Senders and recipients aren’t encrypted on Matrix, are they? As I understand it, Matrix is a great chat product, but it’s not targeting the same use case.
Of course he'd say that, having have a great many questionable decisions around Signal. Honestly I'm inclined to treat this as FUD until the same points are raised by someone with a more impartial (or at the very least, fair) expertise.
I have many comments about Telegram and how not-so-secure it is. Again, it does not have E2EE on desktop.[1] This secret chat is only for 1 on 1 conversations (IIRC), and it is not the default. I cannot comment on their E2EE because they may have changed it by now.
Telegram is fancy, it is a great replacement for WhatsApp, but it cannot replace Element, Conversations/Gajim (XMPP), Briar, Ricochet, or Wire. Please avoid Telegram for actually "secure chats".
I recommend checking out https://secushare.org/comparison. I disagree with "Telegram can be among the least worse [for smartphones]" though. It is Briar. I have also used Briar on desktop, I wonder where that will go.
You’re right to be wary of Signal. Here, Moxie is spot on, though. Everything he’s saying is based on public information. There’s no FUD and nothing new under the sun. Telegram is spyware wrapped in clever marketing and branding.
The issue with Telegram has been brought up many times by many people. It defaults to insecure and is advertised as “encrypted messaging”. It’s a great messaging tool that offers one way to send e2ee chats, but the default is not and group chats aren’t. The comparison to Facebook messenger is apt.
> Signal is just as insecure because they can push any code they want to anyone they want to spy on.
What now? That's not "just as insecure", since Telegram can also "push any code they want to anyone they want to spy on," but they don't need to because your data is already plaintext on their servers.
Signal not being perfectly secure does not make it "just as insecure."
This is a bizarre take. What's considered "serious security" depends on the needs of the person and the kind of info they're transmitting.
To tell people that there is no advantage to use Signal instead of much less secure alternatives because your Area 51 security requirements aren't met is actively harmful and bad advice.
Whether Signal or Telegram, you rely completely on trust in the central third party for security.
The choice of whether to use Signal or Telegram should depend on which of these organizations you trust the most (their leadership, their internal employees, and their security from external infiltration), NOT based on what technology they use in the client & server.
But you simply shouldn't use either because real security is all about not having to trust anyone like that.
you don't need to rely completely on trust in third parties because both produce reproducible open source clients (at least on android, not sure about apple) and if someone hands you at least a client that you can verify doesn't send out non-encrypted data you have some legitimate safety compared to a service that doesn't do that at all.
And that's why technology matters, because security is not binary. Very concrete example, someone uses Facebook Messenger, the police get the hands on their phone, arrest them for some chat content. Signal cannot do that, and you can verify they cannot. That's a real use case that people in particular in countries with oppressive governments run into at this very moment.
> you don't need to rely completely on trust in third parties because both produce reproducible open source clients (at least on android, not sure about apple) and if someone hands you at least a client that you can verify doesn't send out non-encrypted data you have some legitimate safety compared to a service that doesn't do that at all.
This is technically correct but not in a way that matters. Signal pushes everyone to depend on Google to distribute the software. Through this system, it isn't even just Signal, but also Google and anyone who breaks into Google that can inject a compromised client.
You don't know that the client on the other side isn't getting its Signal app through Google.
More importantly -- even if you DO know the client on the other side -- the WHOLE POINT of Signal is this massive network effect where you don't need to coordinate with the other side.
If we're talking about the much smaller network-within-a-network of users who installed Signal from a non-Google source -- it's no longer compelling. Why bother with it? Less error-prone to get both sides to set something else up.
> I mean, if you were at all serious about security you'd just not use it. So it's just as insecure.
That doesn't make any sense at all. Being "serious about security" doesn't mean letting the perfect be the enemy of the good (which is what you're doing).
It's not about the software, it's about the distribution of the software. Signal distributes through Google as man-in-the-middle. So if you trust Google, you're OK. But if you're using Signal because you don't trust Google, it doesn't make sense.
In case you don't trust Google I really suggest OpenSSH or WireGuard, to establish a secure tunnel; and then run IRC, Jabber, SIP, or mumble (as needed) over the tunnel.
Telegram is a big no. Leaking phone numbers just by joining a group. Hong Kong police had arrested so many protesters through Telegram channels in 2019.
> I’d also consider the possibility that the document is planted and not fully accurate.
It's this kind of extreme paranoia that taints the entire world of populist secure messaging products, which actively drives me straight in the other direction.
I'm not a state target. But I do use Telegram's Secret Chats for things like discussing how great a trip into the woods on psychedelics can be. That's a great compromise, for me, and most others who use the platform. If you're a state target or you entertain such ideas as state actors trying to get your cat photos, please use another platform.
