Fake speeding tickets as a service…
- 0 Posts
- 202 Comments
Joined 1 year ago
Cake day: June 17th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
(Properly implemented E2EE is too difficult at the moment but those are some big caveats. Still: didn’t use Telegram.)
No, they cannot do it. That’s what E2EE means. It means they do not have the technological ability to do it. It is not possible.
Yes, even if a judge orders. You can see instances of that on their website: https://signal.org/bigbrother/
Yes there are weak points (the huge one with Signal being: requiring your cell phone number as a part of authentication) but that’s far beyond the level of technical expertise required to, say, just intercept clear text communications, ex from Telegram. If a government is wiretapping you then you’ve got problems that neither Signal nor Telegram can solve.
Now maybe you will suspect that a three letter agency will force them to do something bad, like send a suspect a hacked/backdoored version of the app or something but by and large i don’t think they would do that. They’d just go to Google or Apple and put a keylogger on your phone, or some other solution. Realistically, though, this is a level of effort far beyond what >99% of all humans need to worry about. Choosing Telegram over Signal because you’re afraid the government is manipulating your Signal app is a sign of incoherent paranoia.
A more serious concern would be, for example, the government capturing all data sent across the Internet and then holding onto it until some hypothetical future computer is developed that can just break the encryption. That’s still pretty silly but it’s something the US (at least) is doing. Still way beyond what they would need to get your Telegram messages because, again, they don’t need to decrypt those. They can just look.
The difference being: Signal cooperates as they’re legally required to buy do not have the technological capability to betray you. Telegram has the technological capability to betray you (and governments can spy on Telegram, with or without Telegram’s assistance) but refuses to cooperate.
Signal is much better and more reliable in this.
176·9 days ago“High T alpha males” oh good, they invented a new gender again and it sucks.
As well as the package manager (and release type/schedule as mentioned in a different reply) you might want to look at the overall structure.
Does the distro use selinux or app armor (you probably want at least one)? Does it follow traditional distro structure like Ubuntu/Debian or is it weird like atomic (ex Silverblue) or declarative (ex Nixos) distro? Is it a minimalist distro (Arch is the big modern one) it maximalist (Suse)? Those kinds of things can also be informative.
They can order Signal to turn over data (and the have) and signal has complied when it was legally required of them to do so, handing over all of their no data.
That’s the difference.
If that weren’t true they wouldn’t be so constantly upset about E2EE.
Specifically, they have the technological ability to prevent some crimes on their platform and have repeatedly refused to do so, or even engage with attempts to do so. Because they’re not E2EE they can see what everyone is doing and are therefore legally required to step in when someone is (for example) selling drugs on their platform.
Signal (etc) have no insight into the actions of their users and when they are legally required to take action they do, they take the minimal legally required action (unlike other services from, ex, Apple). Signal follows the law, Telegram does not.
States are really pissy about E2EE for this (and other) reasons. They want to get rid of it because they want to monitor all private conversations. That’s why E2EE is important.
2·11 days agoIt’s definitely not willfully ignorance given they collect the data.
I get it, i don’t want to live in China but i don’t want to live in whatever Elon Musk has planned for the US, either, and his wealth gives him undue influence over… pretty much everything. You’re not convincing me you’ve got a consistent take here if you’re cool with Twitter but not TikTok.
Yet nobody cares about US companies like Twitter, Facebook, and YouTube manipulating public opinion with their algorithms.
32·13 days agoIt sure as fuck does!
Hadn’t seen that before but given what else i know about him it’s not really surprising…
Europe does have some Union representation in the corporate org structure, fwiw. How much that helps… well… i’m not sure, i haven’t seen it up close.
Red Hat works for the US military among other things, too. Not the greatest.
Damn, the full meltdown!
I was a lowly bottom tier asshole at the time (doing senior work, just didn’t get the title) so managers would just put shit on my calendar and assume i would clear everything for their pet project. Then they got upset with me when that didn’t happen.
Once, i had an entire day double booked (plus multiple hours before and after my working hours) and one hour in particular was quadruple booked. People were shouting at me all day about how I wasn’t showing up to their meetings, but like… you could see my calendar when you put those appointments on there. That’s kind of on you.
I got a talking to from my boss but they didn’t reprimand me or anything, it was just “managing these kinds of things is an important part of the job”. Eh. They did not pay me enough.
Someone above mentioned screen reader support for blind use accessibility stuff. For users who are blind, this is critical.
See the start of this post talking about device tree models vs boot time hardware discovery.
There’s no reason an arm chip/device couldn’t support hardware discovery, but by and large they don’t for a variety of reasons that can mostly be boiled down to “they don’t want to”. There’s nothing about RISC-V that makes it intrinsically more suited to “PC style” hardware detection but the fact that it’s open hardware (instead of Apple and Qualcomm’s extremely locked down proprietary nonsense) means it’ll probably happen a lot sooner.
I’ve already addressed this but i guess i’ll expand on it.
Signal would not be able to add backdoors to all its users. Security researchers would see pretty quickly (more below) and that would be pretty big news because Signal is quite popular with people who care about their privacy.
They could in theory backdoor an individual’s Signal app but, again, that’s pretty inefficient. If anyone ever noticed it would be a big black mark against Signal, though they may not have much choice in the matter if it really came to it. However, we know that big governments and other sophisticated attackers usually prefer to just stick spyware on your phone. It’s easier, more comprehensive, and doesn’t require collaboration with Signal.
In contrast, you don’t need to do any of that with Telegram because it’s not E2EE. Your argument is basically “security features can be defeated by a sufficiently advanced attacker so use this other service that doesn’t have them to begin with.” This makes no fucking sense.
I don’t know what you’re talking about with FOSS stuff. Yeah, Telegram is open source. Signal is too. Some Signal forks (particularly the ones with “Signal” in their names) have been killed but others still exist, ex molly.im.
Signal client does have reproducible builds and has since 2016, as far as i know. This is another point against Signal being backdoored.
Beyond that, Signal has gone through a number of formal security audits. As far as i know, Telegram has not.
Finally, Telegram itself. Telegram could simply enable E2EE for all chats. They choose not to and that is concerning if you care about your privacy or security.
Yeah Signal could be better but that isn’t a case to use Telegram over Signal when Telegram is worse in almost every respect.