28
submitted 1 year ago by KDE to c/privacy@lemmy.ml

I dont understand why threat actors / hackers use telegram which obtains your phone number and not simplex or even signal for that matter

all 7 comments
sorted by: hot top controversial new old
[-] sbv@sh.itjust.works 37 points 1 year ago

It sounds like most criminal organizations aren't that sophisticated. Check out Phantom Secure for an interesting story.

It might be a scenario where you only hear about criminals using less secure communications because those are the ones that get caught.

[-] jet@hackertalks.com 25 points 1 year ago* (last edited 1 year ago)

A lot of it has to do with who your enemies are.

If you're not worried about telegram, and the country telegram operates from. Then using them is probably a better idea than using a program based in a country you are worried about.

So if you're big enemy is the United States intelligence services, using a messaging service based and centralized in the United States isn't the best of ideas. Be it French government communication, or some peer-to-peer democratic revolution in a propped up tin pot dictatorship.

Simple x is interesting, but I think it's still relatively new, there's lots of UI and features that need to get hammered out. Before you would trust it operationally.

Briar is operational today, so I think it is being used by some groups. But it has limited functionality as well.

If your threat model has you communicating with people who already know who you are, registering with a phone number isnt a big deal.

A lot of the internet use of messaging, is anonymous communication, with people you don't know or trust. So giving them your phone number becomes more of an issue.

  • Briar: agnostic
  • Signal: "western"
  • Whatsapp: "western"
  • Telegram: Qatari/Eastern
  • Session: "western" (centralized servers in Canada)
  • Simplex: not sure where the servers are.

So if you're trying to bring women's rights to Iran, you use the Western messaging services that aren't blocked

If you're trying to bring democracy to KSA, you have a harder choice but probably telegram

If you're trying to do anything in north Korea, good luck... Dead drops and physical notes probably.

I think for the countries that block the internet completely, like North Korea and its Big brother neighbor.. mesh programs like briar might be the only viable options to organize

[-] jet@hackertalks.com 12 points 1 year ago* (last edited 1 year ago)

We often talk about threat models here in the privacy community. But I just want to illustrate how different threat models can be.

There is a universe of difference between worrying about what a district attorney can use in criminal court based on evidence rules for drug-related charges that could put somebody away for 5 to 10 years in prison.

And worrying about a totalitarian murder squad picking up your friends and family and torturing them just in case they know something. When members of your cell disappear based on suspicion no evidence required.

These threat models are massively different, doing anything that even raises suspicion gets people killed... I'm not saying it invalidates our online discussions, but when the stakes are higher what people actually use, and experiment with, and are willing to put up with changes.

And by raises suspicion, I'm not just talking about an intelligence officer, I'm talking about algorithms just saying oh this account's interesting let's target it. Just like Israel is currently doing right now, to automatically identify hamas-based targets of interest. We have no idea what's going into that algorithm, it might be hey this phone has briar installed let's bomb it

[-] poVoq@slrpnk.net 11 points 1 year ago* (last edited 1 year ago)

Simplex has multiple relays, but given how new it is there are only few and those could easily be compromised similar to how tor nodes are partially operated by government agencies.

Also with p2p stuff there is a higher risk if you don't trust your communication partner, and in crime organizations the likelihood that someone has been turned by law enforcement as part of a plea deal is always quite high.

this post was submitted on 17 Dec 2023
28 points (88.9% liked)

Privacy

32177 readers
451 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS