Knowing the messages can only originate from a sealed application on a first party device eliminates a whole class of spam and security problems.
It conveniently appears to also eliminate some amount of responsibility. Seriously? Was it not known that it’s possible to debug even 1st party apps? Was it not already obvious that walled gardens are only good before they got cracked?
A huge security risk for Apple users
I wish engineers would stop using the word security just because they like it. Apple should try to prevent threats like pegasus instead of telling everyone that blue bubbles are a security risk.
and to zero benefit for Android users
Yeah, it’s more useful for apple users so they wouldn’t need to resort to unencrypted messages when talking to Android users.
Let Apple implement RCS as they promised and move on. Isn’t everyone on Telegram or WhatsApp anyway…?
Heh. I wish to see apple say the same in their statement of decision to shut down iMessage.
It’s just pointless.
Yeah. Apple doesn’t understand the community concerns, it only understands court decisions. Though sometimes these two have some connection.
How do notifications work in the official Telegram Android app (Play Store vs Site version maybe)? Does it have the same mechanism as Signal, which only recognizes the presence of notifications via Google services, but sends them via its web socket service?
I’ve been using Telegram enough to understand that such allegations are useless. The first link is literally not about Telegram but about its 3rd party fork that original developers can’t do anything about. The second link is about piracy, and any app owner would handle any data they could in similar situations.
Telegram is not just a messaging app but a public platform with channels and public chats. Any app with these properties will eventually have the same issues. If you don’t want to risk, you just use it as a personal messaging app and that’s it - in this way it’s not much different from other “secure” messaging apps.
The way for apps like Signal to remain “truly secure” in “careful” users’ eyes is avoiding the introduction of the public communication part, which could lead to all the same problems some people don’t like Telegram for.
That said, Telegram actually has a history of being a “bad actor” if you want to call it so. Namely:
At first it was possible to steal someone’s account by faking a SIM card (any government can do this). Later Telegram introduced cloud password that helped to prevent such cases.
At various points Telegram wrongfully banned and marked as “fake” various channels and bots used by opposition in Russia.
But I can’t agree that either of that makes Telegram an insecure messaging platform. It’s either about bad management decisions in specific situations (e.g. Durov being worried about Telegram getting banned) or technical aspects of how user reports are handled (basically any channel can get marked “fake” if enough user reports are received).
Not third but another one out of many. Incidents that don’t really mean the app is not secure.
You can see from the article that Telegram would have to give up on a basic feature expected from similar apps in order to fix that “issue” with public groups.
Again, it’s the public communication features that lead to such issues, and I expect any other app to have very same “issues” if they introduce similar features and make them useful enough for protesters to try to rely on them when fighting against oppressive governments.
You can’t expect messengers like these to be a proper instrument for protesters that makes them safe. These public groups need to grow to become effective, and apps specifically aimed for protesters would not have enough user base. Still, Telegram is the most used app by protesters from what I see, and it does provide adequate level of protection if you use it correctly (if you understand how it works).
Signal pushes back against third party apps
So it doesn’t like to be open enough for others to do what they want with it. Still, one shouldn’t expect it to work anyway. If you make your client open source, there will be forks that allow communicating with your servers. You’d have to introduce a black box, and open source community won’t like that.
Signal seems to do quite enough of useless stuff. People rate it more secure than Telegram. One of reasons for that is that it supports e2e encryption in group chats. But it’s useless when comparing to all the issues with Telegram, already because it’s always about public groups. Let me see how Signal would protect people in such groups while staying in scope of private communication app.
can pressure a CEO into simply handing over previously accrued user data, then the app was never secure to begin with
Nah, actually: “if a public service uses servers, then it is never secure”. Any service will handle all the data they have if pressured. Servers have to know your IP address (though you can always use proxies) and phone number at least to provide service at all. You can’t really blame owners of public service. You could blame them if their service was serverless though, because that would mean they store something they shouldn’t need to operate.
