this post was submitted on 25 Aug 2024
253 points (95.7% liked)

Technology

62073 readers
6675 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
253
Is Telegram really an encrypted messaging app? (blog.cryptographyengineering.com)
submitted 5 months ago by [email protected] to c/[email protected]
117 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 151 points 5 months ago (63 children)

No.

As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.

[–] [email protected] 48 points 5 months ago (56 children)

As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.

No, it's not. It's very easy. In the bottom right corner there is a pencil button to compose a new message and right there it asks which tpye of chat to start. Secret chat is the second topmost option after group chat. Really not hidden or complicated at all.

[–] [email protected] 64 points 5 months ago (25 children)

It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.

Better yet, don't have an option to not have encrypted chats. I don't see a reason to not have everything E2EE all the time.

[–] [email protected] 8 points 5 months ago (1 children)

They’ve implemented it in such a way that you only have access to an encrypted chat on a single device, so no syncing between devices. Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.

[–] [email protected] -1 points 5 months ago* (last edited 5 months ago) (1 children)

Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.

That's because if you are able to get your private key on another device, then Google, Apple or Microsoft, and that means anyone, also have access to your private key. And you don't have e2ee, literally.

[–] [email protected] 4 points 5 months ago

I would look into how Matrix handles this, for example. It involves unique device keys, device verification from a trusted device, and cross-signing. It’s not just some private key that’s spread around to random new devices where you lose track of.

load more comments (23 replies)
load more comments (53 replies)
load more comments (59 replies)