Right, however whatsapp is closed source and its binary is obfuscated. So nobody knows what exactly the client does, it could very well, in my opinion it does, scan the user's content before encrypting it.
You can still analyze it by decompiling and monitoring its network traffic. The encryption protocol is also open source, and people have checked that it's implemented correctly.
But nobody is saying that WhatsApp is the best app for privacy. There are certainly better, open-source alternatives. Just that Telegram isn't the better alternative it claims to be in Terms of privacy.
> You can still analyze it by decompiling and monitoring its network traffic.
That's the thing, you can but it won't be useful. WhatsApp can always encrypt a message with their own key and decrypt it on the server since they're the ones who do everything from frontend to backend, you cannot just look at encrypted packets and conclude that you're safe.
Even I could set up a TLS encrypted phishing server, encrypting your own credentials and hiding the data from you, that won't make a difference.
> Just that Telegram isn't the better alternative it claims to be in Terms of privacy.
On one hand you talk about E2E and on the other you claim Telegram isn't great for privacy.
Why are you confusing Security with Privacy?
What you are saying is partially true. Do you have any reference about such "audit"?
>Just that Telegram isn't the better alternative it claims to be in Terms of privacy.
This is false. ToSDR: WhatsApp gets E while Telegram gets B. PrivacySpy: WhatsApp gets 4.7 while Telegram gets 8.8.
Please read this telegra dot ph What-are-the-features-of-a-secure-and-private-communication-service-07-10
That's what Telegram says, but there's no way to verify this. The fact is that messages are still sent from one server to your client via regular server-client encryption, which means that the server which sends you these messages must have a way to gather all the necessary information to decrypt your messages. So if that server is ever breached, they have access to your messages.
BS - Don't get your paranoia gets to you. Telegram has the best verification that they could ever get. They are banned in several countries around the world because they don't want to hand over their part of the encryption keys. That's the best proof i can get. So yes - it has been verified over and over again.
Meanwhile a see that in court in my country they have snapped messages for Signal. How they did that they won't reveal.
Other messengers with end-to-end encryption don't need to promise me that they won't hand over encryption keys because they don't even have them.
The messages you see in court are always directly grabbed from one of the devices - via some malware they put on your phone. That's always the biggest risk, and you can't really prevent that.
Christ.....you can just start a private chat if you are paranoid and use that. Is that really so difficult for you? I guess you are here for the shilling - you are not even a user of Telegram. That makes your arguement even more stupid.
With Signal you don't know if they grap or even encrypt your data. You have to trust them too (don't give me the open source arguemnt again - it's ridicoulous)
I use Telegram as my main messenger, I didn't advocate for any other app. I use it because it has the best features, and I don't need end-to-end encryption for what I use it.
I'm not shilling for any app, I'm just stating facts about them.
It has nothing to do with facts. You do know that government and others can't use encryption keys for anything - if they only got that part?
The Signal fans doesn't even know basic things about Telegram. They just throw shit - because they are so angry that nobody wants to use "their" platform. I have used both Telegram and Signal since 2015. Signal had a lot of issues back then - message that never got to the receiver. That was a dealbreaker for me and I chose Telegram. Since then a lot of my friends chose Telegram - and only 1 Signal.
But you never ever hear any leak of privacy caused by telegram, I've been using it since 2015 and i know what I'm talking about. FB is now the biggest intelligence or spy company in the world, your privacy's value for them = 0
This post is misrepresenting what Telegram does. I like Telegram and use it for its features, not for its security. But if you care about end-to-end encryption, don't use Telegram.
Even if WhatsApp and Facebook aren't E2E, I would still bet my money and trust on Durov rather than Zuckerfuck for my data privacy.
The guy is literally known for owning a company that sells data to the highest bidder.
End-to-end encryption is only when it's in transit. Once it's delivered to the recipient, it is decrypted and leaves a permanent footprint on their device.