Telegram has told people to make third-party clients
What? No. It just didn’t tell them they have to use their own servers to use their forks.
the fact people found it easier to find and download a third party client really speaks to how little they cared about that particular area.
No, it speaks to how no big developer can do anything to prevent their apps from being banned by oppressive governments. Hence why opposition resorted to 3rd party forks.
And Telegram now has an increasing history of supporting state governments over the people.
Telegram has experience of trying to protect people when they oppose governments. Signal is not interested in getting any similar experience. It will remain useless to opposition it seems.
Telegram stores far more data than Signal, including the memberships of groups
Signal would have to store the same data to allow users participate in public groups.
and the contents of every message in every group.
I don’t think Telegram ever disclosed anything like that. Public groups are open for everyone including governments. Any service that is not serverless will store the same amount of metadata, otherwise it won’t work.
This argument will have some weight if you can provide examples where telegram shared some information about private groups with someone unauthorized.
I’m not shilling. Just pointing out obvious differences in products’ features that one has to take into account when judging about app developer’s “wrongdoings”.
It is you who refuses to take logical steps to agree that every single app with the same feature set will be vulnerable to governments’ decisions. Signal is not a subject of that only because it does not provide such features and therefore is not used by protesters.
Yes, telegram knows all your private groups. But you are missing everything by assuming it is bad for you. You will be arrested not because telegram will disclose your private groups. You will be arrested because some person will join your private group and leak your presence there. That person will not need to get any information from Telegram for that. This is not an issue a service could solve by any encryption.
Could you prove that? More specifically, I need proof that it allows public groups for protesters to gain mass and protect their identifies adequately at all times.
It doesn’t need to do that
It does need that. Signal stores this information too. Just because it’s encrypted doesn’t mean it will not be handled to someone against your will.
Why would it not disclose groups?
I don’t know, maybe because I can’t imagine why even the most insane government would come up with laws that would allow it to ask internet services something like “hey there is this person, please provide some data of their activity on your service” instead of just capturing that person and making them spill out everything themselves. If you are at the point where your groups are disclosed this won’t be the result of government’s requests to some service. It’ll be the starting point for those.
A year ago, you would have said Telegram doesn’t disclose people’s identities.
I wouldn’t.
ignoring every other problem Telegram has but Signal does not
Signal’s way to “not have problems” is to avoid users who could bring them.
And why should I accept your reframing when you try to compare signal to telegram?
I see, signal wants to keep its servers free from content. Cool. This automatically means groups can’t accept new members and allow them seeing all the previously posted content. This is what protests use to grow. So signal can’t be used to grow protest groups. Only fixed groups would use it to do stuff they want, and “making more people join the protest” would not be on list. They will need to resort to other methods to spread infornation if they wanted to grow. Protesters groups that don’t want to grow are not what I could consider a real protest.
Protest is a public movement. It will not be effective when it’s private or wants to keep its members anonymous. This is basically what oppressive governments are fine with, so signal helps them in a way.
What led to telegram’s “wrongdoings” would not be possible if it did not provide public communication. Signal doesn’t provide it either so they’d have to use a different platform. That would lead to the same consequences.
Affected people could use private groups in telegram to avoid issues. But then it would not be what they wanted, and their actions would not be impactful enough (without other platform capable of public communication) for government to get interested in them.
Up until you allow to join that one member that will leak every single thing you wanted to keep private.
But giving law enforcement first-class access to groups helps them avoid law enforcement how?
Not sure my English skill is enough to understand this sentence.
Who exactly gave anyone first class access to anything?
And no, private groups in Telegram are still fully visible to the state-supporting Telegram corporate employees.
This is like saying that an email provider has access to your emails. Not even trying to argue with the rest of implications. So what? You’re still avoiding the point. No service can protect you from the real world. You must avoid real world issues yourself. By either using private features of apps, or by not participating in public communication, or by using apps that prevent you from participating in public communication etc.
