A reminder

Highlights

Many systems use encryption of one sort or another. However, when we talk about encryption in the context of modern private messaging services, it typically has a very specific meaning: the use of default end-to-end encryption to protect message content. When used in an industry-standard way, this feature ensures that all conversations are encrypted by default — under encryption keys that are only known to the communication participants, and not to the service provider.

Telegram clearly fails to meet this stronger definition, because it does not encrypt conversations by default. If you want to use end-to-end encryption in Telegram, you must manually activate an optional end-to-end encryption feature called “Secret Chats” for each private conversation you want to have. To reiterate, this feature is explicitly not turned on for the vast majority of conversations, and is only available for one-on-one conversations, and never for group chats with more than two people in them.

Even though end-to-end encryption is one of the best tools we’ve developed to prevent data compromise, it is hardly the end of the story. One of the biggest privacy problems in messaging is the availability of loads of meta-data — essentially data about who uses the service, who they talk to, and when they do that talking.

  • xor@infosec.pub
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    2 months ago

    there’s always someone out there trying to make encryption all about CSAM…
    it’s not, it’s about freedom of speech and privacy…
    it’s great when pedos get caught, but i’m not giving up all of humanity’s freedoms to government and corporate overlords because a small percentage are bad people and we want them caught….
    there are other ways besides spying on all information….

    • HelixDab2@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      2 months ago

      there’s always someone out there trying to make encryption all about CSAM…

      …Which I’m explicitly not doing. Telegram has end-to-end encrypted chats, but not group chats. The group chats have never been encrypted, and AFAIK Telegram never implied that they were. (TBH, I’ve more than once had to tell people to stop fed posting on Telegram because they stay stupid shit on unencrypted channels that will bring the wrong kind of attention down.) Signal still exists - and is better than Telegram in every way. For the deeply paranoid there’s Briar. Tor is definitely a thing. Encrypted communications are fantastic, and I support them.

      I fully support stupid people doing their stupid, illegal shit on open channels where it’s easy to bust them. I also fully support encryption.