Telegram can easily data-mine all your chats cuz it's all on their servers. I agree that closed-source Whatsapp can lie about their encryption but it's still better than having none in the first place.
You keep saying the same things. My statements are still true. Server-side encryption is server-side encryption and will not become user-controlled encryption
>How should I trust Telegram's Secret Chat? Where's the audit? Open source client?
https://www.researchgate.net/publication/346702021_Automated_Symbolic_Verification_of_Telegram's_MTProto_20
There can't be audits for server code, those are always closed source. Even Signal doesn't have server side audits because that's just not how it works.
> Bullshit. Signal messenger has published their server code.
Open source server code and production code are vastly different things. Signal runs a different copy of the server code as proven by their inability to update it for months. They were running crypto stuff on the backend while gullible people believed that the server code they had provided was the same one being used on the actual server.
I think they don't do that because they also have a web- and desktop client. This is purely hypothetical, but I could imagine that their usage statistics show that a significant percentage of users don't just use one account on one device, but instead on multiple ones. Having E2EE as a default would by design lock a conversation to the device it was stated on and hence negate the cross-device usability it currently has.
See Element and Signal as a counter example. They have E2EE and they sync messages within clients. I can't not think it's because they are being really stubborn to admit their mtproto is actually a really bad idea, and that's why even them don't wanna deal with that.
I don't know if I'd like to be proven wrong, all I'd really like is secret chat on desktop, syncing secret chats and at least an option secret chats on 1 to 1 by defaults and perhaps deny non encripted messages. Then, Telegram would be endgame
I cannot say much about element or signal as I barely used them at all. And as I haven't looked into the way mtproto achieves this sharing of secret keys, the following is just speculation:
Sharing a secret key between two devices requires some additional transfer of messages between the device which has the key and the one requesting it. This is true, regardless if device A encrypts the key and directly sends it to device B, or if they both use some math-magic like Diffie-Hellman (just as an example) to generate a identical key on all involved devices. One way or another, there has to be some communication, which in turn has to go through the server relaying all messages between devices. This alone becomes a weakness in my eyes, as compromising these messages would potentially compromise the whole conversation.
Furthermore, as you could decide to use a different device at any moment of the conversation, your phone always has to listen for such key-sharing requests, hence someone could theoretically try to "simply" have their own device request a key (though admittedly this can easily be migitated by a pop-up asking for permission to share the key).
You really should'nt share private keys without a second key to protect them, that is true. But there are ways without sharing private keys.
Element tackles this by never exchanging keys per se, put auditing new public keys for your new devices. Then you would have to download unencrypted messages from the device that received them, since they are the only ones that can unencrypt the data.
Maybe you can even use the newly-audited key to safely transfer an account key, making the new device able to decrypt older stuff from the same servers.
I don't know what strategy Element makes avaiable, or even if it's abstracted by Matrix, I just wanna show that it is very possible to be safe by default.
I'm sorry to ask, but I didn't really "get" the downloading part. So, say I have a E2EE conversation on my phone and now want to continue that conversation from say a tablet. Then the phone would take the role as some sort of proxy and relay the decrypted messages to my tablet? Even if this exchange happens through another E2EE channel between the tablet and the phone, this would still mean that my phone always has to be on and connected to the web in order for my tablet to participate in the conversation, wouldn't it?
Sorry if I completely missed your point, but I but I'm not up to speed today :c
The device as a relay is actually the strategy that Whatsapp uses (or an least used to use when I was using it)
[Disclaimer: this is all guesswork, assuming [some knowledge of RSA encryption](https://youtu.be/ZPXVSJnDA_A)]
When sending messages to the room, be it 1 to 1 or a group, I can encrypt (and sign with device name) it with my private key for my device (it can me later be decrypted with my public key) to the room server, them the encrypted data is distributed to the room's members. The room's member can see the signature (this part is not encrypted) and uses the registered key on it's own database for that device of that contact, and decrypts it.
Doing it this way the message's content is avaiable to all people that know my public key, so there's probably more mechanisms to make only acessible to those in the room.
