• woelkchen@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      5 months ago

      Telegram, including secret chats, is not blocked because Russian elites happen to use that, too.

      • brrt@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        44
        arrow-down
        2
        ·
        5 months ago

        I could put on my tinfoil hat and say if signal is blocked but telegram isn’t, maybe that means that telegram isn’t as secret as they make it out to be.

          • Varcour@lemm.ee
            link
            fedilink
            English
            arrow-up
            22
            arrow-down
            2
            ·
            5 months ago

            No need, all you have to do is read the whitepaper. they home brewed the encryption algorithm and nobody actually knows if it’s worth a damn. That’s not exactly a secret.

            • woelkchen@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              3
              ·
              5 months ago

              nobody actually knows if it’s worth a damn.

              After all these years, security researchers still don’t know if the encryption is any good?

              • HarriPotero@lemmy.world
                link
                fedilink
                English
                arrow-up
                12
                arrow-down
                1
                ·
                5 months ago

                On that level it usually falls on computer scientists. Formal methods can prove that any implementation is correct, but proving the absence of unintended attacks is a lot harder.

                Needham-Schroeder comes to mind as an example from back when I was studying the things.

                • woelkchen@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  2
                  ·
                  5 months ago

                  On that level it usually falls on computer scientists.

                  And not a single one has been able to analyze the encryption in all these years? Fact is, Telegram is the tool the Russian opposition and even Ukrainians use to communicate without Putin being able to infiltrate.

          • doodledup@lemmy.world
            link
            fedilink
            English
            arrow-up
            15
            arrow-down
            4
            ·
            5 months ago

            They don’t have reproducible builds afaik (unlike Signal). You can have a completely different code running on your phone than on GitHub.

            Besides, who is using Secret Chat anyways? All default chats and group chats are unencrypted.

            • woelkchen@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              4
              ·
              5 months ago

              You can have a completely different code running on your phone than on GitHub.

              Just use the F-Droid version if there is any doubt.

              Besides, who is using Secret Chat anyways?

              Probably Russians who used Signal before.

              • doodledup@lemmy.world
                link
                fedilink
                English
                arrow-up
                9
                arrow-down
                3
                ·
                5 months ago

                The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

                • Nonononoki@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  5 months ago

                  It’s reproducible if you compare it with F-droid’s tarball, which has all the source code in it.

                • woelkchen@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  arrow-down
                  2
                  ·
                  5 months ago

                  The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

                  F-Droid builds from source, so any suspicion whether the Google Play version has been tampered is completely irrelevant for the F-Droid version.

          • catloaf@lemm.ee
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            5 months ago

            Can it be proven that that encryption is what’s used in practice?

      • lemmylommy@lemmy.world
        link
        fedilink
        English
        arrow-up
        19
        arrow-down
        4
        ·
        5 months ago

        Telegram is shady as fuck and also afaik only uses end to end encryption in „secret“ one on one chats.

        • woelkchen@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          4
          ·
          5 months ago

          Telegram is shady as fuck and also afaik only uses end to end encryption in „secret“ one on one chats.

          I was very explicitly referring to secret chats.

  • Jo Miran@lemmy.ml
    link
    fedilink
    English
    arrow-up
    14
    ·
    5 months ago

    Signal over Proton VPN Stealth protocol. All free, specifically for these types of situations.

        • Wildly_Utilize@infosec.pub
          link
          fedilink
          English
          arrow-up
          11
          ·
          edit-2
          5 months ago

          They never stopped requiring a phone number to sign up.

          They just let you hide this from other users now

          I’m planning to get a prepaid burner to try signal but I’m a bit concerned about the fact my contacts are associated with a phone #

          We are using simplex ATM

          • Jo Miran@lemmy.ml
            link
            fedilink
            English
            arrow-up
            3
            ·
            5 months ago

            Yes. I clarified that in a different comment. My original reply was not meant as “Signal is the best solution” but as a heads up that Proton Stealth can not only bypass the block but also disguise the traffic if you want to continue using Signal.

        • Pasta Dental@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          That’s not really the issue though, if you want to stay anonymous and not tell the government you use signal, since sms is insecure

    • Nemeski@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      Not seeing paywall myself, clearing cookies and other site data might also help.

      • Resol van Lemmy@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        5 months ago

        They could start by blocking the biggest instances, then slowly chasing after the smaller ones.

        There’s not an infinite amount of instances, even if new ones are made, they’ll get all of them eventually. So this is basically a cat and mouse game.