有没有绝对安全的社交通讯软件？

这几年其实很少在网上和人回帖争吵了，因为毫无意义又赚不到钱，很多时候别人只愿意相信他们愿意相信的事情，而不愿意相信事实和听取不同的看法。这次看到国外一位女主写了个长篇大论，说性工作者因为川普上台就要被迫害了，我觉得这倒是没错，因为川普的上一个任期就出了FOSTA-SESTA法案，以禁止妇女儿童拐卖的名义，直接打击了性工作者的生存权利，导致一个我非常喜欢的网站Hepays也被迫关闭对所有美国用户的开放。她劝大家早点转移到虚拟货币支付，和使用安全的聊天工具Signal，虽然她说自己也不确定Signal是不是100%安全。我简单回复了下说Signal早就被美国安全局渗透了，只有Telegram是相对安全的，结果收到一个巨长的回复，没办法我只能写了一个更长的回复来说明事实，正好就拿来当一篇博客发表。

先说我自己的结论：没有任何通讯软件是绝对安全的，是否安全取决于你的threat model（威胁模型），就算聊天工具绝对安全的，你的电脑和手机如果被人远程控制了，那就是完全透明毫无隐私。如果你的主要威胁来自于俄罗斯政府，那么用Signal或者X也完全没问题的，但是如果你的威胁来自于美国政府，那么任何与美国有联系的app都是不安全的，因为美国执法机构一个法院行政命令就能要求当地科技公司交出你的所有信息，就算是加密的，美国国家安全局（NSA）也可以用早期故意留下的加密协议漏洞，破解和获得你的信息，因为Signal和其他聊天工具的加密协议，从一开始就是由美国政府下面的NGO资助的，这个在Open Technology Fund官网上写的非常清楚，你要说美国政府作为世界灯塔，是为了全世界的言论自由才开发了这个加密协议，肯定安全没有后门！那我也无话可说，建议看下斯诺登的披露和他为什么最后去了俄罗斯移民避难。

至于国内嘛，大家都懂的，任何软件都是实名制的，甚至隐私泄露的情况也很严重，网上都有各种付费开盒服务，注册个网站，可能第二天就接到诈骗电话，所以只有用国外的通讯软件才是安全的。

有没有绝对通讯方式呢？我觉得还是有的，只是操作起来非常麻烦，就是在不联网的电脑上用GPG把文本加密，再用U盘拷贝到联网的电脑上发出邮件，通讯的双方最好当面或者通过其他安全渠道交换各自的加密公钥，用于邮件的加密和解密。最原始和简单的方法往往是最安全的，暴力破解难度是可以从数学上证明的。当然还需要你保存好自己的私钥，同时确保自己不会遭受酷刑折磨而主动交出私钥。

下面是关于Signal是否安全的聊天对话，我就不翻译了。

我：Signal is only safe for US-funded activists in foreign countries, but not for US-based users, considering its connection with US intelligence. Telegram is much safer and more powerful.

女王：I’m not clicking any links.

I do know that signal runs off donations and isn’t owned by any massive tech companies nor does it have any ties with the government.
They’re owned by Nonprofit Signal Foundation cofounded by Moxie Marlinspike and Brian Acton.
There u no government or corporation with ownership or funding that keeps this company afloat.
Closest I can get to what you’re saying is Moxie had another company called whisper that received Open Technology Fund but not Signal.

As for the telegram issue.
Telegram has Russian ties as deep as the literal founder of the company. The servers are in an unknown location making some fear government influence. They store metadata AND encryption is not default! You have to manually do it so it looks like a trick imo to get people to use it and say things when they think are being protected when in reality they’re not.

So thank you for commenting this so I can show all the people who need to know that Telegram IS NOT SECURE.

我：Sorry, I have to switch to this account with blue mark to write a longer reply.

On OTF’s official website, you can find the following:

“Open Whisper Systems (OWS) produces the leading encrypted mobile communication tools utilized by Internet freedom defenders globally. These tools include TextSecure, RedPhone and Signal. The underlying Signal encryption protocol has been integrated into a variety of widely used messaging platforms including WhatsApp, Facebook Messenger and Skype.”

“OTF receives the majority of its funding from the U.S. government via the U.S. Agency for Global Media (USAGM). Funding is appropriated for OTF through the annual Department of State, Foreign Operations, and Related Programs appropriations and provided to OTF via a grant agreement from USAGM.”

It also confirms the claim in the link shared by Jack Dorsey.

“First, the origin story. The technology behind Signal, which operates as a nonprofit foundation, was initially funded, in part, through a $3 million grant from the government-sponsored Open Technology Fund (OTF), which was spun off from Radio Free Asia, originally established as an anti-Communist information service during the Cold War. OTF funded Signal to provide “encrypted mobile communication tools” to “Internet freedom defenders globally.””

All messaging apps claim to have end-to-end encryption, including WhatsApp and iMessage, to give you an illusion of privacy, but they won’t tell you they back up your content and have the master key to unlock the encrypted message anyway. I would say the biggest risk comes from the fact that the encryption protocol and its implementation has deliberate backdoors. Many tech companies are coerced to use the unsafe encryption protocols, so NSA has the upper hand to access everyone’s information.

According to the corrupt corporate media, we are supposed to fear and hate anything connected with Russia, Telegram and even its Russian founder Pavel Durov, but if you read more history about Telegram and international news, you will know basically Pavel gave Russian government and Putin a big middle finger and fled Russia when they asked him to hand out user’s data of VK and Telegram.

Also, the 2024 terrorist attack in Moscow was coordinated on Telegram and who paid for the massive killing shooters are still unknown, so I tend to believe the Russian government has very little control over Telegram. After Pavel Durov was arrested in France in August 2024 and was forced to give out some phone numbers and IPs connected with crimes, I believe Telegram is not as safe as it used to be.

The safety of a messaging app basically depends on your threat model. If you know you will piss off Russian and Chinese government, you should use Signal, Telegram or even just X. If your threat comes from the US authorities, no US-based app is safe and I have no problem even using an app fully controlled by Russian government because they don’t care and won’t hand out your info to US government.

It’s up to you to choose which app you want to trust and use. I’m happy with Telegram because it has the least connection with any government and offers unlimited possibilities to program mini apps inside Telegram.

By the way, I saw your comment when I was buying a clip from WLBallbusting featuring you and Goddess Scarlett. Have a great night:)