WhatsApp is now using the exact same technology as Signal, and all communication is end to end encrypted by default. For technical details you can check out these links:
https://whispersystems.org/blog/whatsapp-complete/
https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
Friendly reminder that Signal is funded by (tax-deductible) donations. And you can donate crypto:
​
(TBH, I had never really thought about how they were funded until I noticed the "Donate" link while reading their response.)
It's an instant messaging app, but you can also use it on pretty much any other device you own. Also (in the Android app at least) you can search images/gifs on the internet and instantly send them. Makes gif wars so much easier.
Here's how my dumb brain understands it:
His friend sent him a youtube link in WhatsApp. WhatsApp does link previews in its messages--and somehow, when the link loaded, Youtube knew that it was this dude looking at the link.
Fun fact: that's a classic OSINT technique to find people who are on the run. Send them an email with an embedded image saved on one of your websites, and then just wait for him to open the email--when he does, you can see what IP address loaded the image and boom--now you know where he is.
Also fun fact: Signal has taken steps to prevent this from happening: https://signal.org/blog/i-link-therefore-i-am/
From left to right ;P
The blue links are the same. Notice the via @roolsbot part of his and mine message? That means that the message was created using an inline bot (A telegram feature, see here). This specific bot lets you search for these links and also, in a more advanced way, let you insert these links naturally in your messages without you knowing the actual link, you just search for keywords basically. I tried to "show off" using this advanced mechanic to combine the two messages he had to send (because he only used the basic function of the bot) into one, using this advanced technique. And he then told me that he wrote this feature.
Sounds complicated? Dont worry, it is. I hope I could explain it though :)
I just downloaded Signal to try it out, it's open source, and co-founded by Brian Acton who co-founded WhatsApp and left Facebook after the merge when they asked him to lie to the EU about their intentions to merge WhatsApp and Facebook Messenger. It seems to be nice, haven't tried it in anger. The desktop version is its own app, I'd have preferred a browser based option like WhatsApp web but that's a minor quibble.
Q: How are you going to make money out of this?
We believe in fast and secure messaging that is also 100% free.
Pavel Durov, who shares our vision, supplied Telegram with a generous donation, so we have quite enough money for the time being. If Telegram runs out, we will introduce non-essential paid options to support the infrastructure and finance developer salaries. But making profits will never be an end-goal for Telegram.
Unlike a lot of other technology projects, Signal is structured as a non-profit. We're supported directly by users like you, similar to organizations like Wikipedia. You can donate here: https://signal.org/donate/
We will never sell ads, and we've designed Signal to not know anything about anything (including no trackers or analytics), so we couldn't target ads even if we wanted to (which we don't).
I have a hunch it could be related to https://signal.org/blog/cellebrite-vulnerabilities/ and the followup https://hothardware.com/news/cellebrite-physical-analyzer-software-no-longer-supports-iphones
What kind of phone does your wife have that they inspected?
Don't install freedom.
If you make the slightest mistake uninstalling it it will ruin your phone (lost my LG G3s that way, RIP)
Enable developer options and set "Window animation scale", "Transition animation scale" and "Animator duration scale" to < 1 (mine are at 0.5x)
This will make apps appear faster and opening an app from "recents" is also faster. All the time spent watching animations is simply wasted.
Want to converse with people/groups? Get "Telegram"! That way your personal data isn't being shared with Facebook if you were using WhatsApp. It also has an API for people to create bots and clients for all platforms. Seriously check it out https://telegram.org/
Get an app like Tasker or Automate and really learn how to use it. You can replace dozens of apps by creating your own automations. I prefer Automate because it uses a Flowchart design where you simply connect nodes but it's just preference.
Solid Explorer is the way to go. Yes it costs money but it is super worth it. No ads, no bulls**t and integration with storage services like onedrive or google drive.
Camera FV-5 is the way to go if you are into photography.
EDIT: I appreciate that someone is willing to help me with my old phone but I have moved on from it. The damage is done and I am not looking to repair it. I have already customized my current phone extensively and I'm not going to try and fix my old phone now.
Developer on Signal Desktop here.
IMO, Signal does not have an issue here, but of course I'm biased.
We go to great lengths to avoid the "metadata problem". We've been subpoenaed a few times and have been able to produce very little. We know when someone signed up for an account and when they last accessed the Signal service, but that's basically it.
We achieve this, in part, with something called "sealed sender". It's like a letter with no "from" address written on the envelope.
We also do limited logging and don't hold onto messages after they're delivered.
As others have mentioned, we're also working on adding usernames. Please know that this is a massive technical effort (the biggest I've seen in my time here) and will take some time, but it's definitely a priority.
As a developer on the Desktop app, I know full well that Signal is far from perfect. But I don't think our service suffers from the "metadata problem".
