I dont understand why threat actors / hackers use telegram which obtains your phone number and not simplex or even signal for that matter
A lot of it has to do with who your enemies are.
If you’re not worried about telegram, and the country telegram operates from. Then using them is probably a better idea than using a program based in a country you are worried about.
So if you’re big enemy is the United States intelligence services, using a messaging service based and centralized in the United States isn’t the best of ideas. Be it French government communication, or some peer-to-peer democratic revolution in a propped up tin pot dictatorship.
Simple x is interesting, but I think it’s still relatively new, there’s lots of UI and features that need to get hammered out. Before you would trust it operationally.
Briar is operational today, so I think it is being used by some groups. But it has limited functionality as well.
If your threat model has you communicating with people who already know who you are, registering with a phone number isnt a big deal.
A lot of the internet use of messaging, is anonymous communication, with people you don’t know or trust. So giving them your phone number becomes more of an issue.
- Briar: agnostic
- Signal: “western”
- Whatsapp: “western”
- Telegram: Qatari/Eastern
- Session: “western” (centralized servers in Canada)
- Simplex: not sure where the servers are.
So if you’re trying to bring women’s rights to Iran, you use the Western messaging services that aren’t blocked
If you’re trying to bring democracy to KSA, you have a harder choice but probably telegram
If you’re trying to do anything in north Korea, good luck… Dead drops and physical notes probably.
I think for the countries that block the internet completely, like North Korea and its Big brother neighbor… mesh programs like briar might be the only viable options to organize
We often talk about threat models here in the privacy community. But I just want to illustrate how different threat models can be.
There is a universe of difference between worrying about what a district attorney can use in criminal court based on evidence rules for drug-related charges that could put somebody away for 5 to 10 years in prison.
And worrying about a totalitarian murder squad picking up your friends and family and torturing them just in case they know something. When members of your cell disappear based on suspicion no evidence required.
These threat models are massively different, doing anything that even raises suspicion gets people killed… I’m not saying it invalidates our online discussions, but when the stakes are higher what people actually use, and experiment with, and are willing to put up with changes.
And by raises suspicion, I’m not just talking about an intelligence officer, I’m talking about algorithms just saying oh this account’s interesting let’s target it. Just like Israel is currently doing right now, to automatically identify hamas-based targets of interest. We have no idea what’s going into that algorithm, it might be hey this phone has briar installed let’s bomb it
Simplex has multiple relays, but given how new it is there are only few and those could easily be compromised similar to how tor nodes are partially operated by government agencies.
Also with p2p stuff there is a higher risk if you don’t trust your communication partner, and in crime organizations the likelihood that someone has been turned by law enforcement as part of a plea deal is always quite high.
It sounds like most criminal organizations aren’t that sophisticated. Check out Phantom Secure for an interesting story.
It might be a scenario where you only hear about criminals using less secure communications because those are the ones that get caught.