Telegram is giving away FREE Premium subscriptions! All they need from you is to use your cell phone as a relay to text out their OTP codes! And the recipient of the OTP sees your phone number! What could POSSIBLY go wrong with this deal?
PLEASE don’t use Telegram! I personally recommend Matrix as it’s totally FOSS, you can self host, there are tons of front end clients to choose from. Or even use Signal. I have my own issues with Signal, the fact they don’t allow third party clients, you can’t self-host, they have a proprietary shim in their stack that only they know what it does, they were pushing crypto, etc, but at least Signal is better than this garbage.
I imagine SMS authorisation texts are Telegrams biggest single expense, they are for Signal https://signal.org/blog/signal-is-expensive/
Telcos know that authentication is about the only remaining use case for SMS and are not going to turn down the revenue stream.
That said this idea from Telegram sounds absurd. Not least I expect most contracts prevent reselling free SMS’s like this. The security implications have got to be significant too.
They should just only allow other 2FA methods, like OTP, TOTP, and HOTP. It’s really not hard to install an app to handle it…
Telcos know that authentication is about the only remaining use case for SMS and are not going to turn down the revenue stream.
And it can’t die fast enough, as it’s essentially the same as broadcasting your sensitive information over unencrypted radio.
Apart from security, phone number based user identification is such a half-assed approach and I still don’t get why Signal wants to die on that hill. It’s inconvenient, yet trivial, for anyone to register a second, third or tenth phone number. With a bit more knowledge and inconvenience, even anonymously. It adds so little.
It’s pretty drastically harder to register 100 phone numbers, especially in your target region, than 100 email addresses. Major spammers and such work with automation across many accounts, this isn’t designed around someone with 10 accounts.
What proprietary software does Signal have?
I would use Simplex chat over matrix
I’d be interested to hear people’s thoughts about Signal and DeltaChat for messaging
Signal and DeltaChat, as well as Simplex and some others e2e communication solutions, are adequate from a technical point of view.
The main issue is always adoption. You can have the most convenient way to safely communicate with people, it’ll be useless if nobody you’re talking to wants to use it.
So, since Signal is very easy to set up and use as well as the most adopted, it’s currently the best pick for regular conversations.
I said Signal, meant to say Sessions
Signal is pretty broken. A chat app shouldn’t require a SIM card & an iOS/Android device just to create & maintain an account (too bad Linux or KaiOS users or folks that otherwise don’t want a smart phone). Multi-devdice setups seem to have issues. The desktop app being Electron is a waste of resources. They still don’t want to support UnifiedPush while highly encouraging you download the app from the Google Play Store & send notification data thru Google-controlled FSM. There’s also the missing history of the server code which is probably has something to do with US intelligence injecting code.
Is it better than a lot of things, sure, but it should be put on a pedestal nor seen as exemplary for private chat in UI or philosophy.
Signal is fine for a drop-in WhatsApp replacement. I use it for chatting to my friends casually. For something you need more security for you could do encrypted emails as that doesn’t require exchanging phone numbers, or ideally just arrange to meet up in-person and discuss things so you don’t leave any kind of digital or paper trail.
Yes, meet up, place your phones on the table, and discuss 👍 Facebook ads won’t change at all 😉
Obviously you don’t have your phones on you. Otherwise what’s the point of meeting up in person.
You don’t use your phone outside of the house? I must be the only one then. My bad.
Not if I don’t need to, like if I need to have a conversation with someone that doesn’t need to be overheard. In any case turning your phone off and putting it in a faraday bag then putting it somewhere relatively noiseproof should be more than enough if you need to bring your phone with you.
Sounds like something everyone does for sure. When I sit in public transport or go out to eat, nobody has their phone one them, and if they ever do, it’s safely tucked away in a faraday cage 👍
What could POSSIBLY go wrong with this deal?
No jokes, I’d like to know. How is it different from sending sms to random numbers?
… people just send SMS to random phone numbers?
No but what exactly stops anyone from doing that? A privacy consideration? I’d think it’s just a waste of time at best.
It lets that person know your number works. If that person happens to be a scammer or solicitor, you could run into issues.
People don’t need to get an sms from you to know your number works. There are tons of other ways including just trying to log in into telegram or Whatsapp with a list of many numbers.
The issue here is that you could potentially read the content of a 2FA sms that wasn’t intended for you. It makes it easy too break 2FA if you have many devices
ok but, why don’t use telegram for this? scammers are everywhere but how is this telegram’s fault
Ma dai what a logical fallacy laden answer. Idk which one cause I aint that sharp but you know well you’re trying to smudge the point
Reading the discussion here. I’d never heard of xmpp. Probably just never registered as a messaging alternative. Just checked out https://xmpp.org/. Wow! Tons of apps. Even some android apps on fdroid. Guess I’ve got some exploring to do.
https://joinjabber.org is also a good resource for learning about XMPP.