I agree discord is a shit platform for privacy. I also think that most of the time the top one priority is to create a community with a low entry barrier so anyone can organize and work together. And discord works well because a lot of people use it.
But again, if your group can move to another platform where you have privacy that's amazing and you should definitely do it. Try element.io to replace discord or signal.org to replace telegram and whatsapp.
I feel like I need to clarify some things as this whole conversation is very confusingly worded for people who aren't already aware of how Riot works.
Riot is not a protocol. It is not a replacement for Slack, Skype, etc. Riot is just a client for the FOSS federated messaging protocol named Matrix. Riot is just the most popular and most full-featured. Riot is designed more like Discord than anything else, and likewise has a self-hosted web app you can deploy for users to connect through a web browser.
Matrix communication is done over a simple HTTP API. You can host your own server, or connect to existing servers. The protocol is federated so you do not need to be on the same server with someone to communicate with them. Server can have bridges installed, allowing connections with other protocols from Matrix chat channels. All the external service has to have to easily communicate is some sort of API. Here's some official documentation on creating bridges, with a example specifically for Slack.
So Riot can connect to slack, but it has absolutely nothing to do with Riot. You'd have to have a Matrix homeserver set up with a bridge to a Slack server through the Slack API. You can't just install Riot and connect to Slack, IRC, or XMPP servers.
Yay, more fragmentation in the IM ecosystem.
Listen, it's good that it's open source and self hosted, but the problem with all the messaging "products" doesn't come only from the fact that they're proprietary, it comes from focusing on making single client solutions. IRC and XMPP have a lot of issues, but they are protocols, so anybody can write the clients they want (graphical, command line, bots, ...) and use that with any service that uses those protocols. By creating new domain specific client-server protocols, you're just giving people less choice.
Right now, the only approach that seems to go in the right direction is Matrix.org. But to be honest, there are a lot of modern XMPP and IRC clients around now, so if you want to write a fancy UI, why don't you just write a good client for those?
For people using SailfishOS, CopperheadOS, and other Android-app compatible operating systems that don't include Google Play, the following might be equally (if not more) newsworthy:
Today, Open Whisper Systems (the team behind Signal) set up a way for people to install the official Signal Android client from outside of the Google Play Store: https://signal.org/android/apk/
When announcing it on the OWS Community Forum, Moxie Marlinspike said that this is a "harm reduction strategy since people are already running random APKs signed by other random people".
You can use real private messaging. Right now virtually uncrackable encrypted messaging exists but no one uses it for some reason.
For the people asking about it: https://www.openpgp.org
It looka like Signal is a better solution: https://signal.org/
This is the same company that Moxie Marlinspike absolutely embarrassed in a blog post recently after they claimed they could extract data from Signal. https://signal.org/blog/cellebrite-vulnerabilities/
"export your data"
more like export a fraction of your data
in their privacy statement they explicit say what they collect (https://www.whatsapp.com/legal?lg=en#privacy-policy-information-we-collect) and the fun part begins at the automatic collection.
Where is this data, that is way more interesting!
Beep. Boop. I'm a bot.
It seems one of the URLs that you shared contains trackers.
Try this cleaned URL instead: https://signal.org/blog/keeping-spam-off-signal/
If you'd like me to clean URLs before you post them, you can send me a private message with the URL and I'll reply with a cleaned URL.
Also agreed.
Over at /r/jellyfin we've used Matrix since day one, and only grudgingly (and with much flakiness) bridged it to IRC (and Discord... shudder).
I get that IRC is this historical thing for the "internet/computer geek" community, but people need to face that it's antiquated and a big barrier to entry for new users (it's not about being "hard"; it's about "now I have to figure out and join another Chat program just to get help?" and this being a barrier) and accept that better, modern alternatives like Matrix exist, are well used, and are an improvement.
That's why when I'm tonsil-deep in pussoir, I use Signal.
Its end-to-end encrypted communication ensures that my taint reaches my eyes unmolested by man in the middle interlopers.
For those who don't know, Teamspeak is (was?) a very popular application among gamers and the like for voice communication.
The Matrix protocol is an open source federated / decentralized communication protocol for stuff like text, voice, video, commands and other things. Its strengths are properties like extensibility and high availability of chat history.
It's pretty exciting that it's now being developed with the Matrix protocol in mind, this means it can federate with the entire Matrix ecosystem. Pretty cool if you ask me.
Whatsapp needs a serious update. The latest addition to Telegram gives it really advanced group messaging features. I'm lucky enough that most of my friends have switched to Telegram so when I have to use Whatsapp it's a bit of a shock how old it looks and the lack of features.
Something the Riot blog misses here is the Matrix half of the story - specifically that the E2E Crypto has had a public security assessment by NCC Group. https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last/ and https://www.nccgroup.trust/us/our-research/matrix-olm-cryptographic-review/ have the details.
Matrix is great! Its a chat protocol that has many front ends your users can choose from. The most popular front end is Element.
