Telegram/Signal
- Thread starter Maggot
- Start date
Is Telegram Secure? What You Need to Know Before Downloading the App
Is Telegram secure? The popular instant messaging app presents itself as the superior alternative, but there are some things you should know.
heimdalsecurity.com
Telegram MAJOR Bug Flaw Compromises Security and Location for Messaging Privacy!
'People Nearby' flaw, heard of it? Privacy bug exposed!
www.techtimes.com
Is Telegram Secure? What You Need to Know Before Downloading the App
Is Telegram secure? The popular instant messaging app presents itself as the superior alternative, but there are some things you should know.
Telegram MAJOR Bug Flaw Compromises Security and Location for Messaging Privacy!
'People Nearby' flaw, heard of it? Privacy bug exposed!
Thanks, sounds like its not really that secure. was kind of looking for personal experience and other recommendations if theres something better.
The bad part of it is even if they were really secure that if they delete them off the app stores, and your settings are right, it wipes the apps off your phone.
I’ve had a sat phone for a few years now. They generally suck for day-to-day comms. They’re nothing like how they’re portrayed on TV. You need to be outside, clear line-of-site toward the constellation, and even how you orient your head can affect reception. The sound is crappy, but usable.
The only permanent sat phone that’s really usable is going to be dish-based, not handheld.
But it has gotten me out of some sticky situations when no other means of communication were available.
Think about multiple layers, such that the compromise of one layer does not automatically reveal whatever it is you're trying to conceal.
One-time pads are a bit difficult to implement, but if you start with that and then send the message via some sort of encrypted path, you might be on the right track.
Note that most people concern themselves primarily with man-in-the-middle attacks, but when dealing with human recipients, you need to make sure that the person on the other end is trustworthy.
One-time pads are a bit difficult to implement, but if you start with that and then send the message via some sort of encrypted path, you might be on the right track.
Note that most people concern themselves primarily with man-in-the-middle attacks, but when dealing with human recipients, you need to make sure that the person on the other end is trustworthy.
No experiance with either...but
Signal was created by ”Open Whisper Systems”, run by Moxie Marlinspike. Searching around it seems he has a cozy relationship w/ big brother. Also, look at the sites that are promoting it’s security, wired, cnet, etc..., and compare to the other articles they publish.
Signal was created by ”Open Whisper Systems”, run by Moxie Marlinspike. Searching around it seems he has a cozy relationship w/ big brother. Also, look at the sites that are promoting it’s security, wired, cnet, etc..., and compare to the other articles they publish.
In every western movie I ever watched that had a train, bank or stage coach robbery the first thing the robbers did was cut or pull down the wires for telegram
Yes, the experience lately has been poor as new users have overwhelmed the service.
Messages delayed or not even sent. Phone calls have been marginal at times.
Buying an AI does not make you a Sniper, nor does using Signal make your comms 100% secure.
Messages delayed or not even sent. Phone calls have been marginal at times.
Buying an AI does not make you a Sniper, nor does using Signal make your comms 100% secure.
In a lead lined room, underground with no electricity, a candle that you brought and you are talking with the voices in your head.
Just use the first letter of the words in a paragraph to spell out your message.
It's never let me down.
BugIn
It's never let me down.
BugIn
I use Signal a lot and it's a pretty good service with Android / iOS / Mac / Windows / Linux applications.
It has been a bit wobbly with the millions of new users.
It's probably good to keep ZuckerFace and TwitterBeard from spying on you.
It might also be of some limited use keeping non 5eyes countries from looking at stuff.
But it's probably not going to help you if any of the big boys in the government want in & if you are running it off Android, iOS or Windows, the companies providing the OS and the hardware probably have a few hardware hooks into what is going on anyways.
It has been a bit wobbly with the millions of new users.
It's probably good to keep ZuckerFace and TwitterBeard from spying on you.
It might also be of some limited use keeping non 5eyes countries from looking at stuff.
But it's probably not going to help you if any of the big boys in the government want in & if you are running it off Android, iOS or Windows, the companies providing the OS and the hardware probably have a few hardware hooks into what is going on anyways.
From the author of Surveillance Alley (https://surveillancevalley.com/ ):
"Exactly how much cash Signal got from the U.S. government is hard to gauge, as Moxie and Open Whisper System have been opaque about the sources of Signal’s funding. But if you tally up the information that’s been publicly released by the Open Technology Fund, the Radio Free Asia conduit that funded Signal, we know that Moxie’s outfit received at least $3 million over the span of four years — from 2013 through 2016. That’s the minimum Signal got from the feds."
yasha.substack.com
"Exactly how much cash Signal got from the U.S. government is hard to gauge, as Moxie and Open Whisper System have been opaque about the sources of Signal’s funding. But if you tally up the information that’s been publicly released by the Open Technology Fund, the Radio Free Asia conduit that funded Signal, we know that Moxie’s outfit received at least $3 million over the span of four years — from 2013 through 2016. That’s the minimum Signal got from the feds."
Signal is a government op
Signal was created and funded by a CIA spinoff. It is not your friend.
yasha.substack.com
Correct. Use electronics to set up the meeting, whose purpose can be described in any number of encrypted or unencrypted terms that will mean nothing untoward.
Don't forget to encrypt the dates, times, and locations as well.
Last edited:
If you are concerned, the open source Matrix communication protocol offers quite a lot of security features including encryption where the server has no clue what the keys are, and even per device verification.
However most are probably going to find actual good encryption a pain in the rear end and will settle for something that is easy to use and says secure on the tin and leave it at that.
However most are probably going to find actual good encryption a pain in the rear end and will settle for something that is easy to use and says secure on the tin and leave it at that.
yeah, dont know if youre old enough to remember 'party line telephone systems'. 10 or more people on a dial up line. Best way to find out what was going on in town.
