I mean the basic logic of the service was designed somewhere before its release. Data policies, promises to users are nothing if you assume services should adapt to stuff like this, at the expense of breaking those policies and promises.
Here is an old article from telegram about reasons for how it works https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-Default-08-14
Assuming things should work that way is ignorant. According to you, service owners should design and redesign their services to not store any data in order to avoid arrests. Also that a service owner should invent stuff they might not had a plan for if they have even a theoretical possibility to help identify individual users, in other words go against policies they designed at some point.
That’s a wild way of twisting the logic. Just because the platform doesn’t fall under your e2ee definition doesn’t mean they had to do something that is only possible on purely cloud services.
The reason for arrest doesn’t even have anything to do with encryption. All content that facilitates mentioned crimes is public. Handling it shouldn’t involve any backdoors or otherwise service-side decryption.
Wording is confusing. Here are some better takes that sound valid and are true:
Telegram’s e2ee is only available for chats of 2 people, and only on official mobile client.
Telegram’s e2ee is a feature you have to enable whenever you need it (called secret chats).
There is still plenty of fish for advertisers, sadly.
is not any different from just having TLS for transport
Yes, in simple terms, all encrypted transfer protocols are similarly protected from mitm attacks.
That just means that they store both your data in some encrypted way and the key. They can still read it trivially.
They can and they said the decryption keys are always kept separately (there are probably more layers than I can describe) from the data to make sure the servers are not used to decrypt the data locally. They can be lying for all I care. The bigger problem is that people somehow assume this a huge threat, while all previous cases didn’t involve anything like that. People are getting into trouble for their public content - protected by some encryption but visible to anyone interested (who then report it to oppressive authorities).
While some go extra mile to explain to you how you should use e2e for your family group chats, real criminals do their stuff everywhere (especially on telegram) for years, staying safe. Problem is not how weak or strong the encryption is, but that once you are under oppression and do opposition activities, you’re going to learn by yourself how to deal with it. Signal will not save you from people in your group chats if they are there to report on you.
That’s not correct. Toy may call it TLS but it’s a custom protocol. Data is not kept unencrypted on their servers, according to their docs.
I think you are falling for the “genius inventor” fallacy clueless normies love a lot.
People advertising signal everywhere look like those kind of normies to me too. Doesn’t mean much.
The reason it’s not known to be broken is that it’s not a high value target - most people don’t use “secret chats” in TG.
Fair assumption. But it means you accept most people are stupid enough to not want such a feature or smart enough to not need it. Telegram user base is reported to be 900 million though.
Something not being standardized doesn’t mean it’s bogus.
Cool. So that gives people authority to say “if it’s used by signal and is standardized then it should be used by everyone”?
It doesn’t look like any of those are used by “major” messengers. Especially signal. This means “major” players prefer their own implementations, which removes the meaning from calling unused stuff a “standard”.
So if an app doesn’t support e2ee all data is being saved in plain text suddenly. You prefer calling telegram shitty because you don’t care to actually learn what it uses. So it should be fair for me to call any other client shitty for other nonsense.
has been proven to have critical weaknesses
Those are not critical, just some aspects being below some arbitrary expectational values. Also it seems there is still no proofs those vector attacks are being used at all.
Yes it can
They chose to target convenience over max security. Shoving strongest options to every user by default is agaiantt that. Reasons include: no history is being saved in this mode, and the desktop client doesn’t support it.
Signal has had group chats for many years now
Just because it was implemented by others doesn’t mean it’s a way to go for everyone. From what I understand, e2e in group chats means that there is going to be a transaction of keys between all members of the chat on adding any new member, and/or on new message, which excessively increases the burden on clients and servers in case of big active chats.
You can ask telegram to implement that, but you can’t blame it for keeping it behind some gates. Telegram got implemented e2e between 2 users before other messengers got it working in any form of group chats.
and use Signal
I’ll think about it if they ditch electron.
There is no normal e2ee because there is no standard for implementation, especially when it comes to group chats with >2 people.
Alternate clients are blocked from using that functionality because they may include ability to capture data somewhere, for example taking a screenshot of a protected chat.
Useless. Current allegations are related to the absence of moderation. Moderation of public content, in public channels or chats. As you can guess, end to end encryption does not protect public content.
That bad encryption was not cracked for now. The other one, that is used to process chats between 2 users in end to end mode, can’t be enabled by default because it assumes no history is kept and no support for group chats.
Also, the arrest doesn’t seem to be related to any of the things you mentioned. If anything it shows there are no ways for (certain) governments to affect the messenger, for now.
Companies mentioned in an article you linked aren’t getting the cash flow enough to warrant any improvement in related economies. I see Russian politicians profiting off various things during war but they were doing the same before.
So, short effects of the war on economies are not worth the long term effects of deaths of many consumers anywhere. Using the “war helps economy” argument while forgetting how the deaths and active aggression affect the world and lives, is a manipulation, which is also heavily used by those aggressors (Russia).
Telling Israel is doing a genocide without mentioning what hamas were doing to Israel is also a manipulation.
Worldwide governments seem to have an interest in this war because they are doing everything to fuel it.
Bingo. This nullifies your credibility. Either you’re a troll or an idiot.
It actually seems more like a windows 10 compatibility dilemma for developers. You can support older systems but it would require some effort. The problem is not the absence of some specific certificates, but the absence of newer ciphers altogether.
This does give security but also removes backwards compatibility with some clients that might be important for some websites.