Someone cut a hand with a saw when cutting a board. You saw that and thought “that saw manufacturer is at fault, I’d better use a saw from another manufacturer”. What’s happening really is you choosing a knife over a saw. Also it’s very probable that people like you are not ever going to try to cut a board. That’s what choosing signal looks like to me. I’m not judging you for choosing a knife or for avoiding boards, but it’s worth it to understand the differences.
Oh that’s right, the spoken administrative context. Same in my dd-mm-yyyy county actually. Still, I find it less intuitive than the logical yyyy-mm-dd when understanding written text.
That doesn’t really help in my experience because this state is not saved. You have to do tricks in order to get it saved like move the window a bit or resize it etc.
Sure, and there’s good reason to believe they weren’t actually elected.
They operate Gaza and all the humanitarian aid. If someone has power over Gaza it’s them. And if not, then there is no one to talk to.
Bro they’ve killed 3000 plus kids in less than a month
3000 Palestinians? These numbers come from hamas so they are not to be trusted by default. Also, you have to consider how hamas forces Israel to attack civillian infrastructure by firing missiles from it. And hamas doesn’t provide any defense for Palestinians, and they say it’s not their responsibility. Man, “let us fire rockets at Jews, don’t let them attack us back, don’t stop those funds coming so we could build more rockets, and look how we promise to repeat mad attacks again and again until we destroy Israel, because we are victims”, pretty cool guys. And people are like “wtf do as they say, they are freedom fighters”.
When did Israel act unprovoked? Like at least once a week for 30 years, pay attention.
Please provide exact cases of 2 unprovoked attacks between September 22 and October 7.
This website is promising but there are no “over 3000 children over a month” figures here.
Hamas doesn’t force anything
When you attack a developed country with an army from a specific location, you are asking to bomb this location as a response. Don’t know if it’s s surprise to anyone, but it just works like that. You wouldn’t suppose it would mean “please don’t bomb this location” instead?
if I hold a gun to a child to force a bank robber to give up am I the bad person or are we both shitty examples of humanity?
If before doing so you shoot that robber’s friends and pretend it never happened, you are worse than those robbers.
But really, this analogy is beautiful. I now know the proper solution to all our problems, and with no bloodshed. Here is what Hamas should say: “We are martyrs and you are oppressors. We refuse to live under oppression. We mined every single house and every single Palestinian. If you don’t reconsider we will detonate it all at once.”
Bro, settlers spit from their raised walkways onto Palestinians literally every day.
What walkways? As if anyone has the time to spit at all anywhere, damn.
Small slights matter and I’m pretty sure they roof knocked a building on the 19th anyway.
What building? Who? I’m not getting it. “It doesn’t matter that Israel didn’t bombed a hospital because at the same day they bombed another building anyway”?
The Gaza director for the United Nations agency for Palestinian refugees says the average Palestinian in Gaza is living on two pieces of Arabic bread made from flour that the U.N. had stockpiled in the region.
Steam is using CEF v85 (not Electron but still). Should have gone “please be aware to not visit even slightly shady websites until we update it” but instead went “oh you must like security, so we announce that we will drop Windows 7/8 support in half a year (because CEF Microsoft doesn’t support it anymore) so you could play your games more securely”.
This is a secure dns and adblocker that has evolved into a great privacy app. Yesterday i noticed it has added support for Wireguard and TOR as well as proxy. The app comes with a customizable firewall. It means you can have secure dns combined with vpn/proxy and firewall in one app....
Another app I use sometimes (Time Squared) got a similar UI update recently and I hate it. Used to be a simple app that just worked. Now it takes about 5 seconds just to load, switching to another menu takes about a second. These fancy web frameworks need to get some rest.
Technically, unironically, its latest desktop version for Windows is better than expected. It’s no longer based on Electron or whatever, consumes less resources than before and works adequately.
