from the there-is-no-viable-alternative dept.
"A mere three days after Mark Zuckerberg announced Facebook's acquisition of Whatsapp, the popular smartphone messaging app suffered a major service outage that lasted three and a half hours. Left to their own devices, Whatsapp users worldwide went rushing to its rival apps, including secure chat provider Telegram. The surge in new users quickly turned into a tidal wave that brought Telegram's service to its knees:
The SMS gateways we use to send registration codes are overloaded and slow 100 SMS per second is too much. Trying to find a solution.
In its official twitter, Telegram announced that more than 1.8 million new users had joined on Saturday, Feb 22. Four hours later, it reported an additional 800 thousand.
Telegram's messaging service, which uses 256-bit symmetric AES encryption, RSA 2048 encryption and Diffie-Hellman secure key exchange, began enjoying a spike in popularity after Whatsapp's acquisition. Although it has released the source code for its java libraries and all its official clients, its server software is still closed source."
(Score: 5, Insightful) by d on Sunday February 23 2014, @02:05PM
As in title. Why shift your security to a third party if you could have an end-to-end encryption?
(Score: 1) by jamesbond on Sunday February 23 2014, @02:32PM
Because you friends aren't using it ...
(Score: 3, Funny) by Debvgger on Sunday February 23 2014, @02:32PM
Because that's not "cool".
I just smile when I see the people who back then thought I was a bit weird for using IRC using their phones even on the toilet because they have received "a whatsapp" that couldn't wait until their pants were on their place again.
So, now there's a 3.5 hour outage and, hey, they can't receive the same videos they see on Youtube! Then millions of sheep install that program a friend told them it was so cool, and life continues happily ever until a new fad arrives to distract them from their miserable existence.
All said, fuck Whatsapp.
(Score: 3, Interesting) by Nerdfest on Sunday February 23 2014, @02:40PM
It's a pretty flimsy thing to pay 16 billion dollars for when a three hour outage sends millions of your customers off to a superior competing service. It does certainly put a lot of pressure on the infrastructure support people at least.
(Score: 3, Insightful) by Debvgger on Sunday February 23 2014, @02:51PM
That's the problem with fads. There's zero loyalty from your users, because they only want the same their sheep friends have, and don't really care about it or even what it is or how good it is. So, here's an idea for you Microsoft: Give free Windows Phones to the alpha guys out there! :-) ... Try to at least make them like the phone a bit, of course, if that's even possible.
(Score: 3, Interesting) by maxim on Sunday February 23 2014, @03:18PM
Won't work. The hate toward Microsoft is too high among general public.
They might use Windows but only because they have to.
Well, if give any advice to MS is maybe somehow be very careful and not mention anything Windows
when selling a product.
Btw, that did work with the XBOX, even thought it also probably runs something windows derived.
Also, btw, the same sadly applies to Linux brand, peoples also scare the hell out of them when they hear 'Linux',
thats why Google tries not to mention that Android is Linux based....
Its our fault, can't not admit this.
(Score: 5, Interesting) by girlwhowaspluggedout on Sunday February 23 2014, @03:44PM
Soylent is the best disinfectant.
(Score: 1) by c0lo on Sunday February 23 2014, @05:10PM
Which rots quickly with every minute that passes. If not refreshed, two years down the road will make the data next to useless (unless FB switches its business profile to an archive institution).
Does a snapshot in time really worth $16B? I doubt it, but... hey... what do I know?
(Score: 2, Interesting) by shodan on Sunday February 23 2014, @02:53PM
All true. It's really sad that such superior technology like IRC is not popular anymore. I mean come-on: 10, 15 years ago I was often speaking on IRC with 50 friends on channel.
Nowdays - people of facebook era and other fancy apps - doesn't even know that it's fun to talk to many people at once in REAL-tiME, beasue that feature is not avalible on facebook... :(
It's so sad.
(Score: 3, Interesting) by Debvgger on Sunday February 23 2014, @02:58PM
Attending university in my thirties, a few months ago I was talking with a fellow student and told him something on that line, about how useful IRC was and what a crappy experience Facebook delivers in comparison.
:-)
His answer was: Well, but I HAVE ONE THOUSAND FRIENDS ON FACEBOOK!!
Let me guess, he has probably installed Telegram this weekend, too.
(Score: 3, Insightful) by clone141166 on Sunday February 23 2014, @06:49PM
24 hours in a day, minus a modest 8 hours a day for sleep, leaves 16 hours. If your friend spends 100% of that time communicating with his friends on Facebook that gives him 57.6 seconds each day to talk to each of his 1,000 "friends".
It kind of worries me the way Facebook turns friendship into a collectible item. People should value their friends more than just as part of some competition for who-has-the-most-friends. I'm sure your friend has a core group of people who are actually his close friends, but the whole concept of collecting friends just feels wrong to me.
(Score: 2) by frojack on Friday March 07 2014, @04:44PM
The problem is that multi-person chats in general end up being a huge waste of everyone's time. The tendency to do so increases proportional to the number in the chat. Group chat, of any variety, invariably leads to an average maturity level of a 13 year old. One need only look in on #soylent to watch the endless stream of bacon banalities that go on literally for days on end without a single intelligent thing being said for hours.
