Gregory's ServerTelegram has full access to all of the content of group chats and regular one-to-one chats due to lack of end-to-end encryption. Their opt-in secret chats use homegrown end-to-end encryption with weaknesses. Deleting the content from the app likely won't remove all copies of it.
 36 comments
 @GrapheneOS Does it still apply to MTProto 2.0? I do not consider Telegram to be a good solution for private communication. it seems that they can still have copies of encrypted and unencrypted messages on the server and the server decides on the encryption parameters. @ruza Yes, it does. Also, proving code correct simply shows it matches a specification. It doesn't mean it's secure. Code that's proven correct can still have bugs both since the specification can have bugs and proving it correct can have bugs.  @GrapheneOS any resources or info about these e2ee weaknesses you could link to? I've heard this a couple of times already but couldn't find anything myself... Edit: read the wiki article. Not too much in the know considering crypto to know how grave this is. Would love comments from people who do. @SupportGrapheneOS_667 @GrapheneOS same here as in my previous comment. This just states the default problem and is also outdated since MTProto 2.0, Kuketz references problems of 1.0, which were real. While I don't like bad defaults, this ultimately is a design choice. The malicious part is calling it private by default. But: That's just bad faith marketing. Microsoft also says their shit is secure. Nothing different. Anybody got something _recent_ about MTProto 2.0?  @odr_k4tana@infosec.exchange @GrapheneOS@grapheneos.social There was a very backdoor-looking bug in MTProto 1: @somatalos SimpleX is a real private messaging app with end-to-end encryption, and unlike some other non-Signal E2EE messaging apps has perfect forward secrecy. @GrapheneOS Cheers for the feedback. I've had a look at the info on their website, even trying out the app it seems like they're doing something pretty unique in the private messaging scene. There another Graphene account already @npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfm@momostr.pink
Why use this Mastodon bridge. Telegram has heavily participated in misinformation campaigns targeting actual private messaging apps with always enabled, properly implemented end-to-end encryption such as Signal. Should stop getting any advice from anyone who told you to use Telegram as a private messenger. Telegram is capable of handing over all messages in every group and regular one-to-one chat to authorities in France or any other country. A real private messaging app like Signal isn't capable of turning over your messages and media. Telegram/Discord aren't private platforms.  @GrapheneOS Letters and landlines if you really need to be paranoid, as actual warrants are needed to have them accessed. You can burn the letters afterwards. :) @CStamp@mastodon.social @GrapheneOS@grapheneos.social Bad news: Metadata exposed and actively recorded. @CStamp Don't use carrier-based calls if you care about privacy. That's the opposite of private. Even Telegram is a far better choice than using carrier-based calls and Telegram does have E2EE for calls. We were talking about messages. They shouldn't be storing calls regardless so it shouldn't be data that's available on their servers persistently rather than just during the call even if they didn't use E2EE. @GrapheneOS CEO of Telegram was just arrested in France and Putin is mad because the guy may have Russian intelligence that France can now tap into.  A major example of how Telegram's opt-in secret chat encryption has gone seriously wrong before: https://words.filippo.io/dispatches/telegram-ecdh/. The practical near term threat is for the vast majority of chats without end-to-end encryption: 100% of Telegram group chats and the regular 1-to-1 chats.  @GrapheneOS "The current consensus seems to be that the latest version is not broken in known ways that are severe or relevant enough to affect end users, assuming the implementation is correct. That is about as safe as leaving exposed wires around your house because they are either not live or placed high enough that no one should touch them."  @GrapheneOS In general Telegram is not the best example for a successful implementation of secure and private communication. Most of their success seems to be based on group chat and the concept of followers. There are definitely better messengers.  @doerk @GrapheneOS to me the main difference is the utilization of cloud storage to quickly and accurately synchronize chats across devices. I suppose a platform like Matrix can offer something similar but with better levels of trust than Telegram. Going with something like Signal/XMPP/Delta Chat is probably more secure but ever-so-slightly less convenient. Probably worth it, though @doerk Many people do, look at the angry replies to the same thread on X including harassment directed at our team because of it which is not something we expected. Russian military and special forces uses both for operational communications including coordinating artillery strikes, etc...   @GrapheneOS while there are actual security concerns about Telegram's way of handling data, there has been no known case of the messenger disclosing actual conversations, which means that they still respect the privacy of their users, even if it only stands on their word of honor. Also, claims about lack of moderation are also fake, Telegram is known for banning channels and users for various reasons. Overall, all of this is a test of a right for privacy, which Telegram actually was respecting @WerySkok You're right, they are banning channels. Not those of criminals or Neo-Nazis, but those of whistleblowers who published leaked data from the Israeli ministry of "justice" https://www.newarab.com/news/whistleblower-telegram-channel-shut-down-after-israel-govt-leak https://ddosecrets.com/article/israel-ministry-of-justice This is yet another reason not to use this insecure garbage app that cooperates with the Russian and Israeli fascist governments. |
@GrapheneOS :signal: > :telegram: