I was gonna post "why do people keep calling it 'encrypted' if the encryption is not on by default?" It has always seemed odd to me that it is put into the same category as WhatsApp and Signal (which even those are a bit weird to compare).
What confuses me more is how passionate people are about Telegram. Weirdly I see those posts degrade into Signal vs Telegram and it really feels like apples and oranges but very one sided. I get that Telegram is more feature rich, and that's a good argument, but feels weird that many argue it is also more secure. Some of those arguments even appear in the thread r721 linked.
I like Telegram because it gets my friends & family to not do everything in SMS or iMessage. If I'm the only one using it, what's the point after all? Feature-wise, the app is nice to use, and one I can use on all platforms, even Linux.
Since it has a public API, I can easily make a custom frontend if I ever want to. Most social media does not offer this or tries to lock you into their shitty ecosystem.
I basically just treat it as unencrypted, but the pretend encryption features at least puts the company in a position where blatantly selling data would be a liability. In this respect, I place it on the same level as WhatsApp. Because even if WhatsApp has solid encryption, all it takes is one forced update from Meta to undo all that. They are like the inverse of each other.
My uncle is the only one I know who refused to use Telegram, insisting Signal was better and because he didn't want to use something with vague connections to Russia. Yet even he did not actually use Signal, and simply insisted if we should all switch to something it's either that or he sticks to SMS. So well, when I couldn't sell Signal to anyone else, Telegram it is, sorry uncle, but Verizon is pretty transparent about how they sell all my data.
Vague only if you don't follow the news. Telegram has added "third-party verification" [1] around January 2025 which conveniently and accidentally coincided with time when Russian authorities made it mandatory to register social network channels having more than 10K subscribers (I was secretly hoping Telegram would instead hide the subscriber count). Such channels are required to add a government bot with high privileges for verification. Note that announce for 3P verification doesn't mention Russia at all and contains some unrealistic examples instead, like a fictional game "Great Theft Starship" channel verified by "Bug-free Agency". Who on Earth would need that.
But to be fair, the western companies are the same, once government hinted they need more control, the companies rushed to introduce face-based "age verification" which allows identification. I would rather use some other body part for this.
That's because Russia/Ukraine/Belarus are heavily on Telegram, everything is there, all blogs, chats, memes, friends etc. since the US sites are almost-blocked and the Russian ones (VK, RuTube etc.) have been managed down to complete unusability. They couldn't afford losing the key blogs because of this law since Russia is heavily pushing Max messenger and there was a chance that it would be the only permitted thing.
People using Telegram doesn't bother me. People calling Telegram secure or "more secure than Signal" does.
But I'm curious, what makes Telegram an easier sell to your friends and family? I've gotten most people to switch over to Signal and the hardest problem is just getting them to use another app. I would be surprised if the API is the killer feature lol. And very few people seem to be concerned with the phone number thing with Signal. So I'm just curious, what is the features that normal people are missing?
> Since it has a public API, I can easily make a custom frontend if I ever want to.
Note that you need to get an API key for that, and there are additional conditions for getting it (for example, you cannot remove ads in your version, you cannot remove Instagram-like "stories", and so on).
I can't help but see security professionals as fakers, they seem to mostly be box-tickers rather than the professionally curious, in school and college I was up to no good with tech, but now when my employer is recruiting to establish an in-house cyber team I know I'm not what they're looking for and never was.
I exclude the RE guys who are undoubtedly extraordinary.
I think like most things there is a power law distribution when it comes to these sort of roles. I've worked with a few really good security teams in my career. The good ones work with the teams, possibly embedded on improving security. The better ones also write tools and libraries for service teams to consume. The best ones act like internal white hats, constantly probe and assess, and submit patches as well.
Sadly the vast majority of sec teams are not this and exist solely to run some tool that spits out a list of dubious vulns and then dump said list as a pile of tickets into the dev backlog.
One place i worked, the CISO even came up with some slogan for the info-sec along the lines of "observe and report" after I kept trying to show the info-sec how to run, build, test, and patch our various packages and tools their scanners would complain about.
"Riffling through other files, Mendax found mail confirming that the
attack had indeed come from inside MILNET. His eyes grew wide as he
read on. US military hackers had broken into MILNET systems, using
them for target practice, and no-one had bothered to tell the system
admin at the target site.
