also their encryption is proprietary. you can’t actually know its good.
Comment on Is Telegram really an encrypted messaging app?
sugar_in_your_tea@sh.itjust.works 2 months ago
No.
As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.
umbrella@lemmy.ml 2 months ago
pressanykeynow@lemmy.world 2 months ago
That’s incorrect, their client is opensource, you can check their e2ee yourself.
todd_bonzalez@lemm.ee 2 months ago
The encryption algorithm may be open source, but they rolled it themselves. It is proprietary encryption.
pressanykeynow@lemmy.world 2 months ago
Again, it’s not, go to their github, check the code of the client, compile it yourself, and make a reproducible build to check that the client they ship to your phone is the same. You are talking nonsense.
woelkchen@lemmy.world 2 months ago
No, it’s not. It’s very easy. In the bottom right corner there is a pencil button to compose a new message and right there it asks which tpye of chat to start. Secret chat is the second topmost option after group chat. Really not hidden or complicated at all.
sugar_in_your_tea@sh.itjust.works 2 months ago
It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.
Better yet, don’t have an option to not have encrypted chats. I don’t see a reason to not have everything E2EE all the time.
woelkchen@lemmy.world 2 months ago
I don’t disagree but the claim that you quoted was that it’s complicated to initiate and as I explained it’s not.
sugar_in_your_tea@sh.itjust.works 2 months ago
If you have to enable it every time, it’s complicated enough that most people won’t bother. Maybe they’ll do it once or twice out of novelty, but it’s not going to become a habit.
I only consider something “encrypted” if it’s actually encrypted by default, or at least prompts to enable it permanently on first launch. Otherwise, it’s not an “encrypted” chat, it just has the option to have some chats encrypted.
brrt@sh.itjust.works 2 months ago
Is it more complicated to achieve than in other e2ee messengers? Yes, thus saying it is complicated is justified.
oktoberpaard@feddit.nl 2 months ago
They’ve implemented it in such a way that you only have access to an encrypted chat on a single device, so no syncing between devices. Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.
pressanykeynow@lemmy.world 2 months ago
That’s because if you are able to get your private key on another device, then Google, Apple or Microsoft also have access to your private key. And you don’t have e2ee.
Kekzkrieger@feddit.org 2 months ago
its some message for the users, having a secret chat kinda sounds bad, like doing something illegal and guilt trapping users into not using it
30p87@feddit.org 2 months ago
But then you couldn’t get that juicy user and conversation data.
pressanykeynow@lemmy.world 2 months ago
You probably didn’t ever meet non-IT person(or most of the IT people). To use e2ee means you need to keep your private key close and safe. 99.999% people can’t do that. So when they lost their key their conversation history is gone and it’s your fault not theirs.
sugar_in_your_tea@sh.itjust.works 2 months ago
Signal does this by having your data be unencrypted at rest on your device, and I think that’s a reasonable tradeoff because it protects the most import part: data in transit. Or you can be like Matrix and require/strongly encourage setting up multiple clients so you always have a fallback (e.g. desktop and phone). There are reasonable technical solutions to the problem of making an E2EE chat system.
GBU_28@lemm.ee 2 months ago
As I understand it, public groups use server side encryption (so not robust), but private chats use e2e encryption that is client side. (More robust)
curry@programming.dev 2 months ago
My man, have you ever worked in tech support? I admire your optimism.
woelkchen@lemmy.world 2 months ago
That’s my day job and I’m good at it. People understand when I explain three clicks.
curry@programming.dev 2 months ago
Fair enough. I’ve seen both good and bad cases.
quaff@lemmy.ca 2 months ago
It’s three clicks. And it opens a separate chat from the existing one. It’s obscure enough that you could say the UX deprioritizes (which at best is not an actively malicious design choice) usage of end-to-end encryption.
woelkchen@lemmy.world 2 months ago
So it’s only three clicks, ergo easy.
I don’t see the problem. The secret one has the lock icon to clearly mark it. There’s no way one would accidentally pick the wrong chat. Delete the old, unencrypted one to be sure.
I agreed in another comment that there should be an “encrypted by default” option somewhere. I’m not claiming that it’s perfect but the claim in the blog that it’s super complicated is just not true. At least calls are P2P-encrypted by default.
quaff@lemmy.ca 2 months ago
Ah good point, gotta delete the old unencrypted chat too to avoid confusion. That’s definitely more than just 3 clicks.
quaff@lemmy.ca 2 months ago
If you’re talking to 30 people, it’s 90 clicks. It might be 3 clicks if you know where to look, but end of the day, even if you know where to find it, that’s still that many clicks times how many people you chat with. It’s not ideal. I wouldn’t say it’s complicated sure, but it’s not easy.
rottingleaf@lemmy.world 2 months ago
Anything harder than usual in the same application means it won’t usually be used.
And encryption is about collective immunity. So everything should be encrypted.
Kekzkrieger@feddit.org 2 months ago
Why would it even be an option to have a non-encryted chat if the app can do encrypted?
timewarp@lemmy.world 2 months ago
Telegram isn’t made to be a full E2EE messenger. They have things like public channels which you can’t do with E2EE. What kind of idiots thought that Telegram was intended to be a fully E2EE messenger? People use it cause it is native and good for its purposes. It has secret chats if you need them at times. Why all the hate from the Signal CIA fanbois?
Kekzkrieger@feddit.org 2 months ago
so make 1to1 conversation e2ee by default, what would be the downsite? Only one i can think of is they want to snoop in peoples convos.
im fine with public channels not being encrypted, thats fair.
Antmz22@lemm.ee 2 months ago
Owner is Russia
rottingleaf@lemmy.world 2 months ago
Encryption is part of defense strategy, otherwise it’s like a steel door in a house with wall panels made of paper.
That strategy involves all communications being encrypted. Otherwise rubber hose cryptanalysis becomes practical.
fmstrat@lemmy.nowsci.com 2 months ago
It is not easy, as it’s not even possible on desktop.