woah, #telegram fixed their huge privacy problem regarding phone numbers. i didn't expect it. apparently, now you can configure it in a way that a user will only be able to find you by your phone number if you have them in your contacts (which are uploaded to telegram servers). so if you don't allow telegram to see your contacts, nobody will be able to. finally.

i saw people who would add all the numbers possible and build a huge database. so it meant that the link between your hidden phone number and your visible username wasn't public, but also wasn't too hard to discover. and it was impossible to do anything about it.

and those people sell their databases to the police... as the new option is opt-in, i don't think they're going out of business anytime soon.

Show thread

@leip4Ier More reasons to just spin up , create account and encrypt messages + calls without specifying the number. And benefit from multiple bridges e.g. to .

@KeyWeeUsr no thanks, matrix is a nightmare i don't wanna go back to. besides, their approach to privacy makes them hard to recommend as a private messenger.

(not a fan of telegram, have to use it against my will.)

@leip4Ier I agree the client () used to quite a mess but it's better nowadays. However, what do you mean by their () approach to ?

@KeyWeeUsr this: gist.github.com/maxidorius/573 . an in-depth review of all the non-obvious kinds of data collection, and a defensive and ignorant reaction of matrix devs.

Don't supply email/phone or create an email via and use it only via

Your is present due to TCP/IP design unless you use (definitely not that always logs stuff)

Matrix.to that's just . You can cut&paste the ID yourself

Integration server matters only if you allow widgets. It doesn't matter if you don't and use

Unless there is a proof about message leakage from rooms and calls the document is just bragging

@leip4Ier In the end it's still much better than or or and the data collection will eventually get fixed. It's FOSS, so just do a fix and submit a pull request.

If does not want to implement fixes against , then we have a problem. Definitely not sooner than that imo + solving that by doing the whole Matrix implementation alone is kind of silly due to the lack of manpower instead of using people who are willing to work on it.

@KeyWeeUsr sorry for being rude, but to me it sounds like, "it's foss, so rewrite the messenger from the ground up yourself, no one owes you privacy, even if they say they have it".

there're better alternatives if you're ok with using a huge setup including tor (e. g. ricochet). most people aren't (one of reasons is that it's almost impossible on mobile). and without using tor, well, there're better alternatives to matrix, given how many things it leaks.

@leip4Ier Also, they mentioned , not and that's difference. See matrix.org and the only thing you'll see is and , not figuring how to make yourself and your on the net for you.

@KeyWeeUsr okay, then their advertisement was misleading for me. but why did you jump into a thread of mine and suggest that i use matrix?

if it isn't private, then why did you say it's better than signal, which worries about privacy at least to some extent?

@leip4Ier Due to Matrix not requiring any of your personal data input + if you combine it with , it's still much better than or therefore if you know how to operate anonymously on the net, the are not that much of an issue, especially patterns that are closed to platform only such as jumping between rooms.

On the other hand, etc require you to buy a num to at least have a feeling of which in the end is none if they get your phone

@KeyWeeUsr phone numbers and security are unrelated. it's about privacy.

patterns are an issue if you're in a situation where contacting a specific person itself can be punished. and if you don't know whether i'm worried about mass surveillance or targeted attacks, you can't say what's better for me, you can't say what is and what isn't an issue.

what about wire, ricochet, tox, etc? how is matrix better? curious.


@leip4Ier If it is used in any means to your , then it is about the too. I believed used the number to the key(s), however I can't find the now. Any for that would be nice though.

I don't know, however didn't have any !client the last time I've checked (it is possible to run a HS via ) and afaik there is no chat too. I see the first time and it seems much on , I'll give it a try.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.