|
|
|
|
|
|
by godelski
1792 days ago
|
|
|
> So you're telling me that Telegram or Element are able to prioritise urgent and critical security issues much better than Signal could? No, I'd say it is about the same actually. Telegram has a lot of hacks but HN doesn't throw a fit. Lot more serious ones too. Signal never had an issue with leaking someone's physical location to any user (read: "not a rare set of circumstances needed to reproduce"). Besides, Telegram still isn't e2e by default, doesn't have e2e groups, and has no security audits. I'm not sure why this is in the same category as Signal. As for Matrix, well it only recently enabled e2e. But the project is very small. Just because you don't know of a bug doesn't mean one doesn't exist. There's an old saying: "There's two types of software. Those with bugs and those that nobody uses." (read: "all software has bugs") |
|
|
It had the attention of HN. They seem to care about both Telegram and Signal's flaws. Just like you highlighting the 'security issues' in Telegram, there is no escape of highlighting Signal's 'security issues' and security researchers will do exactly the same. Once again, there are no exceptions.
> Besides, Telegram still isn't e2e by default, doesn't have e2e groups, and has no security audits. I'm not sure why this is in the same category as Signal.
I expect better from a 'secure alternative' that claims to be focusing on 'privacy and security' and that also proudly shows its list of security audits. Despite all of that, they introduce their own cryptocurrency coin just to get it listed on an exchange and used in Signal, Similar to Telegram's own cryptocurrency venture which failed. [0] Combine that with the security issues in this post which one of them taking half a year to fix and still using a phone number to login, it is no different to Telegram. They still haven't even fixed this serious security issue either. [1]
The worst part of all of this is their prioritisation on addressing these issues and went in favour of creating a cryptocurrency coin just like Telegram, which most likely explains the 7 months to address that security issue. At this point, their claim of upholding privacy and security is already damaged by all of the above.
[0] https://www.theverge.com/2018/5/2/17312046/telegram-initial-...
[1] https://github.com/signalapp/Signal-Android/issues/10247#iss...