I do not (and have never) used Telegram but, if what I’m reading about how this feature operates is correct, I find this article a little disingenuous. I would never use a feature that openly broadcasts my location to other users of an app. However, if the feature is disabled by default, and if clear warnings are provided when people enable said feature, I have no problem with that feature existing. In this case, I think Telegram may be right to say “It’s a feature, not a bug.” If anything, this serves to highlight how important user education is. It’s safe to assume that if an app tells you outright that it will share your location with other users, the location it shares may be detailed enough for strangers to easily find you (if they want to).
Communicating with another person via any means other than face-to-face means you’re choosing to trust a third party. If you use Signal, you’re trusting Signal. If you use Matrix or Briar (even if self-hosted/federated) you’re trusting the developer(s) and/or whoever is running that instance (if you’re not doing it yourself). Even if you’re someone who can (and does) read (and understand) the source code of every tool you use, and host it on your own infrastructure, you’re still trusting the hardware manufacturer who built the components of the system you’re running it on… unless of course you built those too.
I’m not trying to say that Signal is great (or better than Matrix/Briar), I’m just saying that using modern tools of communication requires some level of trust. Everyone should choose for themselves where they draw that line… and just because someone chooses to draw it somewhere differently than you do, doesn’t mean they’re doing something wrong.
Why does everyone blindly trust Signal? Use Matrix, or something like Briar.
In 2011 a fictitious company was created by the U.S. GAO (Government Accountability Office) to gain access to vendors of military-grade integrated circuits (ICs) used in weapons systems. Upon successfully joining online vendor platforms, the GAO requested quotes for bogus part numbers not associated with any authentic electronics components. No fewer than 40 offers returned from vendors in China to supply the bogus chips, and the GAO successfully obtained bogus parts from a handful of these vendors. The ramifications of the GAO findings are stark: The assumption of trusted hardware is inappropriate to invoke for cybersecure systems.
The real estate company behind some of Canada’s most popular shopping centres embedded cameras inside its digital information kiosks at 12 shopping malls in major Canadian cities to collect millions of images — and used facial recognition technology without customers’ knowledge or consent — according to a new investigation by the federal, Alberta and B.C. privacy commissioners.
On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.”
The continuing quest for hidden access comes as governments in the United States, the United Kingdom and elsewhere seek laws that would require tech companies to let governments see unencrypted traffic. Defenders of strong encryption say the NSA’s sometimes-botched efforts to install back doors in commercial products show the dangers of such requirements.