this post was submitted on 08 May 2024
236 points (80.6% liked)

Privacy

32050 readers
1033 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Here's what he said in a post on his telegram channel:

🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷

🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕‍🦺

🕵️‍♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡

🕵️‍♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤

🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪

Original post: https://t.me/durov/274

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 6 months ago (1 children)

You shouldn't need to trust open source, it should be independently verifiable. Unfortunately that's not possible with either signal or telegram, as there's no way to tell what server code they're running.

[–] [email protected] 7 points 6 months ago (1 children)

If encryption happens client side then it doesn't matter.

Its where the server is open but the client is closed that we need to worry, as is the case with Beeper

[–] [email protected] 0 points 6 months ago (2 children)

Closed sources server (even open source with no verification of the code running on the server) means it's possible the server records who you talk to, when, where and the size of the messages. This can be useful to sell to advertisers.

[–] [email protected] 3 points 6 months ago

Cloud source server or open source server, you can't know what server their running.

Pavel's whole argument here is basically the same thing for the client; "you can't verify the build in the app store matches what's in the source code, so you have no way of knowing it's actually what you're auditing."

[–] [email protected] 0 points 6 months ago (1 children)

If the client is open, then you can check to make sure that all metadata is encrypted.

[–] [email protected] 1 points 6 months ago (1 children)

You don't need meta data to know these things. Any server handling the traffic for the app will know these things.

[–] [email protected] 0 points 6 months ago (1 children)
[–] [email protected] 1 points 6 months ago (1 children)

Only if the messenger is P2P, I don't know of any popular messenger like that.

[–] [email protected] 0 points 6 months ago

SimpleX for one