|
|
|
|
|
|
by jlund
3614 days ago
|
|
|
When an adversary intercepts a Telegram SMS authentication code, this gives them pretty much complete access to a user's entire Telegram messaging history. This is true because messages are not end-to-end encrypted by default. The Telegram servers will happily return perennially stored transcripts to any client that is even temporarily considered valid. This is _not_ true for messaging applications that are end-to-end encrypted by default and that do not store plaintext on their servers. This isn't a subtle difference. Lots of comparisons in this thread fall victim to a sort of implied false equivocation. Using SMS as a form of authentication may be a quality that Telegram shares with other popular messaging applications, but it is uniquely susceptible to all of the associated pitfalls. |
|
|