#Telegram and #Durov are once again in the media, so I translated my May piece about the service to English:
Telegram is neither "secure" nor "encrypted"
rys.io/en/171.html
Calling Telegram "secure" or "encrypted" is misleading, and is journalistic malpractice.
Telegram itself seems to mislead about it on purpose.
Telegram's encryption protocol is suspicious and transmits cleartext device identifiers with every message.
They have been called out for it many times, and refuse to change.
Telegram is neither "secure" nor "encrypted"
This piece has been written for and originally published by OKO.press.When attributing, please attribute to: “Michał ‘rysiek’ Woźniak, Fundacja Ośrodek Kontroli Obywatelskiej „OKO”", and include a linSongs on the Security of Networks
𝔻𝕚𝕖𝕘𝕠 🦝🧑🏻💻🍕 likes this.
reshared this
batterie e mercato
Se voglio UNA batteria sono costretto a comprarne QUATTRO.
E le rimanenti?
Fanno la muffa chimica.
cestò (ma anche ce'stoca**o)
like this
Il progetto è partito dalle dimensioni del vetro che avevo. Scatola in polistirene d'avanzo, foderata in carta stagnola, con dentro la pentola più scura che ho (un forno olandese in ghisa), e l'inclinazione del vetro suggerita dal web per pannelli solari alla mia latitudine in agosto (29°). La patata a fianco delle melanzane era tosta ma cotta.
Nagasaki e la cultura della pace
Lo scorso capodanno ho visitato Nagasaki e i suoi monumenti alla bomba atomica. Sono parecchio brutti ma commoventi, e ci sono ancora reduci che portano la loro testimonianza con un'ammirevole dedizione alla diffusione di una cultura della pace anziché della vendetta. Mi dispiace che per amor di Bibi il vendicatore gli europei si siano fatti indietro.
ansa.it/sito/notizie/mondo/202…
Israele non invitato,ambasciatori occidente non vanno a Nagasaki - Notizie - Ansa.it
TOKYO, 07 AGO - Gli ambasciatori dei Paesi occidentali, compresa l'Italia, salteranno la cerimonia per il 79° anniversario del bombardamento di Nagasaki dopo che Israele non è stato invitato. Lo riferiscono alcuni funzionari. (ANSA)Agenzia ANSA
like this
reshared this
fediverso e condominio
un vaccino contro il fuoco di sant'antonio sembra prevenire la demenza senile
newscientist.com/article/24415…
Evidence mounts that shingles vaccines protect against dementia
Being immunised against shingles has been linked to a reduced dementia risk before and now a study suggests that the newer vaccine wards off the condition more effectively than an older oneChrista Lesté-Lasserre (New Scientist)
complotto!
chiamare il verde pedonale a #Roma, e ricevere in cambio inutili cinguettii elettronici
Mi piacerebbe che la funzione del pulsante fosse specificata: con il miraggio di attraversare prima inneschiamo solo indesiderato inquinamento acustico.
la bocca piccola dei secchioni della spazzatura di #Roma
Non mi sorprende che la gente lasci tutto in terra invece di dover lottare spingendo faticosamente, e vedo vecchietti che si fanno venire un infarto sotto al sole nel civico tentativo di riuscire a fare la differenziata.
Chi vuole sbarazzarsi abusivamente dei calcinacci tranquillamente alza il coperchio.
Michał "rysiek" Woźniak · 🇺🇦
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Despite the claims that #Telegram never shares any data or metadata, there are relatively clear cases of them having shared metadata with an Indian court and German law enforcement.
There are strong indications, as reported by Wired, they might have shared message contents with the Russian government, targeting activists in Russia.
By default, Telegram chats do not use end-to-end encrypted mode aka "Secret Chats". End-to-end encryption is also completely unavailable for groups and channels.
🔗🔝
𝔻𝕚𝕖𝕘𝕠 🦝🧑🏻💻🍕 likes this.
Oblomov reshared this.
FediThing
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to FediThing • • •Hobson Lane reshared this.
Rihards Olups
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •...with Durov supposedly being almost on the run from russia itself.
Do the French have more on him?
Michał "rysiek" Woźniak · 🇺🇦
in reply to Rihards Olups • • •FediThing
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •On Sky News UK today:
“Vladmir Putin took steps to shut down Telegram when it first appeared in Russia...”
“But in 2018 the Kremlin suddenly ended its pursuit of Telegram, where it is now one of Russia's most popular social media apps - even with the Russian military. A leading Russian pro-war blogger joked after Durov's arrest: "De-facto they detained the head of communications for the Russian Army".”
“A rival encrypted messaging app Signal, whose servers, unlike many of Telegram's are not hosted in Russia, was recently banned there.”
