Email or username:

Password:

Forgot your password?
Micha艂 "rysiek" Wo藕niak 路 馃嚭馃嚘's posts Post Back to profile
Top-level
Kevin Karhan :verified:

@rysiek also #Telegram - like @signalapp - demand and collect #PII like #PhoneNumbers which ain't possible to acquire anonymoisly in more and more juristictions.

- Plus, both are #centralized, #SingleVendor & #SingleProvider solutions that don't allow for #SelfCustody of all the keys nor #SelfHosting and thus violate #KerckhoffsPrinciple, meaning they are inherently #insecure.

Using #XMPP+#OMEMO by contrast is secure and adding @torproject / #Tor to tunnel it makes it even more anonymous.

- So don't expect any messenger to cover your 6, but instead go out of your way so that even when held at gunpoint, they can't decrypt comms!

Cnsider every #Messenger that doesn't #decentralize and support #Tor oit of tue box to be insecure!

26 August at 17:01 | Wall-to-wall | Open on infosec.space
3 comments
Micha艂 "rysiek" Wo藕niak 路 馃嚭馃嚘

@kkarhan I consider a service that actively, relentlessly misrepresents its security and encryption stance way worse and more harmful than a service that does not.

@signalapp @torproject

27 August at 0:41 | Open on mstdn.social
Kevin Karhan :verified:

@rysiek Agreed.

Tho I'd say that @signalapp is just marginally less shit in execution AFAICT, not in concept tho...

27 August at 4:45 | Open on infosec.space
Micha艂 "rysiek" Wo藕niak 路 馃嚭馃嚘

@kkarhan I have criticized @signalapp publicly for a bunch of things.

But saying that Signal is "marginally" better than Telegram is simply wrong. Signal is leaps and bounds better than Telegram, in execution and in concept.

Telegram's concept is "let's implement just enough e2ee to be able to lie our way into pretending we're an e2ee IM, while being nothing of the sort."

They do this *on purpose*, knowing this puts people in harm's way.

Making any sort of equivalence here is not justified.

27 August at 6:28 | Open on mstdn.social
Go Up