Why use matrix?
At its core, the protocol is just for routing messages between clients and servers. This means you can join multiple servers (hosted by other matrix users). There's also bridges between other chat services so you can do all your communication in one place.
Also, with Jitsi integration you can do video calls directly in the app.
The Signal team have vouched for WhatsApp in the past https://signal.org/blog/there-is-no-whatsapp-backdoor/
Granted that was a few years ago and there’s no telling if WhatsApp has changed since then. But Signal haven’t announced a change in stance regarding WhatsApp, so it’s probably safe enough, assuming you’re ok having your metadata mined…
Speaking of fire, Signal's very recent blog post as a response to a company, Cellebrite, claiming to be able to extract data from the app is pure gold. Their response could be summarized as "Just don't" but that does in no way make the full read any justice. It's a mood lifting read!
Direkt zum Original:
https://signal.org/blog/cellebrite-vulnerabilities/
"By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me."
Haha, klar "vom LKW gefallen"... Sympathisch, ja. Aber glaubwürdig?
PGP is hard to use and not very practical for direct messaging.
Signal is a much better suggestion, slick UI and easy to use. Also very secure (especially if you verify each other's private key) and open source.
End to end encryption betekent dat facebook niet kan meelezen. Wat ze via whatsapp wel weten is met wie jij praat en wanneer, wie er in je contactenlijst staan, in welke groepen je zit, wanneer je online bent, en als je dat aan hebt staan je locatie.
Edit: Een goed alternatief voor whatsapp is signal, die houden niks van je bij (bestaan van donaties) en gebruikt dezelfde encryptie als whatsapp (Eigenlijk is de encryptie in whatsapp bedacht door een van de mensen achter signal). Ik gebruik signal om te communiceren met de paar mensen in mijn vriendengroep die wel wat geven om privacy, maar het is lastig om de rest van whatsapp af te krijgen.
Signal is the only widely available, multi-platform secure messaging tool. True end to end encryption (you and your recipient have the only keys) and minimal metadata (Signal logs only the age of your account and the last time you used the service. thats it). Stop using other messaging tools if the contents of your messages are private. https://signal.org
re: online status and location, Signal does not have this by design. It would be a privacy leak. Signal actually gives a shit about real privacy. https://signal.org/bigbrother/central-california-grand-jury/
I'm sorry for your loss. I would recommend contacting WhatsApp directly to see how they could help under these circumstances. https://www.whatsapp.com/contact/
I wouldn't want you to risk loosing those memories.
Just a reminder, Open Whisper System is a non-profit, who run a privacy conscious service for free. They don't get the benefit of billions of dollars of advertising money here compared with FB and WhatsApp.
Please do donate if you value their service. https://signal.org/donate/
There are huge profits to be made in grey-market call termination, especially so if international calls have to otherwise go through a single carrier that dictates insane international rates. In most of the profitable countries, the local cell calls are dirt cheap as is labour to man the stations, so the sim gateways, the sat uplinks (or occasionally DSL) and the simcards are quickly paid off and then it is just profit. Even more fun when that carrier is owned or invested in by members of the royal family or local equivalent, and they use the army to hunt down these 'pirates' and protect their interests.
If you want to get a sense of the profits, look up Cuba on the Skype Rates website, it is currently $0.089 connection fee and USD $0.80/minute, or North Korea at USD $0.70/min or Madagascar at $1.07/min landline ($1.09/min mobile). It doesn't take long or much call volume to cover your costs.
Not too long ago, Cellebrite announced "support" for Signal Messenger. This "support" is only for unlocked phones where Signal Messenger is also unlocked. Cellebrite makes devices that download any available info from many phones, locked or unlocked. An Android phone that is freshly restarted will expose minimal data. A decrypted phone (after you enter your password the first time), even when the screen is locked, will offer a little more data, still not much though. Something to note is that some things, like the alarm you set and named "Remember to dump the body from the drum," are accessible from your encrypted & locked phone.
The Signal organization "found" a Cellebrite UFED that "fell off a truck" and they found numerous vulnerabilities. Read the blog post here. It's not very long nor technical. Pay attention to the last paragraph, LMAO.
It's possible that law enforcement is looking for the pretty little files that "don't do anything" that Signal Messenger uploaded to a few random people's phones. I read a legal blog post suggesting that the US government might try to prosecute someone under the CFAA if these files do damage to any of their Cellebrite UFED machines, possibly with the goal of going after Signal Messenger.
Just a thought.
Because Telegram switched to Google and Amazon servers. Russian govt started banning Google and Amazon Cloud IP addresses, the airports and ATMS that relied on them also went down.
