This is a bad summary which ignores the important aspects of the discussion:
- When you do a research, you have to get consent from your subjects.
- When you do a research, you have to compensate your subjects for their time.
Neither of those points were respected.
And yes, you can obtain consent without divulgating the exact process that will be used. All psychology researchers know how to do that effectively and ethically.
I bought a Macbook Air M1 a few months ago. It does not take specialized work to notice the difference between this laptop and every other intel based laptop.
The Tinkpad X1 Carbon which I bought multiple time over the years would run hot, make noise and the battery would deplete fast when watching youtube videos. Before M1 this was just normal laptop behavior and the X1 is a great laptop. With the M1 though, it's now been 2 hours of watching youtube and you're at 95% in a perfect silence and the laptop is cool to the touch.
Also I don't find a Macbook Air to be "cool". To me it feels mainstream just because it's an obvious choice.
Here, HDP is (in purple) PKK affiliated legal party in Turkey. You can see their support among people in Turkey. All other parties call PKK as terrorist and they are strongly against it.
No. Just no. Addiction is a serious matter which is well studied by actual scientists and mental health professionals. You can't just give advices about addiction unless you have been properly trained. Your affirmations on such subjects have to be backed by scientific evidence and having a big audience does not qualify for scientific evidence. Please, if you are interested about addiction or think you have a problematic relationship with a substance or a behavior, go and see the work of Dr. Andrew Tatarsky at https://www.centerforoptimalliving.com/ for instance. Or ask a mental health professional which have an actual Ph.D. in psychology or medicine. You could also read actual scientific evidence if you know how to, just not that. This is just wrong.
"ICQ New does not encrypt your communications. In addition, your communications may be routed through different countries - that is the nature of the Internet. ICQ New cannot accept any responsibility for any unauthorized access or loss of Data."
> - dense UI (less whitespace meant more information packed into a smaller window that took up less of my screen)
Yesterday's thread about DECUS and HP's OpenVMS hobbyist program opened a can of nostalgia worms so I remembered that my first laptop was a late-Digital era 11"-screen laptop with a pretty low-res screen (800x600, I think?).
I used ICQ on it and its interface was about as awkward as Skype's is today -- except today I'm running Skype on a laptop with about twice the screen estate. It's a little silly that all that research work in the industry -- and all that money I've paid -- went into screens that I now use just to display more whitespace.
I know it's supposed to help with touch screens but a) my laptop -- like most laptops currently in use -- doesn't have one and b) this isn't 1997 anymore, UI toolkits today make it trivial to adjust element sizes and paddings so that they're appropriate to whatever pointing device is currently in use.
Which version of ICQ are you referring to? I was running ICQ on a 640x480 monitor back then and i remember it having a very compact window[0] which i always had it visible.
It's been so long I really can't recall anymore. (Edit: but just like you, I do remember that I had the ICQ window visible at pretty much all times, and I could comfortably fit an Emacs window, the contact window a chat window on my desktop's 1024x768 screen.)
That being said, the window in that screenshot is about 200 x 320 px. It would have taken about a third of the horizontal space of the screen, and about 2/3rds of the vertical space of a 640x480 screen. It was certainly usable -- way, way more usable than Skype on a full HD monitor today -- but lots of stuff was claustrophobic in 640x480.
(Then again, most modern apps are practically unusable if you resize their window to 640x480...)
Sadly Skype and similar programs tend to take more physical space on my monitor than ICQ (and MSN Messenger, especially the original versions like the one included in Windows XP) ever did :-/
The latest version of ICQ was huge (think Windows XP skin), at this point I started using the QIP alternative client which was even more compact than the first version of the original client.
When everybody started using Miranda, Pidgin file transfer pretty much broke due to client incompatibility. That was a sad moment, they had a nice product but stopped listening to the users.
Pidgin[0][1] supports a great deal of protocols and there is "End-to-end encryption, through Off-the-Record Messaging (OTR)" plugin you can install that can be used for just about everything it supports. If ICQ NEW still supports OSCAR it can probably used out of the box, there is also a plugin[2] for the newer WIM protocol.
Pidgin feels like it's dated by now, doesn't support much, does it even support Matrix (out of the box)? I think it still lists some dead protocols last I looked at it too.
pidgin doesn’t support matrix out of the box; we did write a prpl a few years ago but it needs a maintainer to make it properly fit for purpose: https://github.com/matrix-org/purple-matrix
I still use Trillian just for the UI. I can have several chat windows open along the top of my screen without taking up much of my working space. Since I work remotely from most of my colleagues this is priceless and I don't know what I'll do when I am forced to switch. I was also a heavy ICQ user from the 90's into the early 2000's for all the reasons you cited.
Pasting this reply I found elsewhere. Should be accurate to my knowledge.
