> Egyptian authorities have blocked access to IP addresses of the application.
Good thing that the Telegram client supports proxying traffic over SOCKS5 and MTProto (custom protocol). On the server-side, in the past, they successfully employed domain-fronting and recycling through multiple IPs to bypass the Russian firewall.
The client does its own DNS resolution over HTTPS and so DNS blocks are already ineffective.
It's also capable of masking its proxy traffic as TLS. This works so well you could actually have a web server behind it that would still work through the same port for a regular TLS client.
> It is noteworthy that last September “Masaar” had published a web page declaring that the authorities have blocked 596 websites and 32 alternative links since May 2017.
It is even more noteworthy that the Masaar site by the link says they blocked 116 news sites, 349 anonymization sites, 6 e-commerce sites, 11 culture sites, 8 blogging platforms etc and... just one terrorist site :-)
Your comment is misleading: Telegram is open source (Desktop, iOS, Android), but the server isn't. It would certainly be nice to run your own Telegram server, sure.
IMHO the only good argument against Telegram is that direct messages don't use end-to-end encryption by default.
In what way is the comment misleading? While "Telegram" might refer to "the Telegram app" or "the Telegram service", when talking about open-source, it nearly always refers to the service. Of the two, the source of the central server is arguably much more important, since it's possible to at least track if the app tries to exfiltrate any data.
Signal has a fascinating blog post from 2017 about how to use Intel's Software Guard Extensions (SGX) to actually let clients confirm that the software they're communicating with is the exact version they expect it to be.
Yeah, and then you need to modify the client to use that server, have everyone you communicate with install that client, and also not brand it as "Signal" because it has nothing to do with the Signal network anymore, and you can't communicate with "regular" Signal users.
So, from the point of view of anyone using the Signal service, the utility of the source is near-useless.
...except Telegram X, their alternative Android client.
> IMHO the only good argument against Telegram is that direct messages don't use end-to-end encryption by default.
I'd add two more:
1. End-to-end encryption being device-specific. Example: if you start a secret chat from your phone, you can't view it on your other devices. Other end-to-end encrypted solutions don't have this drawback.
2. End-to-end encryption being available only in one-to-one communications. Take this with a grain of salt, but I don't think it's available at all in group chats and channels.
taken individually, these all seem like minor nitpicks. but together, they make for a pretty high-friction E2E experience on telegram. the first time I try to have a "secret chat" with someone, it's often the first time they realize that telegram isn't E2E by default or that it even has that feature! I have to wonder about the design decisions made here. it seems pretty obvious that the combination of limitations is going to result in the vast majority of messages not being E2E. in practice, "secret chat" on telegram is only worth the trouble when both participants understand they are doing something shady.
What makes opposition movements adopt telegram? What's the key feature that makes them adopt it instead of WhatsApp or Signal? People are not crypto nerds by default, so there must be a simpler answer.
Think of it like a big public message forum. Technically it works like one: You post messages and they're stored on the server and served up to everyone else at any point in the future. It's perfect for coordinating big groups of strangers.
It has a good reputation for refusing to kick people off when governments demand it. Although accounts are tied to phone numbers it doesn't show them by default and users can choose a unique username, so unlike WhatsApp or Signal it's easy to recognize the pseudo anonymous identity of people you don't know. It's much easier for many people to use than Twitter.
When running an opposition movement it doesn't matter if there's no encryption. Since you are open to the public your adversaries are going to be in your groups anyway. Another bonus is that most of your followers aren't already using it, which makes them more free to act. If a different messenger is popular in your country you might not want to tie the long held account that everyone in real life knows you as to your freedom fighting activity.
There isn't necessarily am answer at all. As these people aren't cryotonerds they likely just use the first one their associates use. Telegram was one of the earliest e2e encrypted chats to gain some notoriety as a means to avoid surveillance, and the publicity from that and countries banning it provide advertising others lack.
Or is it just a matter of market share ? lots of people use telegram, it's encrypted, 'strict' government decides to block it because they don't know much else about the field.
I wouldn't trust Signal for the sole fact that the USG promotes its use. Think CryptoAG and how hostile Swiss law is to data privacy. Kids seem to think just because they were once known for banking secrecy doesn't mean they treat data the same way (they don't).
As others have pointed out, we users of Signal have no way of verifying that the code running on the server we connect to is the code they've released.
We are very much trusting the Signal team to do what they're saying (not logging, not leaking) and to make no mistakes in doing it (not logging accidentally, not leaking accidentally).
Which is in general a fair trade-off, but it is very much a trade-off, open audits notwithstanding.
As I pointed out elsewhere in the thread, Signal uses SGX to let clients confirm exactly what version of the contact discovery server software they're running against:
It's not bulletproof by any means (https://signal.org/blog/private-contact-discovery/ goes into this, and also points out several features they've used SGX for since), but it's certainly something, and they're doing it.
