Oddbean

Telegram has full access to all of the content of group chats and regular one-to-one chats due to lack of end-to-end encryption. Their opt-in secret chats use homegrown end-to-end encryption with weaknesses. Deleting the content from the app likely won't remove all copies of it. Telegram has heavily participated in misinformation campaigns targeting actual private messaging apps with always enabled, properly implemented end-to-end encryption such as Signal. Should stop getting any advice from anyone who told you to use Telegram as a private messenger. Telegram is capable of handing over all messages in every group and regular one-to-one chat to authorities in France or any other country. A real private messaging app like Signal isn't capable of turning over your messages and media. Telegram/Discord aren't private platforms. A major example of how Telegram's opt-in secret chat encryption has gone seriously wrong before: https://words.filippo.io/dispatches/telegram-ecdh/. The practical near term threat is for the vast majority of chats without end-to-end encryption: 100% of Telegram group chats and the regular 1-to-1 chats.

There is a post on here where I went through that but I can't search my own posts on Amethyst. Secure messengers depend on the device, if your device is not secure, your messages aren't either. Getting control of the device is getting control of the messaging app too. And doing the former is far easier and stealthier. Messaging apps like Signal getting in on this requires a convoluted plan of the state and the developers to collude. Intelligence ops require the least people to know about it, and preferably no one in the general public. Changing the functionality of the app and server infrastructure to push it to everyone is too loud and risky for a state to perform. Hitting a target with a zero-click exploit to get access to the device and all the data is far easier and is stealthy. Nation states are certain to have exploitation capabilities for tons of computing platforms and apps, but it wouldn't be collusion since not even these software developers would even know they have it, they are state secrets. Tucker (if he is actually telling the truth and isn't grifting) is a high profile person. He has a gigantic professional network and likely so would this Russian client he communicates with. It would be more realistic that intelligence targeting the Russian client or one of his network got out and revealed his plans. High profile individuals also get hit with spyware campaigns a la Pegasus all the time too. Any one of them can be a target. Tucker isn't a digital security expert, he is a presenter. He isn't expected to understand what or what did not happen to him. It is possible it's not even a digital factor, someone in his social circle could have told off too. We do have criticisms of Signal and we recommend hardened variations like Molly instead to our users. Signal is mentioned here because Telegram attacked them repeatedly despite performing far worse in security and privacy. We also trust them not to collude. The Signal app itself could have vulnerabilities exploited remotely just like any other messaging app, particularly in the media handling libraries or WebRTC. That's not a breach of Signal's encryption or a collusion. A secure hardware and operating system can significantly help to defend apps from remote exploits of vulnerabilities.

Outside of Signal, nostr:nprofile1qqsvnx99ww0sfall7gpv2jtz4ftc9v6wevgdd7g4hh7awkpfvwlezugpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsg5cway is fantastic if you don't want a centralised messenger or a phone number requirement.

Follow good security practices, update software and use new and secure devices. Don't install apps or visit places you don't trust. Less is more, the more you add the more parties you have to trust. Use a good messenger like SimpleX. Session has some cons like no perfect forward secrecy, but we give them extra props for being honest about that. Signal is the best mainstream choice by us but Molly is a hardened fork we suggest to users above it. You can get Molly via Accrescent app store which is in the GrapheneOS App Store, so there is a chain of trust between GrapheneOS and Molly. The phone number requirement is a con, but Molly allows running multiple devices on one account so you could even register the number on one device, move to a WiFi-only device and never use the number again. Perfect Forward Secrecy means that even if an attacker gets the messages and later compromises your device to get the main decryption keys, they can't get the messages which no longer have the session keys on your device. Having messages stored on a server inherently is not a major issue providing it is encrypted, though usually most messengers don't anyway which is favorable. Session not having PFS is a flaw in this front. The messenger needs an OS that is secure and up to date. The hardware also needs to be secure and receive patches. Desktop OSes like Windows and many Linux distributions are worse overall since they don't forcibly sandbox apps. Any other app can just access the data of your messaging app quite easily on these platforms. Assess if needing to share your messages to other devices like desktops are necessary before you choose to do it. When using something like a messenger there is always the potential of a sophisticated threat having an exploit for it, the same way people do via Telegram, WhatsApp or others because the app is popular. A secure OS can prevent an exploitation of an app that may work on another OS. GrapheneOS using hardened_malloc, MTE, and other exploit mitigations is a huge help with this because some exploits or exploited apps will crash or not work. We have discovered vulnerabilities in OS components like Bluetooth because of our exploit mitigations crashing when there is bugs on certain Bluetooth devices. Assure the person you speak to on the other end is also following good security practices. You are only as secure as the least secure person in a group. Don't contact people you don't know that well. Don't click links or open attachments to people you don't know or trust enough. You rely on trusting each person you message to be as honest as you are. If you are very high risk, people may choose to just have a separate device for that purpose too. If you're using something like Telegram or Discord, assume everything you said will be kept and seen by anyone. They are more like public forums than private one-to-one messaging. High risk GrapheneOS users or those with physical device access as a risk can specifically look at this: nostr:nevent1qqsfdvew2fde7lm6tkfqz5m43xxugr998sxe7tfqchfv59uf2yehh3cpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygxptfdxtxrw026pxn0w82u9y4x6t3w5kp883d83djpgxuvj6d23s5psgqqqqqqs8x6ltz

