Signal/Telegram Discussions

Discussion in 'privacy technology' started by BriggsAndStratton, Apr 13, 2020.

  1. BriggsAndStratton

    BriggsAndStratton Registered Member

    Joined:
    Aug 28, 2018
    Posts:
    91
    Location:
    A Galaxy Far Far Away.
    I think that email today is outdated. With services like Signal and Telegram existing, for most people they can serve the same functions, attachments, etc... I would like to see the day I am able to correspond with my bank and other services through telegram or Signal. One service sends notifications to my telegram account. I wish more would follow suit.
     
  2. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,919
    I do hope my bank will never ask me to correspond with them via such "services".
     
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,999
    Location:
    Member state of European Union
    Messages on Signal or Telegram are not "durable medium". They may be a way to correspond with bank, but documents such as agreements are required to be provided on a durable medium. Email is a "durable medium" while Signal messages aren't.
     
  4. longshots

    longshots Registered Member

    Joined:
    Oct 20, 2017
    Posts:
    529
    Location:
    Australia
    +1
    And, of course, it will never happen, so no need to worry about this alternative.
     
  5. BriggsAndStratton

    BriggsAndStratton Registered Member

    Joined:
    Aug 28, 2018
    Posts:
    91
    Location:
    A Galaxy Far Far Away.

    ""such" Services"? You speak about them as if they were taboo. Regardless, it should remain optional of course.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Why?

    Because they'd only do that after things had totally gone into the [bad place]?
     
  7. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,919
    Simply because I don't trust such "services". I may use them to invite friends over for a drink, but it would never occur to me to use them for the transfer of banking data.
     
  8. BriggsAndStratton

    BriggsAndStratton Registered Member

    Joined:
    Aug 28, 2018
    Posts:
    91
    Location:
    A Galaxy Far Far Away.
    Signal is used by government officials throughout the entire world. Its code is open source and available here for peer review. It has stood the test of time. I believe Telegram to be private as well.
     
    Last edited: Apr 13, 2020
  9. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,919
    When it comes to really sensitive data, I doubt government officials send them via such "services".
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Banks just use HTTPS, right? I'm pretty sure that Signal is far more secure than that. And if it isn't, many people have pwned hard.

    I prefer Session, I think. It's a Signal fork with anonymous routing. And no links to such meatspace identifiers as phone numbers.
     
  11. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Unfortunately, it's not as private as Signal:

    1. There is no end-to-end encryption by default (Cloud Chats). Only the communication between the clients and the Telegram server is encrypted. All data in those cloud chats are stored on their servers. Telegram says that that stored data is encrypted and not accessible by local engineers or intruders. But since their server infrastructure is not open-source, nobody can tell how reliable that is.
    2. End-to-end encryption is only available if you deliberately chose Secret Chats. I'm sure that most users are not aware of that. And end-to-end encryption is not available for group chats at all.
    3. Telegram uses their own MTProto protocol which has been criticized by experts several times. A security audit https://courses.csail.mit.edu/6.857/2017/project/19.pdf[plain] in 2017 for v. 1.0 revealed several serious weaknesses. They are said to be resolved in v. 2.0 but so far there is no audit for that version.
     
    Last edited by a moderator: Apr 14, 2020
  12. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,999
    Location:
    Member state of European Union
    I trust Signal, but I don't trust Telegram and it's creator Pavel Durov. Here is why.

    On the other hand I like email. It is decentralized. It is a lot more immune to outages and delivery failures than instant messengers. Instant messengers come and go, but e-mail is operating since the beginning of the Internet.
    Copy of an email and logs are (unless you operate your own e-mail server) present on provider server. This decreases privacy, but at the same time it provides some evidence in some legal situations. These logs and ability to export from 3rd-party may be needed if bank breaks contract with its clients. You need evidence for the prosecutor and for the judges.
     
  13. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Yes, Session is nice. However, considering how difficult it is to convince people to switch from WhatsApp to even Signal, I seriously doubt that you will ever get a meaningful number of contacts in that messenger.
     
  14. BriggsAndStratton

    BriggsAndStratton Registered Member

    Joined:
    Aug 28, 2018
    Posts:
    91
    Location:
    A Galaxy Far Far Away.
    I trust him enough to not worry that he is going to be accessing my particular messages. Furthermore, you forgot to mention that the encryption key to each cloud chat session (the chats that are not e2ee) is divided across many servers in different countries.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Huh. About ten people contacted me via Session, after I posted my ID here and on HN. Including a couple old friends whom I'd lost contact with. So hey. One key advantage is availability on Linux, Windows, MacOS, Android and iOS.
     
  16. longshots

    longshots Registered Member

    Joined:
    Oct 20, 2017
    Posts:
    529
    Location:
    Australia
    I thinko_O
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  18. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Including myself ;)

    Yes, sure. But you're mirimir - which means that people highly interested in privacy are motivated to use such tools like Session to be in contact with you.

    But "ordinary" people? I've convinced relatively many friends to use Signal to stay in touch with me. But that does not mean that even one of them stopped using WhatsApp as they didn't want to lose contact with other friends. For most users convenience is more important than privacy, and Signal is convenient enough to use it. I doubt that I would have been able to convince them to use Session, though.
     
  19. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Yeah, but what they wrote here sounds calming.
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Huh. I guess that I have been Mirimir for over eight years, and haven't been at all shy. Maybe that means it's time to disappear ;)
    It'd be a huge pain for me to use Signal. I'd have to get some fake number that they'd accept. And then I'd worry about how secure that was.

    With Session, I just installed the app, created an account, and that was it.
     
    Last edited: Apr 15, 2020
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, I read that. But I'm still nervous, because their defense relies on adversaries respecting laws, constitutional rights, and stuff like that.

    I'd be more comfortable if they simply weren't findable.
     
  22. BriggsAndStratton

    BriggsAndStratton Registered Member

    Joined:
    Aug 28, 2018
    Posts:
    91
    Location:
    A Galaxy Far Far Away.
  23. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    Get a pre-activated SIM card from UK on ebay. You do not need to provide any details to the provider, it lands preactivated and suitable to receive SMS anywhere. Register with it in Signal and you are good to go.
    Nevertheless, at some point you would have to share your "anonymous" number if you want to chat with someone, so you are back to the start :)
     
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    That requires a meatspace address. Which Mirimir does not have.
    Then someone with access to both Ebay and Signal data could know the meatspace address for that SIM number.
     
  25. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    And 4. Telegram saves your contacts list (not only phone numbers, but also full names) on their servers.
    Imo Telegram should be considered snake oil, and definitely not categorized as a secure/private messenger.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.