this post was submitted on 26 Mar 2024
279 points (94.9% liked)

Privacy

32173 readers
462 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Telegram is giving away FREE Premium subscriptions! All they need from you is to use your cell phone as a relay to text out their OTP codes! And the recipient of the OTP sees your phone number! What could POSSIBLY go wrong with this deal?

PLEASE don't use Telegram! I personally recommend Matrix as it's totally FOSS, you can self host, there are tons of front end clients to choose from. Or even use Signal. I have my own issues with Signal, the fact they don't allow third party clients, you can't self-host, they have a proprietary shim in their stack that only they know what it does, they were pushing crypto, etc, but at least Signal is better than this garbage.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 61 points 8 months ago (2 children)

People in the privacy community need to get over the unrealistic dream that regular people will adopt Matrix when we can't even get them to use Signal. The only way Matrix will have mass adoption is through getting a lot of corporate clients. Then the workers might choose to use it personally too after being familiar with it.

[–] [email protected] 25 points 8 months ago (3 children)

Matrix still doesn't have a multi account client with threads.

I don't mind Matrix, but every time I bring this up to a hard core Matrix defender to how the clients are lacking, they don't have much to counter.

[–] [email protected] 16 points 8 months ago (4 children)

I'm writing a new Matrix client that's focused specifically on being a Discord-like dead simple experience for professional people -- it's under GPLv3 and written in pure Dart

Probably will have the first actual release in one to two months -- please tell me what you would like in terms of features so I can shove it into my already massive backlog

[–] [email protected] 6 points 8 months ago* (last edited 8 months ago) (1 children)

A client that is basically a ripoff of Telegram would be ideal for me, for what it's worth

Main features I like are replies, reactions to messages (also double tap to react with a default emoji), and that view where you can open a chain of replies like it's its own conversation (I'm assuming this is what is meant by "threading"/"threads")

Lastly, maybe the uncompressed and compressed photo/video options if that's not already a thing

If it had the above I would probably like Discord style too

[–] [email protected] 4 points 8 months ago (1 children)

Most of that is already covered by an existing Matrix client called FluffyChat too, if you want something right now

And sure, I mean I never saw any usage in threading but I guess some people really do be liking their threads

[–] [email protected] 3 points 8 months ago

Fluffychat doesn't support threads at the moment

load more comments (3 replies)
load more comments (2 replies)
[–] Scolding7300 3 points 8 months ago (1 children)

Sometimes even anything other than SMS kn the US because ppl just assume everyone have iPhones

[–] laughterlaughter 2 points 8 months ago (3 children)

Far from the truth. Most of my U.S. friends own androids.

load more comments (3 replies)
[–] [email protected] 60 points 8 months ago (2 children)

I imagine SMS authorisation texts are Telegrams biggest single expense, they are for Signal https://signal.org/blog/signal-is-expensive/

Telcos know that authentication is about the only remaining use case for SMS and are not going to turn down the revenue stream.

That said this idea from Telegram sounds absurd. Not least I expect most contracts prevent reselling free SMS’s like this. The security implications have got to be significant too.

[–] [email protected] 26 points 8 months ago (1 children)

Telcos know that authentication is about the only remaining use case for SMS and are not going to turn down the revenue stream.

And it can't die fast enough, as it's essentially the same as broadcasting your sensitive information over unencrypted radio.

Apart from security, phone number based user identification is such a half-assed approach and I still don't get why Signal wants to die on that hill. It's inconvenient, yet trivial, for anyone to register a second, third or tenth phone number. With a bit more knowledge and inconvenience, even anonymously. It adds so little.

[–] Vash63 7 points 8 months ago (1 children)

It's pretty drastically harder to register 100 phone numbers, especially in your target region, than 100 email addresses. Major spammers and such work with automation across many accounts, this isn't designed around someone with 10 accounts.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 35 points 8 months ago* (last edited 8 months ago) (12 children)

Wow, that's super sketchy.

I'm trying to get my wife to use something decent, and I think Signal is the way to go. It's focused on P2P communication so it's a better replacement for SMS and whatnot, but it also has groups so it can also replace MMS. She likes Discord, but I don't think she'll be as keen to try out Matrix since she'll just wonder why I don't just use Discord.

load more comments (12 replies)
[–] [email protected] 22 points 8 months ago

Man this is so scuffed! Offering free subscriptions in exchange for using your personal phone as a relay for OTP codes is a recipe for disaster.

[–] [email protected] 15 points 8 months ago (5 children)
load more comments (5 replies)
[–] rdri 13 points 8 months ago (5 children)

What could POSSIBLY go wrong with this deal?

No jokes, I'd like to know. How is it different from sending sms to random numbers?

[–] force 14 points 8 months ago (1 children)

... people just send SMS to random phone numbers?

[–] rdri 5 points 8 months ago (2 children)

No but what exactly stops anyone from doing that? A privacy consideration? I'd think it's just a waste of time at best.

load more comments (2 replies)
load more comments (4 replies)
[–] [email protected] 13 points 8 months ago* (last edited 8 months ago) (6 children)

ok but, why don't use telegram for this? scammers are everywhere but how is this telegram's fault

load more comments (6 replies)
[–] [email protected] 12 points 8 months ago

Also Simplex but I find element client very comfortable to use.

