Here’s what he said in a post on his telegram channel:
🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷
🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕🦺
🕵️♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡
🕵️♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤
🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪
Original post: https://t.me/durov/274
Still got server-side code closed source and by default messages are not encrypted.
Not sure if you’re referring to telegram or signal. If you’re referring to signal:
Is it private? Can I trust it? - Signal Support
Signal conversations are always end-to-end encrypted, which means that they can only be read or heard by your intended recipients. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time.
The complete source code for the Signal clients and the Signal server is available on GitHub. This enables interested parties to examine the code for security and correctness.
Telegram :P
Reasonably sure they mean telegram. Only secret chats are encrypted. Telegrams chat otherwise is basically transport layer encryption.
https://www.wired.com/story/telegram-encryption-end-to-end-features/
Server-side source code is a red herring. It’s meaningless, it can’t be verified.
The latter point is fair.
Having server-side source code open can help into finding not on purpose backdoors. But yes, no one can verify that’s the same exact version used by the actual servers.
That’s fair … especially in the case of something Telegram like where the server is a major portion of the security model (for non-secret chats).
For truly private E2EE chats though the attacks on Telegram’s lack of an open source server side (and Signal’s presence of one) is fairly meaningless. If the client E2EE is correct and you’re using a reproducible build the server, and even any MITM (man in the middle), shouldn’t matter.
On a different note, did anyone noticed a link to discussion on privacy, referencing this post (2x) on threema blog, see post: Chat Apps, Government Ties, and Transparency ?
PD, on the other hand …
&
Then, PD chimed in
refs to this: –> https://lemmy.world/post/15169047
which was federated through .world but originally posted on ml.
rip rd
Lol telegram calling signal insecure is too funny.
Isn’t it that Telegram doesn’t claim to be super secure, apart from possibly their encryption on mobile?
This doesn’t prevent them from uncovering other possible plots in supposedly secure platforms.
True but in this case there credibility is low
I logged into Telegram today to this update from Durov. It reads like a bunch of hogwash from someone who is hiding something. They are eyeing investor funding soon, right? (EDIT: eyeing an IPO https://www.techopedia.com/news/telegram-eyes-ipo-as-it-aims-to-become-profitable-in-2025) A lot of things seem to be coinciding with him slinging mud about his competitors.
I don’t care about dorsey or whatever, but a lot of privacy advocates don’t consider signal secure, drew devault for example. I’m def among them, you should not trust any centralized US-hosted service.
Linking to their post to say it’s a little bit more complicated that “it isn’t secure” https://drewdevault.com/2018/08/08/Signal.html
I’m all for Jami, and XMPP.
I find it weird how any discussion about Signal will inevitably have a bunch of people piling on dismissing any criticisms of it. Believing that Signal is perfect has become like a religion at this point. Whatever people might think of Telegram is completely irrelevant when it comes to the question of whether Signal is actually a secure tool or not.
The fact that people working on Signal have direct ties to US intelligence agencies cannot be ignored. No can the fact that Signal is a centralized system based in US. These two things alone should make everybody very concerned.
The article about Maher is written by a conservative who can’t accept that we can limit individual freedom to reach true collective freedom.
Also he wrote for FoxNews lol
Stop spreading propaganda please, it’s just a CEO trying to shill its product
Imagine using telegram… It’s worse than whatsapp
Cannot agree about this.telegram have at least open clientsource code,and a lot pirated stuff u cN find in telegram channels. So if choosing between telegram and WhatsApp.Definitely Telegram.
There is briar . Check it out .
Sounds like someone is mad that security experts would rather trust a tried-and-true encryption standard over Telegram’s encryption which is known to not be anywhere near as secure as the Signal protocol.
Pavel resorting to outright slander to promote Telegram is not something I expected to see.
he does raise very valid points about reproducible builds, which should be a priority if your product is security
Edit: oh @Wolflink below points out that such builds are available for Android, but iOS has issues stemming from Apple and not Signal. This then begs the question, why is Telegram reproducible on iOS?
You need some loops to jump through to get there. But that can be achieved for Signal as well, if you check the discussions regarding reproducible builds for Signal’s iOS client, you’ll see that people just decided it is not worth the hassle to push it through.
This then begs the question, why is Telegram reproducible on iOS?
Is it really.
that’s indeed what I am asking
Sounds like someone is mad that security experts would rather trust a tried-and-true encryption standard over Telegram’s encryption which is known to not be anywhere near as secure as the Signal protocol.
There’s an issue in Russia with graduates of a few of the “kinda top” universities considering themselves elite, but not quite being as qualified as they think.
Durov’s brother won a few programming competitions for highschoolers. Because of that apparently he should be considered something in cryptography. For people thinking like this at least.
Pavel resorting to outright slander to promote Telegram is not something I expected to see.
Why, it’s very much like him.
I’ll stick to Threema and Session, and SimpleX for those who use it. But thanks.
Yes, sorry, but I can’t take something seriously if every paragraph begins and ends with an emoji. I know it’s dismissive, but all my Facebook lunatic conspiracy theory alarm bells are blaring.
It’s more normal in Russian-speaking Web.
Shouldn’t trust this guy anyway, it’s VK’s founder talking.
Maybe he should focus on adding e2e encryption to the default chats and group chats instead of spreading FUD.
One is open source and you can check the code while the other is not completely open source and uses proprietary encryption. That’s right, proprietary encryption.
Points 0 and 1: None of this is new. This goes back to 2011 or 2012.
Point 2: If someone gets hold of your phone and unlocks it (meaning, they can interact with it), they have access to your Signal messages on-board. This is why additional security measures (not using biometrics, encrypting your phone natively) are recommended. If your phone is off and someone dumps the data from it, they get encrypted data.
