In our last article, we took a look at Signal and Telegram, two giants in the encrypted communications industry, and compared some of their features as well as their security and privacy levels. Among other things, we also sort of sketched out two other messengers that are poised to become
  • onlinepersona@programming.dev
    1·
    8 hours ago

    Paradoxically, if you want to start a conversation with someone you can’t meet in person, you have to use another communication tool to forward/receive a QR invitation to open a new chat. And this is the same flaw that Session has.

    This is the problem all messengers have that do not use some external ID like email or phone numbers. You first have to communicate over another channel to get started on that new app, unless of course you are physically present. Most people will do that over an insecure channel thus linking them to the account.

    So much for “better privacy”.

  • refalo@programming.dev
    3·
    4 days ago

    I wouldn’t blanket call the removal of PFS a “failure” as they put it… it does make the protocol much simpler (and hence easier to understand/audit as well) and it’s not always a necessity for every single person’s threat model… which is an important phrase the article doesn’t even mention.

    IMO arguing about security or privacy without both people first defining their threat models… is like claiming apples are objectively better than bananas in every way.