LWN: Comments on "Linux-related discussion as a cybersecurity threat"

I guess Facebook fell for this old joke

sammythesnake — Sun, 02 Feb 2025 00:00:57 +0000

I'm old enough to remember when satire & parody took cues from reality, rather than the other way around:-/

Flee from Meta

mathstuf — Sat, 01 Feb 2025 23:02:53 +0000

I hadn't added a contact on Telegram for years prior (I had since joined a group, but the spam started before that). As for WhatsApp, I refuse to let it access my contacts, so I can't actually join any group or initiate a chat because that is locked behind a "use your contacts" workflow.

Flee from Meta

mrugiero — Sat, 01 Feb 2025 22:21:40 +0000

How do you find those nowadays?

Flee from Meta

mrugiero — Sat, 01 Feb 2025 22:06:25 +0000

Is this that common when you use it with known people only? I used to only use Telegram for personal use and didn't have that problem. Then I had to join groups related to crypto for $DAYJOB reasons and became flooded by scammers. I believe there is a correlation there, but maybe it's coincidence and the spam got worse just about the time I started using it for those groups?

Flee from Meta

pizza — Fri, 31 Jan 2025 12:43:41 +0000

> Signal doesn't offer the choice - it insists that everyone has to work the way you do, not the way I do.

What I would personally like is the ability to explicitly archive (and subsequently delete) some subset of the overall Signal message store.

There are conversations that _must_ be kept for various reasons but I don't want to waste a couple of GB of precious handheld space on them all the time.

Flee from Meta

farnz — Fri, 31 Jan 2025 10:20:39 +0000

This becomes a user-by-user thing; I back up all images I'm sent via WhatsApp, since virtually all of them are family pictures I want to keep. It's simpler to remove the 1% of images that are memes than to manually back up the 99% that are things I want.

Signal doesn't offer the choice - it insists that everyone has to work the way you do, not the way I do.

Flee from Meta

kleptog — Fri, 31 Jan 2025 08:29:53 +0000

> Signal does not have the ability to store received media files in the phone gallery or any other storage media easily backed up incrementally, you just have the option to back up the gigantic blob file created once per day as "backup"

When you recieve an image you can select it and ask to save to local storage (aka your phone gallery). Since most images I receive via Signal are memes anyway I don't mind this, I just need to remember to save the few photos that are interesting.

For the same reason I don't have every image in WhatsApp backed up to the cloud, that just wastes a ridiculous amount of space.

Flee from Meta

hailfinger — Thu, 30 Jan 2025 18:16:07 +0000

I used to recommend Signal, but their target audience is people who value confidentiality over availability.

Signal does not have the ability to store received media files in the phone gallery or any other storage media easily backed up incrementally, you just have the option to back up the gigantic blob file created once per day as "backup". The ability to store media outside the Signal container has been requested repeatedly and denied repeatedly, usually with arguments along the lines of "you don't know if the sender would allow you to back up the media" and "you can export media files individually to phone storage, just not in bulk".

If you want to share pictures/videos in a way the receiver can benefit from automated off-device backups to avoid data loss, pretty much any non-Signal messenger is better. Signal-JW exists and claims to be Signal-compatible while allowing phone-managed storage of media, but that won't help your conversation partner recover their valuable family pictures.

If you're recommending a messenger to friends and family, be ready to explain why their data disappeared after a phone was stolen or damaged if the messenger doesn't support user-friendly automatic backups.

It's not only distrowatch.com

mnestor — Thu, 30 Jan 2025 16:22:30 +0000

Please also take a look at https://www.facebook.com/9to5linux because you've been banning 9to5Linux's posts for a year now because of your inaccurate "cybersecurity threats".

Flee from Meta

farnz — Thu, 30 Jan 2025 14:38:34 +0000

The other influence that led to WhatsApp being popular is that the EU in general had more of a bias towards pre-paid plans than the USA. This led to two interacting things that biased people towards messaging apps (BlackBerry Messenger, WhatsApp etc): first, you tended to pay less for your messaging if you bought data and used a separate service for messaging than if you bought SMS. Second, telcos offer pre-paid customers the opportunity to buy cheap bundles of service - 500 MB data to use up in 30 days, or 200 SMS to use in 60 days, for example - and because data is fungible between messaging, e-mail, web browsing etc, being able to push everything into a data bundle is easier than having to balance data bundles and SMS bundles separately.

Flee from Meta

rschroev — Thu, 30 Jan 2025 13:27:08 +0000

The other big thing that WhatsApp has (and Signal, and Telegram I suppose) and SMS not, is group chats. That makes it so much easier for setting up things to do together with family or friends, or even for casual conversation. Just for that reason, SMS is not in the same league, not even close. Email could in principle work too for that kind of use case, but WhatsApp et al. do these things with so much less friction.

Flee from Meta

taladar — Thu, 30 Jan 2025 12:54:47 +0000

On the other hand texts are more likely to reach the person due to the lack of a requirement for both people to be available at exactly the same time.

I guess Facebook fell for this old joke

jezuch — Thu, 30 Jan 2025 11:56:28 +0000

Well, we *do* live in a reality where I sometimes have to double check news headlines whether it's The Onion or not. It's surprisingly difficult to tell sometimes.

Flee from Meta

tajyrink — Thu, 30 Jan 2025 10:17:22 +0000

Yes, ironically Telegram _clients_ are more open and free software than Signal is. You can write your own Telegram client (and many have, thus you have native clients on different mobile Linux OSs) while Signal actively disallows third party clients. And you can install Telegram fork from F-Droid, etc.

Sure, Signal is e2e, but if exaggerating it's e2e in a bit similar sense than Whatsapp is. It has a long history of including proprietary binary blobs and being only available in proprietary stores (I mean places from where you also get automatic updates). Even though on the other hand there is work on reproducible builds, their actions drive people to actively install it from places like Google Play instead of something that community could more easily verify.

I do prefer Signal at the moment for its functionality and theoretically well proven security, but I've started to use Matrix more as well.

Flee from Meta

kleptog — Thu, 30 Jan 2025 10:01:11 +0000

> IFF you're on contract, SMS is almost invariably free in the UK now - has been for a while. MMS, on the other hand, is still pricey.

Within the UK it may be free, and now if you're in the EU then within the EU it will be within your bundle. But when WhatsApp started you paid through the nose if you happened to be outside the country and you wanted to SMS your friends at home. This was the killer feature that made WhatsApp popular. Skype could have captured this space, but it didn't. The fact you can send images for zero extra cost is just bonus. And the fact it works even if you have only Wifi.

And even today, sending SMSes to other countries is notoriously flaky. We often communicate with customers in other countries using Signal because SMSes just vanish (the lack to receipts doesn't help).

Malware scanner error

osandov — Thu, 30 Jan 2025 07:02:52 +0000

I (Meta employee) can share this:

Our automated systems blocked distrowatch.com for hosting a link to a file detected by third party security vendors as malware. This was an error and has since been addressed. Discussions of Linux are allowed on our services.

Flee from Meta

dskoll — Thu, 30 Jan 2025 02:29:56 +0000

How many times?

My mom didn't start worrying until I was 2-3 hours late and hadn't called...

It looks like Facebook has admitted their mistake.

ccchips — Wed, 29 Jan 2025 22:46:38 +0000

In the interest of time (which I haven't got enough of lately,) I'm posting this as raw text. I don't remember HTML very well these days. Too busy with personal family issues. Sorry for the inconvenience....

Essentially, it looks like an AI thing.

https://www.pcmag.com/news/facebook-accidentally-blocks-u...

Flee from Meta

LtWorf — Wed, 29 Jan 2025 22:34:41 +0000

It is available, but not "apt instal" available, having it on the pinephone or such devices is a major complication, while telegram just works.

Also the fact that very institutional USA players promote signal heavily makes me suspect it's not as safe as advertised. But that's just my paranoia. Not that telegram is safe at all.

Flee from Meta

dskoll — Wed, 29 Jan 2025 18:27:08 +0000

I can count the number of times I've arranged to meet people in a completely unfamiliar place that is impossible to describe using landmarks, intersection names, etc. on the fingers of zero hands.

I have no idea how I managed to meet friends during the period of 1976-1995 or so... it all magically worked, though.

Flee from Meta

hkario — Wed, 29 Jan 2025 18:21:58 +0000

Signal is available on computers too

Flee from Meta

paulj — Wed, 29 Jan 2025 17:01:17 +0000

The joys of having to wait by a known, pre-arranged phone-box, for those cases where you /did/ you have to communicate along the way.

"Are they going to ring when they said or not?"

"Arg, someone else is using the phone box!"

Flee from Meta

LtWorf — Wed, 29 Jan 2025 16:01:34 +0000

And do you know how many times my mum called the police because someone of us had missed the bus?

Flee from Meta

LtWorf — Wed, 29 Jan 2025 15:59:58 +0000

> If I need anything more immediate than that, I text or call. Remember when speaking on the phone was a thing?

Ah yes "I'm at coordinates four one three mark two!", that will work out nicely to find someone else in an unfamiliar place.

You could just say "I'm not in close contact with people who live very far away, and I never meet friends, so I don't have the use case" and that would be perfectly acceptable. But this is getting really ridiculous.

Flee from Meta

LtWorf — Wed, 29 Jan 2025 15:57:21 +0000

Telegram is easily available on computers. I know it's not e2ee, same goes for emails and every single proprietary application (even if they claim they are… unless they're open source it's just meaningless words).

I'm fully aware of it.

> moving from WhatsApp to Telegram is actually a step down, not up.

Very debatable. One has a closed source client and one has an open source client. One claims to be e2ee (but nobody knows), while one lets you see the code and make sure yourself.

Flee from Meta

geert — Wed, 29 Jan 2025 15:35:39 +0000

Call is fine for immediate needs, text (SMS) is not, as QoS prioritizes calls over text.

