Thank you for that useful link. I've bookmarked it as I usually go through the similar steps once in a while and I forget each, what needs to be done exactly.
One of my coworkers, a network specialist, compares IP restrictions to a garden fence. They’re enough to stop casual passersby, but anyone determined will find a way over or around it.
The reality, though, is that the majority of attack attempts are by casual passersby.
No, this method isn't going to stop a determined attacker that is specifically targeting you, but that doesn't mean blocking the lower-effort stuff has no value.
It's possible but also difficult to jam radio. That's part of why programs like Radio Free Asia[0,1] exist. Even if you can't broadcast from inside a territory you can broadcast from outside. It can be jammed but it is a tough cat and mouse game and jamming isn't precise. So when you jam there are causalities. Not to mention that jamming can be quite expensive.
I'm not saying that makes the problem easy, but I'll say that jamming isn't a very strong defense.
Though the bigger issue here is probably bandwith. It's hard to be both long range and data dense. There's probably easier ways to distribute this. Hell, both Koreas are known to transport different things via balloons.
[1] It is also why projects like Tor and Signal get funding from RFA. Maybe the US doesn't want encrypted services here, but if anything, it's for the same reason they do want encrypted services in other countries.
I’m not sure that’s super feasible any longer with the advent of cheap SDRs. Over-the-horizon HF broadcast can be heard with a simple speaker wire antenna inside your house. If anyone is interested in trying to deploy such an idea, I’d love to participate as an avid ham.
Could I ask for a source on that and how common it is?
Seems like it was used way back in the cold war (and even then not blocked/jammed) and I'd guess that current authoritarian regimes would perhaps not bother considering how few could use it.
If you are in Europe you can easily listen Dengle Welat (1) or other Kurdish radios jammed by Turkey government with the anthem or other patriotic songs. Or the Buzzer, the Russian military UVB-76 transmission (2), jammed frequently by Ukrainian ham radio operators
The UK used to get around this with very powerful medium-wave signals, the site at Orfordness could put out the BBC World Service at 2 MW towards the USSR and the Eastern Bloc. This site was built on the remains of a 1960s UK/US over-the-horizon radar installation that never worked properly.
These broadcasts were shut down in the early '10s but ironically one of the masts is still in use by Radio Caroline, the former pirate who broke the BBC's radio monopoly by putting their station just outside of UK territorial waters. Their 4 kW goes pretty far given the site's previous role, heard them as far away as the Lake District.
The data is destroyed and no content from the web pages are reused or repurposed (each listing is merely a link + various tags that are created/associated upon viewing. My understanding is that public websites scraping is legal but repurposing their content might not be
I wonder how many will switch to Firefox after this action. But it may be a small number because I assume that not many people use adblockers and most of those who use them already had Firefox, but I may be wrong.
I think, one other side effect of this is the increasing restrictions on VPN usage for accessing big websites, pushing users towards logging in or using (mobile) apps instead. Recent examples include X, Reddit, and more recently, YouTube, which has started blocking VPNs.
I'm also concerned that Free and open APIs might become a thing of the past as more "AI-driven" web scrapers/crawlers begin to overwhelm them.
In my opinion, Telegram is more of a social network than a messenger. There are many useful channels and in many countries, it plays an important role in sharing information. If we look at it from this point of view, e2ee does not seem very important.
We should also not forget that, in the time when all social media (Reddit, X, Instagram etc.) close their APIs, Telegram is one of the only networks that still has a free API.
That's the dangerous part. It's a messaging app that took in the function of a social media platform. It did so without robust security features like end-to-end encryption yet it advertised itself as heavily encrypted. Like Green stated in his blog post, users expect that to mean only recipient can read what you say, i.e. end-to-end encryption.
Telegram would be fine if it advertised itself as a public square of the internet, like Twitter does. Instead, it lures people into false sense of security for DMs and small group chats, which is what Green's post and thus this thread is ultimately about.
Free API doesn't mean anything until they fix what's broken, i.e. provide meaningful security for cases where there's reasonable expectation of it.
> a social media platform. It did so without robust security features like end-to-end encryption
Most social media platforms doesn't support e2ee.
Some chat apps do support e2ee but also requires a god damn phone number to login (yeah so does telegram), this makes "encryption" useless
because authorities just ask the teleco to hand out the login SMS code.
The author of this article makes the point that social media is its key feature, but they still advertise Telegram as an encrypted messenger. So your messages to friends will be on Telegram, they're there for the social network, and they will be unencrypted because they don't support E2EE for group chats and deliberately hide the "secret chats" function.
The free API is amazing I have so many little helper bots that help me automated my life. It's easy better easier and more feature rich than twilio or slack. I made my own stock management bot that ate a screener spreadsheet I upload in the chat and tell me if I should sell my stocks.
There is even that freqtrade bot that runs on telegram, even RSS bots. It really is amazing. So easy to use for chat ops.
Most "normal" people use messaging app and social medias DM interchangeably.
For instance 2 days ago my partner wanted to show me a message her friend sent, went to whatsapp and couldn't find it then realized said friend had used instagram DM for that. Most people don't care enough.
> It's a messaging app that took in the function of a social media platform. It did so without robust security features like end-to-end encryption yet it advertised itself as heavily encrypted.
Do you want to say that social networks must implement E2E? Personally I think it is a good idea, but existing social networks and dating apps do not implement it so Telegram is not obliged to do it as well.
As for promises of security, everybody misleads users. Take Apple. They advertise that cloud backups are encrypted, but what they don't like to mention is that by default they store the encryption keys in the same cloud, and even if the user opts into "advanced" encryption, the contact list and calendar are still not E2E encrypted under silly excuse (see the table at [1]). If you care about privacy and security you probably should never use iCloud in the first place because it is not fully E2E encrypted. Also note, that Apple doesn't even mention E2E in user interface and instead uses misleading terms like "standard encryption".
This is not fair. Apple doesn't do E2E cloud backups by default and nobody cares, phone companies do not encrypt anything, Cloudflare has disabled Encrypted Client Hello [2], but every time someone mentions Telegram, they are blamed for not having E2E chats by default. It looks like the bar is set different for Telegram compared to other companies.
> It looks like the bar is set different for Telegram compared to other companies.
I too find it disingenuous. Many people here support a monopoly and privacy nightmare like WhatsApp but somehow, a closed-box implementation of E2EE is automatically better than an app with a proven track record of not selling the user data.
The EU does not want to ban encryption, because it is the backbone of e-commerce and banking. There are plenty of public references that show the EU's explicit support of strong encryption.
What some law-and-order types (globally) want, is the means to scan, peek, or otherwise access private communication, especially if that communication is provided by a service used by millions. You can encrypt all you like, but if you use WhatsApp or Signal, laws like these force those services to create a way to eavesdrop. How is probably not defined in the law. Client-side scanning before encryption, having those services act as men-in-the-middle for each conversation; this is all fine, and can use encryption as usual. As long as certain agencies get to have a peek somewhere between those strongly encrypted tunnels.
function cheat() { curl cht.sh/$1 }
Then in terminal you can use the following to see the examples: $ cheat curl