It makes sense really. About a week ago there was “code red” storm in the Netherlands, and first phone alarm contained something along the lines of “for more details see this Twitter account”.
Then they removed any mention of twitter from from the second message.
They said in the ticket that the issue does NOT affect the majority of Firefox users. It was just a calculation of the impact, and they decided not to release a hotfix. I'm pretty sure if it was affecting all firefox users it would be fixed in a matter of hours too.
There was a TOR talk where a person from China told that he recommended two systems to different people: TOR and some other one. The people he recommended the other one ended up in prison.
This kind of consequences you get when you falsely claim security. This is the main reason I want people stop saying that Telegram is somehow secure. It's just another messenger, people who need security should use something else. There must be no confusion about it.
>Absolutely dangerous thinking is to declare cryptography off limits. With that in mind eventually you just scare more people to participate in this process and eventually be left with a tiny core community.
Anybody can participate, just don't claim it's secure.
> Sure, that's exactly how SSL works. We invented crypto systems and we are using them until they are broken, then we phase them out for something else.
The only difference is there's a maillist with actual cryptographers (https://www.ietf.org/mail-archive/web/tls/current/threads.ht...), that iterate over design. If you look at the history of TLS, you'll see how tricky is to get crypto right. There has been lots of attacks on the protocol, that no one person could've think of. You don't have that if you roll your own and/or have "very good reasons" when people point your mistakes out.
This is absolutely dangerous thinking. There are a lot of people researching crypto and making sure it's secure. If you're using non-standard crypto, you don't have that safety net.
You can't just invent something and claim "last time I checked it's not broken". It's not broken (yet) if enough competent eyes looked at it, and the more standard building blocks you use, the easier to make those claims. That is absolutely not what Telegram does. I really wish the myth that Telegram is secure would die.
Then they removed any mention of twitter from from the second message.