🤔
news.sky.com/story/pavel-durov…
Pavel Durov's arrest, much like the Telegram app, works to Russia's advantage
Tom Clarke (Sky News)Michał "rysiek" Woźniak · 🇺🇦
in reply to FediThing • • •Regs Grundies
in reply to FediThing • • •Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •@waldschnecke it's important for Ukraine and people in danger because people choose to use it. We should guide them to safer alternatives instead, Telegram is putting people in harm's way.
I write about the encryption and why it is bad.
One of the main points is that Telegram is misleading people about it.
Secret Chats are unwieldy and limited, and have to be turned on explicitly for each contact separately – and thus almost nobody uses them.
But Telegram pretends everything is encrypted.
Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •blausand 🐟
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Although Telegram is still installed for those few contacts, I strongly recommend switching to #Signal and pushing relatives to abandon Wha'pp and Telegram.
Remaining question is of course: How do we protect the single safe solution from bad legislatory forces while it's neither decentralized nor open-sourced?
TELEGRAM vs. SIGNAL – Michael N. Baumann
wp.blausand.netcherti
in reply to blausand 🐟 • • •@blausand
For the moment it might not be quite the challenge, because Signal just set up their system smarter than Telegram did, from what I remember.
Signal's legal strategy when it comes to government requests is to first fight it tooth and nail, but when they eventually have to cooperate, they do, via "ah well, there you go, take this bit of nothing". It's a consequence of their messenger design, but it means they are legally cooperative when required, and they have designed…
cherti
in reply to cherti • • •@blausand
… their messenger accordingly, knowing they have to, which is a smart move.
Telegram's legal strategy, from what I remember, seemed to be to just plainly ignore any government requests, the consequence of which might just have happened to Durov now.
So I think Signal has already a pretty smart response to legislatory forces.
Of course there could always be a more authoritarian environment, but that would require a very straightforward mask-off approach in legislation. …
cherti
in reply to cherti • • •@blausand
… While we shouldn't get complacent, I am carefully optimistic that we might manage to steer clear of any obvious legal constructs forcing more invasive measures from communications providers.
But the legal requirement of moderation has been there forever, and Telegram's design is such that it would in principal be possible. Telegram just ignoring anything in that regard might not have been the smartest approach.
That's of course just my superficial read on the situation.
Michał "rysiek" Woźniak · 🇺🇦
in reply to cherti • • •@cherti I feel it's worse. Telegram is a mostly unmoderated social network that is purposefully masquerading as and pretending to be an encrypted IM.
What this means is that its users are tricked into a false sense of security and thus put in harms way.
And it also means that the actually secure, encrypted IM services, like Signal, become tagged with Telegram's failings.
Pretty obnoxious if you ask me. But hey, how would Durov get a private plane otherwise, right?
@blausand
Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •@waldschnecke
> By that standard they should get to other CEO's too.
Other CEOs of what kind of services?
Facebook, Instagram, Twitter? Yeah, probably there is some responsibility to consider for unencrypted social networks.
Signal? WhatsApp? Absolutely not, these are end-to-end encrypted internet messaging services, and the service providers have no access or control over the contents of conversations.
Telegram is a social network that pretends to be an encrypted IM.
evariste.gal🌈is reshared this.
FediThing
Unknown parent • • •Yeah, it is weird how articles about Telegram in mainstream press try to paint it as some kind of trusted privacy service.
Has Telegram PR department been briefing press in this way?
Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •@m @waldschnecke
> In Signal and Whatsapp you have the problem that your Phone number is known to anyone in a group chat
Not in Signal anymore. They finally solved it:
signal.org/blog/phone-number-p…
Keep your phone number private with Signal usernames
Signal MessengerMichał "rysiek" Woźniak · 🇺🇦
in reply to FediThing • • •Jeder
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •[GRLC] DOL-001
in reply to Jeder • • •Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •FediThing
Unknown parent • • •So, if XMPP had more people using it, and it was easier to sign up, there's nothing fundamentally wrong with it?
Cassandrich
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Hobson Lane
in reply to Cassandrich • • •*State sponsored* toxic fans (assets) on both sides of the Ukraine war
@rysiek @FediThing @simonboggis
FediThing
Unknown parent • • •@m
I've been playing around with Snikket as a potential way to get more people trying XMPP. Have you any views on it?
For what it's worth, the default Snikket app has OMEMO on by default, voice/video calls and voice messages, plus image/document/location attachments, but it doesn't have stickers or GIF pickers.
Nsukami _ | 巣神
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Andrzej Stamburski
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Andrzej Stamburski • • •the whole point of this piece is that:
1. Telegram bills itself as "encrypted IM" (which it is not)
2. Telegram constantly compares itself to Signal on security and privacy, claiming Signal is less secure and private (which is also false).