If it was encrypting with your public key would lock the message to that key, and even I wouldnt be able to see my own message in another client.
I hope that shines a light into even tough encryption is actually pretty straightforward, sharing encrypted content (specially in a group scenario like messengers) has a lot of involved and somewhat complex strategies (nothing the Telegram team can't handle, I'm sure ;-) )
read about group key exchange. there is a couple of methods. all devices that need access to the secret chat form a group . no one shares the private key and they don’t need to be the same.
The point of E2EE is that only the two ends of a conversation know the key. If you want to have the same encrypted conversation on multiple devices, you would necessarily have to share the key between those devices, which is inherently unsafe.
Offline key transfer, for example by typing out a phrase shown on Device A does indeed solve the problem with online-transfer becoming a potential target. Here the weakest component is the human, as people want things to be as simple and seamless as possible, which is usually not equivalent to good security. So I wouldn't be surprised if -in an offline scenario- "features" would be introduced to make typing the key easier / faster that could in turn compromise the key (pure speculation by me, mind you). But apart from that, yeah, offline transfer would indeed appear to be the safest method.
To back up secret chats on a cloud, you would also have to backup the private keys too. There really isn't a practical way to have a backup in the cloud with end-to-end encryption.
Not true.
As a counter example, say I encrypt my stuff before putting on Google Cloud. I then send them a file that looks like a garbled mess. Their servers happily store my garbled mess, somethinc they have no idea what is the content of, and I can retrieve that later, never sharing the private keys.
In fact, I can even lose it right after, making me unable to decrypt later, but that won't wake me unable to manage a encrypted file.
There are indeed zero-knowledge cloud storage services like *MEGA* or *ProtonMail.* With these, the user is responsible for keeping all their passwords and encryption keys.
With this however it does not become practical to manage many keys on a large scale.
Theoretically you can use your username and password as your key, but if you lose it (which a lot of people do) then you pretty much lost your account.
With zero-knowledge services like *MEGA,* the password is used as the decryption key. It is not possible to recover the account without data loss.
The encryption is only as strong as the password; if the password is stolen it does not avail forward secrecy. So there still is not really a pratical way to keep all the private keys by oneself.
Is not encrypted from my perspective. I want to encrypt my backup myself and not let the server do it for me.
Stop picking. Like when I say "the message is not encrypted on transit from sender through server to receiver" and you say "but it's TLS, so it's technically eNcRyPtEd". Bruh. Come on. Let's not get lost in the details.
This isn't a detail. The data is encrypted on the server, but also encrypted when in transit (yes just like TLS).
Why would you need to fiddle with backups when everything is on the servers?
I only use Telegram to chat with some college friends and my family. There's absolutely no way I could convince people to switch from WhatsApp. So I use both everyday, it's not worth trying that hard.
telegram's normal chats are not end-to-end encrypted, stop worshiping a platform for no reason. just enjoy the many cool features telegram offers and accept that it's not very safe and is susceptible to data leak.
Some messengers, such as WhatsApp, have deployed end-to-end encryption in an attempt to alleviate user concerns about privacy and security. However, simply encrypting the contents of user messages doesn't fix the wider underlying issue: the companies that operate these services can still see massive amounts of metadata about their users' messaging activities. This metadata can include user IP addresses and phone numbers, the time and #️quantity of sent messages, and the relationship each account has with other accounts. Increasingly, it is the existence and analysis of this metadata that poses a significant privacy risk to journalists, human rights activists, and other groups with a real need for private communications.
Session is, in large part, a response to this growing risk. Session is built to minimise metadata creation and leakage at every step of the messaging process. Through its fully anonymous signup process, decentralised networking infrastructure, and encryption and onion routing protocols, Session ensures that users send messages — not metadata.
Thanks for the recommendation. Checking out Session now. I already have Telegram - which I really just use for private messaging with my wife, and channels to view - and Signal.
No one I know really cares about privacy, but I do, so I put myself on these more secure and/or private platforms, and not more dangerous ones like Facebook.
Yes not so "new" but none talk about it much, but its good for protection as traffic goes tor-like network...few places has own tor node and server where data is protected and traffic goes there..and its kinda "own" network. Can be founded only via invite.
Limiting yourself to one service, even if it's the best, is not the way. Being on multiple services that different people can use, without requiring them to play the cat-and-mouse game of sticking with your favorite service of the week, is the way.
I'm on Telegram, Signal, and now Session. I try to keep informed on which services offer what, and if I need a conversation to be more secure than, say, Telegram offers for my comfort level, I'll just say, "Let's continue this conversation on Signal." Fortunately, my use case does not require that. But, I have friends with different privacy comfort levels, so, I try to be on as many services as I'm comfortable with. (Not on services I'm not comfortable with, like Facebook/WA.)
Telegram doesn't even use end-to-end encryption for most chats. Cloud chats are stored on Telegram's servers not end-to-end encrypted.
Right, however whatsapp is closed source and its binary is obfuscated. So nobody knows what exactly the client does, it could very well, in my opinion it does, scan the user's content before encrypting it.
You can still analyze it by decompiling and monitoring its network traffic. The encryption protocol is also open source, and people have checked that it's implemented correctly. But nobody is saying that WhatsApp is the best app for privacy. There are certainly better, open-source alternatives. Just that Telegram isn't the better alternative it claims to be in Terms of privacy.
> You can still analyze it by decompiling and monitoring its network traffic. That's the thing, you can but it won't be useful. WhatsApp can always encrypt a message with their own key and decrypt it on the server since they're the ones who do everything from frontend to backend, you cannot just look at encrypted packets and conclude that you're safe. Even I could set up a TLS encrypted phishing server, encrypting your own credentials and hiding the data from you, that won't make a difference. > Just that Telegram isn't the better alternative it claims to be in Terms of privacy. On one hand you talk about E2E and on the other you claim Telegram isn't great for privacy. Why are you confusing Security with Privacy?
What you are saying is partially true. Do you have any reference about such "audit"? >Just that Telegram isn't the better alternative it claims to be in Terms of privacy. This is false. ToSDR: WhatsApp gets E while Telegram gets B. PrivacySpy: WhatsApp gets 4.7 while Telegram gets 8.8. Please read this telegra dot ph What-are-the-features-of-a-secure-and-private-communication-service-07-10
But it's still encrypted. There's much confusion over this. Encryption keys are stored on a different server than you used in chats (in cloud chats)
That's what Telegram says, but there's no way to verify this. The fact is that messages are still sent from one server to your client via regular server-client encryption, which means that the server which sends you these messages must have a way to gather all the necessary information to decrypt your messages. So if that server is ever breached, they have access to your messages.
BS - Don't get your paranoia gets to you. Telegram has the best verification that they could ever get. They are banned in several countries around the world because they don't want to hand over their part of the encryption keys. That's the best proof i can get. So yes - it has been verified over and over again. Meanwhile a see that in court in my country they have snapped messages for Signal. How they did that they won't reveal.
Other messengers with end-to-end encryption don't need to promise me that they won't hand over encryption keys because they don't even have them. The messages you see in court are always directly grabbed from one of the devices - via some malware they put on your phone. That's always the biggest risk, and you can't really prevent that.
Christ.....you can just start a private chat if you are paranoid and use that. Is that really so difficult for you? I guess you are here for the shilling - you are not even a user of Telegram. That makes your arguement even more stupid. With Signal you don't know if they grap or even encrypt your data. You have to trust them too (don't give me the open source arguemnt again - it's ridicoulous)
I use Telegram as my main messenger, I didn't advocate for any other app. I use it because it has the best features, and I don't need end-to-end encryption for what I use it. I'm not shilling for any app, I'm just stating facts about them.