Yes to Slack! Ask whoever manages your organization to enable XMPP or IRC gateway connection, then add the appropriate type of account to Trillian. You won't have access to rich cards or shared files from within Trillian, but you will be able to read and send messages to channels and individuals.
Telegram is banned in Russia and this new ICQ is being launched by a russian company with strong ties to the russian government, so it could be their attempt at replacing somewhat private telegram with something they can openly monitor
They already tried that with TamTam (https://tamtam.chat/) which is also owned by Mail.ru Group. I don't know anyone who uses it though and ICQ had a huge userbase in early 2000's in Russia, so maybe that's the reason?
None of us used official client. Only reason it was popular is because protocol was reverse engineered and there were clients for everyone. This is just capitalizing on ICQ name that many of russians feel nostalgic about.
I still remember my 7 digit invisible vanity number.
Just to make it clear, telegram also tied to the russian government, and they developed telegram based on the message protocol from website vk.com which also owned by mail group.
Its just propaganda move to ban Telegram to make it look independent
Mail.ru Group is controlled by Alisher Usmanov, an oligarch from the 90s and an old friend of Putin. Few years back Mail.ru group with the help of russian secret services staged a hostile takeover of VK, biggest social network in russia, essentially forcing the founder to leave the country. Since then VK data has been freely available to any russian enforcement agency, or even anyone pretending to be one. In russia there isn't even a pretense of privacy/independence from them, everyone knows FSB&Friends have unrestricted access to their stuff
Except Telegram also lacks the most important feature, ubiquitous E2EE. Russian state employs a lot of hackers and you're really fooling yourself if you think Pavel Durov can harden his infrastructure to protect from an entire state sponsored cyber army with its zero days. When they hack Telegram's servers, all messages are bound to leak.
And those messages are the ones that reveal your intention to hide messages. That metadata is some of the most valuable.
Also, people don't really want to use secret chats because they aren't cross platform. Sure, some people only own phones, but those that switch to laptop/desktop computer don't want to whip out phone hundreds of times a day, but opt-in for the insecure cloud chats that are accessible with simple alt+tab.
So yeah. Sure, secret chats can be mostly secure, the problem is the E2EE isn't practical to any reasonable extent and again, using it leaks metadata.
Almost nobody I know uses encrypted chat in Telegram because it has such terrible UX. I don't have a single encrypted convo either because when we try, we always go back to our unencrypted one.
For a good UX impl, check out Keybase. It's encrypted chat feels just as good as Telegram's unencrypted chat.
The FAQ item you mentioned is in direct contradiction with cybersecurity experts who have been saying for years that WhatsApp is more secure than Telegram.
This debate has taken place over and over again on HN, there's nothing new here.
Well, now about a half of decade passed since that expert opinions were raised. And no data-breaching bugs were found in Telegram, but there were plenty of them in WhatApp.
Surely, that doesn't mean that expert were wrong, but at least mentioning that in Telegram vs WhatsApp debate doesn't look like a strong point.
Its funny and sad that telegram developers at the same time dismiss their own past history of security vulnerabilities with "all programs have bugs", but then they attack an app with superior encryption protocol by complaining about those same bugs that get patched when they are found. Pathetic.
And like heinrich5991 said, there's no need for backdoor or vulnerability when the data leaks by design to the server.
And no secret chats aren't an option. E2EE needs to be cross-platform and enabled by default. Signal can do it, Wire can do it. Telegram can't, because the developers are completely incompetent.
Pointing to Telegram's own claims to say that they are secure seems strange. I tried reading anyway. When it started claiming that Signal didn't allow for backups I gave up.
This is misleading propaganda that ignores proper cryptographic design. It relies strongly on whataboutism and dismisses properly designed protocols as niche without really arguing from any other viewpoint as appeal to popularity. Furthermore, Durov employs backwards logic, circular reasoning, and double standards. There's no room for good faith when Durov intentionally ignores concerns of the entire infosec community. When Bruce Schneier and Matt Green tell people to avoid your product, that's when you look in the mirror and ask "what am I doing with my life".
The first case might be true (at least until homomorphic encryption matures), but client-side encrypted cloud backups are already a thing, e.g. Signal is working on it: https://signal.org/blog/secure-value-recovery/
Just stop and think about it for a second. End to End Encryption means that the data is encrypted between TWO ends, your device and the device of your chat partner.
Now, by downloading and decrypting it on another device, you are adding a THIRD end where is is accessible. To achieve that, you have basically two options: one is to pass over decryption keys to a new device (potentially breaking E2EE security model for another guy who does not expect you to use 2 devices without his explicit authorization), and another approach is to do an own encrypted archive to store data and sync between your devices. You basically encrypt data and store it on a server, decrypting it with your password or certificate or something that you share between devices. It's not E2EE at all, actually, cause you'll be breaking the security model for some convenience, because the idea of e2ee is to communicate only with devices, each and every one of which were authorized by you. If you don't follow this rule, you make a travesty out of E2EE, basically stating that all you really need is a nice and cozy feeling of being secure, not true security.
