Thread replies: 28
Thread images: 3
Thread images: 3
File: t_logo.png (12KB, 236x236px) Image search:
[Google]
12KB, 236x236px
Oh fuck. It's another Telegram thread. This is starting to piss me off.
https://telegram.org/
https://web.telegram.org/
Channel name: techchan
>>
>>52334156
Oh look: it's another Telegram shill thread, courtesy of Pavel Durov's PR department. Fortunately, I have pasta in the fridge from the last time.
tl;dr: Telegram sucks. For a phone messenger, today, use Signal instead.
- Telegram doesn't even encrypt most things: https://twitter.com/tqbf/status/678065993587945472
- Telegram's MTProto 'secret chat' encryption is complete shit: https://twitter.com/matthew_d_green/status/582245625103826944
Signal is a competently-designed, open-source (client AND server), end-to-end IND-CCA2 forward-secure phone messenger. Even Snowden recommends it: https://twitter.com/snowden/status/661313394906161152
Yes, Signal is imperfect. Here are the negatives:
- It requires a phone. Not uncommon with phone messengers, but a pity for all those who'd like to finally kill, say, Skype.
- Signal can't protect communication metadata. That is an open research problem: Ricochet & Tor Messenger are best current solutions, but neither protect against global passive attackers (i.e. NSA) or are very good for phone batteries.
- Signal requires Google Cloud Messaging to wakelock phones on message delivery (but not FOR message delivery) - unfortunately GCM is the only reliable supported wakelock on Android 6.x+. [There is a nogapps Websockets fork - https://github.com/xmikos/fdroiddata - but that will drain your battery: that's the price you pay for no wakelocks.]
- They took out the encrypted SMS transport: because iPhones could not also support it (programmatic SMS disallowed by Apple).
- Signal has a desktop client, but that's a Google Chrome app that syncs to your phone. It works, but is far from ideal.
But it is the best we have right now.
The rest of this thread will, if history is any guide, probably be used to argue over the status of different desktop messengers, or userbases. Some cypherpunks are reaching for perfection here - but open research problems take time to solve. Until then, at least use something that doesn't suck.
>>
>>52334223
>use Signal instead.
Fuck off google shill.
>- Signal requires Google Cloud Messaging to wakelock phones on message delivery (but not FOR message delivery) - unfortunately GCM is the only reliable supported wakelock on Android 6.x+. [There is a nogapps Websockets fork - https://github.com/xmikos/fdroiddata - but that will drain your battery: that's the price you pay for no wakelocks.]
It's even worse, the calls don't work at ALL without GCM. But there is hope for now, you can use microG to get access to GCM without having to have Google's proprietary malware on your Android device.
But there's no legitimate reason that Whisper Systems aren't using something like OnePF ( https://github.com/onepf ) to implement the cloud stuff, not binding anyone to a specific Cloud provider. Every time people point out the stupidity of being forced to flash Google's can-spy-on-you-and-you-can-never-prove-it-cant malware onto your device and with hardcoded special system privileges, moxie just closes the thread. This cannot be chalked up to ignorance, this is intentional and malicious.
>>
>>52334724
Closing comment: Whisper should be campaigning FOR removing the dependency on companies and organisations KNOWN to have gross overarching power, not further entrenching it. At least ALL of Telegram's functionality works without Google Apps /and/ without the Google network infrastructure. Being dependent on GOOGLE but proclaiming an interest in privacy or security cannot be done with any intellectual honesty.
>>
>>52334724
>But there is hope for now, you can use microG to get access to GCM without having to have Google's proprietary malware on your Android device.
Just to clarify, this is available here http://forum.xda-developers.com/android/apps-games/app-microg-gmscore-floss-play-services-t3217616 along with instructions, but if you use a Custom ROM that rejects the relevant patches you'll need to apply-and-build yourself (you need to faff about with dependencies, have about 150GB free, and it'll take fucking forever) or use xposed (and have most Custom ROM developers refuse to support you as it's "invasive" - they hate it not just because of how it's written, but precisely because of what it allows users to do - they're all in Google's pockets and everyone knows it).
