Telegram Hands U.S. Authorities Data on Thousands of Users [404 Media] (www.404media.co)
from theangriestbird@beehaw.org to technology@beehaw.org on 06 Jan 21:12
https://beehaw.org/post/17919043

as if you needed more reasons to switch to Signal

#technology

threaded - newest

quaff@lemmy.ca on 06 Jan 21:31 next collapse

I can’t believe it! 😱

/s

einkorn@feddit.org on 06 Jan 21:42 collapse

I am shocked I tell you! Shocked!

SteevyT@beehaw.org on 06 Jan 23:32 collapse

Well, not that shocked.

gregs_gumption@lemm.ee on 06 Jan 21:47 next collapse

A perfect example of why SimpleX is a great choice for messaging

HappyTimeHarry@lemm.ee on 06 Jan 22:32 next collapse

Isn’t simplex also funded by venture capitalists like Jack Dorsey? I don’t think I’d trust then not to sell out users when it comes time to pay back the investors.

tisktisk@piefed.social on 06 Jan 22:53 next collapse

Dorsey, Zuck, Bill Gates. All the venture capital interests already got they teeth in Simplex Chat.

Umbrias@beehaw.org on 07 Jan 21:44 collapse

i would love an analysis of their federation because it seems built to make that impossible.

Ulrich@feddit.org on 10 Jan 03:59 collapse

Not only is it possible, but people are already doing it.

Umbrias@beehaw.org on 10 Jan 16:03 collapse

without linking to examples or analyses this is unhelpful.

toothpicks@beehaw.org on 07 Jan 17:58 collapse

Herpes simplex?

mox@lemmy.sdf.org on 06 Jan 22:33 next collapse

archive.ph/4YrDM

sabreW4K3@lazysoci.al on 06 Jan 23:02 next collapse

Well this was always coming!

SnotFlickerman@lemmy.blahaj.zone on 06 Jan 23:27 next collapse

You’re telling me the messaging serving with a roll-your-own encryption that hasn’t been audited and doesn’t enable end-to-end-encryption by default, instead requiring you to initiate 1-to-1 “secret chats” isn’t secure or trustworthy?? Holy balls!

zephorah@lemm.ee on 06 Jan 23:28 next collapse

Proton up people. And get your people on Signal or WIRE.

We’re probably the most boring people day to day and we’ve dove it for a while on general principle. Now, it feels important to have already made that shift.

SnotFlickerman@lemmy.blahaj.zone on 06 Jan 23:37 next collapse

also XMPP and Matrix/Element.

Also your choices should be impacted by your threat model. Not everyone needs to lock up like they’re James Bond.

stinky@redlemmy.com on 07 Jan 00:50 next collapse

What are those

jagged_circle@feddit.nl on 07 Jan 05:03 collapse
jagged_circle@feddit.nl on 07 Jan 05:03 collapse

unable to decrypt message

drwho@beehaw.org on 07 Jan 17:40 collapse

unable to decrypt message

jagged_circle@feddit.nl on 07 Jan 18:03 collapse

unable to decrypt message

drwho@beehaw.org on 08 Jan 17:40 collapse

unable to decrypt message

jagged_circle@feddit.nl on 09 Jan 03:14 collapse

unable to decrypt message
unable to decrypt message
unable to decrypt message

peoplebeproblems@midwest.social on 07 Jan 02:56 collapse

I have two friends on Signal!

No one else believes me. Gonna be a weird future

DdCno1@beehaw.org on 07 Jan 19:59 collapse

I managed to get my entire family onto this service and even some friends. That said, they are almost all also using at least WhatsApp, because they are only using Signal to stay in touch with me (since I’m not on WhatsApp).

Mikina@programming.dev on 06 Jan 23:43 next collapse

I’m a fan of self-hosted Matrix server. You can get a dozen of bridges for those stubborn people that refuse to leave messenger/whatsapp/telegram (at a loss of encryption, and they still get your convos, but at least you don’t have their spyware on your mobile and you can have everything in one app), while also being decentralized.

Self-hosting a server is actually really, really easy. It took me like half an hour, because there is an amazing Matrix Ansible Deploy script, that has a pretty easy to follow documentation, and is also one of those super-rare projects that just works. Even if I forgot to update my server for several months, I could literally “just update”, and the script is clever enough to figure out what changed, tell me what I need to update in the config files (which are still only like four rows of stuff I needed to setup), and it is a really smooth experience. Even when you want to set up some bridges, for most it’s literally just adding “<service>_bridge_enabled: true” to the ansible yml config file. I’ve already set up Telegram, WhatsApp, Discord and Messenger this way, and it was effortless.

stinky@redlemmy.com on 07 Jan 00:50 next collapse

Impressive!

What is that?

What problem does it solve

white_nrdy@programming.dev on 07 Jan 01:00 next collapse

Matrix is a new-ish decentralized, private, E2EE encryption protocol. It’s pretty neat. It still has some issues (at least that I experience. Mainly the Android app is constantly being super slow to receive messages), but it’s super promising.

They also have some goals to improve email infrastructure by integrating the matrix protocol, but not sure if that will go anywhere. I remember reading this off hand remark on their blog. Can’t find the source.

