Pup Biru

that’s what automation is for - nobody is going to manually check them, but anyone is able to automatically set something up to check their hashes in change… the fact that it’s possible that anyone is doing that now that it’s a known issue perhaps makes it less problematic as an attack vector

this is the slippery slope fallacy… “where does it stop” is not a valid argument to not start

apparently this is an issue with some part of the hardware that lots of hardware security devices use too, so not as simple as just buying/building an alternative

rust was literally written as a systems programming language to take a similar place as C. i’m not sure of the restrictions you mean

if a govt seizes a device and discovers channel IDs to be taken down, i’m sure than signal would do so - there have been no arrest warrants, after all… however, the problem is also significantly smaller for signal because signal can’t have enormous broadcast groups

it’s kinda irrelevant what it is - you have to comply with police orders to moderate your platform… if this were musk and x lemmy would be cheering on the arrest! no matter who you are, you don’t shouldn’t get to just break the law

and you’re right CSAM is frequently used as an excuse, and no i don’t have evidence - that would require actually looking for said content, which i have no inclination to do. the only information i have is that multiple independent news outlets have referenced telegram for years - not proof, but a more convincing argument than simply denial - because let’s not kid ourselves, unless you’ve gone looking for that content, you’ve got no proof against it either (and even if you didn’t find it, that’s no guarantee either - it’s unlikely easy to find)

breakable for the NSA doesn’t mean the police have access

also the current issue is with moderation: telegram is refusing to take down CSAM channels etc

and this is called the slippery slope fallacy and is either a flaw in your logic or a way of arguing in bad faith. either way, it’s just fearmongering. if that’s all you’ve got then i have nothing more to say

https://en.wikipedia.org/wiki/Slippery_slope

if metas monolopoloy is literally the only thing you care about, but replacing a terrible platform with another platform that lacks privacy protections is not much of an upgrade

you think they’re going to link to still available (that’s the point - they’re still available) sources of CSAM?

if that’s your burden of proof then buddy i’m sorry to say there’s no way anyone’s going to convince you, and that’s not a good thing

that’s an entirely separate concern to f-droid

we don’t disagree about that: governments don’t like that telegram doesn’t cooperate; that’s not in dispute

where the disagreement comes is the part after. telegram (and indeed meta, google, etc) have that data at their disposal. when served with a legal notice to provide information to authorities or shut down illegal behaviour on their platforms, they comply - sometimes that’s a bad thing if the government is overreaching, but sometimes it’s also a good thing (in the case of CSAM and other serious crimes)

there are plenty of clear cut examples of where telegram should shut down channels - CSAM etc… that’s what this arrest was about; the rest is academic

that’s correct - the issue here is that he has full access to the information that investigators are requesting and is simply refusing to comply with requests

this isn’t shit like a conversation you had with a friend about weed - this is CSAM and drug trafficking

free speech can be good. free speech can also be bad. overall, it’s more good than bad however society seems to agree that free speech has limits - you can’t defame someone, for example

free speech absolutism is fucking dumb; just like most other absolutist stances

this also isn’t even about free speech - this is about someone having access to information requested by investigators to solve crimes, and then refusing to give that information

they have apks

worth clarifying though afaik brave has said they won’t remove v2; not that they will continue to support it… ie if there’s a breaking change in upstream chromium, i’m not sure i have confidence that they’ll spend a bunch of time working around it

they’re not hostile… they don’t see the reason for them and it’s not as clear cut as you’re making it out in favour of f-droid

wire is US-based these days AFAIK - they accepted a bunch from VC money from a firm that does things like data mining and moved to the US

i neither have the time nor inclination to research to that degree - i’m merely saying that the bounties prove very little, and change nothing about how people should treat non-standard protocols and algorithms. in fact, the lack of substance is proof that they don’t fully understand the scope of what’s required in the field of security

telegram put up bounties relating to specific properties of their encryption, yes but there’s more to private messaging than just encryption… for example afaik it’s trivial to do things like replay attacks

their encryption may not be flawed, but they failed to design an algorithm that protects against the wide array of modern attacks, as they are mathematicians; not security experts. they understood the maths, but not the wider scope of implementation

a good example of these is linked down thread about MLS

Security properties of MLS include message confidentiality, message integrity and authentication, membership authentication, asynchronicity, forward secrecy, post-compromise security, and scalability.

the telegram bounties afaik only cover 1 security property

there’s certainly a camp in FOSS that considers “whatever you like including commercial activity” to be the one true valid version of “free software”

like… if someone wants to take an MIT project, add a bunch of extra features to it keeping some available only with payment, and contribute back bug fixes and some minor features etc, i wouldn’t necessarily say that’s harming the project and this is overall a good thing? it gets the original project more attention

like it’s perhaps a little unfair, but if the goal is quality and scope of the original project - or even broader of the goal is simply to have technology AVAILABLE even if it is with a few - then that goal has been met more with an MIT-like license than it would be with a copyleft license