• General_Effort@lemmy.world
    link
    fedilink
    English
    arrow-up
    70
    ·
    3 months ago

    [French media] said the investigation was focused on a lack of moderators on Telegram, and that police considered that this situation allowed criminal activity to go on undeterred on the messaging app.

    Europe defending its citizens against the tech giants, I’m sure.

    • RedditWanderer@lemmy.world
      link
      fedilink
      English
      arrow-up
      40
      arrow-down
      1
      ·
      edit-2
      3 months ago

      There’s a lot of really really dark shit on telegram that’s for sure, and it’s not like signal where they are just a provider. They do have control the content

        • RedditWanderer@lemmy.world
          link
          fedilink
          English
          arrow-up
          13
          arrow-down
          4
          ·
          3 months ago

          I don’t recall CP/gore being readily available on those platforms, it gets reported/removed pretty quickly.

          • southsamurai@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            8
            arrow-down
            3
            ·
            3 months ago

            You’re young. It really was a thing. It never stayed up long, and they found ways to make it essentially instantaneous, but there was a time it was easy to find very unpleasant things on Facebook, whether you wanted to or not. Gore in specific was easy to run across at one point. CP, it was more offers to sell it.

            They fixed it, and it isn’t like that now, but it was a problem in the first year or two.

            • sunzu2@thebrainbin.org
              link
              fedilink
              arrow-up
              7
              arrow-down
              1
              ·
              3 months ago

              And there are still informal networks of Pedos and other pests operating on these platforms to this day.

            • RedditWanderer@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              14
              ·
              3 months ago

              Haha, young ? i wish. But go on making stuff up.

              So now it’s not that it’s readily available, it’s that it was in the beginning. So everyone is allowed to let CP go in the first years of their platform? Is that what youre going with. Eww

        • Kecessa@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          3 months ago

          So you don’t see the difference between the platforms that actually has measures in place to try and prevent it and platforms that intentionally don’t have measures in place to try and prevent it?

          Man, Lemmings must be even dumber than Redditors or something

    • chiisana@lemmy.chiisana.net
      link
      fedilink
      English
      arrow-up
      19
      ·
      3 months ago

      Safe harbour equivalent rules should apply, no? That is, the platforms should not be held liable as long as the platform does not permit for illegal activities on the platform, offer proper reporting mechanism, and documented workflows to investigate + act against reported activity.

      It feels like a slippery slope to arrest people on grounds of suspicion (until proven otherwise) of lack of moderation.

  • abobla@lemm.ee
    link
    fedilink
    English
    arrow-up
    54
    arrow-down
    2
    ·
    3 months ago

    Why arrest him? Why not threaten to block the app in France or something like that?

    And why only arrest him? Should the discord creators also be arrested for some shady channels? Should Elon Musk be arrested because twitter is the equivalent of fhe fifth circle of hell?

    • raspberriesareyummy@lemmy.world
      link
      fedilink
      English
      arrow-up
      31
      arrow-down
      1
      ·
      3 months ago

      Clearest difference I can see is:

      • people who act more in the interest of society and less in the interest of those in power get arrested
      • people who help those in power tighten the leash on society (fuckerberg, muskrat, etc) get courted and don’t ever face consequences

      In other words: A high profile person in tech being threatened with arrest / being arrested by western countries is a pretty good sign that they were not cooperating with our totalitarian overlords & providing us with ways to preserve our privacy.

    • pop@lemmy.ml
      link
      fedilink
      English
      arrow-up
      25
      ·
      3 months ago

      So they can make a very convincing case for a backdoor, in exchange for his release. And maybe some compensation for continued cooperation. Both come out winning and they get to claim nothing happened.

      Government cyber security dealings as usual. or not. who knows?

      • azertyfun@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        8
        ·
        3 months ago

        That conspiracy theory is so dumb.

