If this pisses you off, it's worth noting that Telegram group chats have the same property, and that Telegram argues forcefully (and falsely) that what they're doing does meet the definition of "end-to-end encryption".
This statement is simply false, Telegram has never claimed group chats are "end-to-end encrypted". Only secret chats are claimed to be and proven to be.
Your refutation of my claim is an article that claims Telegram's use of TLS encryption makes it more secure than its competitors, and links to another article going into even more detail about that ridiculous claim. I feel comfortable with where it leaves my argument standing.
The central point of your comment was false and invented. You have claimed they made assertions they absolutely never made.
I don't see how the TLS claim is relevant, your comment is still wrong. It also misrepresents their argument, that competitors using cloud backup is less secure than not doing so because it introduces a very untrusted third party (Google Drive is not E2EE).
Their claim that E2EE + Google Drive backup is not secure seems pretty valid to me, not that it's related to the inaccuracy of your comment (it's still a false statement, and pretty egregious considering it's never been claimed).
Wait, I thought Telegram was worse than that - Zoom does (what appears to be) end-to-end encryption if you have four native Zoom clients in a meeting. Telegram doesn't do end-to-end if you have four Telegram clients in a group chat, right?
(I might be missing something about either Zoom or Telegram)
Yeah, I'm honestly a bit surprised because I personally would agree with Zoom that what they're doing is "end-to-end encryption." (Maybe it'd be nice if they had a "mandatory e2e" checkbox that you had to uncheck to get a dial-in phone number, but, obviously when I call a number by phone I know there's no e2e going on.)
I think the pile-on is mostly because finding security problems with Zoom is the cool new thing to do. There's been no shortage of genuine security problems with Zoom (and an apparent lack of security culture) but I think we've now gotten to e.g. "you can use Zoom to trigger a Windows design flaw that's been around for years" or "when you set up a meeting anyone can join, anyone can join the meeting" or whatever, and the media is happy to pick that up.
There's a backlash in vulnerability research circles, because we've all had to deal with systems that are much, much worse (Webex, for example). I'm not a fan of Zoom or anything, but the concerns they're generating about security are unbalanced and not especially reasonable.
But, again: we've had long threads on HN "debating" the notion that Telegram is E2E-encrypted by dint of TLS to Telegram's servers, as if that was a legitimate proposition. Because Telegram has a cheering section, and Zoom, it seems, does not.
Telegram only uses end-to-end encryption for "secret chats" and voice calls. Group chats and standard person-to-person chats are not end-to-end encrypted, and I don't believe Telegram has made any claims to the contrary.
(Encrypted messaging is a hard problem, especially when you have to deal with users with multiple devices which are offline intermittently, or users joining an established group chat. Telegram has taken the sensible approach of not trying to solve this.)
Encrypted messaging is a solved problem, and even WhatsApp manages end-to-end group chats. Telegram does not, but claims in its FAQ that "All Telegram messages are always securely encrypted" (it is referring explicitly to group messaging). Telegram is far more misleading than Zoom is, but again, Zoom lacks the cheering section. Maybe if they released a ZoomCoin.
Fair point on the FAQ. At least they didn't explicitly misuse the term "end-to-end"?
That being said, I'm not certain encryption is an entirely solved problem for the case of multiple devices, including web clients, or for large public groups. (WhatsApp only supports a single client -- their web interface attaches to the phone -- and their group chats are limited to 256 members.) I'm not sure it can be solved under the current model Telegram uses for authorizing devices, as the server can authorize a device to access an account, and any non-secret chats it was involved in, without the involvement of any previously signed-in devices.
Zoom does not do end-to-end encryption. End to end encryption means that only the end user can decrypt the message. Zoom central can decrypt the message, because they hold the keys. They mostly don't bother, but that's just an optimisation.
At any point, someone could go into Zoom's systems, get the keys to your chat, and monitor you, and you would have no way of knowing.
> Zoom does (what appears to be) end-to-end encryption if you have four native Zoom clients in a meeting.
I don't understand their blog post that way. From the post: we encrypt all video, audio, screen sharing, and chat content at the sending client, and do not decrypt it at any point before it reaches the receiving clients. That sounds like "we could decrypt it, but we promise not to". That's not e2e.
They continue with When users join Zoom meetings using devices that do not inherently use Zoom’s communication protocol, such as a phone (connected via traditional telephone line, rather than the app) or SIP/H.323 room-based systems, Zoom’s encryption cannot be applied directly by that phone or device so if those users can join the meeting after it has been established between Zoom-clients, it's not e2e.
Second, you can have your phone gateways be stateless and unprivileged: when a user calls up the phone gateway, it generates a new keypair. The user enters their PIN and the phone gateway derives a key from the PIN using your favorite password hashing algorithm, HMACs their public key with the PIN, and sends it to the existing participants. The other participants have the same PIN, so they can decide to let this public key join the call without allowing random callers to join. (I'm not sure if Zoom does this, but it's straightforward enough and it makes the phone gateways much less juicy of an attack target, especially because you can now reboot the gateways from read-only media and you don't need to provision them a secret, so I hope they do.)
Now we're left with the argument about whether it really counts as "end-to-end" if the plain-old-telephone-system part of the connection isn't encrypted, but also it can't be, so I'm not sure anyone reasonably expected it to be encrypted. Anyone who really wants "end-to-end" encryption can just make sure nobody joins their call by phone. (In the end, end-to-end encryption is a tool to make sure the right people join your meeting - i.e., anyone who cares about end-to-end encryption already cares about who the ends are.)
https://telegram.org/faq#q-so-how-do-you-encrypt-data
As early as 2017, they broadly and publicly advertised that they are NOT end-to-end encrypted 'by default'.
https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by...