shdh 1 day ago

What does "discarding" Telegram mean?

1
markus_zhang 1 day ago

We should not use Telegram -- sort of. I wonder whether Signal is better.

wffurr 1 day ago

Not sure Signal would have made a difference for this criminal. All the data on them I saw in the article was likely captured by someone in the channel / group message.

It’s just plain poor opsec, but I kind of expect that from someone with poor enough judgement to be a criminal.

xvector 1 day ago

Signal is absolutely better. Telegram is e2ee in name only

autoexec 1 day ago

Not recommending Telegram, but personally, I suspect that signal is compromised. They've been permanently storing sensitive user data in the cloud for a long time time (https://community.signalusers.org/t/proper-secure-value-secu...) but the very first sentence of their Terms and Privacy page still claims "Signal is designed to never collect or store any sensitive information." and they've been asked multiple times but refuse to update their privacy policy. I suspect that lie is being kept there as a giant dead canary.

Making the change to start keeping exactly the data that the government has been asking them to turn over isn't a very good look. "Securing" user's data with something as week as a PIN isn't great either. https://www.vice.com/en/article/pkyzek/signal-new-pin-featur... Note that the "solution" of disabling pins mentioned at the end of the article was later shown to not prevent the collection and storage of sensitive user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.

xvector 14 hours ago

Oh wow. Yeah. This changes my opinion on Signal.

Why the fuck did they make such terrible insecure defaults for backups? IMO they should not even be doing backups at all by default, what the fuck.

71bw 1 day ago

>We should not use Telegram

But why? There is no better platform for private and small chats.

JTyQZSnP3cQGa8B 1 day ago

Telegram is not E2E encrypted by default, and even if it changed, I wouldn't trust them. It's not private.