No experience with telegram, but the guys I trust with my tech opinions say signal is gtg. End to end encryption and with the disappearing messages, even if your device is hacked you can still be ok as messages truly disappear and are not stored. Signal is open source (sexy word these days) so the security testing on it is legit.
The only weakness I see to signal is that is uses AWS for some of its servers (Azure is also used). This isn't an issue for messaging (encryption) but it is an issue for usage (parler, arf.com, etc.). The sources of funding is new to me and I will look into that for sure.
Would love to hear other's thoughts that know more than me. Smoke signals are still 100% gtg tho as long as you have direct line of site. NVG can certainly aid in seeing smoke at night.
The only weakness I see to signal is that is uses AWS for some of its servers (Azure is also used). This isn't an issue for messaging (encryption) but it is an issue for usage (parler, arf.com, etc.). The sources of funding is new to me and I will look into that for sure.
Would love to hear other's thoughts that know more than me. Smoke signals are still 100% gtg tho as long as you have direct line of site. NVG can certainly aid in seeing smoke at night.
Hi,
IF it transmits a signal....it can be hijacked; period!!
It is not like we are discussing neighbor jim bob from reading your texts; we are discussing one of the most technological advanced governments in the world, lol.....
Device abcdefghijklmnopqrstuvzxyz transmits ANYTING...a burst, microburst, encrypted, standard, etc....it can be hijacked.
The only secure communications is hard communications...not digital.
Dam satellites and UAVs can lock onto you by the way you walk, your voice, etc etc.....IF .gov wants to know something about you..they are going to know it.
Sincerely,
Theis
IF it transmits a signal....it can be hijacked; period!!
It is not like we are discussing neighbor jim bob from reading your texts; we are discussing one of the most technological advanced governments in the world, lol.....
Device abcdefghijklmnopqrstuvzxyz transmits ANYTING...a burst, microburst, encrypted, standard, etc....it can be hijacked.
The only secure communications is hard communications...not digital.
Dam satellites and UAVs can lock onto you by the way you walk, your voice, etc etc.....IF .gov wants to know something about you..they are going to know it.
Sincerely,
Theis
If you don't mind the delays and inconvenience. PGP based email should be "pretty good" for secure communications. https://www.openpgp.org/software/
ProtonMail through their swiss server is also "decent" protonmail.ch or if you use Tor their onion site should be better: https://protonirockerxow.onion/
Although, who knows - the CIA/NSA/Five Eyes probably runs all these services.
ProtonMail through their swiss server is also "decent" protonmail.ch or if you use Tor their onion site should be better: https://protonirockerxow.onion/
Although, who knows - the CIA/NSA/Five Eyes probably runs all these services.
Old enough to remember seeing those on TV shows, but we didn't have 'em in the suburbs where I grew up. In my area, the serious gossip went down at church.
The tricky part nowadays is having that face-to-face meeting without being monitored or generating a unique pattern of behavior that throws a flag.
D
Deleted member 113831
Guest
If an individual becomes an obvious target then much can be brought to bear. But all this technology is still run by regular, mortal human beings who are limited not by the bandwidth in their machines, but the bandwidth between their ears.
Do the the things that are easy to make yourself less visible and keep your head down.
It is like dealing with burglars. You don't have to be impregnable, just a harder target than the other houses in the neighborhood.
Hi,
And that is where the sad reality lies....because the technology is NOT limited by humans.
The new technology has no human interface, bias, opinions, interjections until WELL after the system is already 100 chapters deep into your shit.
Sincerely,
Theis
If you are a target of a Federal investigation, can the Feds go to your provider/VPN and have them crack the encryption and get your emails?
Hi,
Short answer is YES, lol.
Longer answer is that IF you are the subject of such Federal Investigation they access your emails while your typing them, lol because old school comms was to NOT transmit an email but type a draft and someone from wherever signs into email account to read the draft, deletes the draft and types reply as another draft.
Sincerely,
Theis
Just make sure that you don't turn it on repeatedly anywhere near the locations you normally pass by with your real phone. Someone/some algorithm is going to start seeing the similarities.
And make sure you can either pull the battery off or you carry it in a Faraday bag.
Was one of the many news links from the large thread on arfcom at the time. Given the recent site issues there trying to search for it will be tough.
The gist of the article was "crazy man replying to himself in his own email account". The bits shown made it look like he was presenting his wares/ desert shooting/boom boom experience as some sort of biz.
Oh the Irony
Parler partially reappears with support from Russian technology firm
https://finance.yahoo.com/news/parler-partially-reappears-support-russian-234401397.html
Sad when Russia is more pro-free speech than America.
The rule of thumb of the software / service is popular, it's compromised in one or multiple ways. That can also include side channel attacks (mechanisms for "cheating") through exploitation of hardware, OS, and / or network resources required by the applications. Side channel attacks can be done at scale.
E2E encryption for services usually relies upon private keys on both ends of the conversation. If one or more of those keys have been compromised, game over. The underlying crypto libraries and network sockets would also have to be bulletproof, and perfect forward secrecy would need to me monitored for anomalies in order to detect MitM attacks. Keep in mind today's perfectly private conversation could be decrypted down the road at scale with quantum
E2E encryption for services usually relies upon private keys on both ends of the conversation. If one or more of those keys have been compromised, game over. The underlying crypto libraries and network sockets would also have to be bulletproof, and perfect forward secrecy would need to me monitored for anomalies in order to detect MitM attacks. Keep in mind today's perfectly private conversation could be decrypted down the road at scale with quantum
Ain't that the truth. With the Demwits, it's going to be very interesting 4 years. I can't wait to see what happens if we don't turn at least 1 house of Congress in 2022.
Similar threads
