WingNews logo WingNews
top | item 33122816

(no title)

plexicle | 3 years ago

No analysis needed. Telegram holds the keys to decrypt the messages and that's all you need to know.

It's why you are able to just login to your Telegram account on another device and magically get all of your message history.

So while the tech might be solid, the keys are still out there. They can be leaked. They can be subpoenaed, etc.

discuss

order

gwd|3 years ago

I like how Matrix handles this: You can either download and store locally a key that you enter into a new device to decrypt the encrypted messages stored on the server; or you have one of your other active devices decrypt its locally stored messages and send them to the new device (using some form of verification to prove you control both devices).

tptacek|3 years ago

Until very recently (weeks not months), Matrix servers controlled group membership, and could add arbitrary accounts to your group without permission, thus allowing them to decrypt messages to the group. Matrix servers could also silently add "devices" to your account.

https://nebuchadnezzar-megolm.github.io/

skyyler|3 years ago

>It's why you are able to just login to your Telegram account on another device and magically get all of your message history.

Secret chats are secure, and you cannot access them except on the device you start them with. It's one of the pain points for people that use them: they don't sync like normal chats.

palata|3 years ago

You just said it yourself: "normal chats are not end-to-end encrypted". The normality on Telegram is messages that their servers can read.

lloeki|3 years ago

> Telegram holds the keys to decrypt the messages and that's all you need to know.

That's an entirely different problem than TFA (an attacker accessing and being able to impersonate an account by subverting a third party 2FA middleman), which Telegram guards against as as soon as you have one device enrolled the code is sent over Telegram, not SMS.

> It's why you are able to just login to your Telegram account on another device and magically get all of your message history.

Being able to log in and get your history to sync is not a telltale sign that history is not encrypted and thus visible server side.

It could be stored encrypted and upon login decrypted locally (how to achieve that is left as an exercise to the reader, see 1password, restic, borg, and many others that store with zero trust yet are accessible by multiple devices, or even multiple parties)

(side note: claims that multi-device messaging can't be done because E2E are incorrect, e.g iMessage does it, by having each message encrypted multiple times, once for each device of the recipient account)

> So while the tech might be solid, the keys are still out there. They can be leaked. They can be subpoenaed

IIRC it was advertised that Telegram keys (presumably for data at rest) are stored split upon two (or more) different servers residing in different jurisdictions so that subpoenas would only get at most half of it or require international cooperation.

But then if you enter that ground, Telegram just as much as Signal could be court-pressured to produce a client that wiretaps data right where it's decrypted and phone home, so E2E only saves you if you audit every client version that this does not happen.

As always in matters of security, first step is to define your threat model, and who you want to secure against, as there's no such thing as perfect security.

> No analysis needed.

I would definitely like to see one done by an unbiased party, because everything I can find are blanket gut-feeling statements without reference.

EDIT: just found this, which is a bit light but still something: https://restoreprivacy.com/secure-encrypted-messaging-apps/t... and this: https://arxiv.org/pdf/2012.03141v1.pdf

orangepurple|3 years ago

Telegram has secret chats which are not the default