this post was submitted on 23 Dec 2024
119 points (91.6% liked)

Technology

63236 readers
3337 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
119
Telegram Profitable for First Time After App Pays Down Debts (www.bnnbloomberg.ca)
submitted 2 months ago by Joker@sh.itjust.works to c/technology@lemmy.world
29 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] demesisx@infosec.pub 40 points 2 months ago (4 children)

“Trust me bro” style hand-rolled encryption.

[–] pgetsos@fedia.io 9 points 2 months ago (1 children)

The encryption is not Trust me bro. It is public and tested multiple times. For example an analysis back in 2021:

https://mtpsym.github.io/

It found somes issues in the implementation of MTProto 2.0 from the official apps, with only one of them being actually usable as an attack vector, and they were all fixed before the disclosure of the analysis. They found no issues with the encryption algorithm other than some choices that may make the implementation of it harder

[–] rikudou@lemmings.world 12 points 2 months ago (1 children)

The encryption that only works in one-on-one chats? The encryption that's multiple menus deep in said one-on-one chats? The encryption that no one uses because of the issues above?

[–] EngineerGaming 4 points 2 months ago (1 children)

The encryption that is not even available outside of mobile?

[–] anzo@programming.dev 0 points 2 months ago (1 children)

That's actually a perk. Means the decryption key is not uploaded to telegram servers.

And, yes. The encryption all of the normies learnt to use for buying illegal goods while the prices were posted in wide open group chats. At least that's how it was working in latin america with drugs.

[–] EngineerGaming 2 points 2 months ago* (last edited 2 months ago)

That's actually a perk. Means the decryption key is not uploaded to telegram servers.

You could make encryption work between multiple ends without the server having to share the keys if each device has its own key - like in Matrix, XMPP, etc. And given that Telegram can't do that, the restriction in question is still very arbitrary - in a one-to-one conversation, they just don't allow you to make your end the desktop and not the phone.

Also yes, here selling drugs over Telegram is a very big thing too and given how hard it is to use Telegram anonymously and safely - it is indeed monumentally stupid.

[–] ouch@lemmy.world 7 points 2 months ago (1 children)

What encryption? There is no E2EE by default. It's all plaintext.

[–] oktoberpaard 1 points 2 months ago

I’ve been telling people about the lack of standard E2E encryption for years, so don’t interpret this as me defending them, but plaintext suggests that they send it unencrypted over the network, which is not the case. It’s encrypted between the client and the server and supposedly it’s also encrypted at rest. The issue is that Telegram has full access to your data, as well as anyone that they share it with (or that has managed to find their way in). This may include government agencies, employees, etc.

[–] lepinkainen@lemmy.world 0 points 2 months ago

I exclusively use it for public chats, like I did IRC.

Neither had any encryption and I have no issue with it.