On a related note, people should download and run OONI Probe to monitor and record censorship on networks around the world. OONI Probe has tests for Telegram and WhatsApp, as well as middle boxes, blocked websites, etc.
Also, make sure you're not on a network where someone will report you for visiting the "wrong" websites. It does requests to a lot of websites you don't want to be caught with in your history.
Oh! I had no idea it there was an Electron app for desktop. I've been using it on Android for years. I make a point to run it on wireless and mobile connections in every country I travel on. Also, I've made pull requests to https://github.com/citizenlab/test-lists with new URLs that are blocked in certain countries when I find them.
It’s not JavaScript-on-desktop that’s the problem- this was a suspicion often cast at Gnome’s bad performance, until Canonical got involved, started fixing performance issues, and it was discovered that most of those issues stemmed from inefficient waits and stuff.
The reason why Electron apps gets such a bad rap (and I fully agree, I hate them too) is because they carry basically an entire Chromium with them in addition to whatever you wanted to accomplish.
HN is pretty split on Electron afaik because whilst it killed native apps for Windows and Mac, it has brought a lot of them to Linux.
There's also a lot of people who don't feel the same way and I think you know it. So probably no need for "saved the click" part in your community service.
ProtonVPN uses OpenVPN, right? That's been blocked in Egypt for some time. I had good success with Wireguard, which they didn't block (as of a year ago).
The traffic over your phones data connection is encrypted and routed directly through your provider in your own country. So these filters don’t affect it.
Data roaming charges are not set by governments. It’s not even necessary because typically the economies of countries that desire this kind of control are so bad getting a subscription abroad is not affordable for common people anyway.
They’re not directly set by governments. But governments have a lot of influence over how mobile providers operate and, depending on government in question (e.g. China), if you want to keep your license you better do as you’re told.
Unfortunately unless there are financial incentive to do that it will not be adopted. Maybe try to get the porn industry to adopt these services first, maybe others will follow.
This reminded me of something I hadn't thought of in a long time. In the earlier days of bitcoin, there was a chat app that was using encrypted messages on the blockchain... I just spent ~5mins searching for it but can't remember the actual name. Is there anything else using the blockchain for chat?
I think you talk about bitmessage. It doesn't use blockchain, though, which is kinda useless, there is no need to store messages permanently without the way to remove them.
These systems mostly use blockchain as PKI or similar to bitcoin mempools with public crypto, but not store messages on blockchain.
Why don't messaging apps like Telegram use P2P, wouldn't that make it much harder to "block" people from using it, if the connection is directly between two devices?
Leaving aside the fact that p2p is certainly not feasible in mobile devices, something being p2p or federated does not improve the service's ability to evade censorship.
How would you block a p2p network like TOR? Just ban all the entry points. You can use proxies to access those, but then you can use the same proxies to access a centralized service.
How do you ban a federated network like Matrix or e-mail? Ban all the servers you can find, then you're back to proxies.
iOS does not allow apps to be kept alive in background at all. On Android you can (mostly) keep an app open in background, but you should not, as it affects battery life.
Of course, another issue is that no device is always online, so you can't base the system entirely on devices communicating with each other peer-to-peer. You want to at least have supernodes. When you do, it effectively becomes a "dynamic federated network".
I remember reading something about a ban-evading technology that telegram used, that 'happened' to be ready just in time for russia to 'ban' it two years ago?
As I recall it, telegram was indeed banned, and was coming on and off line as it jumped servers among major cloud providers, resulting in major part of AWS and Azure IPs being banned as a collateral damage.
Then Telegram team came up with smart improvements to the protocol, like delivering individual IPv6 endpoint for each user via invisible push notifications.
the idea is that telegram is controlled opposition, with russia making a big show of banning it (ip blocking hugh suafs of aws) just in time for countermeasures to be completed
other background is that telegram was started by the same guy who founded vkontakt, russia's facebook, and that it advertises itself as having secure e2e chats, which are not default and are difficult to use
I have no idea how the block works, but I learned that WhatsApp video calls are blocked in the United Arab Emirates, along with almost every other video chat app. There’s a UAE sponsored app called Totok that works, although it is/was removed from the Apple Store for privacy reasons. Recently they started allowing Zoom calls to go through.
WhatsApp broadcasts act a little differently than Telegram channels; they end up as normal messages in a 1-on-1 chat with each recipient (with a megaphone icon next to it), so it's not something you can join or even have as a separate section.
WhatsApp groups can be set to act like channels, however, by changing permissions to allow just group admins to send messages.
Misery isn’t finite. The situation in Kashmir isn’t lessened by that in Egypt. This kind of off topic mud slinging is a terrible way to build support for a cause.
Good thing that the Telegram client supports proxying traffic over SOCKS5 and MTProto (custom protocol). On the server-side, in the past, they successfully employed domain-fronting and recycling through multiple IPs to bypass the Russian firewall.
The client does its own DNS resolution over HTTPS and so DNS blocks are already ineffective.