Flee from Meta

laurent.pinchart — Wed, 29 Jan 2025 15:03:12 +0000

In the late 1900's it was even possible to meet somewhere in the real world without having to carry any electronic device on your way from home to the destination. I know stories of people who managed to find themselves in the same pre-agreed location at the same pre-agreed time without having to communicate with each other on the way. Crazy, right?

Flee from Meta

jzb — Wed, 29 Jan 2025 13:42:53 +0000

"Remember when speaking on the phone was a thing?"

You mean last century? The late 1900s? :)

Flee from Meta

dskoll — Wed, 29 Jan 2025 13:41:01 +0000

No, email is not real-time and you cannot ensure less than 1 minute delay, but 99.9% of the time, it's the case.

If I need anything more immediate than that, I text or call. Remember when speaking on the phone was a thing?

Exit IPs from big tech corp networks

farnz — Wed, 29 Jan 2025 13:02:46 +0000

It's also worth noting that big tech already pays for "consumer" connections (VPNs via companies like NordVPN, ExpressVPN, Surfshark, Proton v p n etc as well as local ISP consumer connections) for the specific purpose of getting round IP-based restrictions. This ensures that when you get a report that says a resource you're linking to is abusive, you can look from at least three different places - corporate office network, infrastructure network, and consumer network - to see if the reported resource is disguising itself when you check from the company's own networks (which is itself a breach of policy, and would result in the resource being blocked).

This could be reused to get round IP blocks on kernel.org quite easily.

Turnabout is fair play

paulj — Wed, 29 Jan 2025 12:13:04 +0000

The corp networks that employees/engineers sit on generally have different exits to the Internet than the main infrastructure networks that serve production service (Facebook, WhatsApp, etc.) - and they are not necessarily Facebook IP allocations, they may come from ISP PA IP space.

Also, they have a different email domain (used to be fb.com, maybe they also use meta.com now - don't know).

Closed discussion platforms

smurf — Wed, 29 Jan 2025 11:05:38 +0000

Apparently Facebook operates in at least two parallel universes.

In one they censor random keywords because their AI algorithms are just plain broken. (So what else is new?)

In the other, they take the wheels off entirely and switch to "community notes".

Flee from Meta

chris_se — Wed, 29 Jan 2025 10:57:07 +0000

> I use telegram with my family.

Just a side note: from a data privacy perspective, most other apps available nowadays are better than Telegram. Telegram is **not** end-to-end encrypted by default. You can activate that in specific circumstances, but you have to do so for each individual conversation, and it's quite complicated.

Now in your specific use case, that might not be an issue, and you might be willing to sacrifice that for other features the app has, so please don't read my reply as a criticism.

But I wanted to make this clear, because Telegram is advertised as a secure messenger, when it is in fact by far the least secure of the mainstream messaging apps (if you ignore regular unencrypted SMS). If you care about data privacy and security, moving from WhatsApp to Telegram is actually a step down, not up.

Flee from Meta

Wol — Wed, 29 Jan 2025 10:41:34 +0000

> mainly because SMS was/is fricking expensive and doesn't work great across borders (of which we have many).

IFF you're on contract, SMS is almost invariably free in the UK now - has been for a while. MMS, on the other hand, is still pricey.

So of course, Google decided to drop messenger, replace it with some other messaging app, and default it to using WiFi not SMS. And uncapped data plans are frigging expensive ...

Mind you, I've got one of the cheapest plans you can get, and careful monitoring of upgrade offers means I now normally start each month with (I think) 50GB of data allowance - 25GB per month plus the previous month rolled over.

Cheers.
Wol

Flee from Meta

LtWorf — Wed, 29 Jan 2025 09:58:48 +0000

You can, but it gets seen a week later and it's no longer relevant really.

Flee from Meta

LtWorf — Wed, 29 Jan 2025 09:57:43 +0000

email is not a realtime protocol, so no you can't ensure there is less than 1 minute delay.

Having said that, it's much easier to have something in your pocket doing that, than having to constantly copy paste your coordinates into an email client, and require the other person to compare them to their own coordinates and direct.

Seeing some kind of map that automatically gets updated is easier, I assure you.

Turnabout is fair play

draco — Wed, 29 Jan 2025 06:26:28 +0000

Since Linux is malware, maybe kernel.org et al should block FB to do them a favor. When the developers can't get their jobs done (or security fixes), maybe they'll change their tune.

Flee from Meta

dskoll — Wed, 29 Jan 2025 02:10:12 +0000

I can attach photos to emails.

If it's really necessary, I can share my current location via email in essentially real-time (less than one minute of latency for sure.)

Flee from Meta

mathstuf — Wed, 29 Jan 2025 00:06:55 +0000

I get individual spam on Telegram (mostly since using a Google Voice number for it…I wonder where the leak is…). WhatsApp is *far* more spammy and "hey, we added you to a cryptocurrency pig butchering^W^Winvestment group". I just lurk and report them until somebody wakes up and does something about it.

Flee from Meta

sfeam — Tue, 28 Jan 2025 23:36:30 +0000

I guess I'm a dinosaur too. How does sending a photo make it different? I could attach a photo to an Email also. I do get that if you're trying to meet up with someone at a place you don't both know, it's helpful to interact in realtime.