You have to face it: true E2EE is not achievable without significant sacrifices of user experience.
>Now, by downloading and decrypting it on another device, you are adding a THIRD end where is is accessible
You're not thinking straight. End-to-end encryption does not refer to two devices, it refers to two parties. If you have two devices that can receive the message, that's still only accessible to you.
>one is to pass over decryption keys to a new device (potentially breaking E2EE security model
That's just stupid, you can scan e.g. public key of the other device and then have your device send packets to that
>and another approach is to do an own encrypted archive to store data and sync between your devices.
Which is perfectly valid provided the user has to create sufficiently secure password.
> It's not E2EE at all
The reasoning how you came to claim this is beyond moronic.
>actually, cause you'll be breaking the security model for some convenience
You aren't breaking anything. Claiming things without reason is moronic.
>because the idea of e2ee is to communicate only with devices
No the idea is only you and your peer have access to the data. You can't be serious.
>each and every one of which were authorized by you
Yeah that is kind of what happens with proper E2EE, only you have access to your data on devices you've authorized by e.g. scanning the QR code of the trusted instance.
> basically stating that all you really need is a nice and cozy feeling of being secure, not true security.
Geez, maybe start by learning how cryptographic protocols work before making such claims.
>You have to face it: true E2EE is not achievable without significant sacrifices of user experience.
Majority of them are with smart cryptographic design. The claims you made were more hand waving than I've ever seen before. Incredible.
That only helps if you know you're not discussing anything sensitive. The problem is, people often do discuss sensitive matters. I don't think I even need to quote Cardinal Richelieu here, this is hacker news, no need to preach to the choir.
People can't threat model because they don't really know what the governments consider interesting and a threat to their exercise of power.
I think the point is that they're upfront about it, so you can treat the communication as though it were public (which is a pretty good default assumption for communicating on the internet in general).
I'm one of those people that refuses to accept that "privacy is dead"; but there's also a lot of casual/low-stakes communication that I treat like a personal conversation in an IRL public setting, operating on the assumption that a stranger can/will overhear it.
I just explained, people don't know how to threat model. An average Joe doesn't think "Whoa Ok, so this is TLS only, that means I should assume the server has access to content that might have implications depending on policy, level of government collaboration, and that foreign actors might also have access if they hack the server. Therefore, I should evaluate in real time my conversation, constantly thinking how an outsider might perceive it, and if the other peer starts talking about something private, pack my bags and move abroad".
>I'm one of those people that refuses to accept that "privacy is dead
I never claimed it was. I was making the point that you should protect everything so you don't leak metadata about when you're having private conversation. That's exactly what happens when you e.g. enable secret chats in Telegram. You're telling the company "I'm now talking to Bob, and I'm intentionally making the decision to not share that data with YOU". That's really, really valuable metadata to governments.
It's owned by Alisher Usmanov (Putin's oligarch friend), all their other products (VK, Odnoklassniki) send all the data straight to the russian secret services, of course there isn't and won't ever be any encryption
Lots of people working remotely. In Russia foreign companies that won't share keys with government are banned so domestic market has room for insecure apps.
All companies that use strong encryption are banned. Domestic companies can't use proper encryption so they aren't really banned, lest they go under very fast.
Weirdly enough, they also have a European version of the privacy policy, at https://privacy.icq.com/legal/privacypolicy/eu which is quite different (but no word on encryption), and on https://icq.com/security-calls/en it states that video calls ARE e2e encrypted, its a weird mix of parts encrypted, parts not, part GDPR, some not it seems.
Agree. It’s like a bad translation of “as of today”. It is kind of ugly though and to me it sounds awful, especially when you consider that you can replace it by the much more simple and elegant “à ce jour”.
“Au jour d'aujourd'hui” is most definitely bad grammar, or at bad least style, and thus I'm pretty sure it's wrong in the eyes of linguists, the Académie Française, etc.
But I'm sure the French are not the only ones to elevate some bad grammar/style to a level of consensus. Proof that languages are living things!
When given the opportunity, the Democratic representatives refused to support a bill that simply reversed that one Clinton-era decision that leads to the separation of children from the people who claim to be their guardians at the border (who are, as it turns out, often not).
Much noise has been made about using these children as bargaining chips, by both sides, but neither seems to be totally above it.
1. There is no need for a bill to modify ICE misconducts
2. The bill was for financing ICE and help it amplify it's bad behaviors
3. When the democrats would not pay for inhumane ICE, the reps told everyone the dems were against every changement.
