XSF Discussion - 2021-07-16


  1. Seve

    https://mtpsym.github.io/ – Security Analysis of Telegram (Symmetric Part)

  2. christian

    Seve: that's nothing new. People join telegram for two reasons 1) cheap space 2) they don't delete your stuff if its is relative OK.

  3. christian

    Nobody goes there for security.

  4. ralphm

    Citation needed. Also it depends on the threat model. If you just want to get away from Facebook or the FSB, maybe Telegram is a reasonable choice.

  5. chronosx88

    > Seve: that's nothing new. People join telegram for two reasons 1) cheap space 2) they don't delete your stuff if its is relative OK. 3) UI/UX - there is very comfortable ui as for messenger

  6. chronosx88

    > Citation needed. Also it depends on the threat model. If you just want to get away from Facebook or the FSB, maybe Telegram is a reasonable choice. haha, there are rumors that Telegram works with FSB

  7. emus

    And Telegram provided data in the Honhkong demonstrations

  8. emus

    And Telegram provided data in the Hongkong demonstrations

  9. christian

    > 3) UI/UX - there is very comfortable ui as for messenger Agree. I wish more people help Daniel to make conversations more sexy. This will bring more people to xmpp.

  10. Sam

    Here's the pad with potential policies if any board member wants to weigh in on it: https://pad.disroot.org/p/XSF_Fiscal_Host_Rules

  11. Sam

    The stuff that's here now were just my thoughts about where we could start.

  12. Sam

    If you get time arc, we can collaborate on that pad to figure out what we want to rubber stamp and I can update the PR with whatever we come up with.

  13. Paganini

    > https://mtpsym.github.io/ – Security Analysis of Telegram (Symmetric Part) Can we be sure that XMPP protocol and its encryption method (OMEMO) doesn't have the same kind of weaknesses or vulnerabilities?

  14. MattJ

    If you read the link you'll see that it discusses Telegram's transport encryption

  15. MattJ

    They created their own alternative to TLS, which everyone else (including XMPP) uses

  16. Zash

    Didn't Signal also invent their own transport encryption, Noise?

  17. Ellenor Malik

    Zash: yes, which is used in Wireguard

  18. Zash

    WhatsApp used to have that insecure RC4 thing...

  19. Paganini

    > If you read the link you'll see that it discusses Telegram's transport encryption You are right. But can we be sure that TLS and OMEMO are more secure than Telegram's encryption?

  20. Zash

    TLS has evidently had a lot of problems in the past, but it also has a lot of cryptographers looking at it.

  21. Zash

    Paganini, no we can't be sure. Only time will tell. And time usually tells us that all crypto is broken eventually.

  22. robertooo

    Signal doesn't use TLS and uses Noise instead?

  23. chronosx88

    Noise over TLS 😀

  24. robertooo

    Seriously? That would be quite ridiculous.

  25. Zash

    Not as ridiculous as OMEMO over TLS over Noise over WireGuard over IPSec ... over HTTP

  26. chronosx88

    ...over TCP

  27. Zash

    No no, over XMPP https://xmpp.org/extensions/xep-0332.html

  28. chronosx88

    oh god

  29. southerntofu

    hello i see blabber.im in https://xmpp.org/software/clients.html maybe it should be removed now?