- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.
I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?
You must log in or # to comment.
Telegram is the worst kind of “secure” messaging in that it gives you a false sense of security while not really being secure.
Telegram is the least secure thing there is. Not only it’s complete zero effort security, it’s also much above zero effort to advertise itself as almost secure. Not a good combination as you know.
telegram is not encrypted e2e
I’ve honestly found signal better than matrix.
Matrix is just not there yet in terms of features UI etc and is less private than signal because it collects way more metadata and stuff. I know the idea of federation is cool, but Signal works better for the privacy aspect.
I’m using simplex :3
The downside of Signal is that it’s centralized, and thus at the whim of those who run it. Structurally, it’s not really different from Whatsapp or Telegram except for who owns it.
Interesting—I feel like I see Matrix touted as more private than Signal b/c of Signal’s phone number requirement. What compromising metadata does Matrix require that Signal does not?
Sorry I’ll let someone more knowledgeable answer about metadata, but signal does allow you to set a username and hide your phone number (so people add you with username instead if f number)
Matrix is good for private general messaging. The fact that it’s decentralised means it can also withstand things like government-ordered shutdowns or back doors, since there is no central point that controls the whole network.
Two things to be aware of:
- Some non-message bits (e.g. room topic text and membership) have not yet been moved to the encrypted channel, so those could be read by the administrator of a homeserver that participates in your chat room. Since most people care primarily about keeping the message content private, this is an acceptable trade-off to get all the things that Matrix offers.
- The upcoming Matrix 2.0 features and design choices simplify the UI and fix some occasional errors. It might be worth waiting until this stuff officially lands in the client apps before bringing your contacts to Matrix, for a better experience all around.
As long as you onboard them with the ElementX/SchildichatNext(better fork of element) mobile client, their experience and setup should be fairly future proof. Its still changing and growing for sure but the most important stuff is finally working now and the new call systems is a huge improvement.
But yeah if you want zero metadata, your only choice is P2P stuff like Briar.
Government-ordered shutdowns do not work the way you think. Government doesn’t play by the rules, it makes rules for itself.
Which means - they may, say, make a list of instances updated hourly, which automatically get blocked by ISPs.
Free speech or not, it won’t withstand such.
Note that I said the network can withstand such things, not that it guarantees your connectivity to it when using a hostile ISP. No internet messaging service can do that.
Are there any other messaging options that are more resistant to government ordered shutdowns than Matrix?
All either lack user directory or use phone numbers as identifiers. Finding people through the same instrument is an important functionality, without which a messaging system will not be popular and thus will not be relevant for such situations.
If a messaging system uses SMS for confirmation, then, as you might guess, there is some central point sending out those SMS. So it would have centralized registration. Then technically registration can be disrupted (one can imagine some cryptographic scheme to make this the only disruption). Registration is an important part, even for a popular system many people will not have an existing account when they need it.
User directories - if there is a decentralized user directory listing John Smith, Ivan Ivanov and Obi-Wan Kenobi, then either there will be hundreds of each with no ability to tell which of them is the real one (suppose those names are unique, say, u://jsmith, u://iivanov and u://alongtime ), or you need some kind of registration of public key and nickname pairs. Simplest variant (maybe dumb) is to have the messages telling of such registration having happened to be signed by some “registration authority” or a user delegated (by another message) that right (one would have to trace it to the root sadly). Then, it appears, users may add registration authorities, or choose between them, manually, but then the decentralized user directory would work in some moderated and ordered way.
I’m not aware of any such system existing, and perhaps something about what I wrote is just dumb.
There are a few messaging systems that don’t rely on internet service. That usually means a peer-to-peer design using some form of radio link, which can work well for local gatherings (like protests), but these tend to be impractical for general use.
Gotcha, so in summary, anything that relies on an internet service, such as Signal, Matrix, or Simplex, is vulnerable to government ordered blocks via black list that ISPs are compelled to enforce. Am I thinking of this right?
Thankfully, it’s not that simple.
A centralised service is an easy target for a government. (This is where Signal stands.) A decentralised one is significantly harder, because the government would have to be constantly discovering and processing every node in the network as new ones appear. (This is where Matrix stands, although it doesn’t have many public servers yet.) Fully peer-to-peer decentralisation makes it harder still, because there are as many nodes as there are users, with network addresses that often change. (Some of these exist today, but are mostly experimental with few users. Matrix has done some proof-of-concept work in this area as well.)
On top of decentralisation, tunnels like VPN and Tor can be helpful in avoiding ISP-imposed blocks.
Something p2p like Tox or Briar, both annoying for daily use.
