Investigation by investigative journalism outlet IStories (EN version by OCCRP) shows that Telegram uses a single, FSB-linked company as their infrastructure provider globally.
Telegram’s MTProto protocol also requires a cleartext identifier to be prepended to all client-server messages.
Combined, these two choices by Telegram make it into a surveillance tool.
I am quoted in the IStories story. I also did packet captures, and I dive into the nitty-gritty technical details on my blog.
Packet captures and MTProto deobfuscation library I wrote linked therein so that others can retrace my steps and check my work.
I would most definitely not recommend Matrix for private or sensitive communication, no.
https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
Matrix is fine as IRC replacement, it might also be a decent replacement for Telegram’s channels thingy, sure. But I would not trust my family photos to it. Much less anything actually important.
That guy again lmao why do “security researchers” keep recommending signal with that softheaded blog. Get real
So, you drop into a thread about a pretty technically involved analysis of one protocol (MTProto), and in response to a post linking to another pretty technically involved analysis of another protocol (Matrix/Olm) all you have to offer is “that softheaded blog”?
I mean I would expect some finesse with the insults. I understand that diving into the technical nitty-gritty might not be your thing, and that’s totally fine, but at the very least don’t deny us the entertainment factor of a well-rounded invective!
Oh, you’ll just have forgive me for not diving into the high-level discussion of whether Signal is better for furries because of the UI needs of differently-abled individuals. It’s just too complicated for me. 😖
That’s all FUD. Matrix is as secure as Signal if you - like Signal - rely on a single centralized server. Actually, since you can host it yourself, it would be even more secure since you don’t need to trust Signal.
(I defend infrastructure and perform hacks against cryptograph & protocols for a living)
My question was specifically about “the general non-technical population”. Do you expect my mom to even remotely understand what different servers are and why talking to me is securely encrypted but talking to her friends group isn’t? The point about secure software is that it needs to be secure by default or else, entry level users will manage to accidentally send their stuff in plain text and not even notice.
For nerds like us, I agree that Matrix is probably a good choice. For someone who needed to be told that “the internet” isn’t the blue “e” on their desktop… not so much. I’d rather send carrier pigeons than explain Matrix to my family.
My extended family use Matrix - including my elderly parents. It’s no more difficult to understand than any other service.
If you need to say it…
Regarding Soatok, I am prone to completely ignore impolite individuals. As far as my experience goes, and for most of the general populace, Matrix is fine. And it is likely to continue improving. Compared to Signal and Telegram, who both incentivize crypto"currencies", a.k.a. tech bro multi-level marketing pyramid schemes, enshittification has already begun.
Please feel free to ignore me as well then, because saying that technical analysis by an expert can be outright ignored just because the expert happened to be impolite that one time might make me become somewhat impolite.
Imagine getting dozens of randos in your replies asking about dozens of random chat apps. At some point I am pretty sure you’d also reach a breaking point. Some would call that kind of behaviour a bit impolite, I’d wager.
I’m not saying arguments necessarily become invalid because of impoliteness. But to me it doesn’t convey trustworthiness on first impression, especially when not knowing someone. The world / the Internet already contains so much toxicity, there’s no need for needless additional discord. Especially when encountering something frustrating on the Internet—as opposed to real life—it is trivial to just take a breath, go for a walk, and come back and respond peacefully. The simplest thing for Soatok to have done would be to ignore the message, or use AutoKey to paste a generic neutral response denying the request.
Why do you conflate politeness and trustworthiness? Seems like a weird connection to make.
Is it really that weird? Imagine someone going to a store and the owner starts swearing at them because they asked a question. Would said visitor be more or less likely to trust the owner? I agree that being impolite doesn’t necessarily equate to being ignorant in one’s subject, but I wouldn’t be surprised that on average the most knowledgeable and wise tend to be more polite.
Because the inverse of that is how people get conned. Someone blowing absolute smoke with a confident tone and a sweet word. Tone is about the worst indicator of trustworthiness
Sure, skilled sociopaths con their way up that way, or that’s how soulless marketers manipulate the populace. However, that does not mean that most people who are kind are sociopaths or soulless. On average kind people are just being kind.
And that is great, it is good to be optimistic. My point is being kind has nothing to do with trustworthiness. Hell, someone that is kind can also just be plain wrong. They might think they know something when they do not. The kindness just does not factor in to knowledge. Plenty of experts are not what people would describe as kind, and plenty of misinformation peddlers are kind. It just has nothing to do with expertise
It seems like trusting the nicest voice in the room on a topic like security, rather than experts, could be a mistake
Right? What a strange and dangerous metric
Soatok. At least get the name right.
Which also happens to be the simplest thing you could have done, even simpler as none of the toots you quote were addressed to you. Instead, you are dragging this one random exchange into this thread about something else entirely.
Does it really matter whether or not it is addressed to me? And, the simplest route is not necessarily the most virtuous one. To take an extreme example, if I see someone being bullied I will interfere to stop the bully and console the target. Here, I am simply arguing in favor of less toxicity for it improves credibility.
You say you’re arguing in favor of less toxicity, but your example was a screenshot of a comment where I asserted my own healthy boundaries (after being needled by hundreds of demands in the form of “what about <other app>?” from strangers over the course of months).
Which is more toxic?
The one that contains the most aggression.
Do most of those strangers know that you are receiving hundreds of requests? They’re strangers, so I’m betting on no. Are they then deserving of any swearing and caps lock yelling? Even if they do know, I can recall few to no instances where unironically doing so packed a punch.
A more reasonable answer would have been: “Sorry, no idea. For my own healthy boundaries I have to refrain from doing too much of this often-requested but time-consuming research.”
Not toxic, more effective. And as I mentioned in another reply, with AutoKey you could configure that typing the word “sigh” or phrase ''goddammit not again" automatically expands into the alternative answer suggested above. Being frustrated is fine, and venting is absolutely necessary, but there are ways to do it that are healthy for everyone involved, such as the autoreply and then going for a run. Hope for the best, prepare for the worst.
Aggression isn’t toxicity. The logical consequence of your stance is negative peace, and broken stairs.
Sure they do, because I tell them. The screenshot you posted is proof that I inform them.
The rest of this is needless language policing.