For this reason, I never even considered using Telegram. If I were an unethical intelligence service like a Russian one, I would create a messenger app (and/or social network). Based outside my jurisdiction would add to plausible deniability.
On another note: I wonder how many of those VPN services are actually fronts of intelligence services.
Signal clearly looks like a front shop to collect metadata for US intelligence services.
Their reliance on phone numbers for sign in, their release strategy, their attitude towards unofficial clients, their marketing of e2e encryption... all fits.
Except Signal's client is open source with reproducible builds that have been audited. Their crypto is open, based on standard primitives, and has also been audited. It's also true E2E encryption with alerts on key changes.
The only weakness clear to me is the US could force them to release a compromised client. But then auditors would probably notice within weeks, or even days, and their reputation would be ruined forever.
Also, Signal forces you to use Android or iOS while knowing that "Apple and Google confirm governments spy on users through push notifications ", https://news.ycombinator.com/item?id=38555810
I never used Telegram, but was under the impression that it's similar to Signal. However, Pavel Durov recently tried to meddle in the Romanian elections process[0] in a very bizarre, almost desperate attempt to misinform the electorate.
That impression is a testament to Pavel's ability to distort the reality. Telegram is nothing like Signal, because the overwhelming majority of traffic is not E2EE, the server has the plaintext. Even for E2EE chats (that are deliberately hidden away), the protocol is weird in a bad way.
Does anyone really believe their metadata is safe from any government... or non-government for that matter?
I mean, TFA's whole argument is the un-encrypted header portion, designed to route the message, can be used to track who the message is sent to. Oh, and some dude provides internet service to Russian governmental agencies with their ISP located in Russia.
If you're doing dodgy stuff (like political speech) you don't want the government to know about it's probably best to conduct that business offline as they are all watching you.
Not really, the auth_key_id really is simply equivalent to a TLS session ticket, used to avoid repeating the handshake every time a new connection is established: there's nothing "unencryted" about it, it's just an identifier of a previously established encrypted channel, like session tickets in TLS (and on top of that, the MTProto auth key ID is also rotated every 24 hours).
Note that the article employs unwarranted FUD in regards to the auth_key_id, which is fully equivalent to a TLS session ticket, used, like in TLS, to avoid repeating the handshake each time a new connection is established (and on top of that, the MTProto auth key ID is also rotated every 24 hours).
Readit News
On another note: I wonder how many of those VPN services are actually fronts of intelligence services.
This is why we need more [MPRs](https://www.privacyguides.org/articles/2024/11/17/where-are-...)
Their reliance on phone numbers for sign in, their release strategy, their attitude towards unofficial clients, their marketing of e2e encryption... all fits.
The only weakness clear to me is the US could force them to release a compromised client. But then auditors would probably notice within weeks, or even days, and their reputation would be ruined forever.
Related discussion: "Why Not Signal?"
https://news.ycombinator.com/item?id=28544735
https://news.ycombinator.com/item?id=30872361
https://news.ycombinator.com/item?id=39445976
https://news.ycombinator.com/item?id=29888228
https://news.ycombinator.com/item?id=42788647
Also, Signal forces you to use Android or iOS while knowing that "Apple and Google confirm governments spy on users through push notifications ", https://news.ycombinator.com/item?id=38555810
Matrix is the actual solution.
As opposed to which ethical intelligence service that you have in mind ?
This is the bread and butter of "intelligence". Spying. Both enemies, allies & the populace.
[0] https://www.lemonde.fr/en/pixels/article/2025/05/23/why-is-t...
I mean, TFA's whole argument is the un-encrypted header portion, designed to route the message, can be used to track who the message is sent to. Oh, and some dude provides internet service to Russian governmental agencies with their ISP located in Russia.
If you're doing dodgy stuff (like political speech) you don't want the government to know about it's probably best to conduct that business offline as they are all watching you.
Dead Comment
Dead Comment