this post was submitted on 24 Aug 2024
394 points (98.5% liked)

Technology

59219 readers
3320 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] rottingleaf@lemmy.world 1 points 2 months ago (1 children)

There are a few standards. OMEMO for group chats, though that, of course, requires support in the protocol itself, unlike OTR or PGP.

[–] rdri@lemmy.world 1 points 2 months ago (1 children)

It doesn't look like any of those are used by "major" messengers. Especially signal. This means "major" players prefer their own implementations, which removes the meaning from calling unused stuff a "standard".

[–] rottingleaf@lemmy.world 1 points 2 months ago (1 children)

OMEMO is literally what's used by Signal, but standardized separately and adopted for XMPP. You didn't even bother to look it up apparently.

OTR is a time-honored standard. The issue is that it doesn't work with multiple logins.

PGP is an even more time-honored standard. The issue is that keys aren't temporary.

Also in cryptography the absolutely basic rule is to trust cryptographers, not "major players", so what you wrote is not as smart as you think. Actually quite ignorant.

[–] rdri@lemmy.world 1 points 2 months ago (1 children)

Cool. So that gives people authority to say "if it's used by signal and is standardized then it should be used by everyone"?

[–] rottingleaf@lemmy.world 1 points 2 months ago (1 children)

No, just that it's a real thing and whatever there is in TG is something bogus.

[–] rdri@lemmy.world 1 points 2 months ago (1 children)

Something not being standardized doesn't mean it's bogus.

[–] rottingleaf@lemmy.world 0 points 2 months ago (1 children)

I think you are arguing against your own imagination. Something not being vetted by someone competent does mean it's bogus in cryptography. Standardization is an unconnected subject. Most police forces over the world right now are using something standardized, but known to be utter crap.

I think you are falling for the "genius inventor" fallacy clueless normies love a lot.

TG's E2EE is simply garbage until known otherwise. There's no more depth to it. The reason it's not known to be broken is that it's not a high value target - most people don't use "secret chats" in TG.

[–] rdri@lemmy.world 1 points 2 months ago (1 children)

I think you are falling for the “genius inventor” fallacy clueless normies love a lot.

People advertising signal everywhere look like those kind of normies to me too. Doesn't mean much.

The reason it’s not known to be broken is that it’s not a high value target - most people don’t use “secret chats” in TG.

Fair assumption. But it means you accept most people are stupid enough to not want such a feature or smart enough to not need it. Telegram user base is reported to be 900 million though.

[–] rottingleaf@lemmy.world 1 points 2 months ago

So where am I advertising Signal?

But it means you accept most people are stupid enough to not want such a feature or smart enough to not need it. Telegram user base is reported to be 900 million though.

I didn't get this.