Hacker News new | ask | show | jobs
by quyleanh 588 days ago
Talking to "unencrypted", may I ask, by default, for normal chat, all the text, image, video, sticker is uploaded to Telegram server without encryption? Or they are encrypted/hashed/salted but the decryption key is on Telegram side?
1 comments
Tiberium 587 days ago
It's the latter, there is encryption for everything but of course Telegram has the keys. But I don't think there's information if Telegram stores data encrypted or not.
link
quyleanh 587 days ago
So we have to trust Telegram just like we trust Apple with iMessage right? Since Apple also has ability to extract information from iCloud backup [1].

Anyway, I don't know why HN crowds tend to aggressive with Telegram. Personally I like it and use it like a social platform.

[1] https://www.reuters.com/article/world/exclusive-apple-droppe...

link
tmottabr 587 days ago
no it is not..

There is E2E encryption for private ono on one conversations, but it is off by default and the option to enable it is buried behind a few screens ans several clicks..

And it is completely unavailable for group chats..

If you want more details, Matthew Green, the famous cryptographer from Johns Hopkins University have reviewed it recently

https://blog.cryptographyengineering.com/2024/08/25/telegram...

link
Tiberium 587 days ago
What do you mean "it's not"? We're not talking about E2E encryption specifically, just any encryption. MTProto uses encryption.
link
tmottabr 586 days ago
MTProto is the protocol used for secure chats, that is the name of their E2E encryption..

If you do not enable E2E it will not use MTProto and not have E2E encryption.

And all of this is only available for private chats, none is available for groups chats..

link
Tiberium 585 days ago
I'm sorry, but MTProto isn't just used for E2E chats. It's the actual main protocol that Telegram uses for everything. And yes, for non-secure chats there will be no E2E, but the question was about encryption, not end to end encryption.
link
tmottabr 584 days ago
communication between client and server is always encrypted and they don't even need MTProto for that, a simple TLS connection would be more then enough, and likely better. Also, that is likely true for all modern messaging apps..

The question proposed is that Telegram was monitoring private chats on the client side, but they do not need to do that unless E2E is enabled..

If you do not have E2E enabled then everything you send is in the open while in their servers..

So, if you do not have private chat enabled then Telegram does not need to make any type of client side monitoring, they can just monitor what is going trough their servers because it is all in the open..

link