- cross-posted to:
- [email protected]
- [email protected]
blog.cryptographyengineering.com
- cross-posted to:
- [email protected]
- [email protected]
A reminder
Highlights
Many systems use encryption of one sort or another. However, when we talk about encryption in the context of modern private messaging services, it typically has a very specific meaning: the use of default end-to-end encryption to protect message content. When used in an industry-standard way, this feature ensures that all conversations are encrypted by default — under encryption keys that are only known to the communication participants, and not to the service provider.
Telegram clearly fails to meet this stronger definition, because it does not encrypt conversations by default. If you want to use end-to-end encryption in Telegram, you must manually activate an optional end-to-end encryption feature called “Secret Chats” for each private conversation you want to have. To reiterate, this feature is explicitly not turned on for the vast majority of conversations, and is only available for one-on-one conversations, and never for group chats with more than two people in them.
Even though end-to-end encryption is one of the best tools we’ve developed to prevent data compromise, it is hardly the end of the story. One of the biggest privacy problems in messaging is the availability of loads of meta-data — essentially data about who uses the service, who they talk to, and when they do that talking.
…Which I’m explicitly not doing. Telegram has end-to-end encrypted chats, but not group chats. The group chats have never been encrypted, and AFAIK Telegram never implied that they were. (TBH, I’ve more than once had to tell people to stop fed posting on Telegram because they stay stupid shit on unencrypted channels that will bring the wrong kind of attention down.) Signal still exists - and is better than Telegram in every way. For the deeply paranoid there’s Briar. Tor is definitely a thing. Encrypted communications are fantastic, and I support them.
I fully support stupid people doing their stupid, illegal shit on open channels where it’s easy to bust them. I also fully support encryption.