Govt banned telegram.org . So telgram switched to Google Cloud and Amazon web services. Then the govt banned millions of IP addresses, thus fucking up Russian Internet
Matrix uses their own implementation of the "Double Ratchet cryptographic" ratchet. It's the same kind of encryption that Signal, Whatsapp and the like use. You can find the source here.
https://twitter.com/signalapp/status/1261364662840385536
> Giphy was just acquired by Facebook, but GIF searches in Signal have been protected by a privacy-preserving proxy from the very beginning. The Giphy SDK isn't included in the app at all. You can read more about our approach to handling animated GIFs here: https://signal.org/blog/signal-and-giphy-update/
Signal has already been subpoenaed by the FBI and couldn't produce content, https://signal.org/bigbrother/eastern-virginia-grand-jury/. You won't find Telegram recommended by security advocates because it doesn't have the reputation Signal does.
I believe this particular discussion and decision is quite old and settled. The use of phone numbers is a usability and reliability trade-off that users need to be willing to make with Signal. If that's not fitting of your threat model, may I suggest https://matrix.org/
Looks like they've changed it a couple months ago; here's an archive: https://web.archive.org/web/20180702223031/https://signal.org/workworkwork/
I actually copied it from a message I sent a friend when I first read it. (Over Signal to boot, hah.)
Signal is open source, tried and tested, and end to end encrypted. It requires your number so you can communicate with anyone in your contracts (those without Signal).
They've proven through a court order that they could not help the big brother.. The only things they were able to share were the time the user registered and the last time they've used Signal.
I don't think any of the other alternatives have this much battle experience and trust.
Signal is basically an alternative to your regular SMS and calling app, so of course it will require those permissions. If you only want to communicate with Signal users, then go the route explained in the article you linked and use a burner number and not all any permissions.
It's interesting that they still have access to Facebook and WhatsApp. It is unfortunate that Signal is no longer domain fronting though I know Telegram was doing this as well (and for some reason hasn't gotten a similar letter?). I'm not a networking guy, but wouldn't encrypted DNS help resolve this issue? Not that people have access to it on their phones, but my understanding is that you'd have to shutoff access to the DNS (like CloudFlare (1.1.1.1
)or Google (8.8.8.8
)).
Signal explains quite nicely how "disappearing messages" should be treated.
> Disappearing messages are a way for you and your friends to keep your message history tidy. They are a collaborative feature for conversations where all participants want to automate minimalist data hygiene, not for situations where your contact is your adversary — after all, if someone who receives a disappearing message really wants a record of it, they can always use another camera to take a photo of the screen before the message disappears.
Its a way to bridge WhatsApp messages over a different messaging protocol called matrix. Matrix is a decentralized and federated approach to messaging and both the clients and servers are open source. If you run your own server you can install various bridges that let you forward messages from one platform over matrix so you can avoid installing many permission-wanting and tracking-laden apps on your phone. For example, I run my own server using this ansible playbook and it includes scripts to set up bridges for WhatsApp, messenger, groupme, discord, slack, and many other services. Its a great way to transition off of a service without getting rid of it completely, allowing you to keep in contact with people who use the nonfree platform without needing to interact with it directly.
Matrix is definitely the way to go in terms of private, encrypted messaging IMO but it requires a little more work to set up than something like signal.
Here's their blog post - https://matrix.org/blog/2019/04/11/security-incident/
I spun up a matrix VM about 1-2 weeks ago to give it a try because I was losing faith in discord. Not gonna lie I was a little concerned at the timing of this but I'm still going to go ahead and set it up when I get some free time. This wasn't a fault of the matrix software - just lazy sysadmin work.
FUD!
>Jennifer Caukin, a spokeswoman for Skype, has a different slant. Caukin said, “Skype made the decision to retire Skype for Asterisk several months ago, as we have prioritized our focus around implementing the IETF SIP [Session Initiation Protocol] standard in our Skype Connect solution. SIP enjoys the broadest support of any of the available signaling alternatives by business communications equipment vendors, including Digium. By supporting SIP in favor of alternatives, we maximize our resources and continue to reinforce our commitment to delivering Skype on key platforms where we can meet the broadest customer demand.
Basically, instead of continuing to use their shitty proprietary standard they decided to use an open, ratified standard. Asterisk supports SIP just fine, meaning anyone with an asterisk pbx can still integrate with the skype network just fine. Only now Asterisk doesn't even have to bundle the proprietary code anymore! This isn't even a hypothetical, it's already available.
This is a win for open source and standards, not the other way around.
>Unsurprisingly, this data sharing policy with Facebook and its other services doesn't apply to EU states that are part of the European Economic Area (EEA), which are governed by the GDPR data protection regulations.
Shitty that facebook is doing this, who knows which region they will apply this policy next.
Be aware it is also necessary to OPT-OUT in order to prevent "[sharing] my account information with Facebook to improve my Facebook ads and products experiences", and can only be done in the first 30 days of registering. All told, WhatsApp is a poor choice for privacy.
We like them today because they responded to a subpoena last week with basically "lol, we don't know anything".
We like them over the long term because they're a messaging app that just sends messages.
>In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.
For those who missed it this particular company specializes in getting data from phones that have already been unlocked and requires the phone to be physically present.
There was an interesting blog written in April by the CEO of Signal (a secure messaging client) where he basically got a hold of one of their boxes and had a close look https://signal.org/blog/cellebrite-vulnerabilities/ that some of you might like to read.
The encryption is only for the messages. There is a ton of valuable personally identifiable information that they can (likely are) logging.
From whatsapp privacy policy
"We collect information about your activity on our Services, like service-related, diagnostic, and performance information"
"...how you use our Services, your Services settings, how you interact with others using our Services, and the time, frequency, and duration of your activities and interactions, log files, and diagnostic, crash, website, and performance logs and reports."
"...the features you use like our messaging, calling, Status, groups (including group name, group picture, group description)"
"We collect device and connection-specific information when you install, access, or use our Services. This includes information such as hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information, and identifiers (including identifiers unique to Facebook Company Products associated with the same device or account)."
"Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country). We also use your location information for diagnostics and troubleshooting purposes."
Be aware it is also necessary to OPT-OUT in order to prevent "[sharing] my account information with Facebook to improve my Facebook ads and products experiences", and can only be done in the first 30 days of registering.
I'll use this comment for a shameless plug for the Matrix protocoll and their main client Element. They have end to end encryption by default that works across mutliple devices with users across multiple servers. All code and specifications are completely out in the open and thus independently verifiable to be secure, you can even host your own entire infrastructure if you want and still stay in touch with people from other matrix servers.
That's interesting, I could have sworn they were targeting Matrix? https://matrix.org/blog/2017/08/24/the-librem-5-from-purism-a-matrix-native-smartphone/
Was there a decision to move away from Matrix or is it still used somewhere?
Based on the opt-out instructions, they say it will not use your acct info for "Facebook ads and products experiences" - it sounds as if there are some limitations there (e.g. Find friends may not link your number, but FB can ban you across all services). What other parts of the Whatsapp privacy agreement would be violated here?
There's also this catch-all at the end:
> And finally, if WhatsApp suddenly changes how it collects, uses, or shares new data, the FTC is urging the company to let users opt out — or at the very least "make clear to consumers that they have an opportunity to stop using the WhatsApp service."
It sounds like they're fulfilling that.
yup, we've just finished a successful audit from NCC Group. The report should be available and publicly published around the end of October (which is also when the SDKs for iOS & Android will support it, and thus apps like Riot will have E2E on web, iOS & Android).
The E2E uses two different ratchets:
Olm (our implementation of the double ratchet) for 1:1 communication: https://matrix.org/docs/spec/olm.html
Megolm, a new ratchet expressly for handling Matrix group chats with history which can be (optionally) replayed. The novelty here is that you can select how often the ratchet is replaced, thus configuring the secrecy of the history (at one extreme, you never replace the ratchet and the room essentially has the same key throughout its existence. at the other extreme, you replace the key for every message, giving you perfect forward secrecy). https://matrix.org/docs/spec/megolm.html.
In meinem Bekanntenkreis wird jetzt vornehmlich Telegram benutzt, vor allem wegen den guten Client Möglichkeiten (sprich gleichzeitig auf PC, Tablet und Smartphone erreichbar und synchronisiert). Außerdem geht die Entwicklung sehr schnell vorran, und es gibt mittlerweile viele neue Features, die den Client von den Wettbewerbern absetzen. (Bot Funktion, Broadcasting Channels, ...)
Achja als Disclaimer vielleicht zu den Gründern von Telegram: Das ist der ehemalige Chef vom russischen Facebook-Klon VKontakte. Die Position musste er angeblich durch Druck der Politik dort aufgeben und operiert nun von Deutschland aus, soweit ich weiß. Hier ein Interview mit ihm: Link
I have no idea how Apple has designed or implemented all this, but here's what I suspect the core problem is: whose timestamp are we talking about?
You might be interested to check out what sort of hoops Matrix had to jump over to get all this sort of working: https://matrix.org/docs/spec/intro.html -- check out "Event graphs". I'm (again) guessing that Apple opted for something more simple when they designed iMessage and are now paying that debt and are semi-forced to trying to fix it with hackery.
From the F.A.Q. on their website:
> We believe in fast and secure messaging that is also 100% free. > > Commercial companies frequently face the need to compromise their values for financial gain. This is why we made Telegram a non-commercial project. Telegram is not intended to bring revenue, it will never sell ads or accept outside investment. It also cannot be sold. We're not building a “user base”, we are building a messenger for the people. > > Pavel Durov, who shares our vision, supplied Telegram with a generous donation through his Digital Fortress fund, so we have quite enough money for the time being. If Telegram runs out, we'll invite our users to donate or add non-essential paid options.