>>
>>52334223
Its the best unencrypted cross-device messenger available and I mainly care about convenience.
I have both messengers installed, about 50 of my contacts have Telegram, while I only ever talked with one using Signal and mainly because I told him to try it.
If I need end-to-end encryption I can just start an encrypted chat with an existing Telegram user, which has perfect forward secrecy. Save yourself the time from reposting that old nonce issue that was already fixed 2 years ago, there's no known way to break the current crypto.
>>
>>52334223
>- Signal has a desktop client, but that's a Google Chrome app that syncs to your phone. It works, but is far from ideal.
>Google Chrome app
Is moxie fucking serious?
>>
>>52334223
Use XMPP, retard.
>>
>>52334223
>Signal is a competently-designed, open-source (client AND server), end-to-end IND-CCA2 forward-secure phone messenger. Even Snowden recommends it: https://twitter.com/snowden/status/661313394906161152
Why does Snowden recommend something that requires Google services and code?
In fact, why does he even have a fucking Twitter? Whole thing seems like a false flag to be honest.
>>
>>52335646
XMPP doesn't handle mobile connections well and probably never will. Sadly I don't have the relevant links detailing this to hand but I hope some other informed and generous anon will provide.
>>
>>52334156
nice try but I'd rather die before giving anyone on here my phone number
>>
>>52335646
>>52335677
As someone who needs to implement real time communication in the future, this is relevant to my interest. XMPP is what I am considering reading into but I would like to hear about its shortcomings and alternatives.
>>
>>52334156
How do I join the group? There doesn't seem to be a way to input the name you give us and actually find where you are.
>>
>>52335856
Twitter does not spy for NSA. It's one of the few that doesn't. Even Luddite RMS has a Twitter account
Also have you read the pasta. Google play services are just for waking up the device. You are safe as long as you don't use a keylogger.
>>
>>52335677
Probably because Xmpp has to be done manually hence not that easy to setup. Also I read an article about how chat secure is not secure because of xmpp. Google chatsecure security and you might get article that I have read.
>>
>>52335973
Was meant for
>>52335654
>>
>>52334156
Honestly, Telegram would be good if:
1. It didn't require a phone number to use
2. The desktop client supported secret chats
3. It had VOIP
This is what's keeping Skype alive. Telegram claims to care about security and privacy, but they require a valid phone number to use (precluding the possibility of anonymously signing up using TOR or something), and they STILL haven't implemented secret chats on the desktop client. What is even the point of this shitty software?
>>
>>52336093
>broken wrist.jpeg
>>
>>52336102
Telegram will never have VOIP, usually a free service and VOIP doesn't go hand in hand
>>
Telegram is KGB software
>yfw I still use it
>Russia has no power here
>>
File: 1450181359308.jpg (16KB, 480x300px) Image search:
[Google]
16KB, 480x300px
Mfw me 2 days ago:
>Oh, Telegram huh? It has many more features compared to WhatsApp, also a lot safer, let's try it out!
>>
>>52335973
if it's only for waking up the device it should be simple to reimplement it to not need Google, right?
Nah it's obviously just so that they can force metadata leakage and require the google spyware on the device compromising any semblance of real security or privacy
>>
>>52336223
That was a teddy bear.
>>
>>52336093
What's the name of the sticker pack?
>>
>>52336031
Nah there was a set of actual technical reasons that XMPP and OTR didn't work well in instable connections like mobile ones. But I'll be damned if I can find them.
>>
File: me_11-22-15.jpg (180KB, 720x960px) Image search:
[Google]
180KB, 720x960px
>>52335701
Whats is your phone number, Anon? :)
>>
>>52336497
I've just sent you a PM :^)
>>
>>52336491
that bald Tor guy talked about it on one of the c3 congresses too afaik
Thread posts: 28
Thread images: 3
Thread images: 3