People don't want that anymore. The novelty wore off somewhere around 1996.
People use messaging apps mostly for quick short conversations, questions, etc.
Discussion should abhor vacuity, as space does a vacuum.
(Score: 3) by Nerdfest on Sunday February 23 2014, @02:37PM
Secure key exchange is still hard or inconvenient for most people.
(Score: 5, Informative) by Fnord666 on Sunday February 23 2014, @03:30PM
Really? From the telegram FAQ:
Seems pretty simple to me.
(Score: 2) by Nerdfest on Sunday February 23 2014, @04:17PM
This assumes that the initial key exchange was secure, and I'm guessing that it's done thought Telegram. If Telegram does the initial key exchange, can't it still happen?
(Score: 0) by Anonymous Coward on Sunday February 23 2014, @06:35PM
According to your friendly neighbor Wikipedia, the Diffie-Hellman key exchange method [wikipedia.org] "allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel".
(Score: 1) by TheLink on Monday February 24 2014, @02:17AM
But if you can trust your software clients the picture stuff does give some sort of plausibility if you verify them over a different channel (or you directly verify the keys over that channel).
(Score: 1) by chromas on Monday February 24 2014, @02:36AM
There, fixed Slash's misteak (blame β)
(Score: 1) by TheLink on Monday February 24 2014, @02:42AM
A -> C "hey my pic is a 'cow' what's yours?"
C -> A "my pic is a cow too"
A -> C "all secure then!"
C -> B "hey my pic is a 'pig' what's yours?"
B -> C "my pic is a pig too"
C -> B "all secure then!"
Much easier if it's text messages. Harder for voice - since delays become more noticeable.
And if B started telling bacon jokes regarding the pig pic it becomes a lot more work, but C might be able to tell B to focus on stuff that's easier to "pass-through" without rewrites.
Of course you could use another channel to do the verification, but how would you arrange that without being MITMed again?
(Score: 1) by LM-Els on Monday February 24 2014, @03:59AM
The image they use is actually closer to a QR thing than a describable image. You'll have to send screenshots.
Not saying that a MITM can't alter those, but it does become a little less easy than simply cow vs pig. And you could send the screenshots via email to bypass a Telegram MITM.
(Score: 1) by TheLink on Tuesday February 25 2014, @02:47AM
(Score: 1) by scourge on Sunday February 23 2014, @04:53PM
Look into psyc. Doesn't use xmpp for good reasons. It's the solution but needs a bit of extra dev help.
(Score: 5, Informative) by drac on Sunday February 23 2014, @02:36PM
I like Telegram. Installed their client on both Android and iOS, it looks nice and it just works. The problem is - I've read things about their custom protocol and now I'm no longer sure if they're truly safe.
This [telegram.org] covers most of Telegram's rebuttals to a host of experts. They awarded a cash prize early on after their crypto was broken. More embarrassingly, for a brief time a couple of days ago - complete strangers could add others and send messages to them, a fact they acknowledged in a broadcast message a few hours ago.
Call these teething troubles and that's fair enough - Whatsapp has had their share of security problems too. But I'm not sure anyone should bet the farm (or anything else) on how secure they are just yet.
As a postscript: a minor UI niggle that people (including myself) do not like - secret chats (their term for private, end to end encrypted conversations) are NOT the default, although not using a secret chat is conceivably a mistake you'd only make once (a padlock icon appears next to all secret conversations).
(Score: 3, Insightful) by spiritplumber on Sunday February 23 2014, @02:57PM
every two-three years people inexplicably move to a different IM platform. I'd like something like Pidgin on android, personally.
(Score: 1) by Marand on Monday February 24 2014, @03:47AM
IM+ is a multi-protocol messenger on Android, similar to how Pidgin is on other platforms. Full version costs a few bucks and it works well enough, but I don't think it's open source so it may not be trustworthy enough for anyone that requires high security.
(Score: 5, Informative) by Geotti on Sunday February 23 2014, @03:29PM
Here's [cryptofails.com] some [thoughtcrime.org] food [hackapp.com] for [dev.soylentnews.org] thought [ewdn.com].
(Score: 2, Interesting) by Xerxes on Sunday February 23 2014, @03:03PM
I had no clue those messaging services were so popular before the aquisition and this article - Somebody who doesn't text
(Score: 1) by sibiday fabis on Sunday February 23 2014, @04:22PM
You're not alone. I have never texted and have no desire to start. My cellphone is used as a phone. I hate "typing" with my thumbs.
(Score: 5, Informative) by mtrycz on Sunday February 23 2014, @03:16PM
The problem I have with Telegram, and the reason I haven't installed it (yet?) is that the project has been sponsored by Pavel Durov, russian millionaire and "philantrope", the person behind VKontakte (the russian equivalent of Facebook) that has beed dubbed "russia's Zuckeberg".
I'm not fleeing one corporate overlord for another.
