Misleading claims about privacy isn't surprising coming from Telegram, who have consistently marketed themselves as a secure messenger comparable to Signal/WhatsApp in spite of the fact that the vast majority of messages are not end-to-end encrypted.

There's a reason that a 2017 study called Telegram the [security blanket of the chat world](https://www.researchgate.net/publication/319622415_The_Secur...).

The material difference between E2EE (where the network controls the client completely and pays lip service to reproducible builds) and encrypted traffic to the network itself: is not actually all that different in reality.

If signal wants to be seen as better; third party clients are a huge step.. Failing that: provably P2P messaging.

As it stands it's only really "better" on paper, you still have to trust the network provider.

They are not encouraged or supported but third party clients for both signal and WhatsApp exist, allowing you to have verified e2ee chats.

> They are not encouraged or supported but third party clients for both signal and WhatsApp exist

That’s a really weird way to say: aggressively discouraged.

https://news.ycombinator.com/item?id=26469007

https://techjaja.com/whatsapp-shuts-down-users-of-3rd-party-...

WhatsApp pushes users to backup keys to Google Drive, so even if you haven't done that your conversation partner might have. So unless you call Google holding the private keys 'E2E encryption', then it isn't.

Signal had a bug where it sent private photos to random contacts, so it seems like that can't possibly be called safe either, if they're making junior level UI state mistakes like that (it's also not E2E encryption if the app switches one of the ends without your consent).

I mean, there's a threat model here. Some people are worried about Telegram knowing who they are, others are worried about Telegram's users knowing who they are. I can see some people being satisfied by a "pay-for-identifier" scheme. Wouldn't bother myself due to the blockchain obfuscation when it could have just been a username login.

I don't know much about crypto so maybe I'm wrong here, but can't you purchase an anonymous coin like XMR and exchange it for TON in a way that can't be traced?

Are you saying it's impossible to do anonymously, or just that it's not anonymous by default?

That's my understanding as well; Coinbase does sell Toncoin, for example.

1 TON currently sells for 1.83$, by the way.

> Toncoin is not supported by Coinbase.

Source: https://www.coinbase.com/price/toncoin

Right! Google in this case is, interestingly, wrong (or precisely, very misleading) in their QA:

  Does Coinbase have TON?
  Buy TON Token with Coinbase Wallet
  TON Token is only available through Coinbase Wallet. Assets on Coinbase Wallet are not held by Coinbase.

For reference, the list of exchanges is here: https://ton.app/exchanges.

Any exchange -> XMR -> ETH -> TON, the XMR step should provides sufficient anonymity.

My gripe is that how awkward the whole process is, especially the fact that you're locked into using Metamask to be able to transfer TON into their network via bridge.

I wonder if relatively small number of people who are able (and willing to) jump through all these hoops will stand out like a sore thumb and this in turn would actually reduce anonymity.

Wouldn't a burner simcard be cheaper anyway?

in many countries you cannot get a SIM card without providing an ID (or in some cases you can but you have to activate it by providing your ID information - otherwise it would be deactivated and you'll eventually lose access to your phone number)

In the UK you can buy a SIM card for 1 pound, and a 10 pound topup will activate it for 6 months, all with cash from your local garage. It's always surprised me how they go on about encryption being the worst thing ever and we need to protect the children, while anyone can get online anonymously for 11 pounds. Also very odd how anybody can snoop on the unencrypted nationwide pager messages containing hundreds of thousands sensitive information in a steady stream, all it costs you is a 15 pound usb sdr and you can see pagers being sent to doctors on call all over the nation. Instead of solving this they spend millions on convincing you that encryption is bad, and want to prevnt you from talking to your loved ones privately.

yep, but the point is that getting a burner SIM is not always cheaper - you may have to travel to another country to arrange that

I got my telegram alt account by signing up for a free esim trial.

I can buy a one-time phone number for 0.50$ or even cheaper to register a Telegram account. It's absurd to pay 16$.

$9 worth of crypto could be mined anonymously, even at today's depressed prices it wouldn't take more than a couple of weeks on a modern GPU

How do you mine anonymously? By blindly trusting a faceless mining pool who claims they don't log IPs?

Do you think it's accurate to call it 'anonymous' when it's not in 99.99% of cases?

Can you not use VPNs with mining pools?

Well you're going to use either your own IP address or a VPN to connect to Telegram, right? So what difference does it make if they see that you mined coins from the same address? It doesn't give away any additional info.

In retrospect, i.e. going back a month or six when you mined that crypto that you're now spending?

What nation states even have the capacity to collect (a lot of) metadata on all connections that happen anywhere on earth? They'd need to see you connecting to the VPN (easy), and they'd need to see the VPN server connecting to the mining pool server (hard unless you have access to a lot of backbones), and then correlate that data. Add additional VPN servers to make it harder as you wish.

I'm pretty sure we could narrow it down to a handful of states having the ability to get data from a lot of the web, so unless your beef is with one of them, you're pretty secure.

If a nation state is after you you're going to need a lot more opsec than telegram can offer you.