Side Note.
If you don't care about your privacy and want to continue using Windows 11 with Telegram, this isn't for you. If this is correct, please do not respond to the post. If you use Windows 11 and Telegram and are concerned about your privacy, I highly urge that you read this post. Thank you. If there is any incorrect information linked in this post, please let me know so that it can be updated consistently.
What's been going on with Microsoft and Telegram?
Microsoft and Telegram collaborated, and Telegram is now a component of Copilot, which is extremely bad news for privacy. Microsoft is almost becoming another Facebook, given what they are doing with their copilot, which is being included in recent Windows 11 updates. More information about Copilot will be down below this post.
Telegram consistently claims to be "the best and most secure chatting app for privacy" and much more. We all know it's a lie given the number of strange incidents that occur there and the association with Microsoft Copilot. Not only that but they have openly stated multiple times that "They need your data to ensure a secure experience". Which is very suspicious. If you use Telegram on a daily basis, it might be time for you to switch.
What is Microsoft Copilot?
Microsoft Copilot is an artificial intelligence function that, like Alexa, can assist you, but it is built into the Windows 11 operating system. It can communicate with you, hear you, and observe and hear everything you do. It can hear you ask a question, browse the internet, listen to your voice calls unless you turn off your computer, recording and monitoring everything you do. It knows everything. It also sends all of this data to Microsoft and the CIA. Which is extremely bad news for privacy. Microsoft is almost becoming another Facebook, given what they are doing with their copilot, which is being included in recent Windows 11 updates.
What do I need to do to get actual Privacy from now on?
Before you do anything else, I highly recommend that you buy a USB stick and switch to Linux. You have four distribution options to select from.
Linux Mint (2 gigs of ram, NIVIDIA and AMD supported)
Debian (2 gigs of ram, NIVIDIA and AMD supported)
Kubuntu (2-8 gigs of ram, NIVIDIA and AMD supported)
Pop OS (8 gigs of ram, NIVIDA and AMD supported)
Ubuntu (4 gigs of ram, AMD Supported)
- I will say this about Ubuntu: it doesn't work very well if you want to play games on it and you use NIVIDIA drivers. With NIVIDA drivers, it can work well for general use such as watching videos, making documents, and editing photos. However, gaming performance is not very good when using NIVIDA drivers on Ubuntu. My friend tested it out for me. Going all RED (AMD) is definitely the best option if you want to play games on Ubuntu.
These are definitely the best distributions for a beginner, however if you thoroughly understand linux and know how it works once you get used to it, you can finally try something like Arch, Fedora or NixOS.
If you want a alternative to Telegram, you have two options
Signal (Best Option)
Signal is the best alternative to Telegram, it has great end to end to end encryption, it's open source, amazing screen sharing and voice calling, privacy, and it's extremely private compared to telegram.
The only thing that Telegram has that's better than Signal is better built in customization. However, aside from that, it still can't beat Signal. If you have an Android phone, you can install custom clients with it, making it incredibly customizable, or you can even develop your own because the source code is open source; even at that point, Telegram cannot surpass Signal.
Telegram-FOSS (Maybe?) Telegram-FOSS is a Telegram fork that aims to remove Telegram's spyware and data collection while increasing your privacy. However, it is only available on Android through the FDROID App Store, and keep in mind that I am not 100% certain that it will provide you with the finest privacy; use at your own risk.
Matrix (Not Recommended) I suppose Matrix is an additional choice for a Telegram substitute; but, in my opinion, it's more of a messenger alternative. Although it's fantastic for privacy, I don't think it's ready in terms of usability or user friendly. Matrix isn't ideal for communities and isn't very user-friendly. It's more for corporations/software development teams who want a self hosted slack. Yes, Matrix is more private & secure then Telegram, and you don't need to setup your own matrix server to use it. You can register on the public matrix server and message friends etc that way. Matrix just doesn't advertise, it relies on clients & servers to do the advertising. The issue with that is the main client (Element) is only trying to appeal to corporations/non-tech savy people who can't setup their own matrix server so the messaging is based around that. I still think Signal is easily your best alternative
My point is, if you value your privacy, you should quit Windows 11 and Telegram while you still can and try Linux and Signal; it will be well worth it. If there is any wrong information in this post, please notify me so that it can be changed, and if you have any questions, please contact me and I will gladly assist you.
So I read both articles and I'm still unsure as to why people are very anti signal? I get the it was/is funded by the US government. So was tor but that doesn't make the network any less secure/bad for privacy. The code is open source so if it was phoning home it would be noticed. I understand that they did not release their source code for some time, and yeah that really is scummy and does not look good. As far as message content, there have been several warrants for signal data, but signal has been unable to provide your message's content.
I get that it requires a phone number and you can use metadata to determine who you talk to. Signal is very much not anonymous and if you are a journalist/activist who deals with sensitive content, Signal is a bad option. But from a privacy/security standpoint it looks fine?
Not trying to be antagonistic. I am hoping for someone to elaborate on the articles more.