        The government almost certainly doesn’t need a backdoor as telegram is almost completely unencrypted (only one-to-one channels can be but aren’t by default). The real (but more boring) conspiracy theory is that governments generally don’t mind Telegram because its willfully terrible security model allows them to keep an eye on terrorists and activists’ communications (I have a hard time believing that the NSA or even DGSE don’t have their own backdoors already).

        However the EU does have laws mandating the moderation of said unencrypted messages, especially when it comes to CSAM, which Telegram is notoriously poorly moderated. It’s certainly reason enough to arrest and question this guy, at least until formal charges are brought or he walks free. Maybe there are additional political considerations, but there doesn’t have to be.

        Also how would arresting this guy help with backdooring. He doesn’t have access to the source code. Whoever he calls to get that done is out of reach of the French police. He has no reason not to disable that backdoor as soon as he gets out of the EU. If he can be bought off he already has been (Crypto AG style except way lamer because no-one clever&important trusts Telegram), you don’t need to arrest someone to pay them. I’m no DSGSE bigwig but pressuring lower level engineers to backdoor their code seems like a 1000% more effective approach.

      • GenosseFlosse@feddit.org
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        3 months ago

        It’s one of the most popular social media apps in Russia that is not banned or blocked. I would bet they already have a backdoor for the Russian police and intelligence agency…

    • index@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      1
      ·
      3 months ago

      And why only arrest him? Should the discord creators also be arrested for some shady channels? Should Elon Musk be arrested because twitter is the equivalent of fhe fifth circle of hell?

      Stop asking question and go back to work

      • Kusimulkku@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        3 months ago

        Or those places actually do have measures in place to moderate the content. Seems simple enough

  • ikidd@lemmy.world
    link
    fedilink
    English
    arrow-up
    33
    arrow-down
    1
    ·
    3 months ago

    I don’t use Telegram because I don’t think it’s secure, but this is still bullshit.

  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    33
    arrow-down
    2
    ·
    3 months ago

    TF1 and BFM both said the investigation was focused on a lack of moderators on Telegram

    I would vaguely imagine that they aren’t going to be very happy about the Threadiverse when they discover us. There’s no global moderator team to make moderate things.

    • Deebster@programming.dev
      link
      fedilink
      English
      arrow-up
      14
      ·
      3 months ago

      There’s moderation per community and per server. There’s no “fediverse moderator”, of course, but I think you’re vaguely worrying for nothing.

      • General_Effort@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        I don’t think much of the fediverse is compliant with the DSA, including the rules on content moderation. I really doubt that any lemmy instance is. Can we really assume that no one will ever complain?

    • General_Effort@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      3 months ago

      It certainly is against the GDPR to federate with US instances. US law enforcement could get their hands on our data!

      • barsoap@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        Unless you dox yourself what kind of personal information are instances sharing? On top of that stuff that isn’t due to the normal functioning of the site as a public message board?

        What’s questionable is embedding images, lemm.ee mitigates that with proxying, but ultimately the web is the web and you can’t proxy the whole web. Clicking a link will still lead you somewhere else and if your browser pre-loads links then that’s up to you.

        • General_Effort@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          I’ll quote the definition from the GDPR:

          ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

          Little of the information that instance share is not personal. Identifiable is also very broad. It’s enough that it would be possible for someone with the right tools and access to other information to identify you. EG Your ISP could be subpoenaed to reveal the customer behind a dynamic IP-address, making it a personal datum.

          It’s an extremely broad definition. If it wasn’t, tracking cookies would not be a big deal unless you had the real name of someone connected to the cookie ID.

          ultimately the web is the web and you can’t proxy the whole web. Clicking a link will still lead you somewhere else and if your browser pre-loads links then that’s up to you.

          That’s exactly what my first reaction was. But the law sees it differently. No one is required to use an ad-blocker, VPN, or know anything about the internet. When you make a website or something, it is up to you to make sure that no one’s rights are violated. In fairness, if it was otherwise, tracking pixels would be fine.

          We’re not at a point yet, where outgoing links must come with a warning, but it would be safer. Someone is always the first to lose a court over something. I noticed news media use rel=noreferrer. I think that’s the least one needs to do (“data minimization”).

