Oh here we go.
Manufacturing Consent to tear it down because victims around the world use it to get their voices out when everything else is shut down. People organizing against oppressive governments using it when nothing else is safe.
It can’t be allowed to exist. This is them social engineering your acceptance of their tyranny. Don’t bite the bait.
What is this nonsense? This is a technical post explaining why it’s not encrypted.
Plus there’s plenty of time other services like matrix which can do the same thing better without enriching a billionaire
When you can’t use secret chat at ALL on desktop, fuck no it isn’t.
Assuming end-to-end encryption is what’s meant in the question.
You can with Pidgin and purple-tdlib plugin for Telegram.
But then I’d ask the other person to use the same thing, and we’d both use OTR for encryption, not TG’s bogus E2EE.
wow I haven’t used Pidgin in like a decade
That’s a step backwards from Whatsapp lol
It’s still shit tho. Signal is better.
As is Sessions
No.
As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.
also their encryption is proprietary. you can’t actually know its good.
That’s incorrect, their client is opensource, you can check their e2ee yourself.
The encryption algorithm may be open source, but they rolled it themselves. It is proprietary encryption.
Again, it’s not, go to their github, check the code of the client, compile it yourself, and make a reproducible build to check that the client they ship to your phone is the same. You are talking nonsense.
You’re not getting what I’m saying, because you don’t understand what “proprietary” means in this context.
Proprietary encryption ≠ Proprietary code.
You can roll your own shitty novel encryption algorithm and license it under GPL if you want, it’s still proprietary encryption in that Signal has its own unvetted encryption algorithm instead of using a trusted existing algorithm.
Todd is a known bullshitter
As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.
No, it’s not. It’s very easy. In the bottom right corner there is a pencil button to compose a new message and right there it asks which tpye of chat to start. Secret chat is the second topmost option after group chat. Really not hidden or complicated at all.
Encryption is part of defense strategy, otherwise it’s like a steel door in a house with wall panels made of paper.
That strategy involves all communications being encrypted. Otherwise rubber hose cryptanalysis becomes practical.
It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.
Better yet, don’t have an option to not have encrypted chats. I don’t see a reason to not have everything E2EE all the time.
I don’t see a reason to not have everything E2EE all the time.
You probably didn’t ever meet non-IT person(or most of the IT people). To use e2ee means you need to keep your private key close and safe. 99.999% people can’t do that. So when they lost their key their conversation history is gone and it’s your fault not theirs.
As I understand it, public groups use server side encryption (so not robust), but private chats use e2e encryption that is client side. (More robust)
But then you couldn’t get that juicy user and conversation data.
They’ve implemented it in such a way that you only have access to an encrypted chat on a single device, so no syncing between devices. Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.
Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.
That’s because if you are able to get your private key on another device, then Google, Apple or Microsoft, and that means anyone, also have access to your private key. And you don’t have e2ee, literally.
I would look into how Matrix handles this, for example. It involves unique device keys, device verification from a trusted device, and cross-signing. It’s not just some private key that’s spread around to random new devices where you lose track of.
It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.
I don’t disagree but the claim that you quoted was that it’s complicated to initiate and as I explained it’s not. Also secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.
Is it more complicated to achieve than in other e2ee messengers? Yes, thus saying it is complicated is justified.
If you have to enable it every time, it’s complicated enough that most people won’t bother. Maybe they’ll do it once or twice out of novelty, but it’s not going to become a habit.
I only consider something “encrypted” if it’s actually encrypted by default, or at least prompts to enable it permanently on first launch. Otherwise, it’s not an “encrypted” chat, it just has the option to have some chats encrypted.
If you have to enable it every time, it’s complicated
But you don’t. As I already explained: secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.
I have plenty of encrypted chats that I don’t have to enable every time I want to send one. I don’t understand where this misconception comes from.
Surely you talk to more than one or two people, no? If you have to manually check a box or something every time you start a new message with someone, people are going to stop doing it.
It’s not an encrypted chat app. It’s an unencrypted chat app that has an option for encrypted chats. Whether something is encrypted or not depends on how most people use it and what the defaults are.
Signal is an encrypted chat app. E2EE is the default and AFAIK only behavior. Telegram can be encrypted, but it’s not by default, and defaults matter.
