The world seems to be shocked by the news that WhatsApp turned any phone into spyware. Everything on your phone – including photos, emails and texts – could be accessed by attackers just because you had WhatsApp installed [1].
This news didn’t surprise me, though. Last year WhatsApp had to admit they had a very similar issue – a single video call via WhatsApp was all a hacker needed to get access to all of your phone’s data [2].
Every time WhatsApp has to fix a critical vulnerability in their app, a new…
This is an article written by telegram’s founder and CEO Pavel Durov in 2019 on “Why whatsapp will never be secure”. Your thoughts?
Sure, fuck WhatsApp, but Telegram isn’t even end-to-end encrypted most of the time. Their group chats never are, and their “secret chat” encryption for non-group chats must be explicitly enabled and hardly ever is because it disables some features. And when it is encrypted, it’s with some dubious nonstandard cryptography.
It’s also pseudo open source; they do publish source code once in a while but it never corresponds to the binaries that nearly everyone actually uses.
And the audacity to talk about metadata when Telegram accounts still require a phone number today (as they did five years ago when this post was written) is just… 🤯
State-sponsored exploits against WhatsApp might be more common than against Telegram, or at least we hear about them more, but it’s not because the app is more vulnerable: it’s because governments don’t need to compromise the endpoint to read your Telegram messages: they can just add a new device to your account with an SMS and see everything.
(╯° °)╯︵ ┻━┻
Anything claiming to prioritize privacy yet asking for your phone number (Telegram, WhatsApp, Signal, …) is a farce.
Telegram isn’t perfect, but it is infinitely better than Whatsapp because it doesn’t belong to Facebook, and also isn’t from the United States. Also it can be used by normies without problem, unlike Matrix or Xmpp or what have you.
Brother, it has servers all over the world (including the US) where it hosts your data unencrypted. Telegram is nearly not inifinitely better than WhatsApp.
Sure, WhatsApp exposes you to US jurisdiction and Meta bullshit. At the same time, Telegram is very friendly with the Kremlin and associated intelligence services. So it basically comes down to whether you want to be spied on by Russian or US entities.
If you’d read the linked sources, you’d know that it’s not just speculation. Regardless of Telegram’s user base, it cooperates with Russian authorities. That remains true whether or not Ukranians use it to communicate. I’m not blaming Telegram for cooperating with Russian authorities as it’s well known that not doing so leads to drastic authoritarian measures.
Simplex - requires nothing, just install. But you connect with other people by sending a code outside of SimpleX. Though they’ve added a directory service for groups.
XMPP
Wire (not Wiremin), though it requires an email account, which is easily addressed with a disposable email.
Signal is very secure from what I’ve read, despite the phone number identifier.
And the audacity to talk about metadata when Telegram accounts still require a phone number today (as they did five years ago when this post was written) is just… 🤯
Not only that, but I believe that they actively try to prevent VoIP numbers from being used to create accounts.
Sure, fuck WhatsApp, but Telegram isn’t even end-to-end encrypted most of the time. Their group chats never are, and their “secret chat” encryption for non-group chats must be explicitly enabled and hardly ever is because it disables some features. And when it is encrypted, it’s with some dubious nonstandard cryptography.
It’s also pseudo open source; they do publish source code once in a while but it never corresponds to the binaries that nearly everyone actually uses.
And the audacity to talk about metadata when Telegram accounts still require a phone number today (as they did five years ago when this post was written) is just… 🤯
State-sponsored exploits against WhatsApp might be more common than against Telegram, or at least we hear about them more, but it’s not because the app is more vulnerable: it’s because governments don’t need to compromise the endpoint to read your Telegram messages: they can just add a new device to your account with an SMS and see everything.
(╯° °)╯︵ ┻━┻
Anything claiming to prioritize privacy yet asking for your phone number (Telegram, WhatsApp, Signal, …) is a farce.
Telegram isn’t perfect, but it is infinitely better than Whatsapp because it doesn’t belong to Facebook, and also isn’t from the United States. Also it can be used by normies without problem, unlike Matrix or Xmpp or what have you.
Brother, it has servers all over the world (including the US) where it hosts your data unencrypted. Telegram is nearly not inifinitely better than WhatsApp.
Sure, WhatsApp exposes you to US jurisdiction and Meta bullshit. At the same time, Telegram is very friendly with the Kremlin and associated intelligence services. So it basically comes down to whether you want to be spied on by Russian or US entities.
Source: Wired cover story
Wired story from a year ago about the FSB using Telegram to track down political activists.
Thats just speculation. The fact remains most of the Ukrainians (including their president) used telegram to raise their voice.
If you’d read the linked sources, you’d know that it’s not just speculation. Regardless of Telegram’s user base, it cooperates with Russian authorities. That remains true whether or not Ukranians use it to communicate. I’m not blaming Telegram for cooperating with Russian authorities as it’s well known that not doing so leads to drastic authoritarian measures.
But don’t take my word for it: Wikipedia: Blocking of Telegram in Russia
Shit, 2019 really was five years ago.
Signal is great. Stop being overzealous
Then what is the choice?
Read up on Xmpp or matrix as good alternatives.
Simplex - requires nothing, just install. But you connect with other people by sending a code outside of SimpleX. Though they’ve added a directory service for groups.
XMPP
Wire (not Wiremin), though it requires an email account, which is easily addressed with a disposable email.
Signal is very secure from what I’ve read, despite the phone number identifier.
SimpleX still has signup bugs:
(1) clicking on the join link from Facebook fails because SimpleX does not strip the FB crap which gets appended.
(2) scanning the QR code fails with your default phone camera app (turns out you must use SimpleX to scan it.
I reported both bugs on github a couple of months ago and nobody had picked up on them.
Not only that, but I believe that they actively try to prevent VoIP numbers from being used to create accounts.