As the original comment said, there’s the concept ifa “bridge” which allows you to bridge other services to a matrix chat. So you could have a discord channel and matrix room bridged, as an example. A ready to go option with bridges is Beeper. But you can also setup your own stuff, as they said.

stinky@redlemmy.com on 07 Jan 02:08 collapse

If I give my Discord chats to Beeper, and authorities subpoena Beeper, will the authorities get my Discord chats?

timestatic@feddit.org on 07 Jan 05:52 next collapse

Yes they would. Thats why Beeper is working on changing to a bridge setup that works client-side and not server-side. Remember, that Discord is not encrypted and authorities can just get your data from discord directly. Do not use discord in any sort of private context whatsoever. I don’t believe Discord itself isn’t actively using my messaging data anyways

Ulrich@feddit.org on 10 Jan 04:34 collapse

Theoretically no, all of your messages stored on Beeper servers are encrypted. But they will get all your metadata.

But I wouldn’t worry about that anyway since Discord not only has access to all of your messages but sells them to companies to process for AI. So that’d be the far easier and faster route for them.

stinky@redlemmy.com on 10 Jan 04:39 collapse

I feel like introducing another attack surface for a minimal gain inconvenience just isn’t worth it. I’ll be passing, thanks

Ulrich@feddit.org on 10 Jan 04:44 collapse

If I’m honest, it’s not convenient either. I stopped using it years ago because I kept getting logged out of my accounts and flagged for “automated activity”. Plus they straight up lie about supporting SMS and RCS. The only “support” they have is connecting it to your Google account.

Mikina@programming.dev on 07 Jan 08:34 collapse

It works simillarly to an IRC. You have a server, that server can have channels, I think it can even do voice. But, unlike IRC, you can also use your server to talk to people on other servers, similar to how Fediverse works - if I have a server hosted on myserver.com, and someone else has a public room on server otherserver.com, I can either join the room@otherserver.com or message person@otherserver.com, all from my account on myserver.com.

And bridges are basically just bots that run on your own server, and by scraping websites/using API of the service your bridging they create a private room i.e Messenger@myserver.com, with subrooms per chat, and the bot then sends every message it recieves signed into your messenger account to the room, and vice versa - anything you send there will it forward to the real messenger, basically allowing you to chat with people on messenger through your matrix server. Which solves the problem of “Each of my friend is using different messaging service, can I have them all in one app? (The app being Matrix client)”.

stinky@redlemmy.com on 07 Jan 15:59 collapse

wonderful! thank you

jagged_circle@feddit.nl on 07 Jan 05:04 collapse

unable to decrypt message

haverholm@kbin.earth on 07 Jan 16:55 collapse

I've used matrix for the better part of a decade, and I get that reference.

That said, while the matrix crew have worked hard on the decryption issues, I'd much rather feel that particular pain on a federated network where I can change servers than be stuck with Signal if/when the single server's policies turn evil.

jagged_circle@feddit.nl on 07 Jan 18:06 collapse

What do you do when you get that message.

Ive lost contact with friends because of that message. They just can’t read anything I send them anymore.

haverholm@kbin.earth on 07 Jan 19:25 collapse

I verify my sessions. its a hassle, but it's getting rarer and easier.

jagged_circle@feddit.nl on 07 Jan 21:44 collapse

My contacts said they did verify their sessions. I never understand why this happens or how to fix it

lazynooblet@lazysoci.al on 07 Jan 07:50 next collapse

I read that all the popular chat services provide similar information to law enforcement agencies. I don’t think telegram is special in this regard.

Edit: malwarebytes.com/…/heres-what-data-the-fbi-can-ge…

ILikeBoobies@lemmy.ca on 07 Jan 18:49 next collapse

If it’s stored on their servers then it isn’t private

theangriestbird@beehaw.org on 07 Jan 19:24 next collapse

I’m generally given to trust Malwarebytes regarding cybersecurity, but they don’t mention at all that E2E encryption is not the default messaging style on Telegram. That, plus the article being from 2021, makes me distrustful of that source.

Signal is still the only service I am aware of that does not store logs of user messages on servers. Messages only exist on the devices of individual users.

Ulrich@feddit.org on 10 Jan 03:58 collapse

Depends if you consider Signal “popular”, because based on your own link, the only information they provide is:

No message content., Date and time a user registered. Last date of a user’s connectivity to the service.

drwho@beehaw.org on 07 Jan 17:41 next collapse

Here we go again. Once more, folks don’t fucking listen when they’re warned. And the ones who should have listened just got branched again.

cupcakezealot@lemmy.blahaj.zone on 07 Jan 23:19 collapse

why people don’t use matrix is beyond me

theangriestbird@beehaw.org on 07 Jan 23:23 next collapse

open stuff scares people. plus with messengers, we’re kind of bound to what our friends use. I’ve been slowly converting friends to Signal, and but people are very reluctant to change when the thing they have already works. Can’t imagine how much friction I would hit with something like matrix.

calmluck9349@infosec.pub on 09 Jan 12:36 collapse

How slow friends are blows my mind. Like a cool new app they is secure and private?! Who wouldn’t jump on that?! I tell everyone" I don’t do SMS. Signal is the only way to get a hold of me. If you have a more secure app I’ll look into it. "

Ulrich@feddit.org on 10 Jan 03:55 collapse

There’s privacy and then there’s user experience. UX on Matrix is awful. Not to mention Matrix collects all the metadata, and the vast majority of it sits on a single server (matrix.org), which is owned by a private company and subject to subpoenas.