Hacker News new | ask | show | jobs
by _jomo 4009 days ago
This is nice, but I really wonder why they don't focus on more important things. For example this issue I opened over a year ago, asking them to use end-to-end encryption by default and for group chats: https://github.com/DrKLO/Telegram/issues/156

Probably because features are more important than security, sigh.
3 comments
free2rhyme214 4009 days ago
I second that notion. It comes down to priorities and right now bots > security.
link
jhasse 4009 days ago
It's not that easy: How would you exchange the private keys when using multiple clients? This would require to user to transfer the private key files or to remember a secure password. Both options aren't possible for usability reasons if you want to beat WhatsApp.
link
_jomo 4009 days ago
This has been discussed a lot in the issue thread. Key exchange really isn't the issue.

Scanning a QR code or creating a secure connection between the clients to exchange the keys isn't that hard.

link
jhasse 4009 days ago
What when I want to login at a computer but don't have my phone with me?
link
chralieboy 4009 days ago
Same as using 1Password — you don't.

You're trading convenience for increased security.

link
sherjilozair 4009 days ago
This is why it isn't 'by default'.
link
HunOL 4009 days ago
End-to-end encryption by default kills one of the advantages of Telegram - crossplatform history synchronisation.
link
_jomo 4009 days ago
this shouldn't be an issue when the clients share the private key.
link