Thank you, will study this in detail in calm. Just a quick question before that: what to prefer, in case one wants to follow your advice 1:1: -iPhone or Android? -And if android: Pixel or does it even matter?

An iPhone and stock Pixel are around the same, but Pixels obviously gives you more freedom of apps, while Apple's online services are arguably better. There are pros and cons. You're at the bane of either Google or Apple if you use their services. For iPhone, Lockdown Mode exists for added security too but it messes with some browser and messenger functionality. Pixels let you install other OSes safely and easily which is where more private and secure options like ours can be installed onto. https://grapheneos.org/ GrapheneOS runs on Pixels because they are the highest security platform commercially available to us. For other Android platforms, Samsung comes close but destroys hardware and security functionality on other OSes by an eFuse so we can't use them. Most other Android devices are insecure by being slow on updates and patches or with their hardware choices. Google quickly responds to our vulnerability reports while some haven't even tried to deal with issues we believe affect several other devices that we reported several months ago. Pixel 8 and later are the best of them as they have hardware security features like MTE which previous generations don't have. They also get security updates for 7 years since launch. We are always open to working with other device manufacturers to hopefully go above what Pixel offers, or to provide an alternative. Most times they fall through because they want to do something different. We have strict demands. Cellebrite Premium (phone extraction tool exclusive to police) documents say they can do iPhone access on every iPhone on latest iOS while for Pixels they can only hit the stock OS (not GrapheneOS who they DIRECTLY mention) and they cannot brute force the secure element. The stock OS on Pixels does not take full advantage of the security features available to them, like MTE, which is a game changer. The Cellebrite docs provide a good insight on what device companies with massive budget have a harder time in exploiting: nostr:nevent1qqs0nywe3nndmy58zfuezntqpqujr6luz5e6cxg26yfvy9e678ea2kcpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygxptfdxtxrw026pxn0w82u9y4x6t3w5kp883d83djpgxuvj6d23s5psgqqqqqqs0femts Obviously it doesn't completely deny possibility of attacks. Technology is not impenetrable and people who think very powerful organisations is after them need to behave differently too.

All traffic of Signal goes through the clouds of Googe, Amazon, Microsoft & Cloudflare they collect metadata on IP-Basis and know exactly "who is talking with who". Better switch to Threema from Switzerland. As they dont collect metadata nor IP-Adresses + anonymous usage possible = more protection of your privacy isn´t possible! Check it for yourself: Visit https://www.securemessagingapps.com Rate: 🟩=3 🟨=1 🟥=0 Results (and where the money comes from) 1. Threema = 86 = most secure Messenger (User pays one-time) 2. Signal (OTF / Brian Acton / Ex-WhatsApp) = 80 3. Session (Loki Coin & suspicious Chinese) = 77 4. Wire (Janus Fries / Ex-Skype) = 68 5. SimpleX Chat *= 67 6. Wickr (Amazon) = 61 7. Element / Matrix (Amdocs / Morris Kahn) = 56 8. Apple iMessage (Hardware sales) = 37 9. WhatsApp (Meta) = 32 10. Google Messages (Ads) = 28 11. Telegram (Putin) = 27 12. Facebook Messenger (Meta) = 26 13. Microsoft Skype =10 * SimpleX Chat got 380.000 $ from VillageGlobal.vc = Jez Bezos, Mark Zuckerberg, Bill Gates, ect. OFT = OpenTechnologyFund = US-Goverment

Telegram has serious issues but this is just a common, regurgitated type of scam site, same thing with Instagram 'DM viewer' sites. https://www.trustpilot.com/review/tgtracker.com Here is a site just like it that doesn't exist anymore, likely ran by the same people but a new domain. https://web.archive.org/web/20210124115118/http://teletracker.org/ Anyone selling this capability out in the open wouldn't be smart.

