Re: Is Telegram or Signal acceptable for harm reduction?

[Jean Louis]

* Jorge P. de Morais Neto via libreplanet-discuss 
 [2021-08-06 18:50]:
> As I had it installed and active on my smartphone (for the work
> room), I ended up joining three other chat rooms about civil service
> public exams.  These three are big, so I have no hope of convincing
> everyone to switch to an ethical network.  I then intend to join
> these rooms from my wife’s account, on her smartphone, which I would
> consult weekly for new chat messages¹.  The other room (the work
> one) has only seven members (including me), so I hope to convince
> them to switch to a better platform.  If they don’t want to switch,
> then I’ll ask them to forward me the rare important messages via an
> ethical technology like SMS or e-mail.

SMS is network system, please note that many network proiders are free
to retain SMS messages, read it, spy on it, provide it to
governments. I do not recommend using SMS unless it is encrypted.

Use Silence to encrypt SMS:
https://f-droid.org/en/packages/org.smssecure.smssecure

E-mail is same, it is decentralized system but open and prone to
government scrutiny, use GnuPG to encrypt emails:
https://www.gnupg.org 

> Now, what if my six work colleagues accept switching to another chat
> network but refuse both XMPP and Matrix because "no one uses that",
> accepting only Telegram or Signal?  I do currently have Telegram and
> Signal accounts, but I worry about their ethics.

That is vendor lock-in. I find it alright to advertise and find new
people, not alright to bring present people to such networks. 

If somebody invites you to group session, I would not say it is bad to
participate in group sessions.

What is bad is that they will take all your contacts, I suggest you
use it without contacts on the phone.

> Telegram /does/ have free clients on GNU Guix and PureOS repositories,
> which is great, but it is a centralized network, the server code is
> hidden, and it doesn’t even have end-to-end encryption!  So is it a real
> improvement over the fully proprietary---but allegedly end-to-end
> encrypted---status quo?

I think it is not end to end encrypted. And did you verify encryption? How?

> What about Signal?  Compared to Telegram, it has the big advantage of
> end-to-end encryption, but the disadvantage of obstructing the
> distribution of modified versions of its client; it is not even
> available on F-Droid, Guix or Debian (let alone PureOS).

Look I could say it is end to end encrypted, but that is not enough,
it is marketing term. Companies use that term to attract customers,
some of them did not have such encryption, and some have backdoors.

Unless you have found some independent report of strength of that
encryption that it is end to end encrypted means nothing.

But if you are participating in public forum on such network what is
the point if it is end to end encrypted, it is public forum. It does
not matter in that case.

> So, should I insist on a really ethical network---XMPP or maybe
> Matrix---despite the big likelihood that they will refuse, or should I
> swallow Telegram or Signal?

I would say YES. I always do. 

IMHO, such applications like Telegram should not be included in free
software distributions, but their maintainers disagree. Only Hyperbola
GNU/Linux-libre is highle freedom motivated. 

Other FSF endorsed distributions are opportunists, popularity is more
important than ethics.

> 1. I would not be discoverable in the network, so people who want to
>reach me (outside those three remaining rooms) would send an email or
>SMS instead.

Exactly. Think about it, those applications are asking for all of your
contacts and thus making profile about you. They know who is connected
to who. Telegram is now US company, not Russian, and we know that US
companeis are bound to US laws, now we know they have PRISM
surveillance and Telegram is most probably part of it as well. 

> 2. I would be able to delete my account, thus reducing the unethical
>network’s market value.

Do you think that your profile with company is really deleted? There
are no evidences.

> 3. The surveillance AI would be confused with two people using the same
>account.

Quite contrary, they need no people's names to pinpoint who is who.


Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

___
libreplanet-discuss mailing list
libreplanet-discuss@libreplanet.org
https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss

Re: Is Telegram or Signal acceptable for harm reduction?

[Paul Sutton via libreplanet-discuss]

On 05/08/2021 00:30, Jorge P. de Morais Neto via libreplanet-discuss wrote:

Hi.  Sometime ago I submit to a proprietary instant messenger for a work
chat room.  I want to get rid of it ASAP.

As I had it installed and active on my smartphone (for the work room), I
ended up joining three other chat rooms about civil service public
exams.  These three are big, so I have no hope of convincing everyone to
switch to an ethical network.  I then intend to join these rooms from my
wife’s account, on her smartphone, which I would consult weekly for new
chat messages¹.  The other room (the work one) has only seven members
(including me), so I hope to convince them to switch to a better
platform.  If they don’t want to switch, then I’ll ask them to forward
me the rare important messages via an ethical technology like SMS or
e-mail.

Now, what if my six work colleagues accept switching to another chat
network but refuse both XMPP and Matrix because "no one uses that",
accepting only Telegram or Signal?  I do currently have Telegram and
Signal accounts, but I worry about their ethics.


I can't comment on Telegram

In terms of the "no one uses that" argument.  I believe the main comms 
channel for FOSDEM 2021 was Matrix,  If we can get figures on that, we 
can do the same for other large online events and help to counter argue 
that statement.


If there is just a small group, does it matter if no one else uses it? 
As long as all members of your small group use it.


"No one uses it" is becoming more and more of an outdated excuse.  Not 
your fault but good examples + figures (seems obligatory in the business 
world) would help counter.


What about using Jitsi for meetings,  you can use video or voice chat or 
is this a messaging application.


Going back to no one uses it,  isn't XMPP the same protocol that 
WhatsApp uses?  Again Jitsi has been used for big conferences such as 
LibrePlanet, EmacsConf and others.