You’re downloading the intel version of zoom. Rosetta is the “translation layer” that lets your non intel Mac run intel software in emulation. It’s fine/safe/free.
BUT: get the m1 version of zoom. It will perform better.
Why Telegram? Telegram is known in crypto circles to be a bit shady to put it mildly. They invented their own encryption algorithms which is a big no-no when it comes to crypto. Is based or originated out of Russia meaning Russian state can try to interfere and/or influence. Ultimately is a privately help for-profit company meaning they can change their direction any moment they want to turn a profit.
If we really want to recommend a truly privacy-first messaging app, it should be Signal (https://signal.org) not Telegram.
>Q: Can Telegram protect me against everything?
>
>Telegram can help when it comes to data transfer and secure communication. This means that all data (including media and files) that you send and receive via Telegram cannot be deciphered when intercepted by your internet service provider, owners of Wi-Fi routers you connect to, or other third parties.
Source: https://telegram.org/faq#q-can-telegram-protect-me-against-everything
I would be interested if Mozilla adopted matrix and developed matrix clients that don't suck, along with a privacy conscious homeserver. A major product embracing matrix could really change how people communicate over the internet. Firefox hello could not integrate with other services (only other browsers) and did not have the option to remove it from the browser, so flopped nearly instantly.
So there are a myriad of available options that have about the same reliability, within a unnoticeable level of deviance, that provide a significantly greater degree of privacey.
All of the listed option work very similar to messenger without stealing your data
Provides end to end encryption built in and is on all platforms https://discordapp.com
Another end to end encryption app on all platforms https://telegram.org
This is just a couple a quick internet search will provide more with greater levels of security.
I'm replying to you to facilitate and implore you to leave facebook and all its companies behind because they only seek to know everything about you in the effort to make a profit off of you at any cost. We each can make a difference to end Facebook's deceitful practices and by doing so make the world a more secure place for us all.
From my comment below:
Basically it transcribes your voice as you're talking and tries to make a chat message out of it, in this case it looks like it was going English <-> English. My fiance is overseas for college, and when this first installed as part of an update, it read her localization and somehow decided that Scotland = Spanish somehow...so everything she said was being plopped into the chat box in truly awful Spanish. I guess it's supposed to be handy or something, but it was also transcribing me speaking in English very, very poorly. As in "You should probably get a CT scan for tumors in your brain" badly.
https://signal.org/bigbrother/cd-california-grand-jury/
The top level of the link where this doc is from. Only the PDF of court docs opened for me
Before people strap on the tin foil, please consider that your data in signal is end to end encrypted and they are unable to provide anything, especially chat transcripts to the court
I just donated to them - they are a non-add / non-subscription app. If you like their platform, I would encourage anybody here to do so as well. Signal >> Donate to Signal
Depends on what functionality you want, for strictly text chat and voice chat TeamSpeak or Mumble work great. If you want a more Discord/Skype like alternative I think Matrix using Riot as the frontend is your best bet
Imo, I don't see any advantage of telegram over signal
edit:
From /u/redditor_1234 on /r/privacy
>Unlike Telegram, Signal does not need a 2FA option to protect against SS7 vulnerabilities. > >The Telegram servers collect every Telegram user's contact list and every message, photo, video and document that they send in the default chat mode, and unless the user has enabled the 2FA option that is buried in the app's settings page, the service allows anyone who can hijack the user's phone number or intercept their SMS messages to instantly have access to all of that user's cloud based data. > >In contrast, the Signal servers don't collect any contact lists and all Signal communications are end-to-end encrypted. If someone were to intercept a Signal registration code or hijack a Signal user's phone number and use it to register on a new device, the attacker would not gain access to any of the user's data, because it would all be stored locally on the targeted user's own device(s). The user's safety numbers would change, and the app would automatically alert everyone who has previously communicated with the targeted user's number, preventing anyone from accidentally calling or sending sensitive information to the hijacked number.
>At my company, we all use Gtalk for casual conversation
DuckDuck Go Public XMPP Server
There are all kinds of options out there, I would not go with Hangouts though, no since rewarding Google for creating Wall Gardens. Google should be working to OPEN things not close them off.
"Telegram is free forever. No ads. No subscription fees." How do they pay for the staff, servers, bandwidth, etc. ???
Also, cartoon of a woman in a trenchcoat flashing a baby bear on the main page. ( https://telegram.org/ ) How long before PC outrage?
Signal is trustworthy. I've tried intercepting their VOIP streams and was unable to on either end. Admittedly it's been a few years since I've done any professional security analyses and I may be behind on the latest and greatest tools, so grain of salt.
Properly deployed encryption is unbreakable. Even the still in-vitro quantum computer would only be able to slightly shorten prime factorization in asymmetric ciphers.