But there's zero need for this kind of mud-slinging that goes on, all the time, within the world of secure messaging products and platforms. The guy behind GrapheneOS does it, Moxie does it, the entire Signal fanbase does it, even going so far as to apologize for when a piece of their beloved product goes closed source for a year so Moxie can insert some terrible crypto coin he's a major investor of.
> Messages sent through Telegram are stored on Telegram's servers in their original form, or plain text, without going any sort of encryption to protect private user data, shared Marlinspike.
It is not disingenuous to call data stored in plain text as stored in plain text. Transport security is very different from security at rest.
> Here is the FBI's own datasheet on what message content they're able to obtain with court order from Telegram [2]
Keep in mind that there are other governments with jurisdiction over Telegram that may have access. Additionally, data could be “leaked” by someone. Or, rules or owners of the data could change. Just because they don’t respond to a warrant doesn’t mean that data is safe when stored in plain text.
> It is not disingenuous to call data stored in plain text as stored in plain text. Transport security is very different from security at rest.
Data is not stored in plaintext. It is stored encrypted, at rest. Period. In the very Twitter thread posted at the top of the comments, Moxie states he uses "plaintext" as shorthand. So he is making up a new definition of plaintext to slander a competitor, something he loves to do and has done, repeatedly, throughout history. The Durovs, on the other hand, do not pull this kind of crap and are content to let their product speak for itself.
Encrypted on a server where the company running it also has the key… It is accurate to say Telegram has access to plain text copies of everything. It’s also accurate to say anyone with access to Telegrams infrastructure has access to the plain text. Encryption at rest, that is not e2ee, really will only protect you against someone stealing a hard drive from a decommissioned server.
That’s the simple difference. Telegram is less encrypted than Facebook messenger is.
No, it is not. And we need to get clear on our use of words and the games we play with words and their meaning to make others look bad.
People understand that when we say passwords were stored in plaintext on a company's breached servers it's a lot more severe than when we say passwords were stored encrypted on a company's breached servers. If the encryption key was also leaked, we're in as much trouble as scenario A.
It is an abuse of our understanding of these words, which stand related but differentiated to each other, to use the word "plaintext" from scenario A interchangeably for "encrypted" in scenario B.
That is, at best, manipulative of people like you and I and of a media which is all too willing to stoke the fires of outrage.
A. Telegram has access to all plain text content
B. Someone with access to Telegrams infrastructure has access to plain text content
C. Telegram is less encrypted than Facebook messenger
The first, I stand by. The second does make a few assumptions.
The second assumption, that if you have access to the infrastructure you could get access to the private key, this may not be true. Depending on how well they manage their systems. Something that any user will have to trust vs a trust less e2ee system.
The final one is, admittedly, incorrect. I misspoke. It’s _as encrypted_ as Facebook Messenger, and _less encrypted_ than WhatsApp.
Not everything needs to be super secure. I can sit and talk with a group of friends at a cafe, and anyone can listen to us, and see that we're talking to each other. If we want to talk about something secret we can go somewhere private that's less convinient but more secure.
Same thing with messaging online. Everyday nonsense can use whatever app you want, and if there's something you really don't want anyone else knowing you can use a different solution. I think the trade-off is worth it for most people.
Sure, the objection Moxie has is people referring to Telegram as an “encrypted messenger” when the default usage is not encrypted. It means that people may download it wanting security and thinking they are covered, when in reality they aren’t because they are using a group chat.
Full remote code execution in signal desktop via an node context enabled and an XSS in a react application, rendering user messages with __dangerouslySetInnerHTML. A similar XSS in the webview on mobile signal allowed at the very least, compromising all of the contacts and messages of the user.
I wouldn't take anything that Signal developers/founders say about their product or others' products security seriously.
44 comments
[ 4.7 ms ] story [ 125 ms ] threadhttps://threej.in/article/Signal-founder-criticizes-Telegram...
Telegram is fancy, it is a great replacement for WhatsApp, but it cannot replace Element, Conversations/Gajim (XMPP), Briar, Ricochet, or Wire. Please avoid Telegram for actually "secure chats".
I recommend checking out https://secushare.org/comparison. I disagree with "Telegram can be among the least worse [for smartphones]" though. It is Briar. I have also used Briar on desktop, I wonder where that will go.
[1] https://tsf.telegram.org/manuals/e2ee-simple#2-why-are-there...
What now? That's not "just as insecure", since Telegram can also "push any code they want to anyone they want to spy on," but they don't need to because your data is already plaintext on their servers.
Signal not being perfectly secure does not make it "just as insecure."
