this post was submitted on 10 Jun 2025
169 points (98.8% liked)
Technology
39139 readers
454 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Also, AMA I guess.
What would you recommend as an alternative for the general non-technical population?
For the internet messenger functionality that would be Signal.
For other things (channels, mostly), anything that does not pretend to be end-to-end encrypted when it is not. A website with an RSS feed would be one trivial choice for channels that are open to anyone. Public communication like that has no business going through "platforms".
Matrix
I would most definitely not recommend Matrix for private or sensitive communication, no.
https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
Matrix is fine as IRC replacement, it might also be a decent replacement for Telegram's channels thingy, sure. But I would not trust my family photos to it. Much less anything actually important.
That guy again lmao why do "security researchers" keep recommending signal with that softheaded blog. Get real
So, you drop into a thread about a pretty technically involved analysis of one protocol (MTProto), and in response to a post linking to another pretty technically involved analysis of another protocol (Matrix/Olm) all you have to offer is "that softheaded blog"?
I mean I would expect some finesse with the insults. I understand that diving into the technical nitty-gritty might not be your thing, and that's totally fine, but at the very least don't deny us the entertainment factor of a well-rounded invective!
Oh, you'll just have forgive me for not diving into the high-level discussion of whether Signal is better for furries because of the UI needs of differently-abled individuals. It's just too complicated for me. 😖
That's all FUD. Matrix is as secure as Signal if you - like Signal - rely on a single centralized server. Actually, since you can host it yourself, it would be even more secure since you don't need to trust Signal.
(I defend infrastructure and perform hacks against cryptograph & protocols for a living)
My question was specifically about "the general non-technical population". Do you expect my mom to even remotely understand what different servers are and why talking to me is securely encrypted but talking to her friends group isn't? The point about secure software is that it needs to be secure by default or else, entry level users will manage to accidentally send their stuff in plain text and not even notice.
For nerds like us, I agree that Matrix is probably a good choice. For someone who needed to be told that "the internet" isn't the blue "e" on their desktop... not so much. I'd rather send carrier pigeons than explain Matrix to my family.
My extended family use Matrix - including my elderly parents. It's no more difficult to understand than any other service.
If you need to say it…
Regarding Soatok, I am prone to completely ignore impolite individuals. As far as my experience goes, and for most of the general populace, Matrix is fine. And it is likely to continue improving. Compared to Signal and Telegram, who both incentivize crypto"currencies", a.k.a. tech bro multi-level marketing pyramid schemes, enshittification has already begun.
Please feel free to ignore me as well then, because saying that technical analysis by an expert can be outright ignored just because the expert happened to be impolite that one time might make me become somewhat impolite.
Imagine getting dozens of randos in your replies asking about dozens of random chat apps. At some point I am pretty sure you'd also reach a breaking point. Some would call that kind of behaviour a bit impolite, I'd wager.
I'm not saying arguments necessarily become invalid because of impoliteness. But to me it doesn't convey trustworthiness on first impression, especially when not knowing someone. The world / the Internet already contains so much toxicity, there's no need for needless additional discord. Especially when encountering something frustrating on the Internet—as opposed to real life—it is trivial to just take a breath, go for a walk, and come back and respond peacefully. The simplest thing for Soatok to have done would be to ignore the message, or use AutoKey to paste a generic neutral response denying the request.
Why do you conflate politeness and trustworthiness? Seems like a weird connection to make.
Is it really that weird? Imagine someone going to a store and the owner starts swearing at them because they asked a question. Would said visitor be more or less likely to trust the owner? I agree that being impolite doesn't necessarily equate to being ignorant in one's subject, but I wouldn't be surprised that on average the most knowledgeable and wise tend to be more polite.
Because the inverse of that is how people get conned. Someone blowing absolute smoke with a confident tone and a sweet word. Tone is about the worst indicator of trustworthiness
Sure, skilled sociopaths con their way up that way, or that's how soulless marketers manipulate the populace. However, that does not mean that most people who are kind are sociopaths or soulless. On average kind people are just being kind.
And that is great, it is good to be optimistic. My point is being kind has nothing to do with trustworthiness. Hell, someone that is kind can also just be plain wrong. They might think they know something when they do not. The kindness just does not factor in to knowledge. Plenty of experts are not what people would describe as kind, and plenty of misinformation peddlers are kind. It just has nothing to do with expertise
It seems like trusting the nicest voice in the room on a topic like security, rather than experts, could be a mistake
Right? What a strange and dangerous metric
Soatok. At least get the name right.