Surely you talk to more than one or two people, no? If you have to manually check a box or something every time you start a new message with someone, people are going to stop doing it.
Maybe you get acquainted to 100 new people every day, so your day is a constant chore of starting secret chats all the time. I don’t. I doubt regular people do. Just start the secret chat once and then pick it up later.
Signal is an encrypted chat app.
Except for the locally stored data which is not encrypted and Signal’s attitude is that device encryption is up to the user.
annoying != complicated
its some message for the users, having a secret chat kinda sounds bad, like doing something illegal and guilt trapping users into not using it
My man, have you ever worked in tech support? I admire your optimism.
That’s my day job and I’m good at it. People understand when I explain three clicks.
People understand when I explain three clicks.
This is the problem. You have to explain it. Feel like talking to several million people to get them to use it?
Feel like talking to several million people to get them to use it?
I already made a one-line excessive tutorial in another comment. Feel free to link it.
Maybe when you share it, and explain, and be ready to support the millions of users, then we’ll have e2ee. But even then we probably won’t.
Maybe when you share it
I already did.
and explain
I already did.
and be ready to support the millions of users
Of course. As I already explained, this sort of thing is my job. Millions of people signing support contracts with me: Awesome! I’ll be creating so many jobs. Happy to expand into enterprise communication by offering Teamgram hosting services.
You should put it on tiktok and yt shorts, lol
Fair enough. I’ve met both good and bad users.
Why would it even be an option to have a non-encryted chat if the app can do encrypted?
It is not easy, as it’s not even possible on desktop.
If Telegram is considered an encrypted messenger, then FB messenger should be too. Works exactly the same. I don’t know about you, but being the same level as FB messenger should speak volumes to whether Telegram is “encrypted” or not 🙄
FB messenger should be too. Works exactly the same. 🙄
Facebook licensed Signal’s encryption: https://signal.org/blog/facebook-messenger/
Yeah, the fact that FB messenger uses Signal protocol, means the encryption is better recognized than the one used in Telegram. But the lack of on-by-default or the need to drill in a few options before enabling secret chats… I mean it’s even named the same thing as Telegram.
Sure its is. Russia has the keys so they can snoop. Its encrypted though so just the kremlin can read it. Enjoy.
Durov has been blacklisted in Russia because he refused to cooperate with Putin’s government on several occasions.
Yet he is still alive. Misdirection nothing more nothing less.
What was your methodology to determine that?
Racism.
Aha that’s why telegram is banned and blocked in Russia
Its not and it wasn’t banned for very long unofficially.
Wasn’t it unblocked again soon after?
It was “blocked” for 2 years, though there was a problem accessing it for only a month or so as Telegram developers implemented ways to avoid the ban. In 2 years the government officials decided that Telegram made enough effort to block extremist materials to remove themselves from the embarrassment. Now they probably think “why didn’t we trick Durov to visit us and just arrest him like France did”.
I am fairly convinced that it was either theater from the beginning, or some agreement was reached before it was “unblocked”. RKN doesn’t care about “embarrassment” or collateral damage if they want to do something.
I don’t see any agreement possible just because Russia had literally nothing to offer to Telegram.
Telegram is VERY popular there. What it has to offer are users who would see ads and pay for the subscription.
But the ban was only somewhat effective for like a month, then Telegram found a way to avoid it. In two years no one even felt like it was banned. So what could Russia offer to Telegram? Literally nothing.
It can be that. But it is also a medium for public forums.
One of the most important rules of cybersecurity is: never roll your own encryption.
And what did the guys at Telegram do? Rolled their own encryption.
If you are into Telegram because you think it’s secure, think again. There are much better alternatives out there, adopting proved industry standards. Signal or Matrix just to name a few.
No, it’s not the rule itself. It’s rather an advice not to do as rolling own crypto is very tricky and complicated thing. You have to be very aware of many possible attacks, how they do work, to create own crypto properly
More like “don’t roll your own crypto unless you’re ready to spend years getting it scrutinized and polished”.
What does ‘rolling encryption’ mean (if it’s possible to ELI15).
OP probably meant “to roll out”, meaning: “to deploy”.
Nah, it’s I guess jargon at this point, but it really just means to make up your own crypto algos.
‘Rolling your own…’ is a comparison to rolling your own cigarettes. That is, creating your own version from scratch instead of using something ready-made.