You probably missed a part where Chrome, Chromium, and CEF are practically the same thing when it comes to resource consumption. Man, I can’t even make Steam consume less than 1 gb ram at any time anymore, even when minimized. CPU consumption, the amount of processes, loading times are also problematic. I wish companies would rely on a labor of programmers, not just web programmers.
Sorry what? I literally said that it consumes this amount of memory while there is no active windows. You can close them all and it won’t change much.
Also years ago the website was still filled with images and it didn’t consume that much.
Also, do you really think high quality images consume more resources? High resolution I can understand, but quality is irrelevant when it comes to ram.
You seem to not understand what you are talking about.
First, it’s possible to have an app active without spending resources on background windows. This process is called “close a window”. If an app has the tray icon available it should be perfectly viable option and, guess what, it works like that with many apps. But no, even the tray menu for Steam is now a damn web-rendered element. Also even in Chromium based browsers, you can have 2 or more windows opened, and when you close one of them you can expect less ram usage than before you closed it. I’ve seen at least one VScodium derived app that completely unloads browser based code when no active windows are visible. You don’t need to be a huge corporation to know how to do it.
Second, it’s insane to propose that thousands of images from some site (or even from disk cache) are going to be cached into memory immediately upon app launch. You could at least do some research or try Steam app yourself. Want to also tell me how I need thousands of images in my ram even when using Steam small mode?
Third, you mustn’t tell me what I need to sacrifice to have “nice and smooth experience”. I know enough about code and have seen enough apps to know that you don’t need to require GBs of ram from every user to provide good experience. There are literally web based alternatives to CEF that consume 5x-10x less. And then there are many other options for native code.
You mention few megabytes of code. Yeah. Problem is, Chromium code is tons more than that. Those are not “small” apps.
Apple responds to the Beeper iMessage saga: ‘We took steps to protect our users’ (www.theverge.com)
Telegram Android Notifications
How do notifications work in the official Telegram Android app (Play Store vs Site version maybe)? Does it have the same mechanism as Signal, which only recognizes the presence of notifications via Google services, but sends them via its web socket service?
Gabe Newell ordered to make in-person deposition for Valve v. Wolfire Games lawsuit (www.gamesindustry.biz)
Japan is on its own wavelength. (lemmy.world)
Why is Steam (Windows PC version) the only program (to my knowledge) that natively snaps to windows displays?
Try it. Move your Steam window around. See how it snaps to the edges of your display(s)?...
What is hamas ?
The average Palestinian in Gaza is living on 2 pieces of bread a day, UN official says (apnews.com)
The Gaza director for the United Nations agency for Palestinian refugees says the average Palestinian in Gaza is living on two pieces of Arabic bread made from flour that the U.N. had stockpiled in the region.
Security expert reveals surprising way to make your password stronger: use emojis (nypost.com)
Palestinians plead ‘stop the bombs’ at UN meeting but Israel insists Hamas must be ‘obliterated’ (apnews.com)
APNews.com
fuuuuuuuuuuture (lemmy.world)
I'll never learn to not do this either. (startrek.website)
I HATE electron (lemmy.ohaa.xyz)
Death trap toilet. (feddit.uk)
RethinkDNS got updated and it's amazing now (lemdro.id)
This is a secure dns and adblocker that has evolved into a great privacy app. Yesterday i noticed it has added support for Wireguard and TOR as well as proxy. The app comes with a customizable firewall. It means you can have secure dns combined with vpn/proxy and firewall in one app....
I has come to my attention that some users have never heard of F-droid. F-droid is a free software app store for android (f-droid.org)
Russians Are Strangely Stumped About Why Moscow Is Getting Bombed (www.thedailybeast.com)
“Who would have declared such a war on us in Moscow?”...
its even more outdated (lemmy.dbzer0.com)
Recursion (lemmy.world)
Firefox is the only way. (lemmy.world)
I like the interface, and have been a user of the reddit version for years... (media.kbin.social)
JPEG XL: How It Started, How It’s Going (cloudinary.com)
deleted_by_author