this post was submitted on 08 May 2024
236 points (80.6% liked)
Privacy
32050 readers
1033 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't think i care what Jack Dorsey says that isn't backed up independently. Even if he's right i just don't trust him.
You shouldn't need to trust open source, it should be independently verifiable. Unfortunately that's not possible with either signal or telegram, as there's no way to tell what server code they're running.
If encryption happens client side then it doesn't matter.
Its where the server is open but the client is closed that we need to worry, as is the case with Beeper
Closed sources server (even open source with no verification of the code running on the server) means it's possible the server records who you talk to, when, where and the size of the messages. This can be useful to sell to advertisers.
Cloud source server or open source server, you can't know what server their running.
Pavel's whole argument here is basically the same thing for the client; "you can't verify the build in the app store matches what's in the source code, so you have no way of knowing it's actually what you're auditing."
If the client is open, then you can check to make sure that all metadata is encrypted.
You don't need meta data to know these things. Any server handling the traffic for the app will know these things.
Not true for all messengers
Only if the messenger is P2P, I don't know of any popular messenger like that.
SimpleX for one
I'm wondering if Dorsey has any stakes in Telegram's crypto bullshit..