two humans. Even if there was a perfect setting imposed to your friends, you can never be sure they won’t just say or share what you sent to someone else, they won’t ever be drunk, they won’t ever be blackmailed etc. At some point there is a tradeoff between what you need to send, your trust in the recipient’s capacity and will to keep it secret, and some acceptance that when sending/sharing/saying something to someone, you don’t fully control that “something” anymore. For example, remember how the world learned about top secret US stuff despite the use of Signal: United States government group chat leaks - Wikipedia
I’ve always wondered whether Telegram is permitted in some places because it has known weaknesses certain governments are privy to.
Signal on the other hand, has a much smaller surface area (less bullshit features) and far more scrutiny put into the crypto the actual thing that keeps your information confidential.
Telegram is about as secure as Discord, IRC or a public matrix room with no encryption enabled. I wouldn’t use it with any expectation of real privacy.
Proving any links to states is next to impossible and if one could show show credible link to FSB/SVR they’d probably get offed by the agency quite fast. If Telegram is an op, it’s one of the biggest on the planet. But whether it is or not, doesn’t matter that much: In any case, it is one set of zero day exploits away from leaking 800M users’ data, and all major nation states have such exploits. If the spy teams of major nation states haven’t pwned Telegram severs by now, they deserve to get fired for not taking the lowest hanging fruit out there.
I’m not sure that’s what I had in mind, more a friendly firm that will collaborate on some occasions where the state asks it to, rather than an actual back door.
Remember most people don’t actually use secret chats therefore there is no encryption on most conversations, unlike Signal which doesn’t have an unencrypted mode.
If there were any links, i doubt it would be with FSB or so, since Russia has now totally banned Telegram ( Blocking of Telegram in Russia - Wikipedia ) or is about to do it.
Signal could improve the notifications situation if the default for notifications was “No name or message”.
If the user selects one of the other two options, Name or Name And Message, then a warning could be displayed and after that’s set, a “Are you absolutely sure? This is a privacy leak.” type of response the user would have to agree to.
Lack of E2EE is the backdoor. It’s a front door to security researchers, and backdoor to users who have no understanding how the protocol really works.
There’s no overlooking the fact that Telegram intentionally portrays to be more private than WhatsApp, despite having no E2EE. They claim to use MTProto for all messages (true), and they say their E2EE protocol is called MTProto (true). What they don’t say out loud is that the insecure client-server encryption is ALSO called MTProto, and that Telegram doesn’t default to E2EE messages under any circumstances.
Durov has had the ‘Fuck You Money’ to employ a team of cryptographers, full time, to port entire TG system to E2EE: all 1:1 chats and all non-super-groups, since they started. The only reason Telegram doesn’t do that, is because Durov has a reason for it not to.
Instead they’ve created “Telegram Support Force”, a team of useful fools (Russian propaganda technique) to promote Telegram’s view on forums, about these things are supposedly supposed to be done. This is money wasted. They could’ve instead addressed the underlying issue.
Remember most people don’t actually use secret chats therefore there is no encryption on most conversations
I find it really weird you missed my detailed dissection of this very thing in my first post on this thread.
Yes, what could Russian intelligence establishment, that wrote half the books on misdirection, know about creating honeypots.
They don’t need to spy on Russians on TG if they can force every Russian to use MAX. They will need a way to spy on everyone else, and Durov who supposedly lives in exile, and who “fights” the Russian state, is their best bet. So let me pose it this way, if Durov lives in exile in the fear of Putin, why has he returned to Russia over SIXTY times? https://kyivindependent.com/kremlingram-investigation-durov/ How has Putin failed to detain him at the airport and throw him to the cell that belonged to Navalnyi? Exactly.