To tell people that there is no advantage to use Signal instead of much less secure alternatives because your Area 51 security requirements aren't met is actively harmful and bad advice.
Whether Signal or Telegram, you rely completely on trust in the central third party for security.
The choice of whether to use Signal or Telegram should depend on which of these organizations you trust the most (their leadership, their internal employees, and their security from external infiltration), NOT based on what technology they use in the client & server.
But you simply shouldn't use either because real security is all about not having to trust anyone like that.
And that's why technology matters, because security is not binary. Very concrete example, someone uses Facebook Messenger, the police get the hands on their phone, arrest them for some chat content. Signal cannot do that, and you can verify they cannot. That's a real use case that people in particular in countries with oppressive governments run into at this very moment.
This is technically correct but not in a way that matters. Signal pushes everyone to depend on Google to distribute the software. Through this system, it isn't even just Signal, but also Google and anyone who breaks into Google that can inject a compromised client.
You don't know that the client on the other side isn't getting its Signal app through Google.
More importantly -- even if you DO know the client on the other side -- the WHOLE POINT of Signal is this massive network effect where you don't need to coordinate with the other side.
If we're talking about the much smaller network-within-a-network of users who installed Signal from a non-Google source -- it's no longer compelling. Why bother with it? Less error-prone to get both sides to set something else up.
That doesn't make any sense at all. Being "serious about security" doesn't mean letting the perfect be the enemy of the good (which is what you're doing).
What other software has verifiable client builds and a server that stores as little information as Signal?
When the military issues secure communications devices, it makes damn sure that BOTH SIDES have a secure device.
What software would not be vulnerable to what you’re describing?
In case you don't trust Google I really suggest OpenSSH or WireGuard, to establish a secure tunnel; and then run IRC, Jabber, SIP, or mumble (as needed) over the tunnel.
I’d also consider the possibility that the document is planted and not fully accurate.
It's this kind of extreme paranoia that taints the entire world of populist secure messaging products, which actively drives me straight in the other direction.
I'm not a state target. But I do use Telegram's Secret Chats for things like discussing how great a trip into the woods on psychedelics can be. That's a great compromise, for me, and most others who use the platform. If you're a state target or you entertain such ideas as state actors trying to get your cat photos, please use another platform.
But there's zero need for this kind of mud-slinging that goes on, all the time, within the world of secure messaging products and platforms. The guy behind GrapheneOS does it, Moxie does it, the entire Signal fanbase does it, even going so far as to apologize for when a piece of their beloved product goes closed source for a year so Moxie can insert some terrible crypto coin he's a major investor of.
It is not disingenuous to call data stored in plain text as stored in plain text. Transport security is very different from security at rest.
> Here is the FBI's own datasheet on what message content they're able to obtain with court order from Telegram [2]
Keep in mind that there are other governments with jurisdiction over Telegram that may have access. Additionally, data could be “leaked” by someone. Or, rules or owners of the data could change. Just because they don’t respond to a warrant doesn’t mean that data is safe when stored in plain text.
Data is not stored in plaintext. It is stored encrypted, at rest. Period. In the very Twitter thread posted at the top of the comments, Moxie states he uses "plaintext" as shorthand. So he is making up a new definition of plaintext to slander a competitor, something he loves to do and has done, repeatedly, throughout history. The Durovs, on the other hand, do not pull this kind of crap and are content to let their product speak for itself.
That’s the simple difference. Telegram is less encrypted than Facebook messenger is.
People understand that when we say passwords were stored in plaintext on a company's breached servers it's a lot more severe than when we say passwords were stored encrypted on a company's breached servers. If the encryption key was also leaked, we're in as much trouble as scenario A.
It is an abuse of our understanding of these words, which stand related but differentiated to each other, to use the word "plaintext" from scenario A interchangeably for "encrypted" in scenario B.
That is, at best, manipulative of people like you and I and of a media which is all too willing to stoke the fires of outrage.
Which part are you referring to?
I made a couple claims.
A. Telegram has access to all plain text content B. Someone with access to Telegrams infrastructure has access to plain text content C. Telegram is less encrypted than Facebook messenger
The first, I stand by. The second does make a few assumptions.
The second assumption, that if you have access to the infrastructure you could get access to the private key, this may not be true. Depending on how well they manage their systems. Something that any user will have to trust vs a trust less e2ee system.
The final one is, admittedly, incorrect. I misspoke. It’s _as encrypted_ as Facebook Messenger, and _less encrypted_ than WhatsApp.
Same thing with messaging online. Everyday nonsense can use whatever app you want, and if there's something you really don't want anyone else knowing you can use a different solution. I think the trade-off is worth it for most people.
I wouldn't take anything that Signal developers/founders say about their product or others' products security seriously.