@feoh This is always what hit me the most about these things. These people openly vote against themselves and still, after decades of suffering, don't realize they're shooting themselves.

@sneak @Madmonkey In many US states you don't need a license to carry a gun.

@ludovic Looks like a very good boy!

@ekaitz_zarraga I basically tune out the second I see the word "Docker".

re: re: Hackers movie, htown, (mention racism/uspol-adjacent maybe?)

re: Hackers movie, htown, (mention racism/uspol-adjacent maybe?)

@voltur @thegibson@https://hackers.town @rgegriff Wow I can't remember that scene with the "Get a job!" call out. I guess it's been a few years since I last watched the flick. I guess I know what to do this week.

@darksky @rysiek

I'm not sure why are we still discussing Telegram if we all know that they literally gave out the users' data to Germany authorities.

As of now it's speculation but if it does fall into the categories where TG openly admits to complying, I wouldn't be surprised.

@rysiek @darksky @thatonecalculator

only to find that the compatibility matrix is what makes it effectively impossible, on a global scale.

This has always been my issue with XMPP.

@rysiek @darksky I'm not sure about that.

Remember TG started a years before Signal existed and before WA added e2ee to it's messaging. Also they're target user isn't security minded hackers/info sec, etc.

I think they're pretty honest about how the tool works. The homepage messaging is definitely marketing dribble but not inaccurate and I don't think anyone but a small subset of people (like you and I) would read that and think "Ah ok, so everything is e2ee by default".

There's nothing in the homepage messaging that to me means "They are clearly not 100% honest with their users about e2ee" - I think that's you reading it through your specific lens.

I also don't think it means they don't care about user privacy. I think they've overwhelmingly shown the opposite to be true.

Like I said before, I wouldn't use TG (or Signal, or <whatever>) to send truly sensitive information ever. I do still think TG is the best daily driver messaging platform and apps that is mostly open about all things and that my messages (as menial as they may be) are protected.

In the end, regardless which of these services we use, there's a level of trust that has to be given by the end users.

@rysiek @darksky

Oh and the Gronq article, there are good points. Especially about meta data. Most of them also apply to Signal and others.

That post was from 2015 and to date the encryption still stands unbroken. Sure, 300K is nothing to worry about for a nation state so if they broke it they surely would never announce it, but that's just us assuming.

And you know what they say when you assume... Makes an Ass out of U and Me ;)

@rysiek @darksky

Telegram makes it easy to make a vary serious mistake

This is one of my biggest gripes about TG honestly. People should be better educated on how to use the tool within it's confines. I mean, all the info is there, but someone has to go looking to read it, which rarely happens. Good point.

@darksky @rysiek They're very open about cases of terror being specific to work with authorities.

I can see how that can be abused by governments though.

@rysiek @darksky The Telegram is a honeypot link is flat out dumb.

1. Telegram is very open that they are not end-to-end encrypted by default and never portray themselves as anything else. Secret chats are e2e and nothing more.
1. Cloud chats are encrypted in transit and in storage. Encryption keys are broken up into pieces and stored in various jurisdictions, making it virtually impossible to legally force giving up data to governments.
1. Whatsapp is never secure. As there have been countless exploits in it where you can gain full access to the remote device. No such exploit, or really any, has ever existed in Telegram.
1. TG accepts 3rd party clients to it's open API.
1. TG let's you validate that the mobile client you install on your phone is the same as the source code published in their public repos
1. The backend is closed source but I always thought that was a dumb thing to mention because you have no idea what's actually running on the servers in the end.
1. Signal has suspect funding (read Surveillance Valley)
1. Signal does not allow 3rd party clients to use it's open API (suspect!) and also no way to verify your clients
1. Afaik, no government has ever been successful in forcing TG to give up any data.
1. There is a still unclaimed 6 figure bounty for anyone that can break their encryption (for years now)
1. Finally (I could go all day) I think they are the most open about whatever is going on. That comes off as genuine to me.

Yes, obviously I do like to use Telegram but I wouldn't use it, or any similar service, to send anything that was truly sensitive. Also, does appear to collect more metadata than I'd like but it's still fairly minimal.

Just my $0.02

@ludovic I'm long over due to watch that again. Classic.