“Trust me bro” style hand-rolled encryption.
this post was submitted on 23 Dec 2024
119 points (91.6% liked)
Technology
60412 readers
3436 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
The encryption is not Trust me bro. It is public and tested multiple times. For example an analysis back in 2021:
It found somes issues in the implementation of MTProto 2.0 from the official apps, with only one of them being actually usable as an attack vector, and they were all fixed before the disclosure of the analysis. They found no issues with the encryption algorithm other than some choices that may make the implementation of it harder
The encryption that only works in one-on-one chats? The encryption that's multiple menus deep in said one-on-one chats? The encryption that no one uses because of the issues above?
The encryption that is not even available outside of mobile?
That's actually a perk. Means the decryption key is not uploaded to telegram servers.
And, yes. The encryption all of the normies learnt to use for buying illegal goods while the prices were posted in wide open group chats. At least that's how it was working in latin america with drugs.
That's actually a perk. Means the decryption key is not uploaded to telegram servers.
You could make encryption work between multiple ends without the server having to share the keys if each device has its own key - like in Matrix, XMPP, etc. And given that Telegram can't do that, the restriction in question is still very arbitrary - in a one-to-one conversation, they just don't allow you to make your end the desktop and not the phone.
Also yes, here selling drugs over Telegram is a very big thing too and given how hard it is to use Telegram anonymously and safely - it is indeed monumentally stupid.
What encryption? There is no E2EE by default. It's all plaintext.
I exclusively use it for public chats, like I did IRC.
Neither had any encryption and I have no issue with it.
This is kind of good news it means there is still a major alt to WhatsApp. Still my second to last app but it does have a lot of linux groups on there
Isn't WhatsApp 100% backdoored for the US and Telegram for Russia? I thought Signal was the only reliable app?
Yes but that doesn't mean they're not important in ensuring there isn't a messaging monopoly.
Obviously in an ideal world we'd have multiple interconnected secure apps with some cross-platform interoperability, but until then I'll settle for one government/corporation not having all of everyone's private conversations.
If Telegram is backdoored, not for Russia. While the founder and owner is Russian, him and the company left Russia in 2014 when they didn’t want to comply with their regime (I think. Don’t remember the details). The company is based in Dubai since 2017.
The people with the most to lose think it is: https://www.reuters.com/technology/cybersecurity/ukraine-bans-official-use-telegram-app-over-fears-russian-spying-2024-09-20/
Well, to be fair, better safe than sorry.
Telegram is 100% backdoored
Whatsapp only the backups (although I think they stopped?) and Metadata (with whom you chat, when you chat, but not the exact words you chat) are backdoored.
Signal is the only major app tht's not backdoores
Telegram is 100% backdoored
What makes you so sure?
- it doesn't have end-to-end encryption
- Russia wants the data
The app is free. What do they sell?
Along with the premium version, they have a crypto currency (TON) that can be used to buy things on the platform from other users, and I think you can also buy things with real money and they keep a small commission. Also there are some small ads in very large channels (not groups, channels only) and ways to gift "stars" to other people, like Patreon or sth
Thanks. That makes sense to me.
There is some premium version iirc. Bigger files can be sent, custom emojis, that sort of things
Ah. They are profitable through premium accounts? Impressive.
Premium upgrade version.
Telegram always seemed a bit sus to me. I have hard time trusting that they don't sell all that non-encrypted data somewhere.
It's the backend for web3 scams.
All of memecoin shittery happens on telegram.