is telegram safe?

amphmnamii

Don't buy from me
Resident
Language
🇬🇧
Joined
Feb 10, 2022
Messages
66
Reaction score
35
Points
18
should we use signal messenger? just asking,...
UrYjSBmeQA

MJdIEcBHZj
 

pdwshopnl

Don't buy from me
New Member
Joined
Feb 4, 2022
Messages
16
Reaction score
6
Points
3
We live in time when Police uses pegasuse.
With this anyone messanger is not to Safe.
Its very simply. Dont talk / write about illegal things and you can good sleep :)
 

NoNameNoSlogan

Don't buy from me
New Member
Joined
Jan 25, 2022
Messages
25
Reaction score
13
Points
3
Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more
Posted: December 1, 2021 by Pieter Arntz

Not every secure messaging app is as safe as it would like us to think. And some are safer than others.

A recently disclosed FBI training document [dated January 7, 2021] shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about your usage of the apps.

The infographic shows details about iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp, and Wickr. All of them are messaging apps that promise end-to-end encryption for their users. And while the FBI document does not say this isn’t true, it reveals what type of information law enforcement will be able to unearth from each of the listed services.

Note: A pen register is an electronic tool that can be used to capture data regarding all telephone numbers that are dialed from a specific phone line. So if you see that mentioned below it refers to the FBI’s ability to find out who you have been communicating with.


iMessage

iMessage is Apple’s instant messaging service. It works across Macs, iPhones, and iPads. Using it on Android is hard because Apple uses a special end-to-end encryption system in iMessage that secures the messages from the device they’re sent on, through Apple’s servers, to the device receiving them. Because the messages are encrypted, the iMessage network is only usable by devices that know how to decrypt the messages. Here’s what the document says it can access for iMessage:

* Message content limited.

* Subpoena: Can render basic subscriber information.

* 18 USC §2703(d): Can render 25 days of iMessage lookups and from a target number.

* Pen Register: No capability.

* Search Warrant: Can render backups of a target device; if target uses iCloud backup, the encryption keys should also be
provided with content return. Can also acquire iMessages from iCloud returns if target has enabled Messages in iCloud.


Line

Line is a freeware app for instant communications on electronic devices such as smartphones, tablets, and personal computers. In July 2016, Line Corporation turned on end-to-end encryption by default for all Line users, after it had earlier been available as an opt-in feature since October 2015. The document notes on Line:

* Message content limited.

* Suspect’s and/or victim’s registered information (profile image, display name, email address, phone number, LINE ID, date of
registration, etc.)

* Information on usage.

* Maximum of seven days’ worth of specified users’ text chats (Only when end-to-end encryption has not been elected and
applied and only when receiving an effective warrant; however, video, picture, files, location, phone call audio and other such
data will not be disclosed).


Signal

Signal is a cross-platform centralized encrypted instant messaging service. Users can send one-to-one and group messages, which can include files, voice notes, images and videos. Signal uses standard cellular telephone numbers as identifiers and secures all communications to other Signal users with end-to-end encryption. The apps include mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel. The document notes about Signal:

* No message content.

* Date and time a user registered.

* Last date of a user’s connectivity to the service.

This seems to be consistent with Signal’s claims.


Telegram

Telegram is a freeware, cross-platform, cloud-based instant messaging (IM) system. The service also provides end-to-end encrypted video calling, VoIP, file sharing and several other features. There are also two official Telegram web twin apps—WebK and WebZ—and numerous unofficial clients that make use of Telegram’s protocol. The FBI document says about Telegram:

* No message content.

* No contact information provided for law enforcement to pursue a court order. As per Telegram’s privacy statement, for
confirmed terrorist investigations, Telegram may disclose IP and phone number to relevant authorities.


Threema

Threema is an end-to-end encrypted mobile messaging app. Unlike other apps, it doesn’t require you to enter an email address or phone number to create an account. A user’s contacts and messages are stored locally, on each user’s device, instead of on the server. Likewise, your public keys reside on devices instead of the central servers. Threema uses the open-source library NaCl for encryption. The FBI document says it can access:

* No message content.

* Hash of phone number and email address, if provided by user.

* Push Token, if push service is used.

* Public Key

* Date (no time) of Threema ID creation.

* Date (no time) of last login.


Viber

Viber is a cross-platform messaging app that lets you send text messages, and make phone and video calls. Viber’s core features are secured with end-to-end encryption: calls, one-on-one messages, group messages, media sharing and secondary devices. This means that the encryption keys are stored only on the clients themselves and no one, not even Viber itself, has access to them. The FBI notes:

* No message content.

* Provides account (i.e. phone number)) registration data and IP address at time of creation.

