Oh fuck. It's another Telegram thread. This is starting to piss me off.
Channel name: techchan
Oh look: it's another Telegram shill thread, courtesy of Pavel Durov's PR department. Fortunately, I have pasta in the fridge from the last time.
tl;dr: Telegram sucks. For a phone messenger, today, use Signal instead.
- Telegram doesn't even encrypt most things: https://twitter.com/tqbf/status/678065993587945472
- Telegram's MTProto 'secret chat' encryption is complete shit: https://twitter.com/matthew_d_green/status/582245625103826944
Signal is a competently-designed, open-source (client AND server), end-to-end IND-CCA2 forward-secure phone messenger. Even Snowden recommends it: https://twitter.com/snowden/status/661313394906161152
Yes, Signal is imperfect. Here are the negatives:
- It requires a phone. Not uncommon with phone messengers, but a pity for all those who'd like to finally kill, say, Skype.
- Signal can't protect communication metadata. That is an open research problem: Ricochet & Tor Messenger are best current solutions, but neither protect against global passive attackers (i.e. NSA) or are very good for phone batteries.
- Signal requires Google Cloud Messaging to wakelock phones on message delivery (but not FOR message delivery) - unfortunately GCM is the only reliable supported wakelock on Android 6.x+. [There is a nogapps Websockets fork - https://github.com/xmikos/fdroiddata - but that will drain your battery: that's the price you pay for no wakelocks.]
- They took out the encrypted SMS transport: because iPhones could not also support it (programmatic SMS disallowed by Apple).
- Signal has a desktop client, but that's a Google Chrome app that syncs to your phone. It works, but is far from ideal.
But it is the best we have right now.
The rest of this thread will, if history is any guide, probably be used to argue over the status of different desktop messengers, or userbases. Some cypherpunks are reaching for perfection here - but open research problems take time to solve. Until then, at least use something that doesn't suck.
>use Signal instead.
Fuck off google shill.
>- Signal requires Google Cloud Messaging to wakelock phones on message delivery (but not FOR message delivery) - unfortunately GCM is the only reliable supported wakelock on Android 6.x+. [There is a nogapps Websockets fork - https://github.com/xmikos/fdroiddata - but that will drain your battery: that's the price you pay for no wakelocks.]
It's even worse, the calls don't work at ALL without GCM. But there is hope for now, you can use microG to get access to GCM without having to have Google's proprietary malware on your Android device.
But there's no legitimate reason that Whisper Systems aren't using something like OnePF ( https://github.com/onepf ) to implement the cloud stuff, not binding anyone to a specific Cloud provider. Every time people point out the stupidity of being forced to flash Google's can-spy-on-you-and-you-can-never-prove-it-cant malware onto your device and with hardcoded special system privileges, moxie just closes the thread. This cannot be chalked up to ignorance, this is intentional and malicious.
Closing comment: Whisper should be campaigning FOR removing the dependency on companies and organisations KNOWN to have gross overarching power, not further entrenching it. At least ALL of Telegram's functionality works without Google Apps /and/ without the Google network infrastructure. Being dependent on GOOGLE but proclaiming an interest in privacy or security cannot be done with any intellectual honesty.
>But there is hope for now, you can use microG to get access to GCM without having to have Google's proprietary malware on your Android device.
Just to clarify, this is available here http://forum.xda-developers.com/android/apps-games/app-microg-gmscore-floss-play-services-t3217616 along with instructions, but if you use a Custom ROM that rejects the relevant patches you'll need to apply-and-build yourself (you need to faff about with dependencies, have about 150GB free, and it'll take fucking forever) or use xposed (and have most Custom ROM developers refuse to support you as it's "invasive" - they hate it not just because of how it's written, but precisely because of what it allows users to do - they're all in Google's pockets and everyone knows it).
Its the best unencrypted cross-device messenger available and I mainly care about convenience.
I have both messengers installed, about 50 of my contacts have Telegram, while I only ever talked with one using Signal and mainly because I told him to try it.
If I need end-to-end encryption I can just start an encrypted chat with an existing Telegram user, which has perfect forward secrecy. Save yourself the time from reposting that old nonce issue that was already fixed 2 years ago, there's no known way to break the current crypto.
>Signal is a competently-designed, open-source (client AND server), end-to-end IND-CCA2 forward-secure phone messenger. Even Snowden recommends it: https://twitter.com/snowden/status/661313394906161152
Why does Snowden recommend something that requires Google services and code?
In fact, why does he even have a fucking Twitter? Whole thing seems like a false flag to be honest.
XMPP doesn't handle mobile connections well and probably never will. Sadly I don't have the relevant links detailing this to hand but I hope some other informed and generous anon will provide.
As someone who needs to implement real time communication in the future, this is relevant to my interest. XMPP is what I am considering reading into but I would like to hear about its shortcomings and alternatives.
Twitter does not spy for NSA. It's one of the few that doesn't. Even Luddite RMS has a Twitter account
Also have you read the pasta. Google play services are just for waking up the device. You are safe as long as you don't use a keylogger.
Probably because Xmpp has to be done manually hence not that easy to setup. Also I read an article about how chat secure is not secure because of xmpp. Google chatsecure security and you might get article that I have read.
Honestly, Telegram would be good if:
1. It didn't require a phone number to use
2. The desktop client supported secret chats
3. It had VOIP
This is what's keeping Skype alive. Telegram claims to care about security and privacy, but they require a valid phone number to use (precluding the possibility of anonymously signing up using TOR or something), and they STILL haven't implemented secret chats on the desktop client. What is even the point of this shitty software?
Mfw me 2 days ago:
>Oh, Telegram huh? It has many more features compared to WhatsApp, also a lot safer, let's try it out!
if it's only for waking up the device it should be simple to reimplement it to not need Google, right?
Nah it's obviously just so that they can force metadata leakage and require the google spyware on the device compromising any semblance of real security or privacy