Hacker News new | ask | show | jobs
by hiimkeks 1148 days ago
> The cloud and E2EE encryption of Telegram have already been audited by independent researchers.

Yes, and they all agree it's crap. Just look at this thread https://news.ycombinator.com/item?id=6915741 (Feel free to ignore Moxie, but listen to tptacek). In addition, it doesn't even matter since (a) it's not turned on by default and (b) it can't be turned on for group chats.

That said, I agree that Durov probably is not closely collaborating with the Russian state.
1 comments
NayamAmarshe 1148 days ago
The thread you linked is talking about a totally different algorithm, not relevant to our discussion.

MTProto 1.0 had flaws and proven vulnerabilities. Telegram ditched the algorithm after 2013.

MTProto 2.0 is much secure and has been audited multiple times already without fail. The security is solid, that's the consensus.

Also, there are 2 types of MTProto 2.0 algorithms. One is cloud encryption and the other is end to end encryption.

Cloud encryption is enabled by default on all chats but for those who need end to end encryption, they can use secret chats.

You can read more about it here: https://core.telegram.org/techfaq#q-how-does-server-client-e...

link
hiimkeks 1148 days ago
Apparently they didn't learn much, given that MTProto 2.0 still uses IGE. Or still derives the IV from a hash of the message.

The article you link does not mention "cloud encryption". What is that? TLS?

link
NayamAmarshe 1148 days ago
The cloud encryption is what I linked, the Server-Client encryption. Just below it, you can see E2E.
link
IYasha 1148 days ago
E2E is not available on all platforms, is hidden in obscure menus and the whole UI discourages users from using it. Telegram is a data-harvesting social goolag-oriented network after all. :-/
link
NayamAmarshe 1148 days ago
That would be a pessimistic way to see it.

The greatest feature that telegram offers is cloud sync. Everybody knows the limitations E2EE comes with. There's no way you could have thousands of members in a group on Signal.

Along with that, the ability to manage device sessions and to login on multiple devices with full chat sync is extremely unique to Telegram.

You're asking them to ditch that in favor of inferior UX, which they simply cannot do at this point.

But I do hear the valid complaints. I do believe they should improve MTProto 2.0 to work on multiple devices and in groups. Their implementation is fine for 1-1 chats but having something better than that is always welcome.

link