(safe) Unsecure security

163 readers

1 users here now

(un) Security - Who will guard the guards?

founded 2 years ago

MODERATORS

[email protected]

Is Telegram really an encrypted messaging app? (blog.cryptographyengineering.com)

submitted 1 month ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

A reminder

Highlights

Many systems use encryption of one sort or another. However, when we talk about encryption in the context of modern private messaging services, it typically has a very specific meaning: the use of default end-to-end encryption to protect message content. When used in an industry-standard way, this feature ensures that all conversations are encrypted by default — under encryption keys that are only known to the communication participants, and not to the service provider.

Telegram clearly fails to meet this stronger definition, because it does not encrypt conversations by default. If you want to use end-to-end encryption in Telegram, you must manually activate an optional end-to-end encryption feature called “Secret Chats” for each private conversation you want to have. To reiterate, this feature is explicitly not turned on for the vast majority of conversations, and is only available for one-on-one conversations, and never for group chats with more than two people in them.

Even though end-to-end encryption is one of the best tools we’ve developed to prevent data compromise, it is hardly the end of the story. One of the biggest privacy problems in messaging is the availability of loads of meta-data — essentially data about who uses the service, who they talk to, and when they do that talking.

top 5 comments

sorted by: hot top controversial new old

[–] [email protected] -4 points 1 month ago (3 children)

To reiterate, this feature is explicitly not turned on for the vast majority of conversations, and is only available for one-on-one conversations, and never for group chats with more than two people in them.

In certain contexts, this is a very, very good thing. For instance, child sexual abuse material is often shared in pedophile Telegram groups. The fact that the chats can not be secret because they're group chats makes it much easier for people trading in CSAM to be caught. If the material and identities of all the participants was, by default, encrypted, that would make it extremely challenging to catch the people that feed this market.

[–] [email protected] 9 points 1 month ago (1 children)

there’s always someone out there trying to make encryption all about CSAM…
it’s not, it’s about freedom of speech and privacy…
it’s great when pedos get caught, but i’m not giving up all of humanity’s freedoms to government and corporate overlords because a small percentage are bad people and we want them caught….
there are other ways besides spying on all information….

[–] [email protected] 2 points 1 month ago

there’s always someone out there trying to make encryption all about CSAM…

...Which I'm explicitly not doing. Telegram has end-to-end encrypted chats, but not group chats. The group chats have never been encrypted, and AFAIK Telegram never implied that they were. (TBH, I've more than once had to tell people to stop fed posting on Telegram because they stay stupid shit on unencrypted channels that will bring the wrong kind of attention down.) Signal still exists - and is better than Telegram in every way. For the deeply paranoid there's Briar. Tor is definitely a thing. Encrypted communications are fantastic, and I support them.

I fully support stupid people doing their stupid, illegal shit on open channels where it's easy to bust them. I also fully support encryption.

[–] [email protected] 5 points 1 month ago

Then you'd use other methods to catch them.

"What about the children" is just an excuse made by authoritarians to justify their actions.

[–] Eheran 1 points 1 month ago

So let's install camera in every house then, that will surely help find some more and prevent some from happening to begin with. No?