Hacker News new | ask | show | jobs
by d0mine 1477 days ago
Chats are encrypted. The question who can decrypt them by default.

It is a trade-off between security and usability. By default, you get usability (e.g., you can chat across devices easily). But you think it is worth the cost, you can make encryption keys unavailable without corresponding devices (create secret chat).

My guess, most telegram users prefer usability or don't care/ignorant. It would be a mistake to make the experience worse (that people would notice ignorant or not).
1 comments
brnt 1477 days ago
> Chats are encrypted.

Not end to end. Let's not sell SSL connections as encryption please.

link
d0mine 1477 days ago
It is false that chats are "unencrypted" (I know, it is repeated on every submission about Telegram here but it does not make it true whatever Goebbels said). Here's a quote from the FAQ: "The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data." https://telegram.org/faq#q-do-you-process-data-requests
link
brnt 1477 days ago
That is only true for the End 2 End encrypted chats, which are a separate and not very user friendly thing. Regular chats and group chats/channels are by design unencrypted.
link
d0mine 1477 days ago
It is false. Click the link to the FAQ. The paragraph for the quote begins with "To protect the data that is not covered by end-to-end encryption"
link
brnt 1477 days ago
Then it is not correct. A security analysis of Telegram has raised doubts about their e2e before. They have (had?) a blogpost up where they pontificate about how it not necessary and would put a burden on their channel feature anyway.
link
emptysongglass 1477 days ago
The security analyses I am aware of target MTProto 1 which is not MTProto 2 used for quite a number of years now. MTProto 2 uses standard security primitives.

You cannot say "it is not correct" without proof. We know all messages not just E2EE are wrapped in encryption on their way out a Telegram client and we know they are decrypted on their way in because client source code is available.

Why don't you have a look for yourself then let us know if you've confirmed your suppositions?

link
giords 1475 days ago
Sure, they're encrypted with a key that they have.

They have complete access to the data.

link