If the chat is not end-to-end encrypted, which Telegram “cloud” chats are not, then by definition Telegram (the company) has access to the chats. Full stop.
Something being true only by definition is unfortunately a very weak claim.
For example the company servers could be hosted on an island with armed guards instructed to burn everything if anyone approaches and the decryption happens only on those servers: sure they have access by definition, but they really don't.
The guards could decide they’re not getting paid enough and steal the data. Or the government could arrest them. Or the government could MITM the data center. Or any hundreds of different scenarios.
At the end of the day, the only thing preventing somebody from accessing the data is that they just… don’t.
This is very weak security and it is why cryptographers and security professionals call it “effectively plaintext.”
If the only thing stopping them from decrypting your messages is instructions to their own employees to not allow it to be done, that is not a defense against providing access to law enforcement. They can just change those instructions at any time without anybody knowing. Just like they can just change the server software to allow it.
jiiam|1 year ago
For example the company servers could be hosted on an island with armed guards instructed to burn everything if anyone approaches and the decryption happens only on those servers: sure they have access by definition, but they really don't.
barsonme|1 year ago
The guards could decide they’re not getting paid enough and steal the data. Or the government could arrest them. Or the government could MITM the data center. Or any hundreds of different scenarios.
At the end of the day, the only thing preventing somebody from accessing the data is that they just… don’t.
This is very weak security and it is why cryptographers and security professionals call it “effectively plaintext.”
usea|1 year ago