My two cents:
- The "hacker" (I'm reluctant to use this term" seems to be too high profile for some reasons;
- We should discard Telegram
What does "discarding" Telegram mean?
We should not use Telegram -- sort of. I wonder whether Signal is better.
Not sure Signal would have made a difference for this criminal. All the data on them I saw in the article was likely captured by someone in the channel / group message.
It’s just plain poor opsec, but I kind of expect that from someone with poor enough judgement to be a criminal.
Signal is absolutely better. Telegram is e2ee in name only
Not recommending Telegram, but personally, I suspect that signal is compromised. They've been permanently storing sensitive user data in the cloud for a long time time (https://community.signalusers.org/t/proper-secure-value-secu...) but the very first sentence of their Terms and Privacy page still claims "Signal is designed to never collect or store any sensitive information." and they've been asked multiple times but refuse to update their privacy policy. I suspect that lie is being kept there as a giant dead canary.
Making the change to start keeping exactly the data that the government has been asking them to turn over isn't a very good look. "Securing" user's data with something as week as a PIN isn't great either. https://www.vice.com/en/article/pkyzek/signal-new-pin-featur... Note that the "solution" of disabling pins mentioned at the end of the article was later shown to not prevent the collection and storage of sensitive user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.
Oh wow. Yeah. This changes my opinion on Signal.
Why the fuck did they make such terrible insecure defaults for backups? IMO they should not even be doing backups at all by default, what the fuck.
>We should not use Telegram
But why? There is no better platform for private and small chats.
Telegram is not E2E encrypted by default, and even if it changed, I wouldn't trust them. It's not private.