this post was submitted on 20 Sep 2024
342 points (98.0% liked)

Technology

59288 readers
4465 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 43 comments
sorted by: hot top controversial new old
[–] gedaliyah@lemmy.world 120 points 1 month ago (3 children)

Wait, the centralized service that security experts warned for years could be easily compromised because a centralized messaging service is inherently insecure has now been compromised? Surprised Pikachu face

[–] MehBlah@lemmy.world 45 points 1 month ago* (last edited 1 month ago)

Owned by a fake rebel russian who has somehow managed to keep from falling out of a window on a high floor. Cough, cough plant.

[–] Star@sopuli.xyz 12 points 1 month ago (3 children)

Not to discredit your arguement but isn't Signal also centralised?

[–] lemmylommy@lemmy.world 22 points 1 month ago

It is. But it is open source and the encryption is solid. All communication data is end-to-end encrypted. They have been subpoenaed before and all they could provide was when the account was first registered and when it was last used. The signal protocol is well documented and open source. The foundation and LLC behind it are registered in California and are run by reputable people.

Telegram is run by shady people, supposedly out of Dubai, while it is registered in the British Virgin Islands. Its clients are also open source, however the encryption, if enabled, is of the home cooked variety, although it was improved over time. Unfortunately it is not enabled by default, you need to enter a „secure chat“ for that, which only works with single contacts, not with groups. Despite having access to everything else, and working like a social media-messenger-hybrid, telegram is very reluctant to get rid of clearly illegal content.

[–] gedaliyah@lemmy.world 9 points 1 month ago

The data is not centralized in the same way, making it slightly better, but yeah. A lot of the same pitfalls of centralization happen there. The whole system doesn't operate without the corporate servers in the middle, even though they don't see or store the data. They have total access to Metadata. The organization could be sold for profit, shut down, change terms, etc.

If security is important, you're better off with something decentralized like matrix. I'm not an expert, so hopefully, a lot of people here who are smarter than me will fact check these statements, but at least those are my impressions.

[–] MiltownClowns@lemmy.world 5 points 1 month ago

It is, which is why the comment didn't advocate for it. Signal has more robust encryption than telegram, but its not zero-trust. They should really be using private hosted services instead of public or pgp, but when battle kicks off you use whatever works and then go back and revise as needed when you're not dodging bombs.

[–] melroy@kbin.melroy.org 8 points 1 month ago

I know right..

[–] cheese_greater@lemmy.world 39 points 1 month ago

Was kinda wondering when they were gonna cut the cord, Telegram is likely thoroughly compromised and compromising

[–] 0laura@lemmy.dbzer0.com 15 points 1 month ago

telegram chats are also not end to end encrypted to my knowledge, only the secret chats which have some limitations afaik. and group chats also aren't encrypted. unless that changed recently. id even trust Whatsapp more than telegram, at least they say they're end to end encrypted.

[–] triptrapper@lemmy.world 12 points 1 month ago (2 children)

I know nothing about cyber security, but it's funny to me that depending on the time of day these comment sections either mostly criticize Telegram or mostly support it. I have no idea what to believe or whether it's safe for me to use Telegram.

[–] LaFinlandia@sopuli.xyz 7 points 1 month ago (2 children)

I presume this will have zero effect, especially since it includes this huge exemption.

Those who use Telegram "part of their job duties" will not be affected by the move.

[–] andrew_bidlaw@sh.itjust.works 9 points 1 month ago

SMMs for officials, volunteers and military would keep posting, right. It's inside communications that are a concern. And as some ukrainians wrote, in some places it was an obvious rule from the very start.

[–] stsquad@lemmy.ml 8 points 1 month ago

I assume that is too cover the intelligence officers monitoring the Russian milbloggers.

[–] sunzu2@thebrainbin.org 0 points 1 month ago (1 children)
[–] cheese_greater@lemmy.world 5 points 1 month ago (2 children)

Why do people use Viber over like Signal and Threema or worst-case scenario Whatsapp?

[–] sunzu2@thebrainbin.org 8 points 1 month ago (1 children)

Network effects... Once community picks the app, it ain't changing.

It pretty amazing that two years into the war this is still an issue in Ukraine especially at government/military level.

I get plebs giving fuck all due to poor understanding, the state taking this long doesn't make sense. These issues were brought from the start of the invasion.

[–] oce@jlai.lu 2 points 1 month ago (1 children)

Maybe choosing your poison? Viber belongs to the Japanese company Rakuten, so it may be more interesting geopolitically, depending on your country.

[–] sunzu2@thebrainbin.org 0 points 1 month ago

Viber is Israeli based with connection to Russian security services.

[–] Korkki@lemmy.world -3 points 1 month ago (3 children)

I would never risk any third party messaging service in military or critical state matters. It's just common sense, even for a layman. Everything is compromised, Telegram is, Whatsapp is, Signal is, all of them are.

[–] melroy@kbin.melroy.org 2 points 1 month ago

Matrix chat is not :)

[–] rottingleaf@lemmy.world 0 points 1 month ago (1 children)

I would never risk any third party messaging service in military or critical state matters.

Ah, so mister genius would write his own, have I heard that right? Would he use XOR twice when encrypting a message, just to be double safe?

[–] Korkki@lemmy.world 1 points 1 month ago (1 children)

How secure something is an spectrum. Sure self hosted matrix is a lot safer than sending your messages through meta servers for example. It's about what is the threat levels of what one is doing. Total tinfoiling like writing your own quantum proof multi encryption ciphers and sending that over an tamper proof usb stick with self destruct mechanism by a carrier pridgeon is not necessary or practical for average people who just want privacy, but for critical government applications and especially the military it might be. That is what we are talking about here.

[–] rottingleaf@lemmy.world 1 points 1 month ago

Sure self hosted matrix is a lot safer than sending your messages through meta servers for example.

A lot safer in which case? I can imagine a few very real ones where it's not.

Self-hosted Signal (requires patching the client, but it's straightforward) server I would understand.

but for critical government applications and especially the military it might be. That is what we are talking about here.

Signal devs have a few papers describing how and by what logic they are addressing these problems.

Again, self-hosting (because accounts can be blocked by Signal) their solution is a better idea.