this post was submitted on 25 Aug 2024
250 points (95.6% liked)

Technology

58125 readers
4152 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
250
Is Telegram really an encrypted messaging app? (blog.cryptographyengineering.com)
submitted 3 weeks ago by db0@lemmy.dbzer0.com to c/technology@lemmy.world
118 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] woelkchen@lemmy.world 1 points 3 weeks ago (1 children)

That said, they should have an option for app data encryption, but that’s hardly a requirement IMO

So Telegram is not an encrypted messenger because there are types of messages that are not E2E encrypted but Signal is a encrypted messenger because encrypting local storage is optional. Got it.

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 weeks ago (2 children)

Yes, because the "encrypted messenger" metric is about sending and receiving messages, not storing messages. On the order of things I care about, E2EE is much more important than local storage. I can do something about local storage, I can't realistically do anything about E2EE.

[–] woelkchen@lemmy.world 1 points 3 weeks ago (1 children)

Yes, because the “encrypted messenger” metric is about sending and receiving messages, not storing messages.

So whether or not the messages can be retrieved by criminals or law enforcement is not a metric. Got it!

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 weeks ago

Law enforcement would require a warrant, and criminals would need to break into my device first (highly unlikely without it being a targeted attack, and that's not in my threat model at all).

And if they can break the encryption on my devices, they can likely break the encryption of the data at rest. Most people would probably use the same key for both anyway (biometrics or a PIN). If I need it to be more secure, I can create a special encrypted container for that service to store its data in.

[–] pressanykeynow@lemmy.world -1 points 3 weeks ago (1 children)

I can do something about local storage, I can't realistically do anything about E2EE.

You can enable secret chat. Like press the button. But that's probably too difficult compared to encrypting you devices.

[–] sugar_in_your_tea@sh.itjust.works 3 points 3 weeks ago

Sure, but what happens when my contacts forget to push it and send me confidential information? I can be the most careful person in the world and always press that button, but I cannot control what others do. That's why it needs to be E2EE for everyone.