The fun part is they don’t know the extent of the comprise or how long it has been going on.
What happened is that CISA recently published a report stating that they think a lot of US telecommunications equipment has been compromised. It isn’t a one time breach. They know that China has control over a unspecified amount of critical components. The malware China is using is extremely complex and very hard if not completely impossible to detect. China is very good at covering there tracks so even getting a sample of Malware is hard.
Because of all this, CISA is now recommending that people use encrypted messagers.
So what would be an encrypted messenger? Telegram or a Matrix app like Element? Asking cuz I’ve been kinda hinting to my friends that maybe we should move away from Facebook Messenger, but all we do is share memes and YouTube videos… Occasionally we’ll fuck with their stupid AI and make it write all responses in cuneiform or call everyone “shitass”
Edit: I can’t spell for shit
Not Telegram. Signal is a better choice which has been audited by third parties and produces internal transparency reports.
And it’s open source!
I’ve been leaning towards Matrix/Element, but I’ll check out Signal and see what everyone else thinks. Thanks dood!
Signal is pretty easy to get people into, too, I feel like.
Matrix is not always encrypted.
Signal, Simplex chat or any other well vetted messager. Avoid Telegram as it isn’t encrypted and is tied to Russia.
Whut? When is matrix not encrypted somtetimes? Genuine question - I’m a matrix newbie and i thought that all was encrypted was the whole point O.o
On the transport level it is encrypted but not on the server. To get E2EE you need to turn it on.
It’s been on by default for many years now.
We have been down this road before. There’s nothing out there beating or close enough to signal.
https://soatok.blog/2024/05/14/its-time-for-furries-to-stop-using-telegram/ https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/
I’d argue Threema. The server code isn’t open source, but the apps are auditable. You can use it without any other identifiers (phone number, email are optional). It comes from a private company, but they have had a good track record.
Edit: They also have a version on F-Droid, without proprietary components, that uses their own push protocol instead of Google’s.
https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/
Oh. How fun. yay