WingNews logo WingNews
top | item 28765176

(no title)

AdamHominem | 4 years ago

I'm not particularly thrilled, given Telegram is based in the United Arab Emirates, its client-server encryption is almost purposefully garbage (they basically rolled their own TLS, and predictably researchers keep finding vulnerabilities in "MTProto"), they don't enable e2ee chats by default, and they don't e2ee group chats at all.

Do. Not. Use. Telegram.

discuss

order

fluential|4 years ago

Telegram is miles ahead in terms of scalability and features that makes it fun to use and work with their API. Kudos to the engineering team for creating such a great product. Imagine you can have groups up to 200 000 people, post files up to 2GB, have options to share your screen with unlimited amount of users - both desktop and mobile. Its really good. Yes if you need secrecy you may look elsewhere.

otachack|4 years ago

Don't use it for e2e, then? There are plenty other solutions for incredibly sensitive chats (Signal, Tox, etc)

I think Telegram is a good trade off for group chats, personally. It's feature rich compared to others.

tasogare|4 years ago

Signal is asking phone number to use, I don't see how this is good for sensitive communication (since metadata alone are often very informative).

AegirLeet|4 years ago

Any messaging app that allows users to communicate without E2EE is actively harmful.

hagbard_c|4 years ago

Handwavy rants about shoddy cryptography tend to be just that, handwavy. Repeating that Telegram does not enable end-to-end encryption by default does not make it more of a reason not to use Telegram. Here's what you can do to live comfortably on the net, having conversations with the world and its dog while still being able to plot the overthrow of the government without inviting prying eyes: use Telegram for the former, use your private XMPP server with OMEMO for the latter. There, done, problem solved. No need for angry righteous rants about MTProto or the Emirates - and why exactly would that be the reason not to use Telegram by the way, would it have been less of an issue had they been located in Jakarta or Ouagadougou or Silly Valley - and all the bragging rights of using trusted cryptography for your local knitting club meetings where you plan to overthrow the government.

Source: this is what I do, except for the knitting. Telegram for talking to the family, XMPP standby on the server-under-the-stairs for when the going gets tough, with Conversation (which supports OMEMO) installed on target devices.

pkulak|4 years ago

To quote a popular movie from my youth; I dunno, man; that sounds like a lot of work.

I don't want to have to decide if every message I send is sensitive or not, then if it is, swap to a totally different app. Even worse: convincing friends and family to do the same!

holler|4 years ago

99.999% of people simply don't care about e2e, and even if they may have some concern about privacy (most don't), they'll prioritize a top-notch UI that let's them talk with friends and family over anything else.

For the remaining people who are concerned about privacy there are plenty of options.

grishka|4 years ago

Any sources about any real vulnerabilities in MTProto?

prirai|4 years ago

Mtproto did have. Mtproto 2.0 hasnhasn't seen such vulnerability. Reporters are still on the older method as that's what creates an effective login.

BTCOG|4 years ago

Post some links with any evidence that any researchers have found vulnerabilities in MTProto?

prirai|4 years ago

That was the MTProto. The newer one is MTProto 2.0 but they are still on the older method. Also they have servers distributed across regions so there's no single point of failure. Perhaps they are considering e2e for smaller groups.

0x000000001|4 years ago

You're exaggerating the state of MTProto 2.0. They haven't rolled their own with this release.

stiltzkin|4 years ago

Same as Discord, Teams, or Slack. If you do not want to chat sensible messages just use Matrix.