It's a strangely worded statement. What about data collection, metadata, other third parties
Maybe it's related to the fact that plaintiffs lawyers are now trying to verify what's going on inside Meta with WhatsApp through litigation discovery:
https://ia801607.us.archive.org/10/items/gov.uscourts.cand.4...
Meta's motion to dismiss seemed a little weak. Time will tell
https://ia801607.us.archive.org/10/items/gov.uscourts.cand.4...
Hearing will likely be sometime this summer
SMS security only became a problem due to 2FA, which is just one of many use cases, and the failure isn't even technical here but organizational. I agree it should've prompted more pressure to secure the system against SIM-swapping; alas this is too close to the Real World, so the tech industry instead responded with alternative that side-steps the problem by offering zero customer support. No humans to talk to = no humans to social engineer = secure. So much win.
(I'd also say the 2FA proliferation is itself a problem, but that's an unpopular opinion and for a separate discussion.)
It doesn't work on my computer, nor does it work on my phone when I'm traveling (different SIM), so I give a damn. WhatsApp, iMessage, Signal etc. do both. I really wish there was an open, federated standard (and no, RCS is neither), but until then, I'll use what actually works for me.
SMS just sucks, and I hate that it's become so ubiquitous an authentication method when it's not even secure.
I've never understood why so many people still chain their identities to physical SIM or even eSIMs. It's so fragile.
Living in a place where getting a replacement sim is gated behind obtaining an id from the police tied to your national id number, I wish there were other identity systems which were as robust. Much easier to get back to normal operations when the id device becomes damaged or lost with a physical sim you can shove into a cheap replacement device, than relying on backup services you need one of your digital id devices to access in the first place, especially if they're all lost at the same time in a house fire or something. The police will presumably get all my photo backups and savings if they ask nicely anyways, so the big threat to the single point of failure doesn't have a great marginal impact, while I dread the possibility of having to recover the accounts I can't get back through the local legal system given the poor 2fa recovery ecosystem.
If the device can get damaged or lost, then the SIM can too. To buy a physical SIM or rent a virtual number online, in most jurisdictions you need to provide ID docs these days, so nothing is changed there.
Unfortunately, more and more services are declining to send to VoIP numbers because of seCurItY, so it's a game of cat and mouse.
Fortunately SMS is so expensive in parts of Europe and it's not allowable anymore to use SMS by itself for online payment authentication, and both issues combined have slowly been pushing companies to explore alternatives.
There unfortunately seems to be no such pressure in the US. Passkeys could solve the issue, but probably increase support request volumes enough for most companies to not bother unless forced.
Most of the reason to deny voip users is that many voip services give phone numbers away like candy and then those phone numbers are used to abuse other services, so checking the original carrier tends to be enough for abuse screening.
Some use cases want more though. Banking KYC has some back channel to get subscriber identification or be alerted when ownership changes; those institutions may be willing to pay for current carrier lookups and deny usage of numbers where they don't have a back channel to the current carrier.
If you're lucky, the service you care about only validates at number registration time, not at text sending time, and you can get away with it indefinitely, I suppose.
Unfortunately that means that my cell number which I wanted to temporarily park into VoIP while abroad is now permanently VoIP.
I stopped using OpenClaw a while ago, but I did vibe code the very basic automations I had used OpenClaw for. Getting it to work with Telegram was trivial.
I don't use Telegram for chatting. In fact, I try not to use any IM tools with humans. ;-)
Not with bots, though.
> I like that I can login from multiple devices and continue the conversation
This is also not possible with Telegram E2E, while it is with Signal and WhatsApp.
Key distribution is just too hard. I think we won't get a messenger for non-tech people that works well with multi-device and E2E basically ever.
they even have it on fb messenger and instagram (though they recently removed e2ee completely from instagram lol)
Now it uses the Signal protocol's native multi-device capabilities, specifically in the "key per device" variant (unlike signal itself, which uses "key per account" if I'm not mistaken).
It’s not proxied via primary, otherwise it wouldn’t work if primary were offline
That is correct, it doesn't work.
ref: https://faq.whatsapp.com/1317564962315842/?cms_platform=ipho...
> Use WhatsApp on your computer even when your phone is off.
ref: https://faq.whatsapp.com/378279804439436/?helpref=faq_conten...
I'm actually still jaded about this. Messenger worked fine before they broke it by introducing E2EE; it took years for them to fix the problems this caused (at least the ones that were immediately user-perceptible).
"Let's take people's years-long history between each other and just utterly break it. Why? 'privacy'" but they've never cared about it, they're opportunistic fucks. It's Zuckerberg's company to do with it "as he wishes" https://news.ycombinator.com/item?id=16770818
And how do you just get everyone you want to speak to use telegram?
e.g. their backend just 2 days ago (and since at least start of the year) was replacing referral links to amex (and i bet many other banks etc) with custom referral codes from russian guys (so when I sent my friend my referral link - it showed another referral link in out chat history on both ends). and their security team says its all good.
so unless you are using it for useless info - better use something else.
Is there any proof of the global telegram issue related to amex links? Sounds like BS