Here you go: "One major problem Telegram has is that it doesn’t encrypt chats by default, something the FBI has advocated for. “There are many Telegram users who think they are communicating in an encrypted way, when they’re not because they don’t realize that they have to turn on an additional setting,” Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. “Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if its not turned on by default, it doesn’t matter.”"
That's not entirely true.
While Telegram's "cloud chats" are not end-to-end encrypted by default, they're encrypted at rest. They claim that "all data is stored heavily encrypted and the encryption keys in each case are stored in several other DCs in different jurisdictions."[0] It's not even close to perfect, but it's also not everything that the government wants.
For me, the problem with Signal is based mainly moxie's position on the LibreSignal fork, which aimed to be a Google-Free version of signal, but moxie said he was not OK with LibreSignal using the Open Whisper Systems servers and the name "Signal".[1] I kind of understand his position, but that's not what I'd expect of the free software community and definitely not what I expect from someone who's in the middle of my communications.
In the end, the hope's in matrix.org. It supports end-to-end encryption, works without a number and is fully federated. Maybe someday Telegram and Signal can even federate with matrix.
I think it's fair to not want a project whose quality you cannot control use your servers and your name to compete for users in a market whose focus should he keeping those users safe.
The issue with not encrypting in transit by default is that it makes profiling encrypted communications MUCH easier and can potentially defeat the purpose via the Streisand Effect.
Here you go: "One major problem Telegram has is that it doesn’t encrypt chats by default, something the FBI has advocated for. “There are many Telegram users who think they are communicating in an encrypted way, when they’re not because they don’t realize that they have to turn on an additional setting,” Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. “Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if its not turned on by default, it doesn’t matter.”"
source https://gizmodo.com/why-you-should-stop-using-telegram-right...
That's not entirely true. While Telegram's "cloud chats" are not end-to-end encrypted by default, they're encrypted at rest. They claim that "all data is stored heavily encrypted and the encryption keys in each case are stored in several other DCs in different jurisdictions."[0] It's not even close to perfect, but it's also not everything that the government wants.
For me, the problem with Signal is based mainly moxie's position on the LibreSignal fork, which aimed to be a Google-Free version of signal, but moxie said he was not OK with LibreSignal using the Open Whisper Systems servers and the name "Signal".[1] I kind of understand his position, but that's not what I'd expect of the free software community and definitely not what I expect from someone who's in the middle of my communications.
In the end, the hope's in matrix.org. It supports end-to-end encryption, works without a number and is fully federated. Maybe someday Telegram and Signal can even federate with matrix.
[0] https://telegram.org/privacy#2-storing-data [1] https://github.com/LibreSignal/LibreSignal/issues/37#issueco...
I think it's fair to not want a project whose quality you cannot control use your servers and your name to compete for users in a market whose focus should he keeping those users safe.
The issue with not encrypting in transit by default is that it makes profiling encrypted communications MUCH easier and can potentially defeat the purpose via the Streisand Effect.
Note that Signal supports Google-free itself now - I'm running it on AOSP without Google Play.
3 replies →