Also, as many already stated, the E2E encryption is not the default (but still possible?), when can we have that?
(Score: 3, Interesting) by beckett on Sunday February 23 2014, @05:05PM
good point about swapping corporate overlords.
However, we might be optimistic about the people that are choosing to leave Whatsapp for what is supposedly a service with better privacy policies. At least this indicates people in the Whatsapp demographic are aware of and sensitive to wholesale surveillance, and will take action to preserve personal privacy. If the general public are aware of these issues to digital privacy, metadata, and data mining the next generation of killer apps will have to consider these issues seriously.
(Score: 1) by hash14 on Monday February 24 2014, @01:49AM
They have an open API, so you could conceivably patch/fork the existing client (or write your own) with that as the default setting.
(Score: 4, Informative) by Fnord666 on Sunday February 23 2014, @03:24PM
(Score: 5, Informative) by girlwhowaspluggedout on Sunday February 23 2014, @03:28PM
OP here - while writing the submission I came across a critique of Telegram's encryption [cryptofails.com]:
I am not a cryptographer and so I have no idea if this criticism is valid or not. Is there a cryptographer in the house who cares to comment?
Soylent is the best disinfectant.
(Score: 3, Interesting) by tomtomtom on Sunday February 23 2014, @07:42PM
I'm not a cryptographer by any means but I do know enough to spot some of the red flags here - plain SHA1 with no key as a MAC, poor KDF, perhaps MAC and encrypt, using an obscure cipher mode, etc are design choices which are unusual and would need some better justification than the company has given (and that justification should have been there upfront); therefore what is clear to me is that whoever designed this protocol does not have enough experience in the crypto field to do it right.
The issues identified there may or may not create problems for people in the real world (especially if you accept the limitations of basically no MITM protection/authentication) but the red flags they raise are enough to convince me not to trust it any more than I would a system which sent messages in the clear via a third-party server (which given the third party here is less than I would trust SMS). Quite apart from the direct issues here, there may well be other implementation issues or flaws caused by inexperience.
This is quite apart from the biggest privacy issue (to my mind) with any of these types of service which is that they upload your entire phonebook to the operator's server, which then uses it to work out who else you know is on the network. Even TextSecure only partially solves this (through the use of Bloom filters). I suppose you could also delay the lookup until you try to message someone but that gives a worse user experience. Without a technical solution to that problem, you fall back to "how much do you trust the operator?". WhatsApp had built up a reputation of sorts of not selling/mining this data; Facebook is almost the polar opposite. Telegram was founded by a group who also founded a Facebook competitor which seems to be a bad start, and when you add on rumours about their closeness to the Russian government that's enough to convince me to stay well away and advise my friends to do the same.
Incidentally, if you do leave WhatsApp you should delete your account from the Settings dialogue, not just uninstall the app, otherwise they look more likely to retain your address book data and hand it on to Facebook. By deleting your account there's at least some chance they delete your addressbook (although I think their T&Cs/privacy policy wouldn't require it).
(Score: 5, Funny) by Buck Feta on Sunday February 23 2014, @04:08PM
The name reminds me of the slightly obnoxious Budweiser commercial of a few years ago. I imagine Zuck and Brin one the phone saying "Whatsaaaaaaapp?" back and forth to each other like a pair of morons.
(Score: 1) by knorthern knight on Sunday February 23 2014, @08:55PM
1) Set up messsaging app and service
2) Wait for Facebook to buy competitors
3) People flee bought-up competitors, turn to your app/service
4) You sell out to Facebook
5) Profit
(Score: 1) by isostatic on Monday February 24 2014, @03:16AM
Interestingly, WhatsApp was written by a road warrior for the road warrior [flyertalk.com].
i am actually flying to Barcelona for MWC right now using the M&M miles award ticket (i am posting this from LH455 flight)... i obviously got these tickets many months ago - i prefer to fly using miles when i can to save company money. as you know, award ticket inventory is limited and last minute changes are nearly impossible... and this is where it gets cute:
we announced the deal with Facebook on wednesday after the market closed. during the process, we realized there was a chance we might not be able to get the deal wrapped up and signed on wednesday and it could delay.
when the risk of the delay became real, i said: "if we don't get it done on wednesday, it probably wont get done. i have tickets on thursday to fly out to Barcelona which i bought with miles and they are not easily refundable or even possible to change. this has to be done by wednesday or else!!!" ...and so one of the biggest deals in tech history had to be scheduled around my M&M award ticket
(Score: 3, Funny) by Boxzy on Sunday February 23 2014, @09:06PM
Even the least technical are taking my advice to move to Telegram when I type out what $19,000,000,000 looks like on a phone screen. Then I explain that because everyone seems to be leaving those left behind are going to be sold SO HARD their noses will bleed.
Go green, Go Soylent.
(Score: 4, Interesting) by lennier on Sunday February 23 2014, @10:59PM
Mashable is reporting 4.95 million more users just signed up on Telegram today. So over 6 million by now?
Just wow. How's Facebook stock looking?
Delenda est Beta