• Noxious@fedia.io
    link
    fedilink
    arrow-up
    12
    arrow-down
    44
    ·
    4 months ago

    Hell yeah. I always hated Telegram, because of its countless false promises, misleading claims, bad encryption (which isn’t even enabled by default) and shady background.

    • rdri@lemmy.world
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      2
      ·
      4 months ago

      That bad encryption was not cracked for now. The other one, that is used to process chats between 2 users in end to end mode, can’t be enabled by default because it assumes no history is kept and no support for group chats.

      Also, the arrest doesn’t seem to be related to any of the things you mentioned. If anything it shows there are no ways for (certain) governments to affect the messenger, for now.

      • Noxious@fedia.io
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        4 months ago

        That bad encryption was not cracked for now

        There is no encryption by default if you haven’t noticed. There only the pseudo-E2EE which has been proven to have critical weaknesses: https://eprint.iacr.org/2015/1177.pdf

        can’t be enabled by default

        Yes it can, every proper E2EE messenger works like that. Signal, Threema, hell even WhatsApp uses E2EE by default.

        no support for group chats

        Signal has had group chats for many years now. WhatsApp uses the same encryption protocol and it also works just fine. Stop spreading misinformation, and use Signal if you want an actual secure, end-to-end encrypted, open and transparent messenger.

        • rdri@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          4 months ago

          has been proven to have critical weaknesses

          Those are not critical, just some aspects being below some arbitrary expectational values. Also it seems there is still no proofs those vector attacks are being used at all.

          Yes it can

          They chose to target convenience over max security. Shoving strongest options to every user by default is agaiantt that. Reasons include: no history is being saved in this mode, and the desktop client doesn’t support it.

          Signal has had group chats for many years now

          Just because it was implemented by others doesn’t mean it’s a way to go for everyone. From what I understand, e2e in group chats means that there is going to be a transaction of keys between all members of the chat on adding any new member, and/or on new message, which excessively increases the burden on clients and servers in case of big active chats.

          You can ask telegram to implement that, but you can’t blame it for keeping it behind some gates. Telegram got implemented e2e between 2 users before other messengers got it working in any form of group chats.

          and use Signal

          I’ll think about it if they ditch electron.

          • Noxious@fedia.io
            link
            fedilink
            arrow-up
            1
            ·
            4 months ago

            Also it seems there is still no proofs those vector attacks are being used at all.

            Ah yes, definitely go with a messenger that has known vulnerabilities in its crappy encryption protocol, instead of one with an actual secure E2EE implementation.

            no history is being saved in this mode

            You can still make encrypted backups of encrypted messages, as can be seen on WhatsApp or Signal

            and the desktop client doesn’t support it

            I don’t know what you mean, both Signal and WhatsApp have managed to ship desktop clients with full E2EE support for years now. Only Telegram is too incompetent to do that.

            Telegram got implemented e2e between 2 users before other messengers got it working in any form of group chats

            Just stop lying. Telegram Secret Chats have been introduced in 2017, both Signal and WhatsApp have had E2EE (including for group chats!) for much longer. Signal has had (encrypted) group chats in 2014, back when it was called TextSecure: https://signal.org/blog/the-new-textsecure/ And WhatsApp followed in 2016.

            I’ll think about it if they ditch electron.

            Are you mad that Signal is focusing on privacy and security by improving their encryption protocol, instead of wasting time on some UI garbage? This shows your priorities really well. Keep using unencrypted Telegram, for the cool stickers and convenient cloud backup, and keep in mind that Telegram can read all of your messages, as well as hand them over to governments.

            • rdri@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              Ah yes, definitely go with a messenger that has known vulnerabilities in its crappy encryption protocol, instead of one with an actual secure E2EE implementation.

              Feel free to go any way you want. I’m not asking you to use telegram.

              You can still make encrypted backups

              Spend time for that, and keep them where? Maybe also need a feature to sync them between mobile and desktop?

              Only Telegram is too incompetent to do that.

              Not an implementation issue but a trust issue.

              Just stop lying. Telegram Secret Chats have been introduced in 2017

              https://telegram.org/evolution see October 2013.

              both Signal and WhatsApp have had E2EE (including for group chats!) for much longer.

              Whatsapp had them inctorudec in 2016.

              Are you mad that Signal is focusing on privacy and security by improving their encryption protocol, instead of wasting time on some UI garbage?

              I’m perfectly fine with that. More apps using electron means less chance for my pc to run garbage applications on a regular basis.

              keep in mind that Telegram can read all of your messages, as well as hand them over to governments.

              Keep in mind that any person in your secret chats can read your message, copy or screenshot it and hand it to anyone else. Those people know much better if you’re doing anything sketchy (or something actually good but against their beliefs), than an app developer.

      • rottingleaf@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        5
        ·
        4 months ago

        That bad encryption was not cracked for now.

        There’s no need if you control the server.

          • rottingleaf@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            4 months ago

            So how many people use E2EE with Telegram?

            And their ToS forbids alternative clients doing that. Say, using Pidgin with PGP or OTR. Since Pidgin plugins for TG and these exist, it’s not a limitation for me, but most people, again, don’t use Pidgin to chat in TG.

            • rdri@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              Alternate clients are blocked from using that functionality because they may include ability to capture data somewhere, for example taking a screenshot of a protected chat.

              • rottingleaf@lemmy.world
                link
                fedilink
                English
                arrow-up
                3
                ·
                4 months ago

                I meant normal E2EE, not TG’s “encrypted chats”.

                And it’s not “that functionality”, it’s literally encoding messages into another layer over TG being forbidden.

                • rdri@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  4 months ago

                  There is no normal e2ee because there is no standard for implementation, especially when it comes to group chats with >2 people.

                  • Noxious@fedia.io
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    4 months ago

                    The Signal protocol is the de-facto standard for E2EE, and it works just fine even in large group chats. But you refuse to accept this reality. The Signal protocol is used by so many apps, obviously Signal itself, WhatsApp, Facebook Messenger, Instagram direct messages, Google Allo (back when it existed), Google Messages (RCS), Skype, Wire and many others. MTProto is developed by Telegram, only used by telegram, not properly audited and full of flaws. No one should actually use it. And the fact that it doesn’t support group chats is a design choice, because ultimately Telegram doesn’t give a fuck about their users privacy or security. They have repeatedly worked with governments and worked against the interests of their users. Their funding is also pretty unclear and shady, and the entire company just appears scummy. Give me one single reason why anyone should use this trash over a proper E2EE messenger like Signal, Threema, SimpleX or Wire.

                  • rottingleaf@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    4 months ago

                    There are a few standards. OMEMO for group chats, though that, of course, requires support in the protocol itself, unlike OTR or PGP.

              • Noxious@fedia.io
                link
                fedilink
                arrow-up
                2
                ·
                4 months ago

                Stop pretending that Telegram cares about the security of their users, because they clearly aren’t, as can be seen in their shitty encryption protocol, and the fact that by default all messages are stored on their servers in plain text

                • rdri@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  4 months ago

                  So if an app doesn’t support e2ee all data is being saved in plain text suddenly. You prefer calling telegram shitty because you don’t care to actually learn what it uses. So it should be fair for me to call any other client shitty for other nonsense.

                  • Noxious@fedia.io
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    4 months ago

                    Uh you appear not to understand how encryption works? Either something is end-to-end encrypted, and the service provider doesn’t have access to the encryption keys, and thus can’t read the messages, or it is encrypted in transit, the keys are held by the provider and the messages are decrypted on the server. The latter is exactly what Telegram does, even though they falsely try to market it as something else.