Privacy

46827 readers

1279 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

772

Signal Founder Moxie Marlinspike: Telegram is not private. There is nothing private about it. They've done a really amazing job of convincing the world that this is an encrypted messaging app (cdn.imgchest.com)

submitted 4 days ago* (last edited 4 days ago) by Wudi@feddit.uk to c/privacy@lemmy.ml

335 comments fedilink hide all child comments

“Telegram is not a private messenger. There’s nothing private about it. It’s the opposite. It’s a cloud messenger where every message you’ve ever sent or received is in plain text in a database that Telegram the organization controls and has access to it”

“It’s like a Russian oligarch starting an unencrypted version of WhatsApp, a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. Somehow, they’ve done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives in Russia, and their families are there.”

" What happened in France is they just chose not to respond to the subpoena. So that’s in violation of the law. And, he gets arrested in France, right? And everyone’s like, oh, France. But I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn’t have access to the data and couldn’t respond to that same request. To me it’s very obvious that Russia would’ve had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment"

you are viewing a single comment's thread
view the rest of the comments

[–] yogthos@lemmy.ml 2 points 3 days ago (1 children)

It's not really a partial solution, it's just sophistry to obscure the problem. The fact that I've had this same discussion with many people now, and it always takes effort to explain why sealed sender doesn't actually address the problem leads me to believe the the actual problem it's solving is not of making the platform more secure. The complete and obvious solution to the problem is to not collect personally identifying information in the first place.

You have a very charitable view of Signal making the base assumption that people running it are good actors. Yet, given that it has direct ties to the US government, that it's operated in the US on a central server, and the team won't even release the app outside proprietary platforms, that base assumption does not seem well founded to me. I do not trust the people operating this service, and I think it's a very dangerous assumption to think that they have your best interests in mind.

[–] pupbiru@aussie.zone 4 points 3 days ago (1 children)

It's not really a partial solution

disagree, and that’s fine… STEM is full of partial solutions that become complete solutions as additional pieces are added (and as i said with the proxy, imo the proxy makes it a complete solution)

The complete and obvious solution to the problem is to not collect personally identifying information in the first place.

but that creates other problems… for example, with spam and usability

it’s all trade-offs, and signal has done a lot of global privacy when compared to alternatives exactly because of the compromises they’ve made

You have a very charitable view of Signal making the base assumption that people running it are good actors

i don’t consider it charity… they’re making a lot of right moves, and are explaining their compromises. they’ve given me no reason not to trust them, and plenty of reasons to say they’re a good compromise that will have the greatest impact to global privacy

are there better privacy solutions? sure… will they ever take off? personally, i doubt it… not letting perfect be the enemy of better or good enough is important: a solution that keeps people who don’t care about privacy relatively safe is important, including for the privacy of people who do care about their privacy because it allows everyone to blend in with the crowd

Yet, given that it has direct ties to the US government, that it's operated in the US on a central server, and the team won't even release the app outside proprietary platforms

imo the fact that it’s hosted in the US is pretty irrelevant… as you’ve pointed out: it shouldn’t be a matter of trust… validation of the client is the only thing you can rely on, so even if the NSA hosted the servers you should still theoretically be able to “trust” the platform (outside of the fact that you couldn’t ever trust that they’re using encryption that they don’t have a secret back door in or something)

I do not trust the people operating this service, and I think it's a very dangerous assumption to think that they have your best interests in mind.

i trust them as much as i trust anyone running any other privacy service

[–] yogthos@lemmy.ml 2 points 3 days ago (1 children)

I don't think we're saying anything new here. I've explained my point and the problem with Signal collecting phone numbers. You can make your own decisions on whether you think that's acceptable practice or not.

[–] pupbiru@aussie.zone 1 points 2 days ago

agreed!