This blog is reserved for more serious things, and ordinarily I wouldn’t spend time on questions like the above. But much as I’d like to spend my time writing about exciting topics, som…
It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.
I don’t disagree but the claim that you quoted was that it’s complicated to initiate and as I explained it’s not. Also secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.
If you have to enable it every time, it’s complicated enough that most people won’t bother. Maybe they’ll do it once or twice out of novelty, but it’s not going to become a habit.
I only consider something “encrypted” if it’s actually encrypted by default, or at least prompts to enable it permanently on first launch. Otherwise, it’s not an “encrypted” chat, it just has the option to have some chats encrypted.
If you have to enable it every time, it’s complicated
But you don’t. As I already explained: secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.
I have plenty of encrypted chats that I don’t have to enable every time I want to send one. I don’t understand where this misconception comes from.
Surely you talk to more than one or two people, no? If you have to manually check a box or something every time you start a new message with someone, people are going to stop doing it.
It’s not an encrypted chat app. It’s an unencrypted chat app that has an option for encrypted chats. Whether something is encrypted or not depends on how most people use it and what the defaults are.
Signal is an encrypted chat app. E2EE is the default and AFAIK only behavior. Telegram can be encrypted, but it’s not by default, and defaults matter.
Surely you talk to more than one or two people, no? If you have to manually check a box or something every time you start a new message with someone, people are going to stop doing it.
Maybe you get acquainted to 100 new people every day, so your day is a constant chore of starting secret chats all the time. I don’t. I doubt regular people do. Just start the secret chat once and then pick it up later.
Signal is an encrypted chat app.
Except for the locally stored data which is not encrypted and Signal’s attitude is that device encryption is up to the user.
True, device encryption should be up to the user. Mine is encrypted, and most smartphones have encrypted storage these days. I actually have mine reboot after a period of inactivity, which removes the encryption keys from memory.
That said, they should have an option for app data encryption, but that’s hardly a requirement IMO, because I care far more about data being encrypted in transit than at rest on my devices. I can encrypt data at rest on my machines, I can’t encrypt data in-transit unless that’s baked in to the service.
That said, they should have an option for app data encryption, but that’s hardly a requirement IMO
So Telegram is not an encrypted messenger because there are types of messages that are not E2E encrypted but Signal is a encrypted messenger because encrypting local storage is optional. Got it.
They’ve implemented it in such a way that you only have access to an encrypted chat on a single device, so no syncing between devices. Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.
Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.
That’s because if you are able to get your private key on another device, then Google, Apple or Microsoft, and that means anyone, also have access to your private key. And you don’t have e2ee, literally.
I would look into how Matrix handles this, for example. It involves unique device keys, device verification from a trusted device, and cross-signing. It’s not just some private key that’s spread around to random new devices where you lose track of.
I don’t see a reason to not have everything E2EE all the time.
You probably didn’t ever meet non-IT person(or most of the IT people). To use e2ee means you need to keep your private key close and safe. 99.999% people can’t do that. So when they lost their key their conversation history is gone and it’s your fault not theirs.
It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.
Better yet, don’t have an option to not have encrypted chats. I don’t see a reason to not have everything E2EE all the time.
But then you couldn’t get that juicy user and conversation data.
I don’t disagree but the claim that you quoted was that it’s complicated to initiate and as I explained it’s not. Also secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.
If you have to enable it every time, it’s complicated enough that most people won’t bother. Maybe they’ll do it once or twice out of novelty, but it’s not going to become a habit.
I only consider something “encrypted” if it’s actually encrypted by default, or at least prompts to enable it permanently on first launch. Otherwise, it’s not an “encrypted” chat, it just has the option to have some chats encrypted.
annoying != complicated
But you don’t. As I already explained: secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.
I have plenty of encrypted chats that I don’t have to enable every time I want to send one. I don’t understand where this misconception comes from.
Surely you talk to more than one or two people, no? If you have to manually check a box or something every time you start a new message with someone, people are going to stop doing it.
It’s not an encrypted chat app. It’s an unencrypted chat app that has an option for encrypted chats. Whether something is encrypted or not depends on how most people use it and what the defaults are.
Signal is an encrypted chat app. E2EE is the default and AFAIK only behavior. Telegram can be encrypted, but it’s not by default, and defaults matter.
Maybe you get acquainted to 100 new people every day, so your day is a constant chore of starting secret chats all the time. I don’t. I doubt regular people do. Just start the secret chat once and then pick it up later.
Except for the locally stored data which is not encrypted and Signal’s attitude is that device encryption is up to the user.
True, device encryption should be up to the user. Mine is encrypted, and most smartphones have encrypted storage these days. I actually have mine reboot after a period of inactivity, which removes the encryption keys from memory.
That said, they should have an option for app data encryption, but that’s hardly a requirement IMO, because I care far more about data being encrypted in transit than at rest on my devices. I can encrypt data at rest on my machines, I can’t encrypt data in-transit unless that’s baked in to the service.
Encrypted from your girlfriend or yourself if you forgot your gesture, but not from Google/Apple/Government or anyone who actually wants your data.
So Telegram is not an encrypted messenger because there are types of messages that are not E2E encrypted but Signal is a encrypted messenger because encrypting local storage is optional. Got it.
Is it more complicated to achieve than in other e2ee messengers? Yes, thus saying it is complicated is justified.
As I understand it, public groups use server side encryption (so not robust), but private chats use e2e encryption that is client side. (More robust)
They’ve implemented it in such a way that you only have access to an encrypted chat on a single device, so no syncing between devices. Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.
That’s because if you are able to get your private key on another device, then Google, Apple or Microsoft, and that means anyone, also have access to your private key. And you don’t have e2ee, literally.
I would look into how Matrix handles this, for example. It involves unique device keys, device verification from a trusted device, and cross-signing. It’s not just some private key that’s spread around to random new devices where you lose track of.
its some message for the users, having a secret chat kinda sounds bad, like doing something illegal and guilt trapping users into not using it
You probably didn’t ever meet non-IT person(or most of the IT people). To use e2ee means you need to keep your private key close and safe. 99.999% people can’t do that. So when they lost their key their conversation history is gone and it’s your fault not theirs.