this post was submitted on 14 May 2024
121 points (85.0% liked)

Privacy

32103 readers
927 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
all 50 comments
sorted by: hot top controversial new old
[–] jet@hackertalks.com 62 points 6 months ago (4 children)

Yes there is FUD around signal. But they are not offering any better solutions.

Signal has some structural issues, and isn't a good solution for all threat models (i.e. if your a government who doesn't fully trust the USA, then signal isn't for you)

Any conversation that doesn't talk about briar, simplex, etc is deeply flawed since only they attempt to address the fundamental structural issues with signal.

Don't use that centralized chat service, use THIS centralized chat service - is just FUD... and isn't a helpful conversation.

[–] Count042@lemmy.ml 6 points 6 months ago (1 children)

Don't use a centralized chat service. Use a decentralized chat service. XMPP uses the same encryption for it's e2e encryption, is decentralized, and super light weight for both the server and the client.

[–] onlinepersona@programming.dev 37 points 6 months ago (2 children)

And "super easy" to use. To get your friend onto it, first you have to host a server, then they have to install a client with an interface from the 90s, activate the XEPs for encryption on their client and ensure the server supports it too, exchange usernames, create an encrypted connection and exchange random codes over another medium to ensure you're talking to the right person.

NOW you can start chatting with the other person and hope the server doesn't crash. ECPC

Anti Commercial-AI license

[–] drwho@beehaw.org 5 points 6 months ago (1 children)

XMPP is nice, but OMEMO is brittle.

[–] EngineerGaming@feddit.nl 2 points 6 months ago (1 children)

Haven't ran into issues with it yet, and this is my preferred PM method. When does it break?

[–] drwho@beehaw.org 1 points 6 months ago

One account, multiple devices logging into it (in my use case, personal laptop, work laptop, two phones).

[–] Count042@lemmy.ml 2 points 6 months ago

Or, you can skip the unhinged rant, use monocles or dino, and a public server.

Also, hosting a server is much simpler than something like matrix. You can host an xmpp server on a pi and that is more than enough. Or, just use a public server.

So difficult.

I like how you included steps that absolutely aren't required and haven't been for like a decade to make your statement more hyperbolic.

[–] umbrella@lemmy.ml 4 points 6 months ago (1 children)

if your a government who doesn’t fully trust the USA, then signal isn’t for you

how? i tought it was e2ee and open source?

[–] jet@hackertalks.com 4 points 6 months ago (1 children)
[–] Forbo@lemmy.ml 4 points 6 months ago (1 children)

The security of your key is determined by the strength of your passphrase. Am I missing something?

[–] jet@hackertalks.com 2 points 6 months ago* (last edited 6 months ago)

https://hackertalks.com/comment/3441244

Uploading your private key to the cloud is a very risky thing to do regardless of your threat model. And there are many threat models that absolutely cannot do that. So it is worth indicating as one of the weaknesses of signal

[–] Scolding0513@sh.itjust.works 2 points 6 months ago

the best answer

[–] CaptainSpaceman@lemmy.world 50 points 6 months ago (1 children)

Telegram isnt really e2ee so he wants to champion the less secure option. Gee, I wonder why?????

[–] Rose@lemmy.world 23 points 6 months ago (1 children)

Its Russian founder recently praised Musk in an interview for Tucker Carlson.

[–] fruitycoder@sh.itjust.works 7 points 6 months ago (1 children)

Is narcissistic disorder a prereq to be a billionaire or is it just a common symptom of having too much wealth for some.

[–] DrJenkem@lemmy.blugatch.tube 7 points 6 months ago* (last edited 6 months ago)

Yeah sort of. I think those types of disorders get rewarded in many cases. It's exceptionally profitable to exploit labor, mislead the public, and plunder the planet. When you have a conscience and empathy, that's a lot harder to do, especially if you already enjoy a certain level of financial security.

[–] umbrella@lemmy.ml 41 points 6 months ago (5 children)

telegram is the real FUD here. its closed, not encrypted by default and all messages go through a centralized server.

load more comments (5 replies)
[–] possiblylinux127@lemmy.zip 37 points 6 months ago

I don't think it has anything to do with the "right wingers." I think many people and governments seek to discredit anything they can not control. Its basic misinformation tactics.

As far as Elon goes, he says crazy things and shouldn't be believed.

[–] drwho@beehaw.org 11 points 6 months ago* (last edited 6 months ago)

They do this periodically. We saw it during Occupy, the Arab Spring, BLM, now Palestine (again). As a general rule, when folks go into the streets, the tighty righties start up the FUD.

There is a reason why spooks learn tradecraft - threat modeling, procedures, awareness, and techniques - more than they learn technology. It would behoove folks to to learn a little about that before hitting up the appstore.

