A US senator or judge or whatever his title is said today that he wants companies/governments to build a 'responsible encryption' system.

Preferably that would exist out of a big ass database which stores the private keys of citizens so in case a person loses their private key or the government needs access to encrypted content, that is possible.

NOO, WHAT COULD FUCKING POSSIBLY GO WRONG!?!?!

Seriously those kind of people should not be allowed to have the kind of positions they have.

This shit makes me so angry.

let's wait for them to not properly secure that database, might be fun

@Lahsen2016 Too bad :). It's not meant as an entertainment/cloud tool so yah haha.

They do have an integrated gif system though!

@Lahsen2016 Pretty much :/

There's nothing 'responsible' about that idea... >.<

Just like our secret database of people's DNA information... It's a very big target for hackers... So it WILL be hacked... It's just a matter of time

@incognito You have WHAT???

@theCalcaholic New mass surveillance law allows a secret dna database in which profiles can be stored for up to 30ish years

@theCalcaholic well in the Netherlands they want to create a database where every Dutch person's DNA might get stored in... We currently have a referendum with enough votes... Now we have to wait and hope they listen... Yay democracy

@incognito Unbelievable... Oo

That means, if I break into that database, I know what inherited deseases you have and can derive a likelihood for certain health-related information.
That's a horrible prospect.

@theCalcaholic Yah pretty much

@linuxxx @incognito Please don't tell any of this to German officials. ;)

But I hope you can avert it. Isn't this against EU law?

@theCalcaholic I really fucking hope so!

@linuxxx I could very well imagine it. EU laws have been what stopped long term data collection without reason in Germany (by ISPs - they've been forced by law to do so).

@theCalcaholic Define long term in this case?

@Lahsen2016
Riot seems more like a Telegram replacement than Signal.

As far as Signal and/or encrypted texts go, I've been using Silence. I think it's a fork of Signal and it's got a really good UI.

But but. This is one step closer to having a chip in my hand for the coke machines.

@linuxxx

location data for 4 weeks
The following data for 10 weeks:

- phone call metadata
- timestamps for calls/messages/web requests
- information about the service called (phone calls)
- ip address

Source: https://buzer.de/s1.htm/...

Also I just looked it up and the case is not finally decided yet - the law is currently on hold until court procedure is done.

@Lahsen2016 wow thanks for the screenshot

@RiderExMachina Kinda only is telegram not that secure

@linuxxx
Right. I didn't bring that part up because I thought was already established ("common knowledge" if you will).

@RiderExMachina Oh I wish. The amount of people I know who use it for 'security/privacy' reasons is too damn hight :/

@linuxxx Yeah. You know, when using telegram you're easily attackable - but at least you're not being surveilled by the company/messenger itself.

It's something! ¯\_(ツ)_/¯

@theCalcaholic How are you not? :)

@linuxxx https://telegram.org/privacy

That's why. I think it's reasonable to trust their intentions for the time being, because of their business model and ambitions.

I don't trust their crypto however, because, you know, it's shit. :P

They don't sell or mine you're data, because they're not interested in earning money from it.

Sharing data - have not found any proof that this has been done, fair enough.

Storing data - It stores enough to monitor peoples activities. There are even PoC's out there for metadata gathering on telegram users.

Cloud chats - Can't find the link anymore but their design was pretty bad.

Secret chats - It's awesome of you use encryption but then at least don't use encryption that's so broken that you should stop using it right now really. (as a cryptographer said: "Telegrams encryption is like being stabbed with a fork in the eye"

Contacts - Well you shouldn't have to store it that way. Signal only stores the hashes (BCrypt) of the numbers, that's all.

No word on metadata from them. Telegram doesn't even try to hide it. (look at the storing data part)

It's awesome to say that you care about privacy but if your crypto is broken and you store so much (meta)data, sorry, I don't believe you :/

@theCalcaholic

@linuxxx Yep I know. Still: They might not care about security enough to do proper crypto (and data sparcity for that matter) - but on the other hand they don't care about your data either and don't use it for making profit.

Actually I don't think they don't care about privacy - they do, but they are ignorant towards the state of their security.

I'm not happy with this, but it's not bad enough for me to abandon the messenger (and all my contacts using it).

Btw. at least for private ("e2e encrypted") chats, they don't store any metadata once the message is delivered ("We also do not keep any logs for messages in secret chats, so after a short period of time we no longer know who or when you messaged via secret chats").

But I rarely use them, because the crypto is crap anyways.

@linuxxx what do you think its the best encrypted chat app?
Signal?
Thanks

@trubesv You know they'd want it! I'm looking at you @deMaiziere!!!

@CopyPasteCode Actually I'd recommend Conversations over Signal (on Android). It offers the protocols OTR, OpenPGP and OMEMO (based on OLM, what Signal uses) for e2e encryption, is open source and based on XMPP, which means:

- decentralized server architecture
- open protocol
- cross compatibility with many other messenger (with protocol restrictions)

@CopyPasteCode Yup, Signal. Although the guy behind it doesn't seem to have the best reputation ever regarding Signal, the app uses the Signal protocol which is considered to be one of the strongest crypto protocols in the world. Next to that the UI is great, it's got most IM features and it hardly saves metadata :).

I use Telegram for stickers, GIFs, and bots. I don't give a rat's ass about security of it.

I will say that if you set it up right, and you do need to tweak settings, it leaves very little data behind on a workstation.

I'm more concerned with hidden image and text caches than I am someone trying to hack my texts.

I'm really not that fucking important.

@linuxxx But it does need phone number to run, dont you consider it as unsafe / not privacy friendly?

The saddest part is that we live in a country where the vast majority of people are stupid enough to belive that the governement actually has our best interests at heart. Fuck me sideways.

@theCalcaholic Hows conversations with metadata?

Politicians are 100% ignorant about encryption. Encryption that is officially breakable by a government agency is inherently insecure. Therefore, they are unwittingly advocating the end of civilization as we know it. No bank accounts. No email. No internet.

@bahua It's funny, we seem to be pretty like minded :)

@linuxxx It would seem so. Just gotta get you on board with hoppy beer!

@bahua Are you referring to IPA beer or? :P

@linuxxx Conversations uses XMPP. With XMPP being an open protocol meant for a distributed server architecture, you have many servers available (including hosting your own - which is what I am doing). Logging of metadata depends entirely on your server provider.

For example this one claims to not log any metadata: https://xmpp.is/

@CopyPasteCode As far as I'm informed, Signal does not store the phone number on its servers, but only a hash thereof.

However, it is possible to check if a given phone number is associated to a Signal account.

@linuxxx yep.

@theCalcaholic How's that possible exactly?

Btw, if you're on iOS or want to securely communicate with someone on iOS from within Conversations, ChatSecure is the way to go.

@linuxxx Just add a number as contact. :P

Signal will tell you if that number supports encryption (i. e. has a Signal account associated).

That's what bit some US government official in the ass a few months ago (before it was wishlisted for them to use).

My information was stolen as a part of the OPM hack....so no I don't trust them to take care of anything..