“Super secure” messaging app leaks everyone's phone number

Posted by e_daigle 12/15/2025

“Super secure” messaging app leaks everyone's phone number(ericdaigle.ca)

623 points | 304 commentspage 3

theultdev 12/15/2025|

Freedom Chat just looks (and sounds) like a grift tbh.

The website doesn't really spark any confidence.

Never heard of it and I'd be surprised if they have more than 100 users.

burnt-resistor 12/15/2025|

And it will invariably become a SIGINT and HUMINT pipeline leading straight to Moscow.

maidh91 12/17/2025||

Anyone here is using Keet? P2P, no server, no phone number

lettergram 12/15/2025||

Feels a little like clickbait "MAGA-themed", never heard of Converso.

That said, the analysis itself is interesting and worth a look, if nothing else it's a general pattern you can follow for many chat applications to see how secure it is.

SV_BubbleTime 12/15/2025|

This, I have extremely varied media sources and Converso isn’t a real thing.

crnkovic 12/16/2025|||

Converso renamed itself to Freedom Chat after my blog post:

https://crnkovic.dev/testing-converso/

SV_BubbleTime 12/16/2025||

Still not a real thing. Highly suspect here.

lettergram 12/16/2025||||

1000 downloads lol

https://play.google.com/store/apps/details?id=com.freedomcha...

SV_BubbleTime 12/16/2025||

Exactly! The premise here is BS. Just a thinly veiled “lul look how dumb maga is” when it’s a no name app no one has ever used and has nothing to do with “maga”.

mikestew 12/16/2025||

Good job moving the goal posts. So it is a real thing. Yeah, I smell some BS alright.

agentifysh 12/15/2025||||

This article is the first time I am hearing about it

mikestew 12/15/2025||||

Are you and OP being sarcastic? Or are your media sources just not as "varied" as you might think?

https://www.theregister.com/2023/05/17/converso_e2ee_app/

lettergram 12/16/2025||

All 1000 downloads...

https://play.google.com/store/apps/details?id=com.freedomcha...

mikestew 12/16/2025||

That's different than "I've never heard of it". So it's a real thing, and now you've heard of it. <Insert appropriate xkcd comic here>

SV_BubbleTime 12/17/2025||

No one has heard of it. Just admit you got here because you were fooled into thinking your team was better at something, you were played.

You never questioned it wasn’t a real service. When confronted you pretend it doesn’t matter that it’s a security lapse in a tiny no name project.

kevin061 12/15/2025||

Why would you use a messaging platform that requires you to sign up with a very difficult to change piece of information that in many countries is tied to your ID and pretend it is secure?

looks at Signal

Oh.

TZubiri 12/15/2025|

You can register on telegram without using your phone number as an account identifier.

maqp 12/15/2025||

Yeah if you buy a number with Durov's TON shitcoin. The original sales are over and number auctions start from opening bid of 37 dollars, and run all the way to 14,000 USD https://fragment.com/numbers, and they take very long, even up to one year to close.

Also, Telegram is not private.

1. It's not E2EE by default

2. It's not E2EE for groups on any platfrom

3. It's not E2EE 1:1 on desktop clients forcing you to downgrade from secret chats to insecure chats

4. It's collecting 100% of your metadata, including

* who you talk to, when, how much, what type of data you exchange,

* your IP-address which sort of defeats the purpose of having no phone number, and

* when you enable secret chats

Telegram is also not transparent about its funding, about who develops it, and who has access to the plaintexts stored on their server (meaning, anyone with a zero day or two).

Journalists who went to look for Telegram's office in Dubay found out no-one in the neighboring office had ever seen Telegram staff enter the space https://www.youtube.com/watch?v=Pg8mWJUM7x4

Telegram was built with blood-money from VKontakte, and Durov has been marketed as living in exile, when in reality he has visited Russia on average once every 2.4 months since the exile began, and strangely Durov has not had his underwear poisoned and windows have been kind to him despite supposedly betraying Putin's interests.

tl;dr Telegram reeks of FSB/SVR honeypot.

r721 12/16/2025|||

>Durov's TON shitcoin

>Telegram reeks of FSB/SVR honeypot

Btw interesting connection between Durov/TON and Jan Marsalek (alleged Russian spy) was recently uncovered by FT:

>In 2018 Marsalek invited Ben Halim and other backers of the Libya projects to invest in a new crypto token being launched by messaging platform Telegram, whose founder Pavel Durov had met Marsalek and invited him to participate.

>A special purpose vehicle was set up for them to pool their money and invest but Credit Suisse, which was organising the sale of the token, blocked the transaction. It turned out the bank was happy to take money from Marsalek, whose role in the biggest corporate fraud in recent European history had yet to be revealed, but was wary of his Libyan friends.

