Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://manganiello.social/objects/8e190c4f-680e-40fe-8678-15b9755a1c3b">Fabio Manganiello (fabio@manganiello.social)'s status on Wednesday, 25-Sep-2024 21:04:48 JST</a><a href="https://manganiello.social/users/fabio" title="fabio@manganiello.social"><img src="https://gnusocial.jp/avatar/238086-48-20240126015219.webp" width="48" height="48" alt="Fabio Manganiello" style="position: absolute; left: 0; top: 0;">Fabio Manganiello</a></section><article><p>An insightful interview to Element’s CEO Matthew Hodgson.</p><p>His stance about the arrest of Pavel Durov is hard to debate. Durov hasn’t been arrested because encryption in Telegram prevents law enforcement from investigating illegal activities. Durov has been arrested because Telegram DOES NOT, by default, implement end-to-end encryption - it’s only implemented in private chats, and only if the user explicitly creates them as secret.</p><p>Which means that all the messages exchanged in groups are unencrypted - or, at least, they’re only covered by standard client-server encryption, and stored on Telegram’s servers in such a way that Telegram can easily decrypt them.</p><p>So if the police goes to WhatsApp, Signal or Matrix and says “hey, we have evidence that child pornography or drug trafficking is happening on some of your channels, can you give us the content and some IP addresses?”, then those platforms can say “we’d really love to help you, but our content is E2E-encrypted and it’s not even accessible to us” - and get away with it.</p><p>If however they go to Telegram and ask the same question, knowing that Telegram actually CAN access the content because it’s not E2E-encrypted, and Telegram says “no”, then Telegram is breaking the law by not complying with a request that is within their powers, and the arrest probably shouldn’t come as a surprise.</p><p>If you really have sensitive content to share, or if you’re really privacy-paranoid, use Signal or Matrix (well, Matrix’ E2EE powered by OLM isn’t perfect, but it’s not that easy to exploit). You can even run your own Matrix server on an encrypted drive - that solution would be reasonably safe even against an FBI blitz. Or old-fashioned emails with PGP. Even WhatsApp is safer than Telegram, as it basically implements the same protocol used by Signal (but I can’t guarantee what Meta may do with all the juicy unencrypted metadata around the content). It may sound counterintuitive, but using these solutions is actually safer and may protect you from investigations much more than using Telegram. The fact that all the crooks of the world have been using for at least a decade a messaging service that doesn’t even provide E2EE and stores messages unencrypted on a private company’s db blows up my mind.</p><p>Hodgson has also a very good point about the tragedy of the commons. Matrix is increasingly used in the public sector as an open-source alternative to the likes of WhatsApp, Slack or Microsoft Teams. So people tend to assume that projects like Matrix are well funded because they run the messaging platform of several public administrations in Germany, Denmark or the Netherlands. The truth is that public administrations love open-source because it’s free stuff and saves money on licenses. Not because they’re ethically motivated by the same principles. So when Matrix goes back to those public administrations and asks to support their development, those folks often respond with a “no, we don’t have budget for it”. That is bad and humiliating for the thousands of developers who put their unpaid time in building solutions that run things at big scale. We need laws that call public administrations accountable when they use free software and forces them to contribute back - either in the form of source code, or in the form of money. Public code means public money, and public money means public code. We can surely make it appealing by ensuring that contributing to e.g. Matrix or Nextcloud is much cheaper than buying a Microsoft Teams license. But the current state of things isn’t sustainable.</p><p><a href="https://www.theregister.com/2024/09/25/element_bosses_on_funding_open/">https://www.theregister.com/2024/09/25/element_bosses_on_funding_open/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3724883#notice-7293980">In conversation</a><time datetime="2024-09-25T21:04:48+09:00" title="Wednesday, 25-Sep-2024 21:04:48 JST">about a month ago</time> <span>from <span><a href="https://manganiello.social/objects/8e190c4f-680e-40fe-8678-15b9755a1c3b" rel="external" title="Sent from manganiello.social via ActivityPub">manganiello.social</a></span></span><a href="https://manganiello.social/objects/8e190c4f-680e-40fe-8678-15b9755a1c3b">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://this.lol/">https://this.lol/</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Fabio Manganiello (fabio@manganiello.social)'s status on Wednesday, 25-Sep-2024 21:04:48 JST Fabio Manganiello
An insightful interview to Element’s CEO Matthew Hodgson.
His stance about the arrest of Pavel Durov is hard to debate. Durov hasn’t been arrested because encryption in Telegram prevents law enforcement from investigating illegal activities. Durov has been arrested because Telegram DOES NOT, by default, implement end-to-end encryption - it’s only implemented in private chats, and only if the user explicitly creates them as secret.
Which means that all the messages exchanged in groups are unencrypted - or, at least, they’re only covered by standard client-server encryption, and stored on Telegram’s servers in such a way that Telegram can easily decrypt them.
So if the police goes to WhatsApp, Signal or Matrix and says “hey, we have evidence that child pornography or drug trafficking is happening on some of your channels, can you give us the content and some IP addresses?”, then those platforms can say “we’d really love to help you, but our content is E2E-encrypted and it’s not even accessible to us” - and get away with it.
If however they go to Telegram and ask the same question, knowing that Telegram actually CAN access the content because it’s not E2E-encrypted, and Telegram says “no”, then Telegram is breaking the law by not complying with a request that is within their powers, and the arrest probably shouldn’t come as a surprise.
If you really have sensitive content to share, or if you’re really privacy-paranoid, use Signal or Matrix (well, Matrix’ E2EE powered by OLM isn’t perfect, but it’s not that easy to exploit). You can even run your own Matrix server on an encrypted drive - that solution would be reasonably safe even against an FBI blitz. Or old-fashioned emails with PGP. Even WhatsApp is safer than Telegram, as it basically implements the same protocol used by Signal (but I can’t guarantee what Meta may do with all the juicy unencrypted metadata around the content). It may sound counterintuitive, but using these solutions is actually safer and may protect you from investigations much more than using Telegram. The fact that all the crooks of the world have been using for at least a decade a messaging service that doesn’t even provide E2EE and stores messages unencrypted on a private company’s db blows up my mind.
Hodgson has also a very good point about the tragedy of the commons. Matrix is increasingly used in the public sector as an open-source alternative to the likes of WhatsApp, Slack or Microsoft Teams. So people tend to assume that projects like Matrix are well funded because they run the messaging platform of several public administrations in Germany, Denmark or the Netherlands. The truth is that public administrations love open-source because it’s free stuff and saves money on licenses. Not because they’re ethically motivated by the same principles. So when Matrix goes back to those public administrations and asks to support their development, those folks often respond with a “no, we don’t have budget for it”. That is bad and humiliating for the thousands of developers who put their unpaid time in building solutions that run things at big scale. We need laws that call public administrations accountable when they use free software and forces them to contribute back - either in the form of source code, or in the form of money. Public code means public money, and public money means public code. We can surely make it appealing by ensuring that contributing to e.g. Matrix or Nextcloud is much cheaper than buying a Microsoft Teams license. But the current state of things isn’t sustainable.
https://www.theregister.com/2024/09/25/element_bosses_on_funding_open/
In conversationabout a month ago from manganiello.socialpermalink
Attachments
1. No result found on File_thumbnail lookup.
  https://this.lol/