I currently use Telegram for my friends and family, but have reluctantly come to the conclusion that the UK Government is either reaching agreement for backdoors with messaging services, or is trying its hardest to.
Unless you start an encrypted chat, Telegram chats are not E2E.
I’m also on Element/Matrix. Before I try to get my contacts to join me on there, should I be aware of any privacy issues or is that a good place to head?
Host your own Matrix node, and then you don’t have to worry about prying eyes. Realistically, instead of worrying about the protocol, worry about the content of the text. Use PGP to encrypt your own text and send it over clearnet. Who cares at that point.
Definitely host your own node! It’s trivial for a server admin to add a hidden bot to every chat and while it’s still E2EE, an unknown party could still have a copy and key to read it.
Really good talk from DEFCON 32 about the service “Anom” by Joseph Cox (sorry for the lack of a link, at lunch, on mobile and about to get back to work).
The most privacy focused messaging app I know is SimpleX Chat, it has no user IDs, is FOSS, e2e encrypted with an option to use TOR, give it a try!
+1 for SimpleX
Simplex was bubbling about implementing CSAM. Any client mentioning it is not safe, period… Child safety and hate speech is always an excuse for tolitarian regimes ( sittenpolizei ) never a true approach for solving the issue ( child safety )
I have no idea about this, but as of now anyone can register.
For reference, CSAM is Belgium’s government portal and a system of login, as far as I know, so I assume it would be used to check if someone is a minor at the time of registration
Child safety is important but implementing this would kind of defeat the purpose of a privacy focused app.
I agree that just gatekeeping children and therefore verifying everyone with a government platform, but then it raises the question on how to improve child safety on an app that’s self-hostable with not even user IDs to identify the users?
I don’t have an answer to that, but I don’t like just saying “This solution is bad”, I always try to add “So try this instead, because XXX”
hello beautiful people of lemmy I’m excited to make my first comment in here
so I wanted to ask: considering that WhatsApp is a big threat to privacy and even worse because of google and iOS backups, how big of an improvement would it be not using it and using the secret chat option in telegram instead? That would solve the issue wouldn’t it? As far as I know the concern is with normal non encrypted conversations and the groups channels and all those.
I would love to use signal with everyone but where I live it seems that there is 0 worries about the topic so I only use it with my more “international” people. The most I can get is probably to use telegram E2EE.
Hello and welcome to the Fediverse.
Telegram’s secret chat’s encryption algorithm is made by Telegram themselves, which is already a red flag. You generally don’t want to roll out your own encryption algorithm if you aren’t cryptographers, which Telegram people aren’t. Their MTProto is also not proven, so you’d rather not want to use it.
Here’s a blog entry about their MTProto: https://web.archive.org/web/20180420061726/http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/
I think at this point it would be funnier to just use something obviously unsecure like discord but share your public key with the other user and then send encrypted text.
We went full circle to the early 2000s, slapping PGP on top of public messaging platforms!
I guess a vencord plugin for that wouldn’t be that difficult to do
I used to do something like this before Signal became a thing. We used to use OTR via the Pidgin OTR plugin to send encrypted messages over Google Hangouts. Funnily enough, I’m pretty sure Pidgin supports Discord, so you could use the exact same setup to achieve what you described.
It was pretty funny to check the official Hangouts web client and see nonsensical text being sent.
My response to the body of this post is https://www.privacyguides.org/en/real-time-communication/
This might address the URL of this post (I’ve never interacted with “iCloud” so I don’t necessarily know what would be a good replacement for it): https://www.privacyguides.org/en/document-collaboration/
You may want SimpleX. You can still self-host your own server if you wish, but it doesn’t have nearly the metadata issues of matrix and encryption keys are stored in a database that you back up instead of constantly breaking
Last time I tried Simplex, the desktop app was incompatible with the mobile app. Do you know whether this has been fixed?
I haven’t personally tried it, but I think there’s a setting in the mobile app for using it with a desktop. So I assume it is fixed, but I won’t swear to it.
It works. You either have to link it with your mobile app or you use it standalone with a different user/id
The two encrypted messaging platforms I currently suggest are XMPP or Matrix. Both are usually fine and are decentralized. The main thing with them is to either self-host or choose a server you trust to set up an account — which applies to the Fediverse in general.
Out of curiosity, is there anything stopping you from suggesting SimpleX? How does SimpleX compare to XMPP or Matrix?
Mostly just that it’s still pretty new and thus hasn’t been as polished or scrutinized yet. Haven’t tried it myself. For the sake of the OP’s question, it may also be notable that it’s a UK company.
Is Briar any good?
I’ve heard good things about simplex give it a look
