bascule, 10 days ago

Musk claimed that Signal has unpatched security vulnerabilities. As a cryptography expert I’m not aware of any: instead Signal has top-notch state-of-the-art encryption which has been adopted by its competitors it’s so good.

Telegram isn’t end-to-end encrypted by default. It has no group chat encryption whatsoever. It uses a bizarre, badly designed “MTProto” protocol about which dozens of cryptography papers have documented myriad unfixed flaws.

sgued, 10 days ago

@bascule I saw this being shared around recently, even though it's from 2021: https://link.springer.com/chapter/10.1007/978-3-030-80825-9_5, in which the authors got a response from Signal explaining that this was not part of the security model. My understanding is that they are referring to this.

bascule, 10 days ago

@sgued LOL that’s rich. Post-Compromise Security is a property that was literally pioneered by Moxie Marlinspike and Trevor Perrin when they designed the Signal protocol. Telegram doesn’t have it whatsoever even in the rare case someone enables its E2EE.

bascule, 10 days ago

@sgued per this analysis dated August 2023, Signal’s Post-Compromise Security is in fact just fine. Don’t believe propagandists.

https://www.usenix.org/system/files/usenixsecurity23-blazy.pdf

wjmaggos, 10 days ago

@bascule @AnnaAnthro

wouldn't Signal tech but decentralized be best?

thepmofam, 10 days ago

@bascule @matthew_d_green Genuine question here and please don't just call me naive. I have done research on Signal and I know it's the gold standard. Elon Musk not withstanding (I saw this from sources other than Musk) and did my research on Signal and where it gets its funding, who's to say it's not a Honeypot at this point?

The majority of its funding comes from the OTF who in turn gets the majority of its funding from the US Government.

bascule, 10 days ago

@thepmofam @matthew_d_green I see you're buying into Pavel Durov's conspiracy theory. Please don't be a useful idiot.

By similar fallacious logic all of Wikipedia is tainted because MediaWiki receives funding from the OTF.

thepmofam, 10 days ago

@bascule @matthew_d_green and you just called me an idiot. Wonderful way to actually treat someone.

I did actually do some research here but I should've known better than to get actual real conversation here on Mastodon.

Doomed_Daniel, 10 days ago

@thepmofam @bascule @matthew_d_green
"useful idiot" is a term with a meaning, see https://en.wikipedia.org/wiki/Useful_idiot

I don't think it was meant as an insult, but he was saying that you're replicating propaganda (most probably without intending to do that)

thepmofam, 10 days ago

@Doomed_Daniel @bascule @matthew_d_green Ok well that makes a little more sense being that I didn't actually know that term.

No my intention was not to spread propaganda. My intention was to try and have a conversation. Apparently it didn't come out that way.

Doomed_Daniel, 10 days ago

@thepmofam @bascule @matthew_d_green
I think the point is that considering all projects compromised just because they received OTF funding doesn't make much sense, as (AFAIK) so far there has been no indication that the OTF binds their funding to introducing backdoors or anything. Sometimes the government funds good things, and sometimes different government agencies have very different goals 🤷‍♂️

Doomed_Daniel, 10 days ago (edited 10 days ago)

@thepmofam @bascule @matthew_d_green
And if the people cry about that instead of pointing out real problems (like actual security issues), it should be clear that they didn't find any and have to resort to vague bullshit propaganda..

And if they push solutions that are provably unsafe(r), it should be clear that they aren't interested in your security, but have very different motivations (at least greed, possibly they even actively support surveillance)

ChrisWere, 10 days ago

@bascule @matthew_d_green The fact that you can't sign up to Telegram with the FOSS build of the app tells me everything I need to know. I also don't like privacy focused platforms that link accounts to a phone number.