this post was submitted on 25 Aug 2024
253 points (95.7% liked)

Technology

59377 readers
4005 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
253
Is Telegram really an encrypted messaging app? (blog.cryptographyengineering.com)
submitted 2 months ago by db0@lemmy.dbzer0.com to c/technology@lemmy.world
119 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] sugar_in_your_tea@sh.itjust.works 151 points 2 months ago (63 children)

No.

As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.

[–] woelkchen@lemmy.world 48 points 2 months ago (56 children)

As a kind of a weird bonus, activating end-to-end encryption in Telegram is oddly difficult for non-expert users to actually do.

No, it's not. It's very easy. In the bottom right corner there is a pencil button to compose a new message and right there it asks which tpye of chat to start. Secret chat is the second topmost option after group chat. Really not hidden or complicated at all.

[–] sugar_in_your_tea@sh.itjust.works 64 points 2 months ago (25 children)

It should be a setting to always use encrypted chat, and it should probably prompt you when you first login.

Better yet, don't have an option to not have encrypted chats. I don't see a reason to not have everything E2EE all the time.

[–] oktoberpaard@feddit.nl 8 points 2 months ago (1 children)

They’ve implemented it in such a way that you only have access to an encrypted chat on a single device, so no syncing between devices. Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.

[–] pressanykeynow@lemmy.world -1 points 2 months ago* (last edited 2 months ago) (1 children)

Syncing E2EE chats across devices is more difficult to pull off, but it’s definitely possible and other services do that by default.

That's because if you are able to get your private key on another device, then Google, Apple or Microsoft, and that means anyone, also have access to your private key. And you don't have e2ee, literally.

[–] oktoberpaard@feddit.nl 4 points 2 months ago

I would look into how Matrix handles this, for example. It involves unique device keys, device verification from a trusted device, and cross-signing. It’s not just some private key that’s spread around to random new devices where you lose track of.

load more comments (23 replies)
load more comments (53 replies)
load more comments (59 replies)