I do believe it's fair game to take Telegram tot ask on this.
If Telegram wants to not be compared unfavourably to Signal on secure IM features, it is welcome to stop comparing itself to Signal on secure IM features. 🤷♀️
Andrzej Stamburski
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •If today, you say "Signal is better than Telegram", to people who use Telegram, to join "groups" and "channels" with some kind of info, are you clarifying confusion or just adding to it?
What will they think, if they follow your advice?
Michał "rysiek" Woźniak · 🇺🇦
in reply to Andrzej Stamburski • • •I am sure you asked very similar questions of Telegram's and Durov's social network accounts when they were misrepresenting Signal.
After all, I am merely *representing* Telegram, while Telegram was outright *misrepresenting* Signal.
I would not dare to imagine you not having enough integrity to do so. So I am eager to hear what they had to say to your valid points. Care to link to the thread?
Krzysztof Sakrejda
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •b1_66er
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •FediThing
Unknown parent • • •@Orca @m
Yeah, I saw that, but it didn't say what happens if a centralised service like Signal sells out. The owner of Signal is the guy who sold Whatsapp to Facebook, so this is a totally plausible scenario because it has happened on his previous messenger services.
The whole point of decentralisation is that if a server turns to crap you can switch to another server without losing your contacts. There's no way to do this on Signal, you're just stuck there even if the service removes its privacy protections.
Noxy 🐾🏳️🌈
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •@ArcaneAlchemist it's not "some blog", Soatok is a solid security researcher. Ignore his insight at your own peril.
Also, did you really just argue that surely a certain solution is perfectly fine because nation states use it? Really?
Because that would make Microsoft Teams by far the best communication solution in the world.
@m
Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •@ArcaneAlchemist I am not arguing that "devs and auditors are all incompetent", please kindly refrain from putting words in my mouth.
People miss things all the time. The fact that A Large Organization or State is using a given tool does not necessarily mean they audited it. And even if they have, it doesn't mean there are no security issues.
I linked to a specific piece of information on specific security issues found by a good security researcher. Do what you will with that info. 🤷♀️
@m
Kevin Karhan
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •also #Telegram - like @signalapp - demand and collect #PII like #PhoneNumbers which ain't possible to acquire anonymoisly in more and more juristictions.
Using #XMPP+#OMEMO by contrast is secure and adding @torproject / #Tor to tunnel it makes it even more anonymous.
Cnsider every #Messenger that doesn't #decentralize and support #Tor oit of tue box to be insecure!
thaddeus e. grugq on Twitter
TwitterMichał "rysiek" Woźniak · 🇺🇦
in reply to Kevin Karhan • • •@kkarhan I consider a service that actively, relentlessly misrepresents its security and encryption stance way worse and more harmful than a service that does not.
@signalapp @torproject
Kevin Karhan
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Agreed.
Tho I'd say that @signalapp is just marginally less shit in execution AFAICT, not in concept tho...
Michał "rysiek" Woźniak · 🇺🇦
in reply to Kevin Karhan • • •@kkarhan I have criticized @signalapp publicly for a bunch of things.
But saying that Signal is "marginally" better than Telegram is simply wrong. Signal is leaps and bounds better than Telegram, in execution and in concept.
Telegram's concept is "let's implement just enough e2ee to be able to lie our way into pretending we're an e2ee IM, while being nothing of the sort."
They do this *on purpose*, knowing this puts people in harm's way.
Making any sort of equivalence here is not justified.
Ehay2k
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Ehay2k • • •Guelfo Alexander Ghibellini
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Guelfo Alexander Ghibellini • • •Guelfo Alexander Ghibellini
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Guelfo Alexander Ghibellini • • •Guelfo Alexander Ghibellini
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to Guelfo Alexander Ghibellini • • •Guelfo Alexander Ghibellini
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •deallocated
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
Unknown parent • • •@kkarhan it's worse than HTTPS, MTProto broadcasts cleartext a device identifier.
@simonboggis
Kevin Karhan
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •@simonboggis AFAIK #Durov got arrested because #Germany #MLAT'ed #France for #NetzDG violations and he refused to integrate #Govware #Backdoors in compliance with French Law, which is rather a case if #incompetence by #LEA|s than actual #security.
sss
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •Michał "rysiek" Woźniak · 🇺🇦
in reply to sss • • •sss
in reply to Michał "rysiek" Woźniak · 🇺🇦 • • •- YouTube
www.youtube.comMichał "rysiek" Woźniak · 🇺🇦
in reply to sss • • •Linux in a Bit
Unknown parent • • •I made a writeup and video about Reticulum which might be helpful:
b2server.codeberg.page/blog/re…
The Reticulum Network and How it Works - Linux in a Bit's Blog
b2server.codeberg.page