Telegram?

[gdr_11]

One of my local gunshops announced they are abandoning Facebook and can be now found on Telegram. I checked Telegram and it appears to be a messaging app. Am I missing something?

I don’t like downloading apps I know nothing about

[easyrider123]

Not a user, but I've only heard good things about Telegram.

People often throw "Signal" into that conversation, and what has become public as of recent is, Signal was developed with C(eye)A funding to provide a false sense of security to users seeking private communications. Nothing was truly private on there.

[nine mil thrill]

I currently am using Telegram to communicate with my IPTV subscriptions and troubleshooting help. never had a problem and neither have my contacts.

[HKAllTheThings]

Luckily the Feds don’t know about Parler or Telegram yet so everyone can post their unfiltered hearts content

[jager56]

Also telegram has been infiltrated as well as gab, parlor all honeypots and full of grifters

[tenemae]

Quote:

Originally Posted by easyrider123

People often throw "Signal" into that conversation, and what has become public as of recent is, Signal was developed with C(eye)A funding to provide a false sense of security to users seeking private communications. Nothing was truly private on there.

Signal is open source
https://github.com/signalapp

and has been independently audited
https://threatpost.com/signal-audit-...-sound/121892/

Not sure how the CIA factors into that

[OlderThanDirt]

Machine Gun Montana uses Telegram and it seems OK, but they use Facebook as well. These apps are fine for legal operations and don’t seem to be targets of censorship, yet.

Regarding Signal, there are a few articles out there that note the CIA early development funding and collaboration link. Unless you write your own encryption software and provide it to everyone you communicate with, you should assume that someone has the ability to read it fairly easily.

There is no privacy or freedom on the Internet.

[tenemae]

Quote:

Originally Posted by OlderThanDirt

Unless you write your own encryption software and provide it to everyone you communicate with, you should assume that someone has the ability to read it fairly easily.

Rule number 1 in cryptography is: Don't roll your own code. You are dangerously bad at cryptography.

Compile an open source, independently audited build? Sure. If you know what you're doing. Write your own code? Absolutely not, unless you're willing to hinge your entire security value on secret method. But to use that on a non-air-gapped device? Yikes.

[OlderThanDirt]

Court Docs Show FBI Can Intercept Encrypted Messages From Deep State-Backed ‘Signal’ App

So much for assurances that Signal is a secure app. Audited open source software is a completely BS smokescreen intended to fool the lazy and feeble minded.

There is no privacy on the internet. Whatever you write will be collected, stored, categorized and analyzed.

[FeuerFrei]

I introduced Telegram to my buddies a few years ago and we have been using it every day.

We chose it over Signal for extra features, and use Signal as a backup app.

We also use Proton email and it's VPN apps.

Layered approach to security.

Nothing is 100%, but why give your private info away on a platter?

[Robotron2k84]

Quote:

Originally Posted by tenemae

Rule number 1 in cryptography is: Don't roll your own code. You are dangerously bad at cryptography.

Compile an open source, independently audited build? Sure. If you know what you're doing. Write your own code? Absolutely not, unless you're willing to hinge your entire security value on secret method. But to use that on a non-air-gapped device? Yikes.

Cryptography is notoriously hard, because so many mistakes are possible with just a partial understanding of how it works.

By way of a recent example, I re-learned how easy it is to make your encryption weak:

The authors of the ISC BIND DNS server have been very good about implementing solid cryptography in named, yet still have patchable errors. But, one thing they get right is using a REAL source of entropy-based randomness in their key generation. By default using the BIND keygen and signing utilities uses /dev/random on Linux, but takes a long time for high-quality entropy to filter into the kernel, making key generation a long exercise (sometimes hours, even with an entropy generating program).

As an alternative, you can use /dev/urandom to generate keys, and most Linux programs that utilize cryptography use this device, as it doesn’t block and easily produces random data.

But why do the BIND maintainers suggest the former device? Because /dev/urandom is a pseudo-random generator with seeds and salts from host data, meaning that it’s MUCH easier to guess at values that make your primaries weaker than in cryptography generated from true-random data. This is exposed in DNS keys because of the frequency and shorter length necessary for the protocol.

Now, audit how many of your programs utilize only a pseudo-random generator in your OS, and to what extent they go to maximize its cryptographic worth, with longer salts and seeds. With a hack like what occurred with SolarWinds, it wouldn’t be that hard to introduce a weakening of the seeds and salts to where the result is sufficiently weak enough to crack with existing computing resources.

This is on top of the continual suspicion of TLA-induced weaknesses in crypto primitives like hashing and prime shortcuts and you start to get a feeling of why well-funded state actors can potentially break or significantly weaken commercial crypto, e.g. what is in use, and why they never really pressed for crypto export restrictions to be reinstated for new ciphers.

A good compromise is a hardware random number generator, utilizing Brownian Motion (heat fluctuations), electronic noise or weak ionizing radiation. Each are available in USB format and help to protect one link in the chain.

[Rivers]

Telegram is very popular in Iran, a country not tolerant of opinions that don't echo the state's. That said, the government of Iran tried to block Telegram after Telegram's developers refused to give up the encryption tools. Then Iranians started using VPN plus Telegram with notable success. Even phone conversations over Telegram are good quality!

[usr1987]

lol... some of you are a wet dream for manipulation... Signal is way better than Telegram... Did of you geniuses realized that your regular chat is not even encrypted in Telegram? You have to enable a secret chat for that and the encryption has not been audited like with signal since its proprietary, not open source? Oh yeah, all the group/room chats are not encrypted and as of recently they found a way to even get your location and ip.

Who is the genius that posted the link: https://bigleaguepolitics.com/court-...ed-signal-app/ ?

Did you ever bother to read the article from fox news that the stupid site referenced as the real study about it? How about the original paper by the researchers? They would need physical access to the phone, and I am sure even your telegram can be compromised in that way! Oh yeah and Signal already mitigate that by releasing a new update!

Man, some you of you are ridiculous!

[FeuerFrei]

https://telegram.org/faq#q-how-secure-is-telegram

Quote:

Q: How secure is Telegram?
Telegram is more secure than mass market messengers like WhatsApp and Line. We are based on the MTProto protocol (see description and advanced FAQ), built upon time-tested algorithms to make security compatible with high-speed delivery and reliability on weak connections. We are continuously working with the community to improve the security of our protocol and clients.

Q: What if I’m more paranoid than your regular user?
We've got you covered. Telegram’s special secret chats use end-to-end encryption, leave no trace on our servers, support self-destructing messages and don’t allow forwarding. On top of this, secret chats are not part of the Telegram cloud and can only be accessed on their devices of origin.

Q: So how do you encrypt data?
We support two layers of secure encryption. Server-client encryption is used in Cloud Chats (private and group chats), Secret Chats use an additional layer of client-client encryption. All data, regardless of type, is encrypted in the same way — be it text, media or files.

Our encryption is based on 256-bit symmetric AES encryption, 2048-bit RSA encryption, and Diffie–Hellman secure key exchange. You can find more info in the Advanced FAQ.

[usr1987]

Quote:

Originally Posted by FeuerFrei

https://telegram.org/faq#q-how-secure-is-telegram

lol... from their site...

[Gooseman]

Telegram is made in Russia. I'm not sure why you're all so quick to believe it's secure. Signal is a much better alternative.

[MyOdessa]

Quote:

Originally Posted by Gooseman

Telegram is made in Russia. I'm not sure why you're all so quick to believe it's secure. Signal is a much better alternative.

Just plain wrong, but thanks for playing.

Telegram is made by brothers Durov, who are from Russia. They also made VK, when Russian government decided to take that from them, Durov and his team left Russia.
They started Telegram in Europe. Russian government passed the law and demanded that Telegram passed info on its users to the Russian government, Durov refused and Russians tried, unsuccessfully to block Telegram, Russian government gave up after about a year, after they successfully blocked their own banks, businesses and some government websites. Eventually Russian government gave up and now has its own channels on the Telegram. Telegram team are now based in Dubai.

[ShotgunPreacher]

Quote:

Originally Posted by easyrider123

Not a user, but I've only heard good things about Telegram.

People often throw "Signal" into that conversation, and what has become public as of recent is, Signal was developed with C(eye)A funding to provide a false sense of security to users seeking private communications. Nothing was truly private on there.

Rumble seems suspicious too...

CNN was started for and continues to be a domestic CIA operation.

Alex Jones' Infowars is owned by Turner Broadcasting (Ted Turner)

Nothing is EVER as it seems. If 'they' dont approve, it is not allowed to exist.

The enemy is in the kitchen and he is serving dinner...

[Cowboy T]

Quote:

Originally Posted by tenemae

Signal is open source
https://github.com/signalapp

and has been independently audited
https://threatpost.com/signal-audit-...-sound/121892/

Not sure how the CIA factors into that

The same is true of SELinux, the MLS-level security for the Linux kernel. The NSA originally wrote that. Fortunately, since it's Free/Open Source Software, it could be independently audited, and it's been a part of the Linux kernel for a long time as a result.

As long as it's F/OSS, and the open sourcerers have had a good look at it, I tend to trust it.

Therefore, if Signal is likewise F/OSS, and been audited, I would trust that software as well.

The danger is in who controls the *SERVERS*. If there's a way to compromise the communications at the server level, then you're wide open to attack. That's the problem with Skype. That's why end-to-end secret- or public-private key, without trusting anyone in the middle, is important. This is how SSH (Secure Shell) works. Yes, it results in a big, ugly mesh of private keys, but that's how we did PGP back in the day. We had key-exchange parties where people would bring a stack of floppies with their PGP public key and hand them out to people. No Verisign, Thawte, Digicert, or any other "certificate authorities". Those communications were what the FBI/CIA/NSA/etc were really afraid of, and that's why they went after Phil Zimmermann then. No servers to intermediate the key exchange process, no ability to decrypt. Spooked the spooks quite a bit!