Mendax couldn't believe it. The US military was hacking its own
computers. This discovery led to another, more disturbing, thought. If
the US military was hacking its own computers for practice, what was
it doing to other countries' computers?
"
>This is not unlike the surprise in underground.txt
I thought that was originally a book?
I distinctly remember reading it during an in school suspension in the 2000s.
I tried to go back to my township library and read it again years later, but someone had stolen it around the time that Wikileaks truthfully revealed that the DNC had kneecapped Bernie in the primaries.
(Many folks don't seem to distinguish between the public airing of unpleasant truths that could not be aired without their own actions, and "disinformation" in the "covid is a hoax" vein. To them, anything contrary to their narrative is evil and bad, and if only those dastardly Russians would stop making them look bad my making them send several illegal emails they could stop voting like Republicans)
It is a book, "Underground: Hacking, madness and obsession on the electronic frontier". I seem to recall cross it hosted under mit.edu/~hacker/underground.txt or something like that
Thanks.
How the world evolved: "Also, if you're curious, view the WebMake source file (warning: this contains the entire book text and markup: 948k in total). "
I hate it. It destroys the original concept of hackers, with the original Jargon file, the best relase (1.5). Lisp and Forth hackers are the original thinkerers.
Same here. Thirty years later, I'm still reeling from the loss of an inestimable trove of software created between the late Seventies and the early Nineties (many now-defunct operating systems, extremely rare programs and so on). All that on a 800MB Conner drive, which I had installed as a secondary (non-boot) drive in my system. The drive died on me with absolutely no warning signs, something that was unusual even for that period of time - it simply disappeared from the OS/BIOS, less that a year after I bought it.
"The drive died on me with absolutely no warning signs,…"
Except for the drive killed by the dropped manual, that's essentially what happened to the others—about a dozen or so. They just stopped working, either they wouldn't start on boot or they'd just become inaccessible during operation. I wasn't alone, others I know had the same issues. They were an unmitigated disaster, it beats me how they ever made it to market. (All were replaced under warranty with other brands.) BTW, I never lost any data as I used Tandberg QIC tape streamers for backups.
Incidentally, the drive killed by the manual was only 20MB. If I recall correctly the largest Connor drive I used was only 40MB.
Did you ever attempt to recover the data from that drive by way of a data recovery service or such?
Do you still have the drive? You might be able to recover the content. The level of difficulty might be anything from "plug it into an adapter and make an image with dd" to "find a working drive of the same type and start swapping parts other than the platters" though.
No, I don't have it anymore. I kept it around for 3 or 4 years, trying various methods to revive it, then threw it away when I took a job in New Zealand, hoping to move there for good. Well, that didn't work out and I came back after a few years, but the drive (and many other things) were lost in the process.
Also: the drive was absolutely dead, it wouldn't power up. I even tried to change its controller - I took it off another Conner drive, installed it on the deceased one - and nothing happened. On that occasion I realized that, even though they were the same model/capacity, Conner had used different electronics for different batches.
Ironically, the drive was built like a tank: never again I saw a hard-drive with a casing that thick (looked like cast iron).
which uses Google maps/location services, places me in my correct location. Asking Google Search "what is my current location", places me in Eastern Europe.
Again, it's a major ISP, and I've been with them for the past 20 years. They've been using the same allocated IPs since the early Nineties - and EVERY detection services correctly assigns those IPs to my ISP, in my region.
You're right, a new IP from their pool should take care of this issue. Thing is, I'd like to know what could've possibly made Google think my current IP is in EE? what did I do to make Google Search - and ONLY Google Search think that?
> any chance your traffic has recently seen a major change,
> from Google's PoV? Especially, might one of your devices have
> become a TOR entry/exit node, part of a VPN, or something similar?
Absolutely not. I'm not even using a VPN or any other method of tunneling into some remote server.
I found on the internet a few similar complaints, like someone in the Netherlands who was suddenly detected as being in Israel; he couldn't find any remedy, but mentioned that "the situation returned to normal in a month or so". But, as I already said, for me it's become more than a curiosity and a minor annoyance, as it's now interfering with my ability to shop online.
https://blog.cryptographyengineering.com/2024/08/25/telegram...