>As a workaround, Ben Halim and others decided to let Marsalek invest their money in his name, sidestepping Credit Suisse’s money laundering checks. However, the US Securities and Exchange Commission blocked Telegram’s issuance of the tokens and Marsalek refunded his Libyan associates.

https://archive.fo/7evmm

baobun 12/16/2025||||

> Yeah if you buy a number with Durov's TON shitcoin

Not even. If you actually try you will discover at the last step (after full KYC, signing some dubious agreements, and linking an existing TG account) that the Fragment "market" is actually fully centralized and has not been open for new buyers-users for a good while. No secondary markets out there (maybe not even possible on their network) afaik.

maqp 12/16/2025||

That's... all sorts of funny and sad to hear.

eviks 12/16/2025||||

And the authorities are blocking it to protect people from falling into the honeypot, right?

TZubiri 12/16/2025||||

I mean as in the number is not tied to the identity, maybe you are asked your number to verify the account, but after that you can have a non number linked account. The account is tied to a username @blablabla.

I think Telegram is filth as much as the next guy, but I'm just making that technical point.

kevin061 12/15/2025|||

Anyone using Telegram and expecting it to be a secure messenger is delusional.

ryandrake 12/15/2025||

I love the quote the article starts with:

> Neither of us had prior experience developing mobile apps, but we thought, “Hey, we’re both smart. This shouldn’t be too difficult.”

I think, 40 years from now when we're writing about this last decade or so of software development, this quote is going to sum it all up.

jakelazaroff 12/15/2025||

> To help bring this idea to life, I enlisted one of my employees from Zeke SEO—a very talented developer with an MBA in computer science from Stanford.

That… is not a real degree.

tclancy 12/15/2025|||

Graduated with the highest temperature in his class.

Insanity 12/15/2025||||

Pretty sure they just mean a Master degree and they _think_ that’s what MBA means. I might be too charitable, but if someone doesn’t have experience with higher education it’s not an unlikely mistake.

jcranmer 12/15/2025||||

You can charitably read it as "MBA from Stanford, with a focus on computer science-related stuff," or maybe "MBA and a bachelor's in CS from Stanford." Or you could assume that it's an MS in CS that was 'autocorrected' to MBA.

But the way it's phrased and worded... at best, it's the kind of really bad typo that shows rank incompetence; at worst, it's outright fabrication that is actively lying about the credentials; and what I think most likely, it's obfuscation that's relying on credentialism to impart an imprimatur of credibility that is wholly undeserved (i.e. "I got an unrelated degree at Stanford, but it's Stanford and how could anyone who goes there be bad at CS?").

Shocka1 12/18/2025|||

This is well said here. Off on a small tangent, but I received my undergrad from a well known for-profit technology school that isn't respected at all. My understanding is that a resume with this specific school is sometimes thrown out by hiring managers. I am now finishing up my Master's from a very well known and respected NY private university. I have noticed no differences in the caliber of students or quality of education between the two. The students that live and breath software engineering excel, while the others do not.

I was aware of all this before, but the experience has tainted my opinion even further of higher education. Graduates of the for-profit tech school are likely to face professional discrimination, while students from the more prestigious university will receive interviews and opportunities because of a name listed on their resume.

jijijijij 12/15/2025||||

No degree, just a kid with a Macbook Air.

garyfirestorm 12/15/2025|||

i mean looking at the app's security its indeed an MBA in CS from Stanford

sigmoid10 12/15/2025|||

Stanford, Kentucky perhaps.

elif 12/15/2025||

I think it was a typo. The computer scientist in question likely received his UGA degree in Sanford stadium, and in fairness no one else at the school was able to discern the difference between a business degree and computer science.

voidfunc 12/15/2025|||

It really says a lot about our society in general. I believe there's a small portion of bad actors pushing stupid policies for their own agenda, but then I also believe there's a huge number of actual people who have lost any ability to reason critically and learn. What we're seeing is those people learning via trial and error while subjecting us to their live trials because they couldn't be bothered to pick up a book or trust the existing experts.

hydrogen7800 12/15/2025|||

>because they couldn't be bothered to pick up a book or trust the existing experts.

It's not laziness. It's populism rejecting what they consider elitism, which includes expertise and experience.

titzer 12/15/2025|||

I don't know how to square "populism" with the metric asston of propaganda coming from people whose job is literally to know better but instead chose to feed people bad information and amplify stupidity. This ain't grass roots populism...at all.

nyeah 12/15/2025|||

Obviously getting people hooked on harmful lies was not originally populism. But now it sort of functions like populism. Now it hurts when the lies stop.

I think we've all been the one who got fooled in some relationship. Maybe for you it wasn't a political party. But I bet it still hurt.

jtbayly 12/15/2025|||

Are you talking about Fauci or who?

iwontberude 12/15/2025|||

How could they not have realized that leopards eat people’s faces.

munificent 12/15/2025|||

Social media is the greatest force multiplier ever invented for narcissists.

V__ 12/15/2025|||

I think this also sums up most of the administration: "Nobody knew health care would be that hard"

nickff 12/15/2025|||

Your quote would seemingly apply to a number of recent administrations, given the state of federal healthcare programs and legislation.