          Don’t expect me to defend the GDPR. It’s neoliberal/conservative bullshit; even an abandonment of enlightenment values. But it’s the law nevertheless and a lot of people on Lemmy positively love it.

          • barsoap@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            3 months ago

            Little of the information that instance share is not personal.

            The only PII contained in that post you wrote is your user name. My instance has no idea what IP address or whatnot you used, it gets sent “user posted message”, “user voted”, etc. messages by lemmy.world. It does not interact with you.

            The information that your instance shares with the rest of the world is a) pseudonymous, unless you dox yourself no connection can be made between your handle and your actual person and b) said information transfer is part of the primary service of the platform. You wouldn’t be here if things wouldn’t get shared that way, hence, you consented.

            If it wasn’t, tracking cookies would not be a big deal unless you had the real name of someone connected to the cookie ID.

            Cookies are no issue. Tracking without consent is. Lemmy isn’t tracking you. You have an account with lemmy.world. You presumably have taken notice of its privacy policy. lemmy.world is run by a Dutch foundation, and yes they have a legal department… or at least lawyers. If you’re a EU citizen the GDPR applies, otherwise other stuff might apply, they’re spelling it all out.

            EG Your ISP could be subpoenaed to reveal the customer behind a dynamic IP-address, making it a personal datum.

            …yes? You gave lemmy.world the right to log your IP when you signed up. They’re not retaining it longer than necessary because of the general GDPR provision of data frugality, but if a court order knocks on their door saying that they need your IP they can also be required to wait until you log in and then send that fresh IP directly to the authorities. Newsflash: The GDPR does not provide opsec against EU state actors. Off to the darknet with you if you care about that. It does provide opsec against ad networks, data brokers, etc… well at least in so far as it’s actually enforced.

            Don’t expect me to defend the GDPR. It’s neoliberal/conservative bullshit; even an abandonment of enlightenment values.

            The fuck are you on about.

            • General_Effort@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              3 months ago

              The only PII contained in that post you wrote is your user name.

              I think you have California law in mind here? I’ll boil down the GDPR’s definition of personal data for this particular case.

              ‘[P]ersonal data’ means any information relating to an identifiable natural person.

              All the data that is associated with a user account relates to that user. All of it is personal data.

              [A]n identifiable natural person is one who can be identified by reference to an identifier such as an online identifier

              Now that I come to mention it, I think a static IP is a sufficient identifier in itself, without further recourse to ISP data.

              lemmy.world is run by a Dutch foundation, and yes they have a legal department… or at least lawyers.

              Indeed, it’s heart-warming to see how the legal section grows every time I check. Which is a problem, because I’m pretty sure they need to give everyone the option to decline or accept every time they change it. Well, maybe in another couple months or years, it will be somewhat in compliance with EU regulations.

              You gave lemmy.world the right to log your IP when you signed up

              The IP was simply an example that came from the court case I linked earlier. Oh, but not in this particular fork. https://www.techdirt.com/2022/02/07/german-court-fines-site-owner-sharing-user-data-with-google-to-access-web-fonts/

              The fuck are you on about.

              The enlightenment bit was too much? I see where you’re coming from. Well, you probably don’t want to read my rant.

              • barsoap@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                3 months ago

                All the data that is associated with a user account relates to that user. All of it is personal data.

                Yes and it’s identifiable. That’s why I mentioned your online handle. You also not just consented, you tasked lemmy.world with broadcasting it all over the place. Complaining about that is like complaining about an email provider sending an email to a recipient.

                https://www.techdirt.com/2022/02/07/german-court-fines-site-owner-sharing-user-data-with-google-to-access-web-fonts/

                That has nothing to do with the data transfer lemmy instances are doing among each other. Which was what you complained about. Yes, it’s personal data, yes, you consented. No, the GDPR has no issues with that. I could’ve been more clear in the beginning, let me ask again:

                Which personal data do lemmy instances exchange that you did not consent them to share. That is not necessary for them to share to function as federated social network. That, in fact, isn’t available via the web interface. Exactly one thing comes to mind: Votes are identifiable and not everyone knows about that but there’s also a discussion going on.

