“Telegram is not a private messenger. There’s nothing private about it. It’s the opposite. It’s a cloud messenger where every message you’ve ever sent or received is in plain text in a database that Telegram the organization controls and has access to it”
“It’s like a Russian oligarch starting an unencrypted version of WhatsApp, a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. Somehow, they’ve done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives in Russia, and their families are there.”
" What happened in France is they just chose not to respond to the subpoena. So that’s in violation of the law. And, he gets arrested in France, right? And everyone’s like, oh, France. But I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn’t have access to the data and couldn’t respond to that same request. To me it’s very obvious that Russia would’ve had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment"
The only people who know this are people operating the server. Period.
See the link I provided above.
Yup, that’s precisely what it’s a filter for.
Trust me bro is not a viable model for anybody who actually gives a shit about their privacy.
The reality of the situation is that Signal asks users for information it has no business collecting during the sign up process, and this information can be used in adversarial ways against the users. People using Signal are making a faith based judgment to trust the operators of this server.
nope… signal has sealed sender to prevent them from building a social graph
Nope, sealed sender does not address the problem because the phone number is collected at sign up time. The whole sealed sender concept is just another trust me bro mechanic because, once again, nobody aside from people who are actually operating the server know what it’s doing. Signal is proof that vast majority of people don’t understand the basics of privacy and security, and they don’t actually care.
the phone number being collected at sign up just proves that you use signal
they can’t build any kind of social graph from it… they can only use the information contained in the message for delivery and rate limiting
Again, the only people who actually know what the phone number is used for are the people who operate the server. I don’t know why this is such a difficult concept for people to grasp. They don’t need the information contained in the messages. Once the phone number is collected, it CAN be stored and associated with your account. There is no way for you to know whether that happens or not unless you have access to that server. There is no way for you to verify that the server does what people operating it say it does. That’s what makes it a trust based system.
yes, i’m aware that you don’t know what the phone number is used for, but what we can guarantee is that it can’t be tied back to your message history, because again that’s what sealed sender is for. in order to send messages, you use a signed, derived value that has never been seen by the signal servers (since it’s derived) but is still signed (so signal knows it’s legitimate: they can validate your identity and rate limit without knowing it)
so whilst the phone number is associated with an account, that only allows them to know that you (person/identity) use signal… but that identity can verifiably not be tied back to any messages you send
nothing about that identity other than derived cryptographic data is ever sent along with your messages
*edit: i’ll slightly retract that: of course your IP address is also sent along with messages, and that may be able to be tied back to your identity… let’s say out of band, of course… so it’s on you to use a VPN or some other method to obfuscate your source IP address. i’d say that’s generally applicable to any other service too
Prove it. And not from some just trust me bro statement from signal.
replied to your other msg, so i wont duplicate it here and we can continue there if you’d like
Again, nowhere did I talk about message history. What I’m talking about the server having unique ids for each user, which is how it connects users to each other, and having a phone number collected initially which can be tied to that id. You don’t need anything from the messages themselves to create a graph of people who talk to each other. The routing is done by the server.
but in that chain what you really care about is your phone number that identifies you in the real world to your messages, right?
yes, and the only thing you need to route is the receiver; not the sender
the sender is only used to validate the senders identity, and for rate limiting
sealed sender solves both of these problems whilst not including any sender information in messages… phone number or user id doesn’t matter: those things are not sent along with any of your messages, and that’s verifiable
your phone number and user id is only known by signal when you retrieve a temporary token (this solves rate limiting: the retrieval of the token is the rate limit, and each token has a limited number of messages it can send)… the client then derives a different key from it, which can still be verified as having been signed by the server, but does not contain any information that can be tied back to your phone number or user ID
It doesn’t matter, what matters is that the server has a unique id for you and the person you’re talking to, and that id can then be mapped to the phone number that was initially collected. That’s all the server needs to identify the real identity of the people you communicate with.
It’s not a question of what the server needs minimally, it’s a question of what the server could be doing if it was set up maliciously. The sealed sender does not solve this problem in any way shape of form.
We all know this, for reasons I’ve already stated.
Your link is broken.
100M people is not a filter…
No one said anything about that? That is not the model.
The business is connecting users. It’s one of the reasons it is the most viable private and secure chat platform. It’s why I have a dozen connections on Signal and literally 0 on every other platform. Because you actually know who’s using it. You can have the most private and secure messaging system in the world but if you can’t use it to actually chat with anyone, then what good is it?
No, we don’t all know this. What we actually know that people like you say this and expect the rest of us to trust you blindly, which is itself concerning.
Your browser plugins are broken, the link is fine. That said, here’s non archived version https://www.washingtonpost.com/technology/2021/06/15/faq-data-subpoena-investigation/
Given world population and modern data analysis capabilities it absolutely is.
That’s literally the model. Signal asks you for your phone number when you register, what happens with that information after that is only known to people operating the server. Let me know what part of that you’re still struggling to understand.
That word salad has fuck all to do with the point I made, which once again, is that you have to trust people who operate the server in how they handle this information.
Ah yes, because there’s absolutely no conceivable way to verify whom you’re connecting with aside from sharing your phone number with an American company. You couldn’t possibly use any out of band channel to verify who the person you’re communicating with is.
Removed by mod
I’m not misrepresenting anything you said. Meanwhile, it’s very telling how you’ve pivoted to making personal attacks instead of actually addressing the problem I’ve now repeatedly explained. You’re not fooling anyone here bud.
Removed by mod