I use signal with my family. For that, it's quite fine, it doesn't matter if whoever knows I talked to my mum on that day for this long, they already know it's my mum. It gives me some more privacy, they can't tell what I said/wrote, and better group chats.
But I wouldn't use it for revolutionary activity. That is when the metadata privacy matters, who talked to who and when. A quote I heard a lot (by some top US bras, I don't remember) is "we kill based on metadata". For that, Signal is not good enough.
That is what I got out of dessalines essay.
For the record TOR's funding by the US government is problematic. They fund a large number of TOR exit nodes, which though (like Signal) they can't track 100% of what everyone does, they're still able to gather a disgusting amount of information and use it against you.
Buy that only applies to data signal collects correct? So we're looking at metadata? The content of your message wouldn't be compromised because signal doesn't have access to it.
I guess the point I'm trying to make is signal isn't good for anonymity, but is fine for privacy. As other people have mentioned you should be using a decentralized service if you're organizing activism or whatever else your threat model demands. But as far as talking to friends/family about day to day stuff, it looks fine? So I think the question I'm really getting at is why isn't signal good as a privacy friendly messaging service to replace what people were using telegram for? It's been a minute since I used matrix, but I think the self hosting issue still applies there. Not many people are going to self host a matrix server to talk with friends.
Don't you need the private key to decrypt messages? Those never leave the device. That's what happened with lavabit. They were forced to disclose the private key. But if that key isn't leaving your device, you need a compromised device/person on the other end to decrypt your messages.
So a compromised device is not unique to a US based company. A warrant can be issued to seize the device and that could happen with any other messaging service. It is fine to not like signal, and there are several reasons not to do so.
What I do have an issue with is the idea that signal is insecure or that federal agencies can very easily peek at your messages. Because that is not how encrypted messaging works. Signal does not have access to your private key. Your private key never makes its way to the signal server. Which even if the server was not running the code they have published, a NSL still wouldn't let the government decrypt your message. Signal can be forced to disclose your public key, time stamps of your message, who you are texting, etc. But not the content of your message. Nor can they be forces to disclose anything that would give someone access to said content. Again because signal does not have access to that information. If you are concerned that signal could be publishing binaries that don't reflect the source code, you can build the published source code and use that. But when your threat model is at that point you are beyond the scope of the original post.
The difference between signal and lavabit when it comes to key disclosure laws is how the services were set up. Lavabit required encrypted communication with the server to access, send, etc your emails. Which means the server side needed a private key that a NSL could force them to disclose. Signal is a little different. Private keys are held by the users and never make it to the server. Where yes a user could be forced to disclose that key, but again that could happen with any messaging server. It is not unique to the service you're using being based in the US.
And this is also completely ignore the fact that signal utilizes double ratcheting which provides some inherent protection for compromised private keys (assuming you and the other person are deleting messages automatically). I would also like to mention that the signal protocol/double ratcheting/how signal does messaging is not unique to signal. It is utilized by a large number of services including matrix.
All of those are valid concerns. I think this is more the answer I was looking for out of my initial question. I was concerned about people saying signal a large security risk or barely grants any privacy.
I think my understanding I have gotten out of has been issues related to metadata, signal's poor record of open source, and I also agree that centralization is bad.
I'm hesitant to say that there isn't an application for signal. I think I would still recommend signal to my family, who aren't very tech savvy, as a drop in replacement for sms/whatsapp because the experience is largely what they would expect out of a messaging app. But I think going forward, I agree that matrix is looking like a good option. And briar is really good if anonymity is a concern.
I want to say thanks for your patience in talking with me. I did learn a lot.
Love my completely secure, untraceable communications system funded by checks notes Radio Free Asia. /s
(Signal is bad. Do not use signal. Speaking out loud on the phone is way more safe than typing in Signal.)
I have my concerns about signal too but this is just over the top. what could possibly lead you to believe that»
doing my online drug deals via carrier pigeon because tor is funded by the US govt
if a Tor connection needed to be deanonymized then it would be. your drug deals are not that interesting to the govt in the grand scheme of things
This tinfoil hat statement you made is not at all true, Signal provides a stronger E2EE chat service than WhatsApp and Telegram ever will, refusing to add backdoors and only cooperating with law enforcement if it's the only option to keep Signal alive. Regardless of this unfortunate fact (that they do have to cooperate in some, extremely rare cases) they would never send over chat logs or images because they DON'T log your conversations. Messages are stored locally on your device so they have nothing to send. Stop spreading FUD just because Signal is a project you don't like due to political views.
"Signal is a government" says website with multiple trackers from Google, Datadog, and Cloudflare. Get better sources before talking about anything privacy related.
Your point about Signal has no evidence, funded by doesn't mean that it's lead by the CIA, if it was, why would Edward Snowden use it, and why would they constantly share no real information with the authorities? DDG is still much more private than Google, although it can be questioned for it's censorship of "Pro-Russian" search results. Also, you sent yet another link with Google trackers, well done, source dismissed.
Startpage gets it's search results from Google
SearX gets it's search results from any search engine you choose
How is this a valid point?