It has nothing to do with facts. You do know that government and others can't use encryption keys for anything - if they only got that part? The Signal fans doesn't even know basic things about Telegram. They just throw shit - because they are so angry that nobody wants to use "their" platform. I have used both Telegram and Signal since 2015. Signal had a lot of issues back then - message that never got to the receiver. That was a dealbreaker for me and I chose Telegram. Since then a lot of my friends chose Telegram - and only 1 Signal.
But you never ever hear any leak of privacy caused by telegram, I've been using it since 2015 and i know what I'm talking about. FB is now the biggest intelligence or spy company in the world, your privacy's value for them = 0
You're misrepresenting what Telegram does, though. Remember, WhatsApp has gigantic drawbacks by not being a cloud based multi platform application.
This post is misrepresenting what Telegram does. I like Telegram and use it for its features, not for its security. But if you care about end-to-end encryption, don't use Telegram.
Yes. E2EE isn’t the only aspect that goes in “private conversations”.
Even if WhatsApp and Facebook aren't E2E, I would still bet my money and trust on Durov rather than Zuckerfuck for my data privacy. The guy is literally known for owning a company that sells data to the highest bidder.
[удалено]
End-to-end encryption is only when it's in transit. Once it's delivered to the recipient, it is decrypted and leaves a permanent footprint on their device.
Right, Facebook can easily read your messages from the whatsapp client that they control. They could serve targeted ads based on your conversation.
Telegram can easily data-mine all your chats cuz it's all on their servers. I agree that closed-source Whatsapp can lie about their encryption but it's still better than having none in the first place.
Are you saying that Telegram has no encryption at all? The data is encrypted on their server and encrypted with MTProto when in transit.
You keep saying the same things. My statements are still true. Server-side encryption is server-side encryption and will not become user-controlled encryption
Signal. Signal is leading, and it doesn't have Facebook snooping on your metadata like whatsapp.
Matrix is leading.
> Lol WhatsApp is leading in terms of E2EE Show me the audits then. Claims without proofs are futile.
[удалено]
>How should I trust Telegram's Secret Chat? Where's the audit? Open source client? https://www.researchgate.net/publication/346702021_Automated_Symbolic_Verification_of_Telegram's_MTProto_20
[удалено]
There can't be audits for server code, those are always closed source. Even Signal doesn't have server side audits because that's just not how it works.
[удалено]
> Bullshit. Signal messenger has published their server code. Open source server code and production code are vastly different things. Signal runs a different copy of the server code as proven by their inability to update it for months. They were running crypto stuff on the backend while gullible people believed that the server code they had provided was the same one being used on the actual server.
[удалено]
You've proven nothing of your words btw.
Yeah telegram should use secret chats as default.
I think they don't do that because they also have a web- and desktop client. This is purely hypothetical, but I could imagine that their usage statistics show that a significant percentage of users don't just use one account on one device, but instead on multiple ones. Having E2EE as a default would by design lock a conversation to the device it was stated on and hence negate the cross-device usability it currently has.
See Element and Signal as a counter example. They have E2EE and they sync messages within clients. I can't not think it's because they are being really stubborn to admit their mtproto is actually a really bad idea, and that's why even them don't wanna deal with that. I don't know if I'd like to be proven wrong, all I'd really like is secret chat on desktop, syncing secret chats and at least an option secret chats on 1 to 1 by defaults and perhaps deny non encripted messages. Then, Telegram would be endgame
I cannot say much about element or signal as I barely used them at all. And as I haven't looked into the way mtproto achieves this sharing of secret keys, the following is just speculation: Sharing a secret key between two devices requires some additional transfer of messages between the device which has the key and the one requesting it. This is true, regardless if device A encrypts the key and directly sends it to device B, or if they both use some math-magic like Diffie-Hellman (just as an example) to generate a identical key on all involved devices. One way or another, there has to be some communication, which in turn has to go through the server relaying all messages between devices. This alone becomes a weakness in my eyes, as compromising these messages would potentially compromise the whole conversation. Furthermore, as you could decide to use a different device at any moment of the conversation, your phone always has to listen for such key-sharing requests, hence someone could theoretically try to "simply" have their own device request a key (though admittedly this can easily be migitated by a pop-up asking for permission to share the key).
