253
Is Telegram really an encrypted messaging app? (blog.cryptographyengineering.com)
top 50 comments
sorted by: hot top controversial new old
[-] sugar_in_your_tea@sh.itjust.works 151 points 3 months ago

No.

As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.

[-] woelkchen@lemmy.world 48 points 3 months ago

As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.

No, it's not. It's very easy. In the bottom right corner there is a pencil button to compose a new message and right there it asks which tpye of chat to start. Secret chat is the second topmost option after group chat. Really not hidden or complicated at all.

[-] sugar_in_your_tea@sh.itjust.works 64 points 3 months ago

It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.

Better yet, don't have an option to not have encrypted chats. I don't see a reason to not have everything E2EE all the time.

[-] woelkchen@lemmy.world 23 points 3 months ago* (last edited 3 months ago)

It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.

I don't disagree but the claim that you quoted was that it's complicated to initiate and as I explained it's not. Also secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.

[-] sugar_in_your_tea@sh.itjust.works 12 points 3 months ago

If you have to enable it every time, it's complicated enough that most people won't bother. Maybe they'll do it once or twice out of novelty, but it's not going to become a habit.

I only consider something "encrypted" if it's actually encrypted by default, or at least prompts to enable it permanently on first launch. Otherwise, it's not an "encrypted" chat, it just has the option to have some chats encrypted.

[-] asdfasdfasdf@lemmy.world 10 points 3 months ago
load more comments (1 replies)
[-] woelkchen@lemmy.world 9 points 3 months ago

If you have to enable it every time, it’s complicated

But you don't. As I already explained: secret chats stay in the messages list, so you can go back to an initiated secret chat and pick up there without any additional fiddling.

I have plenty of encrypted chats that I don't have to enable every time I want to send one. I don't understand where this misconception comes from.

[-] sugar_in_your_tea@sh.itjust.works 13 points 3 months ago

Surely you talk to more than one or two people, no? If you have to manually check a box or something every time you start a new message with someone, people are going to stop doing it.

It's not an encrypted chat app. It's an unencrypted chat app that has an option for encrypted chats. Whether something is encrypted or not depends on how most people use it and what the defaults are.

Signal is an encrypted chat app. E2EE is the default and AFAIK only behavior. Telegram can be encrypted, but it's not by default, and defaults matter.

load more comments (10 replies)
[-] brrt@sh.itjust.works 6 points 3 months ago

Is it more complicated to achieve than in other e2ee messengers? Yes, thus saying it is complicated is justified.

[-] oktoberpaard@feddit.nl 8 points 3 months ago

They’ve implemented it in such a way that you only have access to an encrypted chat on a single device, so no syncing between devices. Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.

load more comments (2 replies)
[-] Kekzkrieger@feddit.org 7 points 3 months ago

its some message for the users, having a secret chat kinda sounds bad, like doing something illegal and guilt trapping users into not using it

[-] 30p87@feddit.org 5 points 3 months ago

But then you couldn't get that juicy user and conversation data.

load more comments (3 replies)
[-] curry@programming.dev 30 points 3 months ago

My man, have you ever worked in tech support? I admire your optimism.

[-] woelkchen@lemmy.world 6 points 3 months ago

That's my day job and I'm good at it. People understand when I explain three clicks.

[-] Saik0Shinigami@lemmy.saik0.com 12 points 3 months ago

People understand when I explain three clicks.

This is the problem. You have to explain it. Feel like talking to several million people to get them to use it?

[-] woelkchen@lemmy.world 4 points 3 months ago

Feel like talking to several million people to get them to use it?

I already made a one-line excessive tutorial in another comment. Feel free to link it.

load more comments (4 replies)
load more comments (1 replies)
[-] quaff@lemmy.ca 20 points 3 months ago

It’s three clicks. And it opens a separate chat from the existing one. It’s obscure enough that you could say the UX deprioritizes (which at best is not an actively malicious design choice) usage of end-to-end encryption.

[-] rottingleaf@lemmy.world 5 points 3 months ago

Anything harder than usual in the same application means it won't usually be used.

And encryption is about collective immunity. So everything should be encrypted.

load more comments (11 replies)
[-] Kekzkrieger@feddit.org 20 points 3 months ago

Why would it even be an option to have a non-encryted chat if the app can do encrypted?

load more comments (5 replies)
[-] rottingleaf@lemmy.world 9 points 3 months ago

Encryption is part of defense strategy, otherwise it's like a steel door in a house with wall panels made of paper.

That strategy involves all communications being encrypted. Otherwise rubber hose cryptanalysis becomes practical.