                You know what? Why am I even talking to you. If you have something to complain about, contact your data protection officer.

                The enlightenment bit was too much?

                Nope it already started at the neoliberal/conservative bits. Neoliberals would like to own all your data freely, privately, while conservatives would like the police to own all your data. Things like Chat Control come out of the neolib/conservative corner of the EU while data protection is a Pirate/Greens/EFA thing, with Socdems and Demsocs not minding it but not taking the initiative, either. Oh and there’s also some conservatives who are in favour because digital sovereignty and such.

                • General_Effort@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  3 months ago

                  You also not just consented, you tasked lemmy.world with broadcasting it all over the place.

                  Didn’t Meta try the same argument? I very much doubt this will work in court.

                  Under the GDPR, you need informed consent. That consent may only be for specific, limited purposes. A blanket permission for any broad purpose is not going to work. People know that their comments and posts will be read, so that’s fine. One should probably tell people that their posts will also be crawled and stored in various databases. That federation means that their personal data is actively sent to other instances and processed there, is not something your average person knows. To be legally above board, this should happen only under contract, with instances under the GDPR or equivalent, and only by informed consent.

                  Every once in a while, there are debates around federating with or blocking certain instances. In particular, federating with Meta’s Threads is a hot button issue. Clearly, a number of people explicitly do not consent to having their data sent to just anyone. I think they have the law on their side.

                  Complaining

                  I’m not complaining. I’m explaining the law. You asked, remember?

                  That has nothing to do with the data transfer lemmy instances are doing among each other.

                  I originally posted this with regard to embedding images. But it also shows you something else: Saying that something is simply the way the internet works just doesn’t hold up in court. In that case, the plaintiff could have configured their browser to not connect to google. But they explicitly don’t have to.

                  That, in fact, isn’t available via the web interface.

                  Good question. Why should it matter if the data is sent to other people, if those people could scrape the data just as easily. Common sense may be that it doesn’t matter. But you could equally well say: Why does it matter if I share copyrighted media, if people can already get pirated copies with ease?

                  Under what conditions, scraping is legal is mostly unanswered right now. But the legality of scraping does not directly affect the legality of data sharing for federation.

                  Neoliberals

                  Oh, I see. These terms are always a bit fuzzy.

                  Suppose we regulated food on the same principles. Manufacturers would have to print exactly what ingredients went into the food and what was done with them. Maybe they are also required to assess the impact of some ingredients or steps in the recipe. Then people can form their opinions on whether that is healthy or not; causes cancer or whatever. Nothing is banned outright, it’s just a matter of informed consent whether you eat something or not. To me, this is a neoliberal or libertarian approach.

                  The GDPR goes a step further by giving you rights over certain data, turning it into something similar to intellectual property. The dogma that we should turn everything into private property and leave it to the individual, and then a miracle happens, is to me libertarian or neoliberal. Suggest a better word if you have one.

        • 0x0@programming.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Unless you dox yourself what kind of personal information are instances sharing?

          Don’t IP addresses get associated with posts?

        • General_Effort@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          3 months ago

          I’m not joking. It’s legally very questionable. It matters little if all the data is public.

          Have you heard about that $1.3 billion fine that Meta got under the GDPR? That was for sending data to US servers where the US government can get to it. It was the highest fine ever under the GDPR and it happened because Meta complies with US law. For that matter, the option to embed images into posts is a violation, as well.

      • tal@lemmy.today
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        edit-2
        3 months ago

        It certainly is against the GDPR to federate with US instances.

        considers

        I don’t think that it is, even for EU instances, in that the GDPR regulates businesses, so it’s out-of-scope for the GDPR.

        In theory, I suppose that GDPR implications might come up if someone starts selling commercial Threadiverse access at some point, though.

        There might be some interesting questions providing Usenet or maybe XMPP, though, as there are commercial providers of those services, and they are federated and transfer data all over the world.

        kagis

        Hmm. This has some people talking about it for XMPP. At least this guy’s first pass is that it might apply:

        https://mail.jabber.org/hyperkitty/list/operators@xmpp.org/thread/F5EGKYVPD42PPHOW72VBOS5E6OZTA22M/

        Under UK GDPR (not sure about the EU one) the only grounds for exemption is “Residential use” (other than police and national security, which are also exempt), quoting from the ICO:

        “Domestic purposes – personal data processed in the course of a purely personal or household activity, with no connection to a professional or commercial activity, is outside the UK GDPR’s scope. This means that if you only use personal data for such things as writing to friends and family or taking pictures for your own enjoyment, you are not subject to the UK GDPR.” [1]

        (For those who don’t know who the ICO is, they are the British data protection authority, see [2])

        At first, at least in my case, this seems pretty easy. The data is stored domestically, it is used with me and my friends for communication, there shouldn’t be any more to it… right?

        But there is. I regularly connect and talk in many MUCs for open source projects, such as Ignite Realtime (which this was initially discussed until Guus suggested moving it to operators, thanks Guus :) ).

        IP addresses, are considered identifiable information, logs will store said information, this therefore means my server is storing identifiable information on other servers, in this case, servers which could be considered for commercial purposes.

        It needs to be noticed commercial purposes doesn’t necessarily mean paid services, charities and non-profits are included within the definition. Open source projects COULD be considered commercial purposes because, although contributions are provided free of charge, it is still a “donation” of sorts in the way of code.

        The definition of “professional” does not seem to be clarified anywhere on the ICO page, nor in their legal definitions [3]. It doesn’t seem to be within the UK GDPR legislation [4] (I will admit I did not read all of this, I tried searching for keywords and found nothing, if someone read it all and knows where this exception is clarified, please let me know). Professional could mean a lot, but I will assume it is to do with some sort of “work”, which therefore would include open source contributions.

        This therefore could break the “no connection to professional or commercial activity”, to be honest the easiest thing to draw from this is if it involves someone who is not family or friend (or yourself), you are very likely to not be exempt.

        For those who will suggest a zero storage solution, where the XMPP server doesn’t store any data, it still comes under GDPR due to PROCESSING of data, simply processing it, even if you don’t store it, will have GDPR requirements.

        Failure to pay when you are required to results in fines.

        This is really cracking open a huge can of worms, it isn’t so much of “ah £45/yr is no big deal”, once you are exempt you must follow all the legal requirements of GDPR, and for a hobby? Is it worth it?

        I am 100% sure, an XMPP server which does not federate, which is used to communicate with friends would be exempt. But I have my doubts whether a federated server can still use the same exemption clause.

        • General_Effort@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          3 months ago

          the GDPR regulates businesses,

          The GDPR regulates everything and everyone, including individuals and non-profits. See Article 2. https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679

          For example: If you keep a personal journal and write about your friends and acquaintances, that’s out of scope. [ETA: As long as the journal is private. When it’s shared outside the household, it is in scope and probably a violation.] But when the Jehovah’s Witnesses go door to door and make notes who opens etc, that’s in scope. [ETA: And has been ruled a violation by the ECJ.]

    • Deceptichum@quokk.au
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      2
      ·
      3 months ago

      At some point the Fediverse is going to have to protect itself from Europe.

          • Kusimulkku@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            3 months ago

            I don’t mind when they genuinely do go after child porn. But I suppose I’m not as principled about freedom of speech as some others

            • skibidi@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              ·
              3 months ago

              There is always a tension between security, privacy, and convenience. With how the Internet works, there isn’t really a way - with current technology - of reliably catching content like that without violating everyone’s privacy.

              Of course, there is also a lack of trust here (and there should be given the leaks about mass surveillance) that the ‘stop child porn powers’ would only be used for that and not simply used for whatever the powers that be wish to do with them.

              • Kusimulkku@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                3 months ago

                If we let Fediverse become unmoderared and rife with child porn then I’d be fine with them coming after it, is all I’m saying.

  • Skasi@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    3 months ago

    I don’t really know much about this topic even after reading the article. It does bother me however that there’s so many channels/server on Telegram full of spammers that seem to offer drugs and prostitution. It’s almost like those were the only things that exist in this world. Which is such a huge waste of a chat program.

    Also who the hell listens to any of the nonsense influencers/politicians write in their heavily biased channels, seriously, I can’t find a sane reason to join those, yet strangely that seems to be the only reason the masses use this tool. It’s all just confusing.

  • Bigoldmustard@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    8
    ·
    3 months ago

    Telegram is for schizophrenics and nazis who aren’t ready to do it in public. If you think you need telegram, you actually probably need a friend.

    • smiletolerantly@awful.systems
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 months ago

      No.

      I’ve been using it for 10 years. Back then, it just started out as a chat app with group support - just like Wahstapp, but free (yes, WA used to cost money) and way better than SMS.

      My entire social circle switched to it, and has been using it ever since. Why? Because to this day, it’s easily the best chat app, feature wise. Literally every time WhatsApp or Signal or Threema add a shiny new feature, Telegram has already had it for a while.

      Since Covid however, there is a huge stigma attached to it, and I do get why. It’s sad, really. I wish there was a 1:1 clone of Telegram’s chat features, minus the Channels (or whatever they are called).

    • cheddar@programming.dev
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      3 months ago

      With your analytical skills you should probably solve world problems and find cures for incurable diseases, don’t waste your time on us!

  • Noxious@fedia.io
    link
    fedilink
    arrow-up
    11
    arrow-down
    32
    ·
    3 months ago

    Hell yeah. I always hated Telegram, because of its countless false promises, misleading claims, bad encryption (which isn’t even enabled by default) and shady background.

    • rdri@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      3
      ·
      3 months ago

      That bad encryption was not cracked for now. The other one, that is used to process chats between 2 users in end to end mode, can’t be enabled by default because it assumes no history is kept and no support for group chats.

      Also, the arrest doesn’t seem to be related to any of the things you mentioned. If anything it shows there are no ways for (certain) governments to affect the messenger, for now.

      • Noxious@fedia.io
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        3 months ago

        That bad encryption was not cracked for now

        There is no encryption by default if you haven’t noticed. There only the pseudo-E2EE which has been proven to have critical weaknesses: https://eprint.iacr.org/2015/1177.pdf

        can’t be enabled by default

        Yes it can, every proper E2EE messenger works like that. Signal, Threema, hell even WhatsApp uses E2EE by default.

        no support for group chats

        Signal has had group chats for many years now. WhatsApp uses the same encryption protocol and it also works just fine. Stop spreading misinformation, and use Signal if you want an actual secure, end-to-end encrypted, open and transparent messenger.

        • rdri@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          2
          ·
          3 months ago

          has been proven to have critical weaknesses

          Those are not critical, just some aspects being below some arbitrary expectational values. Also it seems there is still no proofs those vector attacks are being used at all.

          Yes it can

          They chose to target convenience over max security. Shoving strongest options to every user by default is agaiantt that. Reasons include: no history is being saved in this mode, and the desktop client doesn’t support it.

          Signal has had group chats for many years now

          Just because it was implemented by others doesn’t mean it’s a way to go for everyone. From what I understand, e2e in group chats means that there is going to be a transaction of keys between all members of the chat on adding any new member, and/or on new message, which excessively increases the burden on clients and servers in case of big active chats.

          You can ask telegram to implement that, but you can’t blame it for keeping it behind some gates. Telegram got implemented e2e between 2 users before other messengers got it working in any form of group chats.

          and use Signal

          I’ll think about it if they ditch electron.

