Hacker News new | ask | show | jobs
by adobeeee 2778 days ago
You seem to know a bit about encryption. Which is why it baffles me- how does telegram do this? Does it need a connected device in this way too? So one can upload the encryption key if its lost? If no device is connected, can/how do they do it? If yes, can Firefox copy that way?
1 comments
ryukafalz 2778 days ago
Telegram chats by default are not end-to-end encrypted. It does have e2e-encrypted chats as an option, but they're only accessible on one device. So:

>how does telegram do this?

...the short answer is they don't.

link
adobeeee 2778 days ago
I was referring to them saving encrypted data on their servers. Isn't that e2e encrypted? If not, does that mean an adversary with access to their database knows my chats?
link
ryukafalz 2778 days ago
That is not end-to-end encrypted, no. The company has all the information necessary to retrieve your plaintext conversation data. They can (and likely do) encrypt this data at rest within their infrastructure, and they can make it as hard as they want for an individual employee to access this information, but fundamentally you're trusting that their internal controls are sufficient.
link