← Back to context

Comment by fastball

7 years ago

If you truly want privacy and security I would recommend Signal over Telegram -- Telegram has had some controversy with respect to their encryption protocol not being audited, as well as some weird stuff with a very large recent ICO that seems entirely unnecessary except as a money grab and Russian subpoenas for their master private keys.

7 comments

fastball

Reply
nasredin  7 years ago

You are getting off one boat and getting on the other one. Destination is the same.

Any centralized communication network is by definition insecure (one point of failure).

Maybe try Tox.

https://news.ycombinator.com/item?id=16039859

  • ahmedalsudani  7 years ago

    Signal and Telegram are very different. Signal has always been an open source project that allows you to audit the source and run your own server if you so desire [1].

    It’s a project that has always put security first but made some compromises for usability — very different from Telegram which has put expansion and monetization first — and it was started by Moxie Marlinspike whose views and contributions are well-known.

    With Signal, it is not a single point of failure. The Android, iOS, desktop apps all do end-to-end encryption. So a compromised server wouldn’t mean your messages are compromised.

    The client would need to be compromised, and if the client is compromised, tox.chat is toast as well.

    [1] https://github.com/signalapp

    • nasredin  7 years ago

      >>With Signal, it is not a single point of failure. The Android, iOS, desktop apps all do end-to-end encryption.

      I meant DoS attack not encryption.

      AFAIK all of these secure "apps" are NOT decentralized.

      So if you can just block a certain IP, you'd have successfuly performed a DoS attack.

eitland  7 years ago

> and Russian subpoenas for their master private keys.

While I cannit defend (or attack, I'm no cryptographer) their crypto they seem to have a solution to this:

They say they don't store keys in the same datacenter or even jurisdiction as the customer data they protect.

According to them this means getting unencrypted data through a legal process would mean getting a warrant in two or more countries at once.

  • akotulski  7 years ago

    > They say

    > According to them

    I find it very hard trusting their word. And we know the company has the ability to read messages. How is telegram better from FB messenger?

    • eitland  7 years ago

      Sorry for my late reply:

      > And we know the company has the ability to read messages.

      I don’t think we actually know that.

      In fact I think they have a system to keep data and keys apart and in different jurisdictions to prevent USA, Russia or anyone from being able to get access to it.

      I am no cryptographer or legal expert though.

      > How is telegram better from FB messenger?

      This is a bit simpler: while Facebook messenger might be E2E encrypted I have good reason to believe that Facebook will datamine my metadata and sell it to however wants to pay.