this post was submitted on 06 Mar 2024
320 points (87.2% liked)

Privacy

32103 readers
736 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

It was a many months transition, and it's finally done

Fun thing, you can actually make a backup of all* your messages, groups, contacts, etc. So before leaving you can have all of your data in case you need that one contact or something

The final red flag was as that allegedly Russian authorities were messing with people's deleted messages. Not for the first time there are news that they could read, modify, delete, see location, and etc. Screw it, this is unsafe, I'm out.

Also, these days telegram is really at the state of a pile of garbage, bloated, buggy, and shady messenger.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 30 points 8 months ago (3 children)

I posted this down below in a comment thread but I'm afraid it won't be seen and not enough people know about this.

Session was at first a fork of Signal without usernames.

Now by design it uses their own custom tor-like service (instead of just... using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.

Regarding Australia's 2018 bill...

The Australian Parliament passed a contentious encryption bill on Thursday to require technology companies to provide law enforcement and security agencies with access to encrypted communications. Privacy advocates, technology companies and other businesses had strongly opposed the bill, but Prime Minister Scott Morrison’s government said it was needed to thwart criminals and terrorists who use encrypted messaging programs to communicate.

Regarding the 'vulnerability or cracking them later' bit...

Messages that are sent to you are actually sent to your swarm. The messages are temporarily stored on multiple Service Nodes within the swarm to provide redundancy. Once your device picks up the messages from the swarm, they are automatically deleted from the Service Nodes that were temporarily storing them.

From Session's own FAQ:

Session clients do not act as nodes on the network, and do not relay or store messages for the network. Session’s network architecture is closer to a client-server model, where the Session application acts as the client and the Service Node swarm acts as the server. Session’s client-server architecture allows for easier asynchronous messaging (messaging when one party is offline) and onion routing-based IP address obfuscation, relative to peer-to-peer network architectures.

I wouldn't touch it with a 12ft ladder.

[–] [email protected] 8 points 8 months ago* (last edited 8 months ago)

The thing I find most suspicious is their "onion routing". An average Joe like me cannot run a node like he can do with I2P or Tor. There is a gigantic upfront payment for that. So that ensures the nodes would be run by crypto bros, companies and governments.

[–] [email protected] 5 points 8 months ago (1 children)

FYI, regular Signal now has usernames available with the option to hide your phone number switched on by default (you may still need tithe beta release for the next few months since it's staggered rollout)

[–] [email protected] 1 points 8 months ago

Signal still requires a SIM card & an Android or iOS primary device. Usernames here just let you cloak your phone number, not keep it a secret from the service.

[–] [email protected] 2 points 8 months ago

As an Australian, either.do I. They are in Mastodon and I have pointed out that being in Australia should make them a no go for anyone.