this post was submitted on 05 Dec 2024
186 points (97.9% liked)

Cybersecurity

5853 readers
30 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Supernova1051@sh.itjust.works 1 points 2 weeks ago

nor any evidence of them selling or allowing anyone access to their servers and recent headline news backs this up

The entire point is that you shouldn't have to put your trust that a third party (Telegram or whoever takes over in the future) will not sell/allow access to your already accessible data.

There’s no evidence that MTProto has ever been cracked, nor any evidence of them selling or allowing anyone access to their servers and recent headline news backs this up

Just because it's not happening now does not mean it cannot happen in the future. If/when they do get compromised/sold, they will already have your data; it's completely out of your control.

Google, on the other hand, routinely allow “agencies” access to their servers, often without a warrant

Exactly my point. Google are using the exact same "security" as Telegram. Your data is already compromised. Side note - supposedly RCS chats between Android is E2EE although I wouldn't trust it as, like Telegram, you're mixing high/low security context, which is bad OPSEC.

WhatsApp - who you cite as a good example of E2E encryption - stores chat backups on GDrive unencrypted by default

  1. Security is about layers. E2EE is better than not having E2EE. Same as transport layer encryption is better than none. Would you prefer anyone on the wire can read your messages just because it's not perfect in every single use case? No, and for that same reason, E2EE is better.
  2. Backups can be made E2EE [1]. Is this perfect? No. But its significantly better than Telegram.
  3. I'm only pointing out that Whatsapp is better for privacy than Telegram - I still don't personally use or recommend it.

... can you be sure the same is true for the people on the other end of your chats?

Valid concern, but this threat exists on almost every single platform. Who's to stop anyone from taking screenshots of all your messages and not storing them securely?

[1] https://www.tomsguide.com/news/whatsapp-encrypted-backups