• TCB13@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    3 months ago

    They won’t there’s no need. Their clients are garbage and they’re most likely backdoored anyways. This action against Telegram is only happening because they can’t get inside it, they can’t backdoor it nor corrupt anyone. If they were able to do that they wouldn’t be doing this.

    • ArchAengelus@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      11
      ·
      3 months ago

      No matter how good the protocol or client encryption, your privacy is only as good as your own physical security for the device in question.

      Given that if you lose your private key, there is no recovery, I would be surprised if there were real back doors in the clients. Maybe unintentional ways to leak data, but you can go look for yourself: https://github.com/signalapp/Signal-Android

      They have one for each client.

      • heavyboots@lemmy.ml
        link
        fedilink
        English
        arrow-up
        8
        ·
        3 months ago

        As an example of this, I believe SexyCyborg got in trouble for reporting on leaks via people’s 3rd party Chinese language keyboards. So her theory is that the keyboard apps people had installed leaked data when Hong Kong protesters were communicating with the press, rather than the actual Signal app. But… as stated above, people have to take responsibility for their device and in this case, they had chosen to install apps with leak issues into the communication process.

        • socsa@piefed.social
          link
          fedilink
          arrow-up
          6
          ·
          3 months ago

          This is precisely why opsec is more than just an app.

          Leaky keyboards are a possibility, but what is actually far more likely is just that someone on the signal group chat was a mole who was archiving the traffic for the party. Signal has since made efforts to bring anonymous accounts to the platform, which will help thwart such attacks. Though against a state actor it is still not enough unless you take additional measures to obfuscate traffic. And then that still doesn’t protect you against some CCP brownshirt from tailing you and then snatching your phone out of your hand when you unlock it.

          • milicent_bystandr@lemm.ee
            link
            fedilink
            arrow-up
            3
            ·
            3 months ago

            Leaky keyboards are more than a possibility. Sogou, the biggest one for Chinese typing, got found out a year or so ago for having terrible client-server encryption. They fixed it in an update, but many people didn’t get the update - not to mention it’s still sending every keystroke to Tencent (are the owners I think?) so they could also be saving and analysing private typing anyway.

      • TCB13@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        Maybe unintentional ways to leak data,

        Yeah, that’s what I think it may be. Just like Apple reporting on all apps you open on un-encrypted HTTP calls and a few other things.

        • sunzu2@thebrainbin.org
          link
          fedilink
          arrow-up
          3
          ·
          3 months ago

          are you talking about phone notification bullshit and google got caught reporting to government with no warrants.

          • ArchAengelus@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            2
            ·
            3 months ago

            Signal’s defaults are pretty good about that. Push notifications are both opt-in and the information they send can be selected by the user. You can have it say “new message” and that’s it. Or the senders name. Or the whole message.

            I agree that it’s not intuitive that that’s a leak to most people, but push notifications are kind of wonky how they work.

            • sunzu2@thebrainbin.org
              link
              fedilink
              arrow-up
              1
              ·
              3 months ago

              signal is all around very strong… my main criticism is the “trust signal bro” cult pretending like Signal would not log chats if ordered by the spooks. which is naive AF and feels like they are trying to make normeis comfortable so they don’t demand better.

      • TCB13@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        3 months ago

        If you don’t turn on the secret chat feature it wont be, yes. However if E2EE was the only deciding factor for a gov to go against an App then they woudln’t be going after Telegram. The fact that govts are going so hard at telegram simply proves that even when the company has access to all our chats they don’t actually provide them to said govts.

        I’m not saying telegram is good from a security perspective, I’m just saying that event without E2EE and all the modern wonders govts can’t still get in because the company doesn’t indulge their requests.