Paranoia is good and healthy. But knowing the capabilities of your adversary is equally important. Real-time decryption of even weak cipher suites isn't feasible, real-time processing and analytics is another beast entirely. So I wouldn't be worried about being randomly eavesdropped.
However if you're being targeted, they're are plenty of ways to exploit the biggest weakness there is in encryption. The user.
Edit: added link
I know zoom has been in deep shit for not ensuring End to End encryption and stuff like that with their general product, but this particular product likely does offer the HIPAA-compliant stuff (my Girlfriend's agency used it until they went to MS Teams).
No agency in the world would be caught dead using something that would flag them in an audit. It would be a mess to say the least
If one reads the actual post on the Signal blog, the author notes the Windows-based Cellebrite software includes s couple Apple DLLs, apparently in violation of Apple licensing.
The blog also says they're not putting landmines on every device, just randomly placing them on a small percentage of devices.
A couple quotes from Signal...
Just funny:
> By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me. As I got closer, the dull enterprise typeface slowly came into focus: Cellebrite. Inside, we found the latest versions of the Cellebrite software, a hardware dongle designed to prevent piracy (tells you something about their customers I guess!), and a bizarrely large number of cable adapters.
About the DLLs:
> It seems unlikely to us that Apple has granted Cellebrite a license to redistribute and incorporate Apple DLLs in its own product, so this might present a legal risk for Cellebrite and its users.
About the landmines:
> In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.
Speak at the special city council meeting this Friday at 11:30am.
You can attend via Zoom or phone
1) By phone (888) 475-4499. Webinar ID: 971 4719 4171. Click *9 to raise a hand to speak.
2) By online https://zoom.us/j/97147194171
Alright, for those of you who spend a good two minutes getting a 500 error and wondering what the heck everyone else was talking about in this thread:
I might be missing something, but doesn't Riot (& Matrix protocol generally) leak a lot of metadata to the network. So basically anyone running a server on the network can know who is communicating with whom and when?
E2E encryption is great, but without protection of metadata it's meaningless for privacy.
It's not a problem that riot/matrix is particularly designed to, or interested in, solving: https://matrix.org/~matthew/2015-06-26%20Matrix%20Jardin%20Entropique.pdf (e.g. see slide 49 below)
>Matrix is all about >pragmatically fixing today's >vendor lock-in problem. >You can't bridge existing >networks without exposing >who's talking to who.
This isnt the first time and wont be the last. Unless its a huge conspiracy it appears Signal does not have access to anything as it all encrypted and they only have access to the timestamps and creation date. https://signal.org/bigbrother/central-california-grand-jury/
1- No. If you have a data plan, it would consume your data cause it needs internet to work, just like WhatsApp. Otherwise, no, it simply wouldn't work if you have no mobile data or wifi.
2- Cause Telegram has various privacy features that allow you to use it without sharing your phone number. Like you can set a username and hide your phone number, so people can find you through your username and not know your phone number. Comes handy for people you just met or business contacts.
You should check out the FAQ and their Blog for more information about features. There's a ton of stuff to learn about Telegram if you're new to it.
I'm sorry, I don't want to be that guy, but I will anyway because the terminology matters here: Rizon is an IRC network, consisting of IRC servers that users can connect to. Those servers are then connected to one another and share all info between one another to form a network, but most of the time, what server someone is on doesn't matter at all - usually networks just provide one address to connect to, from which you get automatically forwarded to a server. Freenode is a separate and unrelated network, using its own servers. Libera is also a separate network.
Aside from that, using IRC as an example of the pinnacle of decentralised FOSS communication is laughable - it's an old as shit, slowly dying platform that has always had its limitations, as much as I love it and hate to admit this. Matrix is a much better example of what modern technology is capable of. Fully decentralised to the point where anyone can spin up their own instance and connect to the global network, and there is a large variety of clients, most with modern GUIs comparable to Discord, Slack or what have you.
The "behind the scenes" aspect is a common pain point for all volunteer organisations, and can be avoided with clever planning ahead - this wasn't a thing people concerned themselves back in the '90s when the internet was still mostly a hangout for nerds and there was no need for official bodies for... pretty much anything. Libera has set itself up as a registered organisation with a full set of bylaws in Sweden, with all staff being required to join as a member (and hence be bound by the bylaws). This makes any kind of hostile takeover much more difficult to organise than in the case of Freenode, with a LLC created under uncertain circumstances and no clear established rules on what the LLC owns exactly.
Telegram will only disclose your IP to law enforcement if it receives a court order confirming you are a terrorist. According to their privacy policy, "[s]o far, this has never happened."
My reply was in blue, but another cringing friend's response to follow was better than mine. I am more than saddened by this opportunistic use of this funeral to peddle MLM.
If you just have to know which company is wonderful enough to peddle to funeral attendees, I put the link here so you can learn more. Starts at the top of the hour.
Spoiler alert. It's Zija.