This is not a jab against Telegram hitting them when they are at their lows despite what a disappointing amount of users on Twitter have reacted to this with. All of us are GrapheneOS have used it in some way. However, it's founder being arrested is a very important time to remind people that because messages are not end-to-end encrypted except in a very specific circumstance, many users and average people are at risk. Telegram has almost a billion users and many do not understand this concept. If you hold something sensitive on Telegram and it's not encrypted, you MUST take appropriate action. This is a PSA to our users who use Telegram because we care about the safety of our users and community. The climate surrounding Telegram is moving towards being hostile, so talking about this is more important than ever. There are many messengers not just Signal that are safer than Telegram simply because end to end encryption is mandatory. Signal is mentioned here because they are an unfortunate subject of Telegram's marketing campaigns. Influencers taking jabs at Signal when they are proven to only be able to provide only a timestamp of when an account was registered and last used in court is simply throwing stones from a glass house. Both require phone numbers yet Telegram gives away far more information about you. Encryption and preventing access to metadata doesn't just protect users, it protects developers. You cannot be compelled to give away what you cannot access and you cannot be accountable to protect against what you aren't able to moderate. Develop unstoppable software that can survive without you. https://signal.org/bigbrother/santa-clara-county/ We recommend only SimpleX for messaging outside of Signal/Molly at this time. For high risk GrapheneOS users who use it as a WiFi-Only device with no SIM, it is the best choice. Molly also allows multiple devices to use one Signal account, register on another device and link and you still won't need the number if you need Signal. If Session had PFS it would also be considered further, there is a tradeoff. We aren't in a place and time to assess every communication method available to us, the market for messaging apps is becoming way too large. nostr:nevent1qqsdrspnq5l0q3kjgm8gplyeyrjcdscrwgjj53yz5gmzvjxe9gtmsvcpzpmhxue69uhkummnw3ezumt0d5hsygxptfdxtxrw026pxn0w82u9y4x6t3w5kp883d83djpgxuvj6d23s5psgqqqqqqsv9mcec

Who is monitoring those changes? Signal Apk size is very inconsistent lately Signal 7.16.4 92.9 MB Sep 12, 2024 Signal 7.16.3 101.8 MB Sep 9, 2024 Signal 7.15.4 132.4 MB Aug 29, 2024 Signal 7.14.2 100.4 MB Aug 23, 2024 Signal 7.14.1 101.1 MB Aug 19, 2024 Signal 7.13.4 71.0 MB Aug 15, 2024 Signal 7.13.3 91.7 MB Aug 9, 2024 Signal 7.12.3 169.7 MB Aug 1, 2024 Signal 7.11.4 99.5 MB Jul 23, 2024 Signal 7.11.3 141.9 MB Jul 17, 2024 Signal 7.10.3 92.5 MB Jul 4, 2024 Signal 7.9.6 62.3 MB Jun 22, 2024 Signal 7.9.5 62.3 MB Jun 19, 2024 Signal 7.8.1 61.5 MB Jun 3, 2024 Signal 7.7.2 61.4 MB May 24, 2024 Signal 7.7.1 61.4 MB May 14, 2024 Signal 7.6.2 61.2 MB May 3, 2024 Signal 7.5.2 61.1 MB Apr 27, 2024 Signal 7.4.2 60.8 MB Apr 17, 2024 Signal 7.3.1 60.7 MB Apr 10, 2024 Signal 7.2.4 60.7 MB Apr 4, 2024 Signal 7.2.3 60.7 MB Apr 3, 2024 Signal 7.2.0 59.2 MB Mar 31, 2024 Signal 7.1.3 60.3 MB Mar 23, 2024 Signal 7.0.2 59.4 MB Mar 4, 2024 Signal 6.47.5 59.1 MB Feb 27, 2024 Signal 6.47.4 59.1 MB Feb 16, 2024 Signal 6.47.1 59.1 MB Feb 14, 2024 Signal 6.47.0 86.1 MB Feb 11, 2024 Signal 6.46.7 58.8 MB Feb 9, 2024