* Message history: time, date, source number, and destination number.


WeChat

WeChat is a Chinese multi-purpose instant messaging, social media and mobile payment app. User activity on WeChat has been known to be analyzed, tracked and shared with Chinese authorities upon request as part of the mass surveillance network in China. WeChat uses symmetric AES encryption but does not use end-to-end encryption to encrypt users messages. The FBI has less access than the Chinese authorities and can access:

* No message content.

* Accepts account preservation letters and subpoenas, but cannot provide records for accounts created in China.

* For non-China accounts, they can provide basic information (name, phone number, email, IP address), which is retained for as
long as the account is active.


WhatsApp

WhatsApp, is an American, freeware, cross-platform centralized instant messaging and VoIP service owned by Meta Platforms.[ formerly FaceBook] It allows users to send text messages and voice messages, make voice and video calls, and share images, documents, user locations, and other content. WhatsApp’s end-to-end encryption is used when you message another person using WhatsApp Messenger. The FBI notes:

* Message content limited.

* Subpoena: Can render basic subscriber records.

* Court order: Subpoena return as well as information like blocked users.

* Search warrant: Provides address book contacts and WhatsApp users who have the target in their address book contacts.

* Pen register: Sent every 15 minutes, provides source and destination for each message.

* If target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data, to include message
content.


Wickr

Wickr has developed several secure messaging apps based on different customer needs: Wickr Me, Wickr Pro, Wickr RAM, and Wickr Enterprise. The Wickr instant messaging apps allow users to exchange end-to-end encrypted and content-expiring messages, including photos, videos, and file attachments. Wickr was founded in 2012 by a group of security experts and privacy advocates but was acquired by Amazon Web Services. The FBI notes:

* No message content.

* Date and time account created.

* Type of device(s) app installed on.

* Date of last use.

* Number of messages.

* Number of external IDs (email addresses and phone numbers) connected to the account, bot not to plaintext external IDs
themselves.

* Avatar image.

* Limited records of recent changes to account setting such as adding or suspending a device (does not include message
content or routing and delivery information).

* Wickr version number.


Conclusion

If there is one thing clear from the information in this document it’s that most, if not all, of your messages are safe from prying eyes in these apps, unless you’re using WeChat in China. Based on the descriptions, you can check out which apps are available on your favorite platform and which of the bullet points are relevant to you, to decide which app is a good choice for you.

The safest way however is to make sure the FBI doesn’t consider you a person of interest. In those cases even using a special encrypted device can pose some risks.
 

Neo

Don't buy from me
New Member
Joined
Mar 27, 2022
Messages
2
Reaction score
1
Points
1
I've used XMPP extensively throughout years and convinced many people to try it but haven't had any luck with that. XMPP private tor hosted server with instant pgp en/decrypt you can't go wrong. Would be nice to get one going by invite only.
 
Last edited:

eps0n

Don't buy from me
New Member
Joined
Oct 27, 2022
Messages
11
Reaction score
9
Points
3
Your telegram can be hacked if the number you used is from your country (Or any big country the police can cooperate with) and you don't have 2FA enabled. Enable 2FA on telegram, buy an sms from onlinesim from abchasia (+7) kazakhstan etc, any small country would do. Always use auto deletion on the chats and if you can private chat only. Remove any metadata before you send an image (With an offline application! DO NOT USE ONLINE SERVICES). For best security, please just use PGP on linux with Jabber, there you can encrypt images and remove metadata offline easily
 

KokosDreams

Don't buy from me
Resident
Joined
Aug 16, 2022
Messages
912
Solutions
2
Reaction score
600
Points
93
Can you recommend good jabber servers or how to look for them?
I heard it's important to know for sure that the server is not saving logs. How can I be as sure as possible?
 

eps0n

Don't buy from me
New Member
Joined
Oct 27, 2022
Messages
11
Reaction score
9
Points
3

I use xmpp.is

With the right xmpp client you can use their tor v3 service. (https://xmpp.is/account/register/hidden_service/) You have to register using your xmpp client, I recommend Psi+.
You can and should never be sure that they don't save logs. With internet security the easiest thing to do is always think of the worst case scenario. Use pgp for every message or at least OMEMO plugin. OMEMO plugin is in Psi+ by default along with other useful plugin

I found this service by a user who used this xmpp url, so it was by complete accident. The service is free
 

KokosDreams

Don't buy from me
Resident
Joined
Aug 16, 2022
Messages
912
Solutions
2
Reaction score
600
Points
93
Thanks for letting me know :)

I think setting up OMEMO additionally to PGP is always a good idea, I'll do that too
 
Top