• refalo@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      3 months ago

      She has her hand in too many strategic places, unlike Telegram.

      employed at Google for 13 years

      speaker at the 2018 World Summit

      written for the American Civil Liberties Union

      advised the White House, the FCC, the FTC, the City of New York, the European Parliament, and many other governments and civil society organizations

    • mipadaitu@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      Not that the action against Telegram is right, but there’s a big difference between what Signal and Telegram is doing.

      • Otter@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Would you have more info on the differences? I was wondering the same thing, but I don’t know enough about Telegram to compare

        • unconfirmedsourcesDOTgov@lemmy.sdf.org
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          I’m no authority on it but from what I’ve read it seems to have more to do with the social features of telegram where lots of content is being shared, both legal and illegal. Signal doesn’t have channels that support hundreds of thousands of people at once, nor media hosting to match.

          • socsa@piefed.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            3 months ago

            Right, the French authorities are going to present evidence that this dude was aware of specific illegal activity and refuse to comply with a legal warrant involving said actively, making him guilty of obstruction at best, and possibly conspiracy. Signal complies with warrants, they just don’t have anyone’s keys. Telegram has everyone’s keys, and theoretically could turn them over but they refuse. That’s a huge difference from a legal perspective.

            • unconfirmedsourcesDOTgov@lemmy.sdf.org
              link
              fedilink
              arrow-up
              1
              ·
              3 months ago

              Thank you. I’m going to restate your explanation to be sure I’ve got it:

              • authorities want platforms to comply with legal requests
              • when Signal gets a subpoena, they open the key locker and show that it’s empty. They provide the metadata they can (sign up date and last seen date, full stop) and tell authorities they can’t do better.
              • when Telegram gets a subpoena, they open the key locker and show all the keys, then slam it shut in the face of the investigator, telling them to get bent.
              • conclusion: it’s easier to never have the keys in the first place than to tease the government with them
        • pimeys@lemmy.nauk.io
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          3 months ago

          Signal always responds to authorities when they ask for data, and they give them all they have: the day they registered, their phone number and the timestamp they last used the app.

          Telegram has unencrypted channels of drug dealing, and what I heard is a lot of illegal porn too. The authorities want information on certain users there and Telegram doesn’t comply. This is directly against the law Signal is not breaking, because they always send all the data they have to the law enforcement.

          • sunzu2@thebrainbin.org
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago

            while not wrong context matters, US social media companies also enable human, weapons, and drug trafficking. they play a role in a few genocides too.

            but the western regime does not care.

            • pimeys@lemmy.nauk.io
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              3 months ago

              But they give their data when the officials ask. That is all that matters. And I seriously hope none of us uses Telegram or WhatsApp to any discussions. Use Signal because that is so far pretty unbreakable.

              Telegram is already in the hands of that tiny Russian old man and WhatsApp is owned by a lizard.

          • rottingleaf@lemmy.world
            link
            fedilink
            arrow-up
            0
            arrow-down
            2
            ·
            3 months ago

            Telegram is a propaganda weapon in some sense, between two worldviews - one is “a good service doesn’t require trust, because they physically can’t sell you”, another is “a good service you can trust because they won’t sell you”. And Telegram helps the latter.

            So frankly - kill it with fire. Sadly I’m in Russia and everybody uses it here.

      • istanbullu@lemmy.ml
        link
        fedilink
        arrow-up
        2
        arrow-down
        2
        ·
        3 months ago

        Telegram is available on F-Droid. Signal is not. Whatever is Signal doing, it’s pretty bad.

        • gedaliyah@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          The folks at F-Droid have said that Signal would certainly qualify, but Signal doesn’t want multiple channels out there. F-Droid is just honoring their wishes.

        • MerchantsOfMisery@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          Assuming you’ve audited Signal, can you tell us what your findings were and why you think Signal must be up to something pretty bad? I’m very curious and would love to be enlightened by someone as knowledgeable as you.

          • poVoq@slrpnk.net
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            3 months ago

            I’ll leave it up to you to decide if that is bad or not, but one of the reasons the Signal app can’t be put unaltered on F-droid is because it loads in external dependencies from Google at run-time, which can also be altered by Google at will with any Android update.

            • MerchantsOfMisery@lemmy.ml
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              3 months ago

              How significant is it that the server code is open-source or not? It’s possible for Signal to publish their server code while running completely different software on their servers. The point of the client is being open source and audited on a regular basis by the community, which is why it doesn’t make sense to trust the server-side software.