Edit: Typos
They just recently deleted all my archived messages. So I'm not sure they are a good choice either.
Check out Matrix. It's still not at 1.0, but it's an open standard, federates between servers (no "get on my IRC network" problem, more like email or SMS), is all FOSS, and has all the nice Slack-y features. It even has integration bots into IRC and most of the modern silo chats.
From the FAQ:
>>> Q: How are you going to make money out of this?
>>>> We believe in fast and secure messaging that is also 100% free.
>>>> Pavel Durov, who shares our vision, supplied Telegram with a generous donation through his Digital Fortress fund, so we have quite enough money for the time being. If Telegram runs out, we'll invite our users to donate and add non-essential paid options to break even. But making profits will never be a goal for Telegram.
Telegram is superb. They have a $300,000 reward for anyone who can crack their encryption methods. It's supported on Windows, OS X, Linux, Android, iOS, Windows Phone, and has a web version as well. It's faster and more reliable than SMS, MMS, and iMessage, plus it features usernames if you don't want to use your phone number for identification purposes. Beyond being an amazing application, it's also an amazing company. They've vowed to be free forever with an open API and protocol available to everyone. Their app updates are always informative and written in detail; you'll never see just "Bug fixes," when they push an update. If you're still using WhatsApp, I highly recommend switching to Telegram.
Signal uses the Firebase notification service which depends on Google Play Services. They do not send your messages through the Google Service, but they will use it to notify the app, that there is a new message to be downloaded. If you removed Google Play Services, then that service doesn't work in the background.
I'd recommend downloading the Signal APK installer from https://signal.org/android/apk/ which uses a custom notification service (uses more battery than the Google version) and updates itself.
They can if they never store it in the first place. There are no laws saying you’re required to store customer data.
Relevant post from Signal yesterday: https://signal.org/bigbrother/central-california-grand-jury/
This is not my main field of study (though you may have watched the webinar I did recently which covers Shakespeare’s connection to the fascinating conundrum of Precession — https://zoom.us/recording/play/_AbVF7yyUnXJ3alCPU-rItKtdcEi_fIgDDPp_Qn5BFXl_7P7CkUfWI1LcrakuWCU — Password: YogiBard.)
My understanding is derived from The Holy Science (a book by Sri Yukteswar, the guru of Paramahansa Yogananda). In it he states “From 11,501 B. C., when the Autumnal Equinox was on the first point of Aries, the sun began to move away from the point of its orbit nearest to the grand center toward the point farthest from it, and accordingly the intellectual power of man began to diminish. . . The period around A.D. 500 was thus the darkest part of Kali Yuga and of the whole cycle of 24,000 years. . . From A.D. 499 onward, the sun began to advance toward the grand center, and the intellect of man started gradually to develop. During the 1100 years of the Ascending Kali Yuga, which brings us to A.D. 1599, the human intellect was so dense that it could not comprehend the electricities, Sukshmabhuta, the fine matters of creation.” (I guess we were ALL trolls back then! Isn’t that interesting? Shakespeare came at the very end of the last Kali Yuga or Dark Age… when he was definitely most needed!)
So according to this most revered sage, Sri Yukteswar, we’re presently 418 years into the Ascending Dwapara Yuga. Thus the height of the next Golden Age (Satya Yuga) will be A.D. 12,499.
Hang in there… it’s getting better all the time! Only 10,482 of your Earth years to go. :)
Citește mai bine, treaba asta nu se aplică la UE.
https://www.whatsapp.com/legal/updates/terms-of-service-eea
Partea asta:
>Affiliated Companies. We are part of the Facebook Companies. As part of the Facebook Companies, WhatsApp receives information from, and shares information with, the Facebook Companies as described in WhatsApp's Privacy Policy, including to provide integrations which enable you to connect your WhatsApp experience with other Facebook Company Products; to ensure security, safety, and integrity across the Facebook Company Products; and to improve your ads and products experience across the Facebook Company Products. Learn more about the Facebook Companies and their terms and policies here.
Se aplică doar la restul:
I too suggest this, excellent tool that allows you to form mesh networks over Bluetooth and wifi. If this is too advanced, Signal messenger is another excellent tool for end-to-end encrypted communication over Cellular and the Internet.
Pete is speaking today at this event near the end
The United for Infrastructure 2021 Kickoff Event May 10, 2021 from 12:00 PM–3:00 PM
> Keynote Conversation: Administration Leadership and The Transportation Agenda The Honorable Pete Buttigieg, U.S. Secretary of Transportation
>Moderator: Brendan Bechtel, Chairman and CEO, Bechtel Group, and Chair, Business Roundtable Infrastructure Committee
> Register: https://zoom.us/webinar/register/8416165466749/WN_tgat3JxkTrmbdglh-ipsWg
https://unitedforinfrastructure.org/event/leadwithinfrastructure/
They are very much involved in mass surveillance. For example