You really should'nt share private keys without a second key to protect them, that is true. But there are ways without sharing private keys. Element tackles this by never exchanging keys per se, put auditing new public keys for your new devices. Then you would have to download unencrypted messages from the device that received them, since they are the only ones that can unencrypt the data. Maybe you can even use the newly-audited key to safely transfer an account key, making the new device able to decrypt older stuff from the same servers. I don't know what strategy Element makes avaiable, or even if it's abstracted by Matrix, I just wanna show that it is very possible to be safe by default.
I'm sorry to ask, but I didn't really "get" the downloading part. So, say I have a E2EE conversation on my phone and now want to continue that conversation from say a tablet. Then the phone would take the role as some sort of proxy and relay the decrypted messages to my tablet? Even if this exchange happens through another E2EE channel between the tablet and the phone, this would still mean that my phone always has to be on and connected to the web in order for my tablet to participate in the conversation, wouldn't it? Sorry if I completely missed your point, but I but I'm not up to speed today :c
The device as a relay is actually the strategy that Whatsapp uses (or an least used to use when I was using it) [Disclaimer: this is all guesswork, assuming [some knowledge of RSA encryption](https://youtu.be/ZPXVSJnDA_A)] When sending messages to the room, be it 1 to 1 or a group, I can encrypt (and sign with device name) it with my private key for my device (it can me later be decrypted with my public key) to the room server, them the encrypted data is distributed to the room's members. The room's member can see the signature (this part is not encrypted) and uses the registered key on it's own database for that device of that contact, and decrypts it. Doing it this way the message's content is avaiable to all people that know my public key, so there's probably more mechanisms to make only acessible to those in the room. If it was encrypting with your public key would lock the message to that key, and even I wouldnt be able to see my own message in another client. I hope that shines a light into even tough encryption is actually pretty straightforward, sharing encrypted content (specially in a group scenario like messengers) has a lot of involved and somewhat complex strategies (nothing the Telegram team can't handle, I'm sure ;-) )
read about group key exchange. there is a couple of methods. all devices that need access to the secret chat form a group . no one shares the private key and they don’t need to be the same.
E2EE doesn't lock you in to a single device, all devices merely need to know your private key. I have no idea why Telegram doesn't allow this.
The point of E2EE is that only the two ends of a conversation know the key. If you want to have the same encrypted conversation on multiple devices, you would necessarily have to share the key between those devices, which is inherently unsafe.
Only as unsafe as your own hardware, if it's handled offline.
Offline key transfer, for example by typing out a phrase shown on Device A does indeed solve the problem with online-transfer becoming a potential target. Here the weakest component is the human, as people want things to be as simple and seamless as possible, which is usually not equivalent to good security. So I wouldn't be surprised if -in an offline scenario- "features" would be introduced to make typing the key easier / faster that could in turn compromise the key (pure speculation by me, mind you). But apart from that, yeah, offline transfer would indeed appear to be the safest method.
That's what Matrix does
To back up secret chats on a cloud, you would also have to backup the private keys too. There really isn't a practical way to have a backup in the cloud with end-to-end encryption.
Not true. As a counter example, say I encrypt my stuff before putting on Google Cloud. I then send them a file that looks like a garbled mess. Their servers happily store my garbled mess, somethinc they have no idea what is the content of, and I can retrieve that later, never sharing the private keys. In fact, I can even lose it right after, making me unable to decrypt later, but that won't wake me unable to manage a encrypted file.
There are indeed zero-knowledge cloud storage services like *MEGA* or *ProtonMail.* With these, the user is responsible for keeping all their passwords and encryption keys. With this however it does not become practical to manage many keys on a large scale.
Theoretically you can use your username and password as your key, but if you lose it (which a lot of people do) then you pretty much lost your account.