[-] fmstrat@lemmy.nowsci.com 5 points 3 months ago

It is not easy, as it's not even possible on desktop.

[-] umbrella@lemmy.ml 13 points 3 months ago

also their encryption is proprietary. you can't actually know its good.

load more comments (5 replies)
[-] noxy@yiffit.net 37 points 3 months ago

When you can't use secret chat at ALL on desktop, fuck no it isn't.

Assuming end-to-end encryption is what's meant in the question.

[-] mrvictory1@lemmy.world 8 points 3 months ago

That's a step backwards from Whatsapp lol

[-] noxy@yiffit.net 12 points 3 months ago

It's still shit tho. Signal is better.

load more comments (1 replies)
load more comments (2 replies)
[-] quaff@lemmy.ca 34 points 3 months ago* (last edited 3 months ago)

If Telegram is considered an encrypted messenger, then FB messenger should be too. Works exactly the same. I don’t know about you, but being the same level as FB messenger should speak volumes to whether Telegram is “encrypted” or not 🙄

[-] woelkchen@lemmy.world 17 points 3 months ago

FB messenger should be too. Works exactly the same. 🙄

Facebook licensed Signal's encryption: https://signal.org/blog/facebook-messenger/

[-] quaff@lemmy.ca 23 points 3 months ago* (last edited 3 months ago)

Yeah, the fact that FB messenger uses Signal protocol, means the encryption is better recognized than the one used in Telegram. But the lack of on-by-default or the need to drill in a few options before enabling secret chats.. I mean it’s even named the same thing as Telegram.

[-] woelkchen@lemmy.world 10 points 3 months ago

the fact that FB messenger uses Signal protocol, means the encryption is better than the one used in Telegram.

MTProto 2 has not been cracked. MTProto 1 had a weakness and Telegram addressed it. That was many years ago. I'm not aware that MTProto 2 has ever been cracked in all these years. Telegram's unwillingness to cooperate with governments is an additional security layer.

[-] quaff@lemmy.ca 7 points 3 months ago* (last edited 3 months ago)

In my OP, I was merely referring to how FB Messenger and Telegram functions the same.

Speaking to the protocol used for encryption is a moot point… because even if MTProto 2 was better, it’s still not enabled by default in both messengers.

[-] rottingleaf@lemmy.world 7 points 3 months ago

MTProto 2 has not been cracked.

What's important is that it hasn't been confirmed good by actual normal cryptographers. It's science, not school debates.

Telegram’s unwillingness to cooperate with governments is an additional security layer.

No person ever instructed in security would say something this childishly asinine!

load more comments (2 replies)
load more comments (2 replies)
[-] technocrit@lemmy.dbzer0.com 8 points 3 months ago

If Telegram is considered an encrypted messenger, then FB messenger should be too.

But strangely only one is being prosecuted.

load more comments (1 replies)
[-] pressanykeynow@lemmy.world 5 points 3 months ago

That's ridiculous, Telegram client is opensource, Facebook is not. We know for a fact that Facebook shares their data with... well, anyone. The reason of the recent arrest of the Telegram CEO seems to be that he apparently doesn't share anything.

load more comments (1 replies)
[-] TrickDacy@lemmy.world 4 points 3 months ago
[-] quaff@lemmy.ca 4 points 3 months ago

Good catch 🫡

[-] undrivendev@lemmy.world 18 points 3 months ago* (last edited 3 months ago)

One of the most important rules of cybersecurity is: never roll your own encryption.

And what did the guys at Telegram do? Rolled their own encryption.

If you are into Telegram because you think it's secure, think again. There are much better alternatives out there, adopting proved industry standards. Signal or Matrix just to name a few.

[-] endofline@lemmy.ca 8 points 3 months ago

No, it's not the rule itself. It's rather an advice not to do as rolling own crypto is very tricky and complicated thing. You have to be very aware of many possible attacks, how they do work, to create own crypto properly

[-] EngineerGaming@feddit.nl 6 points 3 months ago

More like "don't roll your own crypto unless you're ready to spend years getting it scrutinized and polished".

load more comments (9 replies)
[-] ZealousSealion@discuss.tchncs.de 12 points 3 months ago

It can be that. But it is also a medium for public forums.

[-] PriorityMotif@lemmy.world 7 points 3 months ago

Somehow it has public groups and requires your phone number. Not really sure how to find the groups though.

load more comments (2 replies)
load more comments
view more: next ›
this post was submitted on 25 Aug 2024
253 points (95.7% liked)

Technology

59689 readers
1934 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS