282

You may be offered a free premium Telegram subscription – but please don’t accept (archive.is)

submitted 3 months ago by ozoned@lemmy.world to c/privacy@lemmy.ml

86 comments fedilink hide all child comments

Telegram is giving away FREE Premium subscriptions! All they need from you is to use your cell phone as a relay to text out their OTP codes! And the recipient of the OTP sees your phone number! What could POSSIBLY go wrong with this deal?

PLEASE don't use Telegram! I personally recommend Matrix as it's totally FOSS, you can self host, there are tons of front end clients to choose from. Or even use Signal. I have my own issues with Signal, the fact they don't allow third party clients, you can't self-host, they have a proprietary shim in their stack that only they know what it does, they were pushing crypto, etc, but at least Signal is better than this garbage.

you are viewing a single comment's thread
view the rest of the comments

[-] rdri@lemmy.world 14 points 3 months ago

What could POSSIBLY go wrong with this deal?

No jokes, I'd like to know. How is it different from sending sms to random numbers?

[-] force@lemmy.world 14 points 3 months ago

... people just send SMS to random phone numbers?

[-] rdri@lemmy.world 5 points 3 months ago

No but what exactly stops anyone from doing that? A privacy consideration? I'd think it's just a waste of time at best.

[-] Mubelotix@jlai.lu 2 points 3 months ago* (last edited 3 months ago)

The issue here is that you could potentially read the content of a 2FA sms that wasn't intended for you. It makes it easy too break 2FA if you have many devices

[-] rdri@lemmy.world 2 points 3 months ago

Logic suggests OTPs are locked to login sessions of corresponding users and also expire. Besides telegram would be able to tell if OTPs meant to be sent through you tend to not reach the recipients.

[-] Mubelotix@jlai.lu 1 points 3 months ago

Yes but you can login on an account and hope you will be the one selected to send the code

[-] rdri@lemmy.world 0 points 3 months ago* (last edited 3 months ago)

You mean you can try to guess someone's number before they get an OTP through you in order to be the first to log into their account?

Well then you'll also going to need their cloud password in order to find anything worth of your effort.

But anyway this is an improbable scenario, considering how vast the user base is, and if we assume telegram implemented some precautions.

Malicious service providers and cloned sim cards pose a much more serious risk if you ask me.

this post was submitted on 26 Mar 2024

282 points (94.6% liked)

Privacy

29814 readers

781 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS