telegram:
- very good android, ios, and desktop open-source apps they keep properly up to date (also a web client)
- stickers, emojos, gifs (and with better compression)
- useful bots (and inline bots)
- groups and good admin tools
- nicely including voice or video in chats
- now even favorites
- requires a phone number (not public)
- is not very secure (but above average)
- is centralized and not entirely open (they haven't been evil for now)
@Skiant ye that's my last -
@Skiant @CobaltVelvet Wait, proven? Do you have links for that one?
@renatolond @CobaltVelvet I've seen it a few weeks ago, in here IIRC. Trying to find it back.
@CobaltVelvet actually security is terrible even though I do use it, it hasn't been properly audited by security minded apoplexy, and even the keys for secret chats use the server side PRNG for keygen.
@codeawayhaley oh e2e is way too far compared to average. audits and crypto get quite masturbatory at a point.
but wasn't the rng related thing fixed? for all i've seen about it it's not entirely broken
@CobaltVelvet No idea, I never sa it come up in the version logs
@CobaltVelvet Although perhaps biased as I volunteer for them, I get why they would use their own security protocol given the conflicts of interest that exist with others, and I think their actions speak for themselves when it comes to their record on protecting users privacy.
They have problems, particularly in communicating themselves but I reckon they're one of the best alternatives available.
the security:
- decent c/s transport encryption (yes, good https still is a noticeable point)
- functional and easy to use 2FA (and enabled by default i think)
- session management
- local passcode
- account self-destruct function
- optional "last seen"
- half-assed end-to-end encryption (that kinda works okay afaik, but it's limited to 1:1 private chats and surely could be designed cleaner and better)
@CobaltVelvet 2FA isn't on by default unless they changed it recently, you need to manually set it up under Privacy and Security > 2-Step Verification
for group chats that's still way above average (but not very secure either and their marketing is a bit dishonest but then what advertisement isn't, yes those who don't advertise and stick to irc where you /query your plaintext password and the UI is so bad you become too lazy to ever use e2e encryption and 2FA is nothing anyone ever heard of and everyone blames the protocol being old for everything)
@CobaltVelvet For real, unless you have to make use of bots, Wire is pretty much better at everything Telegram advertises they do.
@CobaltVelvet I think Telegram is a very nice IM, Pavel Durov is crazy bad person and I don't understand why I'm constantly getting messages in Arabic with tons of flower emojis there.
@pony @CobaltVelvet they're likely in Persian (same script), and that's because Telegram is super popular in Iran and, I think, people there use it to meet new people and don't always know where those new people are from.
@abgd @pony @CobaltVelvet there was loads of Persian stuff here for a while (I may have filtered it as I can't read the language) but i translated some via Google and it was mostly just cat pictures and jokes like we would post. Now and then a Koran quote but nothing *too* heavy political/religious..
@vfrmedia @CobaltVelvet I know, they are just some Middle Eastern guys sharing their cats and families. With a lot of pink flower emojis. Only that I have no idea why they are sending it to me. It's not a complaint or anything, it's just a weird thing that happens there.
and let's go to threat models now we're at it, if Russia or France wants to get me they will because:
- they can directly threaten me or a friend with death and torture and that will be MUCH more cost-efficient that anything else on this list
- they can legally threaten telegram into giving some of my messages that i knew had to be low-risk information
- they can intercept and attack that encryption to get basically nothing of value either
seriously what's the worst that could happen
The first option is indeed the go-to option for nation states, but it also requires boots on the ground to be effective, and that takes time and money which nation states still need to ration even though they have a lot of it. If your opsec is sufficient then there simply may not be enough SIGINT to trigger the price threshold for a BOOTSOP.
@bob there are specific contexts that make telegram a very bad tool
@CobaltVelvet @bob the only thing I use it for is to talk to my printer...
I’d love something good enough to talk to humans but the humans I try to talk to don’t want to use anything good for some reason.
@bob @CobaltVelvet that’s pretty much my default assumption for all electronic communication tbh.
Given the current state of affairs in the U.S., I don’t even say things out loud irl that I wouldn’t be able to defend played back to me in a holding cell by some cop/agent/etc.
@CobaltVelvet Have you looked into Wire at all? Not sure how it compares to Telegram.
And if course, either way: https://www.xkcd.com/538/
@thomnottom I haven't, but all i read about it looks good and i may use it in the future
@CobaltVelvet I forget what scared me away from Telegram, but just started playing with Wire to replace Skype.
Let me see my daughter on a business trip and no mysterious clicks in the background!
@thomnottom exactly the xkcd i was thinking about writing this <3
@thomnottom @CobaltVelvet I liked Wire until i heard they were using Signal's protocol, and after their vocal defense for Whatsapp and the backdoor they implemented I trust nothing they do.
@CobaltVelvet @thomnottom (When i say i trust nothing they do, i'm referring to Signal. Wire seems like their hearts are in the right place, but I don't trust them currently with while they're using Signal's tech)
@Takanu @CobaltVelvet I'm firmly in the camp of bad UX decision does not equal "backdoor".
I also don't trust FB, which is why I wouldn't use Whatsapp. But that has no affect on Signal for me.
@thomnottom @CobaltVelvet It's not a bad UX decision though, Whatsapp literally has a backdoor...
@CobaltVelvet
- is owned by a russian billionaire who thinks "Che Guevara and Steve Jobs" are his biggest influences, and thinks throwing money from his office window into the street is a cool social experiment
- has a proven track record of collaborating with state police