          • Noxious@fedia.io
            link
            fedilink
            arrow-up
            1
            ·
            3 months ago

            Also it seems there is still no proofs those vector attacks are being used at all.

            Ah yes, definitely go with a messenger that has known vulnerabilities in its crappy encryption protocol, instead of one with an actual secure E2EE implementation.

            no history is being saved in this mode

            You can still make encrypted backups of encrypted messages, as can be seen on WhatsApp or Signal

            and the desktop client doesn’t support it

            I don’t know what you mean, both Signal and WhatsApp have managed to ship desktop clients with full E2EE support for years now. Only Telegram is too incompetent to do that.

            Telegram got implemented e2e between 2 users before other messengers got it working in any form of group chats

            Just stop lying. Telegram Secret Chats have been introduced in 2017, both Signal and WhatsApp have had E2EE (including for group chats!) for much longer. Signal has had (encrypted) group chats in 2014, back when it was called TextSecure: https://signal.org/blog/the-new-textsecure/ And WhatsApp followed in 2016.

            I’ll think about it if they ditch electron.

            Are you mad that Signal is focusing on privacy and security by improving their encryption protocol, instead of wasting time on some UI garbage? This shows your priorities really well. Keep using unencrypted Telegram, for the cool stickers and convenient cloud backup, and keep in mind that Telegram can read all of your messages, as well as hand them over to governments.

            • rdri@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              3 months ago

              Ah yes, definitely go with a messenger that has known vulnerabilities in its crappy encryption protocol, instead of one with an actual secure E2EE implementation.

              Feel free to go any way you want. I’m not asking you to use telegram.

              You can still make encrypted backups

              Spend time for that, and keep them where? Maybe also need a feature to sync them between mobile and desktop?

              Only Telegram is too incompetent to do that.

              Not an implementation issue but a trust issue.

              Just stop lying. Telegram Secret Chats have been introduced in 2017

              https://telegram.org/evolution see October 2013.

              both Signal and WhatsApp have had E2EE (including for group chats!) for much longer.

              Whatsapp had them inctorudec in 2016.

              Are you mad that Signal is focusing on privacy and security by improving their encryption protocol, instead of wasting time on some UI garbage?

              I’m perfectly fine with that. More apps using electron means less chance for my pc to run garbage applications on a regular basis.

              keep in mind that Telegram can read all of your messages, as well as hand them over to governments.

              Keep in mind that any person in your secret chats can read your message, copy or screenshot it and hand it to anyone else. Those people know much better if you’re doing anything sketchy (or something actually good but against their beliefs), than an app developer.

          • rottingleaf@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            3 months ago

            So how many people use E2EE with Telegram?

            And their ToS forbids alternative clients doing that. Say, using Pidgin with PGP or OTR. Since Pidgin plugins for TG and these exist, it’s not a limitation for me, but most people, again, don’t use Pidgin to chat in TG.

            • rdri@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              3 months ago

              Alternate clients are blocked from using that functionality because they may include ability to capture data somewhere, for example taking a screenshot of a protected chat.

              • rottingleaf@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                3 months ago

                I meant normal E2EE, not TG’s “encrypted chats”.

                And it’s not “that functionality”, it’s literally encoding messages into another layer over TG being forbidden.

                • rdri@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  arrow-down
                  1
                  ·
                  3 months ago

                  There is no normal e2ee because there is no standard for implementation, especially when it comes to group chats with >2 people.

              • Noxious@fedia.io
                link
                fedilink
                arrow-up
                1
                ·
                3 months ago

                Stop pretending that Telegram cares about the security of their users, because they clearly aren’t, as can be seen in their shitty encryption protocol, and the fact that by default all messages are stored on their servers in plain text

                • rdri@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  arrow-down
                  1
                  ·
                  3 months ago

                  So if an app doesn’t support e2ee all data is being saved in plain text suddenly. You prefer calling telegram shitty because you don’t care to actually learn what it uses. So it should be fair for me to call any other client shitty for other nonsense.