“Telegram is not a private messenger. There’s nothing private about it. It’s the opposite. It’s a cloud messenger where every message you’ve ever sent or received is in plain text in a database that Telegram the organization controls and has access to it”
“It’s like a Russian oligarch starting an unencrypted version of WhatsApp, a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. Somehow, they’ve done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives in Russia, and their families are there.”
" What happened in France is they just chose not to respond to the subpoena. So that’s in violation of the law. And, he gets arrested in France, right? And everyone’s like, oh, France. But I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn’t have access to the data and couldn’t respond to that same request. To me it’s very obvious that Russia would’ve had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment"
Apparently they don’t store contact info.
https://signal.org/blog/looking-back-as-the-world-moves-forward/
The problem is that you just have to trust them because only people who actually operate the server know what they do or do not store. Trust me bro, is not a viable security model. As a rule, you have to assume that any info an app collects, such as your phone number, can now be used in adversarial fashion against you.
And that is the problem with anything you don’t write yourself. And for anything you do write yourself: Are you smarter than the three-letter agencies?
There are plenty of chat services that aren’t centralized and hosted in the USA.
Sure… and my point is that you have to trust those services that aren’t hosted in the USA. It’s a choice you have to make. I’m not judging either way, just pointing out because what I responded to in the comment to which I replied was:
Which is true of open source unless you read the code and can verify nothing nefarious exists; which is true if you use a service in a country you trust; which is true no matter what you’re doing.
Not all entities are deserving of the same level of trust - some are more trustworthy than others - but you are still making a decision to trust someone unless you write the code yourself or verify the code yourself.[1]
And had the capability and time to do so ↩︎
Not at all. Not everyone needs to audit open source, only a few interested experts do. Most importantly, auditing is possible because its out in the open.
The just trust me model of signal means its impossible to audit, unless they give us their centralized database and server code.
You don’t have to trust anybody when you run your own server, or you use a server that doesn’t collect information it has no business collecting.
You have to trust the people that wrote the code.
Again, you’re trusting the authors of the code.
Which is fine, but it’s a choice to trust them.
There’s a big difference between having confidence in open source code that has been audited by many people, and knowing for a fact that the service collects specific information. In the former case, you can never be absolutely sure that the code is not malicious so there is always a risk, but in the latter case you know for a fact that the service is collecting inappropriate information and you have to trust that people operating the service are not using it in adversarial ways. These two scenarios are in no way equivalent.
It’s a choice to trust the entire open source community around the project and all the security researchers who have been looking at the code.
Frankly, I have trouble believing that you don’t understand the difference here and are making your argument in good faith.
Let’s back up to what I replied to in the first place:
I even took the time to quote that, because it’s important.
Of course there are different levels of trust. But what you said is flatly wrong and misinformation, if you want to get technical about it. Arguing in bad faith? I beg your fucking pardon, friend.
Just becuase it’s less likely to find nefarious code in open source doesn’t mean it doesn’t exist. There ahve been multiple cases of it found in open source code. Blindly trusting something because it’s open source or you host it on your own server is a very very false sense of security, especially in the context of the larger discussion, which came about in regard to what information is exposed by certain messaging clients.
It’s also a matter of the importance of what you’re doing.
I wrote a little CRUD app a while back to track me giving my cat medication. I sanitized inputs, but I left it open without a login on my server, just an obscure URL that didn’t get published anywhere. All you could do was click a button to indicate the cat had been medicated, or another button to delete the latest entry. That was plenty of security for that. If I was writing a banking app, I’d use a bit more.
So yes, in the same way as that, hosting something you use to chat with friends about whatever is one thing; trying to communicate secretly from a country where your comms might lead to being put to death is quite another. And in the latter case, it’s important to know that no matter what you use, unless you wrote it or read all the source code, you are trusting others with your life. Perhaps you feel comfortable doing that, but you should be aware of it.
So no, this is not a discussion in bad faith at all, it is valuable on multiple levels.
What’s important is that you’re quoting me out of context, and that makes all the difference. The actual statement you’re replying to is:
The fact that you proceed to quote me out of context and then accuse me of being wrong shows that you lack even a modicum of intellectual integrity. Then you proceed to make a straw man arguing against something I never claimed.
So yes, this is very clearly a discussion in bad faith, where you’re arguing against a straw man while ignoring what I actually wrote. It’s especially incredible since I even followed up with a more detailed explanation which you just ignored:
Do better.
And the client, too.
Precisely.
And it’s worth repeating here - the level of trust needed is affected by the nature of what you might lose if that trust is broken. For non-important things, trusting a third-party company is probably fine. If you’re in a country and being found out might mean you get put to death, though, the stakes are a bit higher.
No need for that when self hosted open source projects exist
But again, you either read the source to confirm there’s nothing nefarious, or… you trust the programmers.
Which is not a problem, but it is a choice to trust. All I’m pointing out. :)
Well yeah everything is a choice when trust is the matter, but there is a difference between choosing a community project that can be audited by different transparent parties and choosing a private company on their own servers (even on source available projects)