[–] friend_of_satan@lemmy.world 7 points 6 months ago* (last edited 6 months ago) (2 children)

Talks about other people creating FUD, then links to a post asserting telegram is compromised without citing any sources about anything discussed in the post. 🙄 FUD indeed.

[–] theterrasque@infosec.pub 0 points 6 months ago (1 children)

I'm not saying it's broken, but it has some design choices and functions that makes even Whatsapp a better choice for privacy minded people. Like rolling their own crypto and not having e2ee as default.

[–] autonomoususer@lemmy.world 2 points 6 months ago* (last edited 6 months ago)

Anti-libre software, WhatsApp, bans us from proving it has E2EE, bans us from proving any of its claims and bans us from removing malicious source code.

[–] autonomoususer@lemmy.world -2 points 6 months ago* (last edited 6 months ago)

Telegram is Service as a Software Substitute (proof app needs service and we are missing server software for it: broken app).

[–] Vanth@reddthat.com 6 points 6 months ago (4 children)

So this is the sort of claim where sources would be really nice. I don't like Musk, but I'm not about to blindly believe everything said about him.

Remember how CrossFit got popular and then everyone hated it and the only thing more annoying than a vocal crossfitter was a vocal opponent of CrossFit who knew nothing and had merely jumped on the hype train?

Musk is CrossFit, right now. A powerful, dangerous CrossFit. Don't undercut criticism of him by making lazy, unsubstantiated claims.

[–] cyrus@sopuli.xyz 23 points 6 months ago (1 children)

Musk himself hasn't actually provided any sources either, all his statements made on Twitter recently are basically pulled from thin air, almost like vague references

[–] wagoner@infosec.pub 5 points 6 months ago (1 children)

I'm sure it has nothing to do with musk planning his own encrypted Twitter DM feature.

[–] cyrus@sopuli.xyz 1 points 6 months ago

That already exists, but it's weak in terms of encryption.

[–] gomp@lemmy.ml 12 points 6 months ago* (last edited 6 months ago) (1 children)

It's pretty easy to find articles confirming the Musk/Signal thing https://duckduckgo.com/?t=ffab&q=musk+signal&iar=news&ia=news

Of course most of the rest is speculation, but... the article seems honest enough about it?

[–] drwho@beehaw.org 1 points 6 months ago

The fairest thing you can say about CrossFit is that it's a nicely unique string to filter out. :)

[–] InternetCitizen2@lemmy.world 6 points 6 months ago

When do they not spread FUD?

[–] CatTrickery@lemmy.blahaj.zone 5 points 6 months ago* (last edited 6 months ago)

It think there are a lot of factors at play. Musk wants Twitter* to be an everything app and has mentioned plans to add e2e encryption to the dms. Telegram already had an iffy relationship to people who look for encrypted platforms so he probably wants to set up that idea to get people onto Twitter instead, especially as the right's relationship to the platform is absolutely getting worse.

A big chunk of far right Telegram has moved off the platform recently after quite a few of the groups that got their start from anti-lockdown demos had members get arrested for terror charges. They seem to blame the fact that Telegram is backdoored but they constantly fed-post in open unencrypted channels anyone can read anyway. The police probably do monitor those channels but if I were to guess how they got caught, my bet is honestly that they just put in reports to the cops about each other because being fascists usually goes hand in hand with being horrible people.

I'm not sure how much he actually reads on far right Telegram but there is evidence of him at least following some channels where this sentiment can be seen. If I were to guess he saw oppotunity in bringing that audience back to Twitter.

* I refuse to call it X

EDIT: fix early accidental submission

[–] Pantherina@feddit.de 4 points 6 months ago (1 children)

Yes, "because one of their council is leftist pro censorship"

Like this crap

[–] PipedLinkBot@feddit.rocks 1 points 6 months ago

Here is an alternative Piped link(s):

Like this crap

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[–] beefbot@lemmy.blahaj.zone 4 points 6 months ago
[–] The_Dark_Knight@lemmy.sdf.org -5 points 6 months ago* (last edited 6 months ago) (1 children)

Idk how secure telegram is but cmon signal is shady AF . They won't let fdroid have it cause they want to sign their own keys or some shit but there is a speculation its because they can roll out custom apk to targets which governments want which is just not possible if it is hosted by someone like fdroid . Even telegram allows that and they even allow third party apps which signal won't .

SimpleX and briar is the best option if your actually worried about privacy .

[–] Asudox@lemmy.world 4 points 6 months ago* (last edited 6 months ago) (1 children)

I do see it weird but publishing on F-Droid means almost nothing. If you are scared of their pre-built apks, compile from source instead. If Telegram and Signal are bad, use SimpleX.

[–] The_Dark_Knight@lemmy.sdf.org 3 points 6 months ago

It means a ton to me and a lot others and no one has to compile from source every time .