LWD

The memo...recommended use of other messaging apps, including Microsoft Corp’s Teams platform, Amazon.com’s Wickr, Signal, Apple’s iMessage, and Facetime.

lol

The entire set is then encrypted again in transit.

Citation? The author of the article provides theirs, and a cursory glance at the chart that telegram themselves provides reveals that the authentication key is not encrypted at all.

Here's the part of the article you may have missed that clarifies why that's actually a huge issue:

This enables anyone who has sufficient network visibility and a bit of dedication to identify traffic originating from a given user device.

IStories found evidence that all network communication to and from Telegram’s infrastructure go through a company linked to the Russian FSB. This would provide the kind of network visibility that combined with auth_key_id would allow it to identify traffic coming from specific users, globally.

Why exactly did Telegram create a proprietary messaging protocol that uses this "surprising and unnecessary protocol design choice, present neither in Signal nor WhatsApp"?

Maybe it was just a huge coincidence, compounded by other huge coincidences. You tell me. You have the opportunity to blow this article wide open.

The fact is that the FSB is only a threat to those with Russian citizenship or who live within the Russian Federation

Two things:

1. Your focus on FSB this, FSB that is based on your refusal to read past the title
2. Maybe you missed it, but Russia is engaged in a war of aggression against Ukraine (a country where people use Telegram). Not only is this a good reason for Ukrainians to not use it, but the post makes a compelling case that nobody should (see: network effect).

There are reasons for Westerners not to use Telegram.

And if you read the blog, you'd have seen them.

It's hard not to be condescending when you proudly wallow in self-induced ignorance.

Telegram's dangers extend not just as far as Russia's sphere of influence, but also the spheres of influence of every country that has secretly been collecting data with their express assistance. We discovered recently that Pavel Durov was hiding this fact for a long while...

Assuming everybody in this community is an nth-generation American citizen, maybe the FSB itself doesn't endanger you. But this blog post was not written with only you in mind.

I would encourage you to read more than the title of a blog post before you critique it. At least skim around. 😉

A few observations from others about why Delta Chat is neat but not remotely close to a replacement for Signal (or probably much else):

It hasn't achieved the bare minimum for serious encrypted messaging

"No, Delta Chat doesn’t support Perfect Forward Secrecy (PFS). This means that if your Delta Chat private decryption key is leaked, and someone has collected your prior in-transit messages, they will be able to decrypt and read them using the leaked decryption key."

https://delta.chat/en/help#pfs

It's great they're being open about the implications. But given that there's better protocols out there (Signal protocol for example), it makes no sense to use inferior apps.

Forward secrecy and metadata privacy are table stakes in any modern secure messaging design, and Delta Chat has neither.

If Keybase hasn't managed to "fix" the same base encryption Delta Chat is using, there's no reason to assume this small project will have better luck.

PGP isn’t architecturally well-equipped to provide forward secrecy. In the mean time, I think it’s borderline negligent to put this in the category of secure messaging; the world’s expectations for security baselines have moved on beyond the mid-2000s.

(My reference point here is Keybase, which built a very user-friendly and misuse-resistant encrypted chat on top of PGP in the mid-2010s. They couldn’t get to forward secrecy either with PGP as their substrate.)

Delta Chat treats encryption as optional and requires extra steps to avoid accidentally exposing more data

No forward secrecy and will automatically switch to unencrypted messages if you receive an unencrypted message from a contact.

The way to have guaranteed encryped is creating two user encrypted group chat.

deleted by creator

deleted by creator

Is my client broken, or is the text just not visible after you cross posted? Here's the text from OP:

Meta: Coming after your data harder than ever

At this point it not about passive collection, corporations are going to extreme ends to get our data.

https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

I am interested in what people are doing to enforce their privacy while using the web.

I have some things in place, looking to compare with the community.

(btw, I am new here, this is my first post. So uh… Hi )

It cannot be understated how absolutely deranged the orb has been from the beginning. Sam Altman is creating the problem (AI botspam) and promising he has the solution (this ungodly trash) at the same time.

Scam altman even sent a crew to Kenya to try coloniz... Uh, debankin... Oh, scanning eyeballs in exchange for a few piddly dollars. In response, Kenya booted his project out.

So he turned his sights to a country he apparently can exploit: the USA.

deleted by creator

deleted by creator