- cross-posted to:
- [email protected]
blog.cryptographyengineering.com
- cross-posted to:
- [email protected]
You must log in or # to comment.
No.
As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.
As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.
No, it’s not. It’s very easy. In the bottom right corner there is a pencil button to compose a new message and right there it asks which tpye of chat to start. Secret chat is the second topmost option after group chat. Really not hidden or complicated at all.
It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.
Better yet, don’t have an option to not have encrypted chats. I don’t see a reason to not have everything E2EE all the time.
It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.
I don’t disagree but the claim that you quoted was that it’s complicated to initiate and as I explained it’s not. Also secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.
If you have to enable it every time, it’s complicated enough that most people won’t bother. Maybe they’ll do it once or twice out of novelty, but it’s not going to become a habit.
I only consider something “encrypted” if it’s actually encrypted by default, or at least prompts to enable it permanently on first launch. Otherwise, it’s not an “encrypted” chat, it just has the option to have some chats encrypted.
If you have to enable it every time, it’s complicated
But you don’t. As I already explained: secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.
I have plenty of encrypted chats that I don’t have to enable every time I want to send one. I don’t understand where this misconception comes from.
Surely you talk to more than one or two people, no? If you have to manually check a box or something every time you start a new message with someone, people are going to stop doing it.
It’s not an encrypted chat app. It’s an unencrypted chat app that has an option for encrypted chats. Whether something is encrypted or not depends on how most people use it and what the defaults are.
Signal is an encrypted chat app. E2EE is the default and AFAIK only behavior. Telegram can be encrypted, but it’s not by default, and defaults matter.
Surely you talk to more than one or two people, no? If you have to manually check a box or something every time you start a new message with someone, people are going to stop doing it.
Maybe you get acquainted to 100 new people every day, so your day is a constant chore of starting secret chats all the time. I don’t. I doubt regular people do. Just start the secret chat once and then pick it up later.
Signal is an encrypted chat app.
Except for the locally stored data which is not encrypted and Signal’s attitude is that device encryption is up to the user.
annoying != complicated
More steps required to perform something is very squarely within the definition of complicated, no matter how straightforward those steps are.
Is it more complicated to achieve than in other e2ee messengers? Yes, thus saying it is complicated is justified.
As I understand it, public groups use server side encryption (so not robust), but private chats use e2e encryption that is client side. (More robust)
I don’t see a reason to not have everything E2EE all the time.
You probably didn’t ever meet non-IT person(or most of the IT people). To use e2ee means you need to keep your private key close and safe. 99.999% people can’t do that. So when they lost their key their conversation history is gone and it’s your fault not theirs.
Signal does this by having your data be unencrypted at rest on your device, and I think that’s a reasonable tradeoff because it protects the most import part: data in transit. Or you can be like Matrix and require/strongly encourage setting up multiple clients so you always have a fallback (e.g. desktop and phone). There are reasonable technical solutions to the problem of making an E2EE chat system.
Encryption is part of defense strategy, otherwise it’s like a steel door in a house with wall panels made of paper.
That strategy involves all communications being encrypted. Otherwise rubber hose cryptanalysis becomes practical.
also their encryption is proprietary. you can’t actually know its good.
That’s incorrect, their client is opensource, you can check their e2ee yourself.
deleted by creator
Again, it’s not, go to their github, check the code of the client, compile it yourself, and make a reproducible build to check that the client they ship to your phone is the same. You are talking nonsense.
Todd is a known bullshitter
deleted by creator
One of the most important rules of cybersecurity is: never roll your own encryption.
And what did the guys at Telegram do? Rolled their own encryption.
If you are into Telegram because you think it’s secure, think again. There are much better alternatives out there, adopting proved industry standards. Signal or Matrix just to name a few.
Generally a good rule, however Signal did develop their own encryption. It was so good it became the industry standard.
What does ‘rolling encryption’ mean (if it’s possible to ELI15).
OP probably meant “to roll out”, meaning: “to deploy”.
if the people you want to talk to are using telegram then you don’t have much of a choice
Maybe tell them you are using signal and that they don’t have a choice but to use it
that doesn’t work with clients. or vendors. or any other type of business partner, really. maybe your staff and your grandma and steven?
It would if everyone already had it installed.
Somehow it has public groups and requires your phone number. Not really sure how to find the groups though.
But unlike Signal, nobody can see your number
Oh here we go.
Manufacturing Consent to tear it down because victims around the world use it to get their voices out when everything else is shut down. People organizing against oppressive governments using it when nothing else is safe.
It can’t be allowed to exist. This is them social engineering your acceptance of their tyranny. Don’t bite the bait.
What is this nonsense? This is a technical post explaining why it’s not encrypted.
Plus there’s plenty of other services like matrix which can do the same thing better without enriching a billionaire
Sure its is. Russia has the keys so they can snoop. Its encrypted though so just the kremlin can read it. Enjoy.
Its funny how what is out there can’t be comprehended by those who only see what they want to see. If he wasn’t in putins pocket he would have fell out a window by now. The rest is just a sad song and dance that the weak minded buy into.
The comment where everything’s made up and the points don’t matter
Telegram CEO Pavel Durov’s Arrest Upends Kremlin Military Communications https://tech.slashdot.org/story/24/08/26/2233226/telegram-ceo-pavel-durovs-arrest-upends-kremlin-military-communications I’m sure its nice with your head in the sand but it doesn’t make any of you right.
The idea that any of them are secure is a pipe dream.
Aha that’s why telegram is banned and blocked in Russia
Wasn’t it unblocked again soon after?
It was “blocked” for 2 years, though there was a problem accessing it for only a month or so as Telegram developers implemented ways to avoid the ban. In 2 years the government officials decided that Telegram made enough effort to block extremist materials to remove themselves from the embarrassment. Now they probably think “why didn’t we trick Durov to visit us and just arrest him like France did”.
Its not and it wasn’t banned for very long unofficially.
What was your methodology to determine that?
Racism.