              The entire point is that we don’t have to trust the sever at all. The client is open source and regularly audited by the community. As long as the client stays fully open source, everything’s fine. Also, the closed source dependencies are part of a spam reduction effort which IMO is well worth it. Prior to this, Signal had a spam problem and the client itself remains fully open source.

              Signal could have very well not even told people that they added a closed source dependency on Google to its servers and just lied by publishing fake server code that omits the closed source dependency., but instead they were very transparent about the spam problem. In terms of they “why?” regarding the closed source dependencies, their argument is that making it open source would almost immediately result in all anti-spam measures being thwarted. Frankly I’m inclined to agree and again, as long as the client is fully open source and regularly audited, the server code is irrelevant to user privacy/security.

              https://community.signalusers.org/t/spam-scam-on-signal/26665

              https://signal.org/blog/keeping-spam-off-signal/

              • poVoq@slrpnk.net
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                3 months ago

                The external Google dependencies I am talking about are loaded into the client not the server, so that’s an entirely different issue.

                • MerchantsOfMisery@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  3 months ago

                  Every app from the Play store requires GCM though, and Signal functions even if a user disables GCM. It pertains to a phone’s ability to notify a user of a new message. But again, users can disable GCM and the app itself will continue to work just fine.

                  For what it’s work, the APK on Signal’s website (obviously) doesn’t have the external Google dependencies. Personally, I really don’t see this as an issue at all.

                  • poVoq@slrpnk.net
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    3 months ago

                    There is also Google maps integration. Sure, it’s not mandatory anymore, but if you install the official Signal app on a phone with Google play services installed, you are effectively not running an open-source app anymore and this potential backdoor is also not noticeable with reproducible builds.

                    F-droid has strict rules in place to prevent these sort of things for good reasons, thus the original comment is not entirely wrong in saying that an app that claims to be open-source, but can’t be made available on F-droid is a red-flag.

        • toasteecup@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          Are you developing your opinions based on vibes or have you actually audited their software yourself (you are free to do so both client and federation server code)?

          If you audited it, have you produced an actual report with metrics and points of reference for your data points?

          • misaloun@reddthat.com
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            Doesn’t take away the fact that not being on F-droid is a huge issue and says a lot about how much they care about privacy and security.

              • rottingleaf@lemmy.world
                link
                fedilink
                arrow-up
                0
                ·
                3 months ago

                It’s actually sad, even though I’m a libertarian, tankies and in general marxists could have made a good input into our future. But if they can believe in Telegram being secure because of vibes and not even doing basic research, they’ve already lost.

                • toasteecup@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  3 months ago

                  Heeey I am also a libertarian, I just tend towards left libertarian. Back to the point of discussion, I find it difficult to ha e a meaningful conversation with the tankies or in general anyone from lemmy.ml . The discussions tend to lack any real data and feel entirely vibe based OR it’s apologist bullshit for Russia.

                  Like it’s cool if you like communism and have a philosophy based around why you think it’ll help humanity. I can politely disagree but still listen and discuss. It’s quite another to just be a complete dipshit and say “Ukraine had the invasion coming” (actual quote I’ve seen).

    • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      3 months ago

      The very fact that there have never been any attempts in the west to stop Signal from operating says volumes in my opinion.

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      edit-2
      3 months ago

      They won’t there’s no need. Their clients are garbage and they’re most likely backdoored anyways. This action against Telegram is only happening because they can’t get inside it, they can’t backdoor it nor corrupt anyone. If they were able to do that they wouldn’t be doing this.

      • ArchAengelus@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        No matter how good the protocol or client encryption, your privacy is only as good as your own physical security for the device in question.

        Given that if you lose your private key, there is no recovery, I would be surprised if there were real back doors in the clients. Maybe unintentional ways to leak data, but you can go look for yourself: https://github.com/signalapp/Signal-Android

        They have one for each client.

        • TCB13@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          1
          ·
          edit-2
          3 months ago

          If you don’t turn on the secret chat feature it wont be, yes. However if E2EE was the only deciding factor for a gov to go against an App then they woudln’t be going after Telegram. The fact that govts are going so hard at telegram simply proves that even when the company has access to all our chats they don’t actually provide them to said govts.

          I’m not saying telegram is good from a security perspective, I’m just saying that event without E2EE and all the modern wonders govts can’t still get in because the company doesn’t indulge their requests.