"Last week, Russia announced it will require that all new phones and tablets sold within its borders pre-install a messaging app called Max. Security experts who did technical analyses of Max’s software for Forbes said it’s a privacy nightmare.

While Russia’s interior ministry has claimed the app, made by Russian social media giant VK, is more secure than competitors, a cybersecurity researcher found that Max constantly monitored all user activity on the app with“excessive tracking.” The researcher, who completed the analysis with phone forensics tool Corellium, asked to remain anonymous for fear of reprisals by Russian intelligence agencies.

“This app just gathers all the data and logs it. I don’t remember seeing that in any messenger app,” they said. “Max is not secure at all. There is no cryptography, unless it’s hidden very well, but I doubt that. It is insecure by design to serve its purpose: people surveillance.”

Max was launched in March, and appears to be limited to Russian and Belarussian phone numbers. Functionally it works similar to messaging apps like Telegram and Whatsapp, but it also has an AI chatbot called GigaChat 2.0 and the ability to book travel and make bank transfers."

https://www.forbes.com/sites/thomasbrewster/2025/08/26/kremlin-whatsapp-rival-is-designed-to-spy-on-users/

#Russia#CyberSecurity#Messaging#Privacy#LocationTracking#Spyware#Surveillance

"Last week, Russia announced it will require that all new phones and tablets sold within its borders pre-install a messaging app called Max. Security experts who did technical analyses of Max’s software for Forbes said it’s a privacy nightmare.

While Russia’s interior ministry has claimed the app, made by Russian social media giant VK, is more secure than competitors, a cybersecurity researcher found that Max constantly monitored all user activity on the app with“excessive tracking.” The researcher, who completed the analysis with phone forensics tool Corellium, asked to remain anonymous for fear of reprisals by Russian intelligence agencies.

“This app just gathers all the data and logs it. I don’t remember seeing that in any messenger app,” they said. “Max is not secure at all. There is no cryptography, unless it’s hidden very well, but I doubt that. It is insecure by design to serve its purpose: people surveillance.”

Max was launched in March, and appears to be limited to Russian and Belarussian phone numbers. Functionally it works similar to messaging apps like Telegram and Whatsapp, but it also has an AI chatbot called GigaChat 2.0 and the ability to book travel and make bank transfers."

https://www.forbes.com/sites/thomasbrewster/2025/08/26/kremlin-whatsapp-rival-is-designed-to-spy-on-users/

#Russia#CyberSecurity#Messaging#Privacy#LocationTracking#Spyware#Surveillance

Selhosted P2P E2EE File Transfer & Messaging PWA

https://positive-intentions.com

* #OpenSource
* #CrossPlatform
* #PWA
* #iOS, #Android, #Desktop (self compile)
* App store, Play store (coming soon)
* Desktop
* #Windows, #MacOS, #Linux (self compile)
* run index.html on any modern #browser
* #Decentralized
* #Secure
* #NoCookies
* #P2P #encrypted
* No registration
* No installing
* #Messaging
* Group Messaging (coming soon)
* Text Messaging
* #Multimedia Messaging
* #Screensharing (on desktop browsers)
* Offline Messaging (in #research phase)
* #FileTransfer
* #VideoCalls
* #DataOwnership
* #SelfHosted
* GitHub pages Hosting
* #LocalOnly storage

Check them out!

(Degoogled links to the apps)
- P2P Chat: https://chat.positive-intentions.com
- P2P File: https://file.positive-intentions.com
- Encrypted drive storage: https://dim.positive-intentions.com/?path=/story/usefs--encrypted-demo

- GitHub: https://github.com/positive-intentions

IMPORTANT NOTES (PLEASE READ!):
* These are NOT products. It's for #testing and #demonstration purposes only.
* They have NOT been reviewed or audited. Do NOT use for sensitive data.
* All functionality demonstrated is experimental.
* This is NOT meant to replace robust solutions like #VeraCrypt, #Simplexchat, #Signal, #Whatsapp, #wetransfer. It's just a #proofofconcept to show what's possible with #browser#APIs.

Selhosted P2P E2EE File Transfer & Messaging PWA

https://positive-intentions.com

* #OpenSource
* #CrossPlatform
* #PWA
* #iOS, #Android, #Desktop (self compile)
* App store, Play store (coming soon)
* Desktop
* #Windows, #MacOS, #Linux (self compile)
* run index.html on any modern #browser
* #Decentralized
* #Secure
* #NoCookies
* #P2P #encrypted
* No registration
* No installing
* #Messaging
* Group Messaging (coming soon)
* Text Messaging
* #Multimedia Messaging
* #Screensharing (on desktop browsers)
* Offline Messaging (in #research phase)
* #FileTransfer
* #VideoCalls
* #DataOwnership
* #SelfHosted
* GitHub pages Hosting
* #LocalOnly storage

Check them out!

(Degoogled links to the apps)
- P2P Chat: https://chat.positive-intentions.com
- P2P File: https://file.positive-intentions.com
- Encrypted drive storage: https://dim.positive-intentions.com/?path=/story/usefs--encrypted-demo

- GitHub: https://github.com/positive-intentions

IMPORTANT NOTES (PLEASE READ!):
* These are NOT products. It's for #testing and #demonstration purposes only.
* They have NOT been reviewed or audited. Do NOT use for sensitive data.
* All functionality demonstrated is experimental.
* This is NOT meant to replace robust solutions like #VeraCrypt, #Simplexchat, #Signal, #Whatsapp, #wetransfer. It's just a #proofofconcept to show what's possible with #browser#APIs.

"Most modern consumer #messaging platforms...support end-to-end #encryption, but users today are limited to communicating with contacts who use the same platform. This is why Google is strongly supportive of regulatory efforts that require #interoperability" https://security.googleblog.com/2023/07/an-important-step-towards-secure-and.html

Does anyone know of any #FreeSoftware implementations of the #RCS encrypted messaging protocol? There is the nine year old
https://github.com/android-rcs/rcsjta I wonder if that is usable?

#E2EE#Android #messaging

Does anyone know of any #FreeSoftware implementations of the #RCS encrypted messaging protocol? There is the nine year old
https://github.com/android-rcs/rcsjta I wonder if that is usable?

#E2EE#Android #messaging

"[Vincent] Ramos makes some very incriminating statements to the FBI in an undercover operation, and they arrest him. And they say; you need to put a backdoor into Phantom Secure, and let us read all of the messages of the 10,000 users (or whatever) ... or we're going to arrest you."

#JosephCox, 2024

https://www.theverge.com/2024/5/23/24163389/joseph-cox-dark-wire-fbi-phone-startup-anom-criminals-secure-messaging-decoder-interview

And we know that nothing like this has happened to the people behind the hosted Signal services, because ... ?

#encryption #messaging#Signal