[–] SteveCC 11 points 8 months ago (7 children)

I'd be interested to hear people's thoughts about Signal and DeltaChat for messaging

[–] [email protected] 8 points 8 months ago

Signal and DeltaChat, as well as Simplex and some others e2e communication solutions, are adequate from a technical point of view.

The main issue is always adoption. You can have the most convenient way to safely communicate with people, it'll be useless if nobody you're talking to wants to use it.

So, since Signal is very easy to set up and use as well as the most adopted, it's currently the best pick for regular conversations.

[–] [email protected] 5 points 8 months ago

Signal good, I've never heard of Deltachat

[–] gaael 5 points 8 months ago

Been using Deltachat for about a year, so far so good. I dunno how secure it really is (never took the time to check) but it's been reliable. Multi-device was kinda quirky at first but has gotten better.

[–] [email protected] 5 points 8 months ago (6 children)

Signal is fine for a drop-in WhatsApp replacement. I use it for chatting to my friends casually. For something you need more security for you could do encrypted emails as that doesn't require exchanging phone numbers, or ideally just arrange to meet up in-person and discuss things so you don't leave any kind of digital or paper trail.

load more comments (6 replies)
[–] [email protected] 5 points 8 months ago

Signal is pretty broken. A chat app shouldn’t require a SIM card & an iOS/Android device just to create & maintain an account (too bad Linux or KaiOS users or folks that otherwise don’t want a smart phone). Multi-devdice setups seem to have issues. The desktop app being Electron is a waste of resources. They still don’t want to support UnifiedPush while highly encouraging you download the app from the Google Play Store & send notification data thru Google-controlled FSM. There’s also the missing history of the server code which is probably has something to do with US intelligence injecting code.

Is it better than a lot of things, sure, but it should be put on a pedestal nor seen as exemplary for private chat in UI or philosophy.

[–] SteveCC 3 points 8 months ago

I said Signal, meant to say Sessions

[–] [email protected] 3 points 8 months ago

Deltachat is a clever idea that I wish it became more widespread.

[–] SteveCC 11 points 8 months ago* (last edited 8 months ago) (7 children)

Reading the discussion here. I'd never heard of xmpp. Probably just never registered as a messaging alternative. Just checked out https://xmpp.org/. Wow! Tons of apps. Even some android apps on fdroid. Guess I've got some exploring to do.

[–] [email protected] 20 points 8 months ago

XMPP is an old protocol. GTalk (google talk) and Whatsapp used it, then extended it, then didn't give back to the community. So here we are...

The problem with alternative protocols and apps and whatnot is that people are reluctant to change and won't try anything new if only 2-3 other people use that protocol/service. I can't even convince my best friends to use Signal, let alone XMPP.

[–] [email protected] 7 points 8 months ago

https://joinjabber.org is also a good resource for learning about XMPP.

load more comments (5 replies)
[–] DetectiveSanity 9 points 8 months ago

One can never expect power of any kind to not be abused!

[–] [email protected] 9 points 8 months ago

Thanks for the heads up

[–] [email protected] 9 points 8 months ago

I think this is a bit panicky... am I going to use it? Nah.

But also, my phone number has been leaked by plenty of entities... some random person getting a text from it wouldn't even be that weird considering SMS spoofing. Someone could be using my number for a nasty spam attack right now and I wouldn't know.

[–] TCB13 8 points 8 months ago* (last edited 8 months ago) (3 children)

PLEASE don’t use Telegram! I personally recommend Matrix as it’s totally FOSS

No, Matrix isn’t even near good in terms of privacy and openness. It is a metadata disaster.

Matrix’s E2EE does not, however, encrypt everything. The following information is not encrypted: Message senders, Session/device IDs, Message timestamps, Room members (join/leave/invite events), Message edit events, Message reactions, Read receipts, Nicknames, Profile pictures

Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result.

For all the people about to downvote:

Decentralized communication protocol Matrix shifts to less-permissive AGPL open source license Element, the company and core developer behind the decentralized communication protocol known as Matrix, has announced a notable license change that will make the open source project just that little bit less appealing for companies looking to build on top of it.

https://techcrunch.com/2023/11/06/decentralized-communication-protocol-matrix-shifts-to-less-permissive-agpl-open-source-license/

Stop recommending questionable open-source like Matrix. XMPP is the true and the OG federated and truly open solution that is very extensible. XMPP is tested, reliable, secure and above all a truly open standard and decentralized it just lacks some investment in better mobile clients.

What people fail to see is that XMPP is the only solution that treats messaging and video like email: just provide an address and the servers and clients will cooperate with each other in order to maintain a conversation. Everything else is just an attempt at yet another vendor lock-in.

load more comments (3 replies)
[–] [email protected] 3 points 8 months ago

I would use Simplex chat over matrix

load more comments
view more: next ›