this post was submitted on 10 Jun 2025
174 points (98.9% liked)

Technology

40573 readers
281 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
 

Investigation by investigative journalism outlet IStories (EN version by OCCRP) shows that Telegram uses a single, FSB-linked company as their infrastructure provider globally.

Telegram's MTProto protocol also requires a cleartext identifier to be prepended to all client-server messages.

Combined, these two choices by Telegram make it into a surveillance tool.

I am quoted in the IStories story. I also did packet captures, and I dive into the nitty-gritty technical details on my blog.

Packet captures and MTProto deobfuscation library I wrote linked therein so that others can retrace my steps and check my work.

you are viewing a single comment's thread
view the rest of the comments
[–] troed@fedia.io 1 points 4 months ago (24 children)
[–] rysiek@szmer.info 25 points 4 months ago* (last edited 4 months ago) (23 children)

I would most definitely not recommend Matrix for private or sensitive communication, no.

https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/

Matrix is fine as IRC replacement, it might also be a decent replacement for Telegram's channels thingy, sure. But I would not trust my family photos to it. Much less anything actually important.

[–] troed@fedia.io 2 points 4 months ago (3 children)

That's all FUD. Matrix is as secure as Signal if you - like Signal - rely on a single centralized server. Actually, since you can host it yourself, it would be even more secure since you don't need to trust Signal.

(I defend infrastructure and perform hacks against cryptograph & protocols for a living)

[–] dfyx@lemmy.helios42.de 14 points 4 months ago* (last edited 4 months ago) (1 children)

My question was specifically about "the general non-technical population". Do you expect my mom to even remotely understand what different servers are and why talking to me is securely encrypted but talking to her friends group isn't? The point about secure software is that it needs to be secure by default or else, entry level users will manage to accidentally send their stuff in plain text and not even notice.

For nerds like us, I agree that Matrix is probably a good choice. For someone who needed to be told that "the internet" isn't the blue "e" on their desktop... not so much. I'd rather send carrier pigeons than explain Matrix to my family.

[–] troed@fedia.io 1 points 4 months ago

My extended family use Matrix - including my elderly parents. It's no more difficult to understand than any other service.

load more comments (1 replies)
load more comments (20 replies)
load more comments (20 replies)