• mox@lemmy.sdf.org
    link
    fedilink
    arrow-up
    26
    arrow-down
    1
    ·
    edit-2
    8 months ago

    Friendly reminder that Telegram has always been a risky choice where privacy matters, even without the issue raised in the article. It uses homebrew encryption (which is always a red flag) and doesn’t enable end-to-end encryption by default (which makes accidental leaks likely).

    • rdri@lemmy.world
      link
      fedilink
      arrow-up
      8
      arrow-down
      4
      ·
      edit-2
      8 months ago

      Some misleading info here.

      • that homebrew encryption thing is a subject to security focused bounty program an there were positive results from that.

      • there is always some encryption by default, read their docs. If you mean the end to end encryption, it’s a fancy thing that doesn’t even have a standardized way to work in group chats. It works in a feature called secret chat, that you have to enable whenever you need it.

      • mox@lemmy.sdf.org
        link
        fedilink
        arrow-up
        9
        arrow-down
        1
        ·
        edit-2
        8 months ago

        that homebrew encryption thing is a subject to security focused bounty program

        That doesn’t change the fact that it’s homebrew, and therefore not examined, understood, or trusted remotely as well as ciphers and protocols that have been thoroughly vetted by the global cryptography community. A bounty program doesn’t change that, and it’s not misleading to point it out.

        there is always some encryption by default, read their docs. If you mean the end to end encryption,

        Sigh. Yes, I meant end-to-end encryption. (My use of the word “any” simply meant inclusive of homebrew.) I thought that would be obvious, since point-to-point encryption is commonplace, and is the default for even simple web sites these days, so hardly worth mentioning in this context. But since you didn’t pick up on that, or were concerned that someone else might not, I have updated my comment to be more specific.

        It works in a feature called secret chat, that you have to enable whenever you need it.

        In other words, not enabled by default. As I said.

        • rdri@lemmy.world
          link
          fedilink
          arrow-up
          4
          arrow-down
          3
          ·
          8 months ago

          You should probably also update the “leaks likely” part with a history of encryption related leaks from telegram over 10 years.

          In other words, not enabled by default.

          It’s not enabled by default because people expect their chat history to not get wiped every time they finish talking, in most cases.

          • mox@lemmy.sdf.org
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            8 months ago

            I think it was clear from context that “accidental leaks” meant forgetting to enable e2ee, thereby exposing the conversation directly to Telegram, with not even the homebrew encryption protecting it.

            Obviously, there is no recorded history of every time anyone has made that mistake, but your gibe about it does at least confirm that you’re arguing in bad faith, which makes this easier: Goodbye.

            • rdri@lemmy.world
              link
              fedilink
              arrow-up
              3
              arrow-down
              3
              ·
              8 months ago

              If you really mean that, the leak resulting from such a mistake will only happen if you missed the fact that your chat history is saved after a talk (even though it’s right there just like any other history), then enough time passed for your friend to change views on you and leak whatever they had saved (since you didn’t remove that part of chat history before that happened).

              I’m sure that such a scenario is insanely unlikely. A much more likely scenario would be for you to not know that a friend of yours already changed their views and making records of all end to end encrypted content you make together by simple means, like another phone.

              I like when people hate questionable stuff. But I hate when they do it for silly or made up reasons.

    • BCsven@lemmy.ca
      link
      fedilink
      arrow-up
      5
      arrow-down
      2
      ·
      8 months ago

      If you group chat on Telegram channel, then encryption doesn’t mean much…Your weak link is every user that can screen shot or copy paste your messages.

      • rdri@lemmy.world
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        8 months ago

        Your weak link is every user that can screen shot or copy paste your messages.

        It’s the same for any chats (and apps) including telegram’s own secret 1 on 1 chat, isn’t it?

        • BCsven@lemmy.ca
          link
          fedilink
          arrow-up
          2
          arrow-down
          2
          ·
          edit-2
          8 months ago

          Yep, thats why encrypted chat is a false sense of security. Group ones being worse because you may not know if those joining are legit. You would need Session peer to peer with overlays( screenshots) blocked, but even then a person with another phone just tales a photo of the screen