RankingMember 12/15/2025|||

The difference is that they didn't brag about how easy it would be before failing

unglaublich 12/15/2025||

Always the asymmetric standards... R may fuck everything up if D made a mistake.

RankingMember 12/15/2025|||

I'm not sure I understand what you're saying.

DonHopkins 12/15/2025|||

But Rs fuck things up on purpose, even things that hurt themselves, just own own the libs, and then complain about how things are so fucked up.

lobf 12/15/2025|||

What other administrations have said healthcare wouldn't be hard?

jiggawatts 12/15/2025||||

Single payer is easy!

If you reject the best and only easy option from the outset because you don’t want actual healthcare, then yeah… whatever remains is going to be “hard”.

What the US has right now is a complex entrenched system of financial middlemen that refuse to abandon their rent seeking. They provide only(!) financial “services” and will fight actual healthcare tooth and nail.

Trump wasn’t strong enough — or simply didn’t care enough — to fight these people.

cavisne 12/15/2025|||

[flagged]

Natfan 12/15/2025||

what exactly does this contribute to the discussion?

candiddevmike 12/15/2025||||

No, in this case you can attribute to malice instead of stupidity. Thankfully the stupidity is limiting the amount of malice in some cases.

swatcoder 12/15/2025|||

> 40 years from now when we're writing

"ChatGPT, write an essay about software development during the smartphone social networking boom. Find a good quote to sum it all up."

bigfishrunning 12/15/2025||

God i hope not.

tclancy 12/15/2025|||

For me, it was in the linked blog post

>"Now, anyone who has read Mindset by Carol Dweck, Grit by Angela Duckworth, or The Brain That Changes Itself by Norman Doidge, M.D., knows that you can be, do, and have whatever you want."

The gap between "read" and "understood" swallows so many. Also, did he use TR's "Man in the Arena" quotation? Reader, of course he did.

phantasmish 12/15/2025||

Understanding these might not be enough, even. IDK about the last entry but IIRC the first two works are basically in the “pop-science/self-help woo” category that hustle-culture people reliably fall for.

shadowgovt 12/15/2025|||

Software development and governance for this era, more or less yes.

There's a general zeitgeist of "Experts don't know what they're talking about" that has fed both pieces of this space. It's an Age of Doubt, as it were, but the hubristic kind of doubt, not the questing kind.

throwacct 12/15/2025|||

I love it. This needs to be on the front page of every newspaper, hehe. I don't care if you're a republican or a democrat, anyone going that way deserves everything they get.

firefax 12/15/2025|||

> Neither of us had prior experience developing mobile apps, but we thought, “Hey, we’re both smart.

Great example of how perception and reality can differ vastly

expedition32 12/15/2025|||

I downloaded a save game editor for a videogame last night and the developer was honest about using AI.

But for a commercial messaging app you expect better...

locopati 12/15/2025|||

that pretty much sums up the American conservative mindset, without the part about being smart

j45 12/15/2025|||

Hubris as a feature.

oersted 12/15/2025|||

Great and terrible things have been done from:

> We did it not because it was easy, but because we thought it was easy.

engineer_22 12/15/2025||

[flagged]

temp0826 12/15/2025||

Eternal demo day

whoknowsidont 12/15/2025||

Why does the title not match the article? It's under the character limit.

Original title is: “Super secure” MAGA-themed messaging app leaks everyone’s phone number

I think that's incredibly important context. Instead of conferring with actual experts in the field, the populist, fascist segment of our society just decided to wing it with technology.

They BELIEVED they were more secure, with no evidence to back it up.

NekkoDroid 12/15/2025||

> Why does the title not match the article? It's under the character limit.

Well obviously we can't be seen as non-neutral (I wish I would be joking, but I have a feeling that is the thought process on a good day)

maqp 12/15/2025||

Yup, it's almost like they're feelings/emotions over evidence/science. It's not that hard to understand considering how that weird lot consists of all sorts of cranks, pooled by the alt right radicalization pipelines of wellness/conspirituality/flat earth/alt-med/anti-vaccine/UFOs...

aanet 12/15/2025||

The emoji :facepalm: was invented for exactly this...

kgwxd 12/15/2025|

Not really, the grift is going exactly as planned. I indirectly, and accidentally, made some money off a similar grift about a year ago. I'm starting to think I should just lower my standards for a few years, then retire. It's so easy to extract millions from idiots, with very little investment.

UniverseHacker 12/15/2025||

It appears that one of the most central aspects of MAGA is a postmodernist rejection of the very existence of expertise- except, ironically, in the art of grifting itself because they see “recognized experts” in any field as just very successful grifters. Hence replacing competent government employees at every level with incompetent employees. It would track that technology developed for and by the MAGA community is developed with the same philosophy. Anyone planning to buy the Trump phone?

LetsGetTechnicl 12/15/2025|

Accusing someone else of a crime/problem/whatever that you're also currently doing? Well that's just the MAGA way.

More comments...