Paul




Telegram /does/ have free clients on GNU Guix and PureOS repositories,
which is great, but it is a centralized network, the server code is
hidden, and it doesn’t even have end-to-end encryption!  So is it a real
improvement over the fully proprietary---but allegedly end-to-end
encrypted---status quo?

What about Signal?  Compared to Telegram, it has the big advantage of
end-to-end encryption, but the disadvantage of obstructing the
distribution of modified versions of its client; it is not even
available on F-Droid, Guix or Debian (let alone PureOS).

So, should I insist on a really ethical network---XMPP or maybe
Matrix---despite the big likelihood that they will refuse, or should I
swallow Telegram or Signal?

Regards

¹ You may wonder what is the point of refusing to use the proprietary
application on my smartphone, but still using it on my wife’s
smartphone.  It is clearly still not ideal, but it does have significant
advantages:

1. I would not be discoverable in the network, so people who want to
reach me (outside those three remaining rooms) would send an email or
SMS instead.
2. I would be able to delete my account, thus reducing the unethical
network’s market value.
3. The surveillance AI would be confused with two people using the same
account.
4. I would be less tempted to join other rooms in the unethical network.

Regards



--
--
Paul Sutton, Cert Cont Sci (Open)
https://personaljournal.ca/paulsutton/
Pronoun : him/his/he
OpenPGP : 4350 91C4 C8FB 681B 23A6 7944 8EA9 1B51 E27E 3D99

21st Debian Conference August 22 to August 29, 2021.
DebCamp from August 15 to August 21, 2021

https://debconf21.debconf.org/



OpenPGP_signature
Description: OpenPGP digital signature
___
libreplanet-discuss mailing list
libreplanet-discuss@libreplanet.org
https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss

Re: Is Telegram or Signal acceptable for harm reduction?

[Federico Leva (Nemo)]

Il 05/08/21 02:30, Jorge P. de Morais Neto via libreplanet-discuss ha 
scritto:

Telegram/does/  have free clients on GNU Guix and PureOS repositories,
which is great, but it is a centralized network, the server code is
hidden, and it doesn’t even have end-to-end encryption!  So is it a real
improvement over the fully proprietary---but allegedly end-to-end
encrypted---status quo?


If you mean WhatsApp, the end-to-end encryption of its groups is mere 
fiction, because [to simplify] the decryption keys are available to 
attackers and metadata is not e2e-encrypted:

https://eprint.iacr.org/2017/713.pdf

Depending on your threat model, Telegram can be an improvement.

That said, don't give up so easily. If we're talking about half a dozen 
users, you can probably just help them create a Matrix account, by 
meeting in person if necessary. In my experience they'll soon tell you 
it's easier than they thought.


Federico

___
libreplanet-discuss mailing list
libreplanet-discuss@libreplanet.org
https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss

Re: Is Telegram or Signal acceptable for harm reduction?

[mray]

You might have an interesting option in using DeltaChat: Everybody 
probably has an account there, because it uses E-Mail!


It is actually a Signal fork and comes with clients on all platforms.

https://delta.chat



OpenPGP_signature
Description: OpenPGP digital signature
___
libreplanet-discuss mailing list
libreplanet-discuss@libreplanet.org
https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss

Is Telegram or Signal acceptable for harm reduction?

[Jorge P. de Morais Neto via libreplanet-discuss]

Hi.  Sometime ago I submit to a proprietary instant messenger for a work
chat room.  I want to get rid of it ASAP.

As I had it installed and active on my smartphone (for the work room), I
ended up joining three other chat rooms about civil service public
exams.  These three are big, so I have no hope of convincing everyone to
switch to an ethical network.  I then intend to join these rooms from my
wife’s account, on her smartphone, which I would consult weekly for new
chat messages¹.  The other room (the work one) has only seven members
(including me), so I hope to convince them to switch to a better
platform.  If they don’t want to switch, then I’ll ask them to forward
me the rare important messages via an ethical technology like SMS or
e-mail.

Now, what if my six work colleagues accept switching to another chat
network but refuse both XMPP and Matrix because "no one uses that",
accepting only Telegram or Signal?  I do currently have Telegram and
Signal accounts, but I worry about their ethics.

Telegram /does/ have free clients on GNU Guix and PureOS repositories,
which is great, but it is a centralized network, the server code is
hidden, and it doesn’t even have end-to-end encryption!  So is it a real
improvement over the fully proprietary---but allegedly end-to-end
encrypted---status quo?

What about Signal?  Compared to Telegram, it has the big advantage of
end-to-end encryption, but the disadvantage of obstructing the
distribution of modified versions of its client; it is not even
available on F-Droid, Guix or Debian (let alone PureOS).

So, should I insist on a really ethical network---XMPP or maybe
Matrix---despite the big likelihood that they will refuse, or should I
swallow Telegram or Signal?

Regards

¹ You may wonder what is the point of refusing to use the proprietary
application on my smartphone, but still using it on my wife’s
smartphone.  It is clearly still not ideal, but it does have significant
advantages:

1. I would not be discoverable in the network, so people who want to
   reach me (outside those three remaining rooms) would send an email or
   SMS instead.
2. I would be able to delete my account, thus reducing the unethical
   network’s market value.
3. The surveillance AI would be confused with two people using the same
   account.
4. I would be less tempted to join other rooms in the unethical network.

Regards

-- 
- Disinformation flourishes because many people care about injustice
  but very few check the facts.  Ask me about 
- I am Brazilian.  I hope my English is correct and I welcome feedback.
- Free Software Supporter: https://www.fsf.org/free-software-supporter
- If an email of mine arrives at your spam box, please notify me.

___
libreplanet-discuss mailing list
libreplanet-discuss@libreplanet.org
https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss