• gedaliyah@lemmy.world
    link
    fedilink
    English
    arrow-up
    121
    arrow-down
    1
    ·
    1 month ago

    Wait, the centralized service that security experts warned for years could be easily compromised because a centralized messaging service is inherently insecure has now been compromised? Surprised Pikachu face

    • MehBlah@lemmy.world
      link
      fedilink
      English
      arrow-up
      49
      arrow-down
      4
      ·
      edit-2
      1 month ago

      Owned by a fake rebel russian who has somehow managed to keep from falling out of a window on a high floor. Cough, cough plant.

    • Star@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      1 month ago

      Not to discredit your arguement but isn’t Signal also centralised?

      • lemmylommy@lemmy.world
        link
        fedilink
        English
        arrow-up
        22
        ·
        1 month ago

        It is. But it is open source and the encryption is solid. All communication data is end-to-end encrypted. They have been subpoenaed before and all they could provide was when the account was first registered and when it was last used. The signal protocol is well documented and open source. The foundation and LLC behind it are registered in California and are run by reputable people.

        Telegram is run by shady people, supposedly out of Dubai, while it is registered in the British Virgin Islands. Its clients are also open source, however the encryption, if enabled, is of the home cooked variety, although it was improved over time. Unfortunately it is not enabled by default, you need to enter a „secure chat“ for that, which only works with single contacts, not with groups. Despite having access to everything else, and working like a social media-messenger-hybrid, telegram is very reluctant to get rid of clearly illegal content.

      • gedaliyah@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 month ago

        The data is not centralized in the same way, making it slightly better, but yeah. A lot of the same pitfalls of centralization happen there. The whole system doesn’t operate without the corporate servers in the middle, even though they don’t see or store the data. They have total access to Metadata. The organization could be sold for profit, shut down, change terms, etc.

        If security is important, you’re better off with something decentralized like matrix. I’m not an expert, so hopefully, a lot of people here who are smarter than me will fact check these statements, but at least those are my impressions.

      • MiltownClowns@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 month ago

        It is, which is why the comment didn’t advocate for it. Signal has more robust encryption than telegram, but its not zero-trust. They should really be using private hosted services instead of public or pgp, but when battle kicks off you use whatever works and then go back and revise as needed when you’re not dodging bombs.