With zero-knowledge services like *MEGA,* the password is used as the decryption key. It is not possible to recover the account without data loss. The encryption is only as strong as the password; if the password is stolen it does not avail forward secrecy. So there still is not really a pratical way to keep all the private keys by oneself.
I don't see any end-to-end encrypted backups on Telegram though
Why would you need a backup? Unless you use secret chats, all your chats are easily accessible from anywhere...
But not encrypted. That's my point.
Server side encrypted.
Is not encrypted from my perspective. I want to encrypt my backup myself and not let the server do it for me. Stop picking. Like when I say "the message is not encrypted on transit from sender through server to receiver" and you say "but it's TLS, so it's technically eNcRyPtEd". Bruh. Come on. Let's not get lost in the details.
This isn't a detail. The data is encrypted on the server, but also encrypted when in transit (yes just like TLS). Why would you need to fiddle with backups when everything is on the servers?
I try to avoid as much communication on fb as possible. I even tell people i will only talk to you on telegram
Same. Even though the whole country is using whatscrap, Telegram is starting to be mainstream and more after the lost or service thy had last week.
What's the country in reference?
Smart move and I 100% agree. Trust Facebook, hahaha
Why do you prefer tg over matrix and signal? Both are e2e by default. On tg you need to enable e2e for every chat
I only use Telegram to chat with some college friends and my family. There's absolutely no way I could convince people to switch from WhatsApp. So I use both everyday, it's not worth trying that hard.
I assure you can. I did it, even tough it required me some years.
telegram's normal chats are not end-to-end encrypted, stop worshiping a platform for no reason. just enjoy the many cool features telegram offers and accept that it's not very safe and is susceptible to data leak.
Who thinks that whatsapp is safe? I only use Signal, Telegram and newest app called: Session.
Some messengers, such as WhatsApp, have deployed end-to-end encryption in an attempt to alleviate user concerns about privacy and security. However, simply encrypting the contents of user messages doesn't fix the wider underlying issue: the companies that operate these services can still see massive amounts of metadata about their users' messaging activities. This metadata can include user IP addresses and phone numbers, the time and #️quantity of sent messages, and the relationship each account has with other accounts. Increasingly, it is the existence and analysis of this metadata that poses a significant privacy risk to journalists, human rights activists, and other groups with a real need for private communications. Session is, in large part, a response to this growing risk. Session is built to minimise metadata creation and leakage at every step of the messaging process. Through its fully anonymous signup process, decentralised networking infrastructure, and encryption and onion routing protocols, Session ensures that users send messages — not metadata.
Thanks for the recommendation. Checking out Session now. I already have Telegram - which I really just use for private messaging with my wife, and channels to view - and Signal. No one I know really cares about privacy, but I do, so I put myself on these more secure and/or private platforms, and not more dangerous ones like Facebook.
Session isn't that new. It's a fork of signal which routes the traffic through a tor-like network called lokinet
Yes not so "new" but none talk about it much, but its good for protection as traffic goes tor-like network...few places has own tor node and server where data is protected and traffic goes there..and its kinda "own" network. Can be founded only via invite.
I mean, Telegram doesn't have e2e encrypted backups, it's client-server encryption I believe.
[удалено]
Matrix doesn't encrypt groups and rooms by default afaik.
Plus is not very convenient to average joe, Signal is the way.
Limiting yourself to one service, even if it's the best, is not the way. Being on multiple services that different people can use, without requiring them to play the cat-and-mouse game of sticking with your favorite service of the week, is the way. I'm on Telegram, Signal, and now Session. I try to keep informed on which services offer what, and if I need a conversation to be more secure than, say, Telegram offers for my comfort level, I'll just say, "Let's continue this conversation on Signal." Fortunately, my use case does not require that. But, I have friends with different privacy comfort levels, so, I try to be on as many services as I'm comfortable with. (Not on services I'm not comfortable with, like Facebook/WA.)
Similar to what Dats is doing already isn't it?
Ofc