-
Seve
https://mtpsym.github.io/ – Security Analysis of Telegram (Symmetric Part)
-
christian
Seve: that's nothing new. People join telegram for two reasons 1) cheap space 2) they don't delete your stuff if its is relative OK.
-
christian
Nobody goes there for security.
-
ralphm
Citation needed. Also it depends on the threat model. If you just want to get away from Facebook or the FSB, maybe Telegram is a reasonable choice.
-
chronosx88
> Seve: that's nothing new. People join telegram for two reasons 1) cheap space 2) they don't delete your stuff if its is relative OK. 3) UI/UX - there is very comfortable ui as for messenger
-
chronosx88
> Citation needed. Also it depends on the threat model. If you just want to get away from Facebook or the FSB, maybe Telegram is a reasonable choice. haha, there are rumors that Telegram works with FSB
-
emus
And Telegram provided data in the Honhkong demonstrations✎ -
emus
And Telegram provided data in the Hongkong demonstrations ✏
-
christian
> 3) UI/UX - there is very comfortable ui as for messenger Agree. I wish more people help Daniel to make conversations more sexy. This will bring more people to xmpp.
-
Sam
Here's the pad with potential policies if any board member wants to weigh in on it: https://pad.disroot.org/p/XSF_Fiscal_Host_Rules
-
Sam
The stuff that's here now were just my thoughts about where we could start.
-
Sam
If you get time arc, we can collaborate on that pad to figure out what we want to rubber stamp and I can update the PR with whatever we come up with.
-
Paganini
> https://mtpsym.github.io/ – Security Analysis of Telegram (Symmetric Part) Can we be sure that XMPP protocol and its encryption method (OMEMO) doesn't have the same kind of weaknesses or vulnerabilities?
-
MattJ
If you read the link you'll see that it discusses Telegram's transport encryption
-
MattJ
They created their own alternative to TLS, which everyone else (including XMPP) uses
-
Zash
Didn't Signal also invent their own transport encryption, Noise?
-
Ellenor Malik
Zash: yes, which is used in Wireguard
-
Zash
WhatsApp used to have that insecure RC4 thing...
-
Paganini
> If you read the link you'll see that it discusses Telegram's transport encryption You are right. But can we be sure that TLS and OMEMO are more secure than Telegram's encryption?
-
Zash
TLS has evidently had a lot of problems in the past, but it also has a lot of cryptographers looking at it.
-
Zash
Paganini, no we can't be sure. Only time will tell. And time usually tells us that all crypto is broken eventually.
-
robertooo
Signal doesn't use TLS and uses Noise instead?
-
chronosx88
Noise over TLS 😀
-
robertooo
Seriously? That would be quite ridiculous.
-
Zash
Not as ridiculous as OMEMO over TLS over Noise over WireGuard over IPSec ... over HTTP
-
chronosx88
...over TCP
-
Zash
No no, over XMPP https://xmpp.org/extensions/xep-0332.html
-
chronosx88
oh god
-
southerntofu
hello i see blabber.im in https://xmpp.org/software/clients.html maybe it should be removed now?