Which also happens to be the simplest thing you could have done, even simpler as none of the toots you quote were addressed to you. Instead, you are dragging this one random exchange into this thread about something else entirely.
Does it really matter whether or not it is addressed to me? And, the simplest route is not necessarily the most virtuous one. To take an extreme example, if I see someone being bullied I will interfere to stop the bully and console the target. Here, I am simply arguing in favor of less toxicity for it improves credibility.
You say you're arguing in favor of less toxicity, but your example was a screenshot of a comment where I asserted my own healthy boundaries (after being needled by hundreds of demands in the form of "what about ?" from strangers over the course of months).
Which is more toxic?
The one that contains the most aggression.
Do most of those strangers know that you are receiving hundreds of requests? They're strangers, so I'm betting on no. Are they then deserving of any swearing and caps lock yelling? Even if they do know, I can recall few to no instances where unironically doing so packed a punch.
A more reasonable answer would have been: "Sorry, no idea. For my own healthy boundaries I have to refrain from doing too much of this often-requested but time-consuming research."
Not toxic, more effective. And as I mentioned in another reply, with AutoKey you could configure that typing the word "sigh" or phrase ''goddammit not again" automatically expands into the alternative answer suggested above. Being frustrated is fine, and venting is absolutely necessary, but there are ways to do it that are healthy for everyone involved, such as the autoreply and then going for a run. Hope for the best, prepare for the worst.
Aggression isn't toxicity. The logical consequence of your stance is negative peace, and broken stairs.
Sure they do, because I tell them. The screenshot you posted is proof that I inform them.
The rest of this is needless language policing.
Subjective. “A toxic person is anyone whose behavior upsets you and adds negativity to your life.”
Asking a simple question and out of the blue getting a response intermixed with full caps and "fucking" would be enough to add negativity to many if not most people's lives. Also the unyielding need to defend one's doing so doesn't help to convey the converse.
You "inform" them afterwards, therefore they didn't know.
Not sure what the definition of "language policing" is, but welcome to the Internet. You're free to be crude or toxic while others are free to point out it out, which is rarely needless.
No questions from me, just wanna say:
Excellent goddamned work.
Favorited this whole post for future reference.
No questions. Hats off. Thank you for your service, it always seemed like a honeypot to me. Nice to see some evidence other than my gut feeling.
Thank you!
There were reports (claims I suppose) that the fsb were using telegram to organise the stochastic gig job sabotage across Europe.
Joining a neo fash telegram group, pretending to be a rich neo fash who wants to help the cause but not risk themselves and paying people for putting up posters, damaging equipment etc.
Does what has been found here shed any more light on that? I'd guess it would allow them to find these groups to target them very easily? That was the bit I couldn't quite understand from the original report, if so this all makes more sense.
No no, reports: https://www.msn.com/en-in/news/world/russia-uses-telegram-to-recruit-spies-and-saboteurs-in-europe/ar-AA1xshqO
Not really/not directly, I would say. What you are describing is FSB using Telegram for recruitment. That does not require network-level observability and surveillance. That's a different "feature", so to speak.
It's not that I don't believe them, but anything coming from spooks has to be looked at a little sideways.
Thanks for the reply. I just couldn't figure out how they had enough intelligence to find all these telegram groups, maybe that's easier for a nation state than I thought.
It's trivial for a nation state, they have lists of these groups. These groups are promoted in other groups and other channels and other forums and eventually reach somebody who will make a note of them.
Any advice for people that used it in the past? After reading the article, my understanding is that what was sent in "private chat" was in fact encrypted (for the most part) and can be considered secured (to the degree - something is off and, maybe we didn't find out yet, how the encryption is compromised). But it would wise to treat all other conversations as something that is compromised. Is this a fair summary?
"Secret Chats", but otherwise spot-on, yes.
I am making a point of clarifying here because Telegram thrives on ambiguity. "Private chat" might mean anything in that system. "Secret Chat" is a specific feature that almost nobody uses but gives Telegram cover to claim they do end-to-end encryption.
Yes, that's what I would say.
Telegram has access to everything that is not a "Secret Chat". They are responding to data requests. It's unclear what they include in these responses. They are also linked to FSB, through the same Vedeneev guy that owned GNM (the infrastructure provider).
This is the part that resonated with me the most as the casual user. The interface is, so confusing that the differences between various forms of chats seems deliberately unclear. And all that's "useful" is opt-in. And Groups - most used in corporate or project setting, can't be encrypted at all? That's... peculiar.
Again, thanks for the eye-opener.