Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
maqp 2 days ago

AES-IGE is not best practice. Neither is this https://words.filippo.io/dispatches/telegram-ecdh/

The difference is Moxie isn't an amateur when it comes to cryptographic design. Wikipedia actually lists him as a cryptographer. The company has also employed an actual mathematician/cryptographer, Trevor Perrin.

Meanwhile, Telegram employed the CEO's brother who's a geometrician, which is not the same. You wouldn't hire a dentist to perform brain surgery even though both studied medicine.

Signal protocol's double ratchet is considered best practice by pretty much every competent cryptographer.

MTProto's main issues are not the teething issues of the yester-years. It's the fact every chat is sent to the server that can then read the messages. Telegram only has E2EE in internet debates about it's non-existent E2EE in practice.

emptysongglass a day ago | parent [-]

Are you aware the article you link to technically critiques MTProto 1, including links to web archives of the MTProto 1 docs?

> MTProto's main issues are not the teething issues of the yester-years. It's the fact every chat is sent to the server that can then read the messages. Telegram only has E2EE in internet debates about it's non-existent E2EE in practice.

Telegram does in fact have E2EE available in the form of Secret Chats, so that's just an incorrect statement from you.

Regardless, that wasn't what I was rebutting. If anyone is going to have a reasonable debate about Telegram's problems, at least do so reasonably, without resorting to well-worn and facile language invented by the person who has the most to gain from its use. Moxie is not at all innocent in any of this and I'm glad he's no longer involved with Signal, which I use every day.

rlpb a day ago | parent | next [-]

> Telegram does in fact have E2EE available in the form of Secret Chats, so that's just an incorrect statement from you.

But if you turn that on, other features turn off.

maqp a day ago | parent [-]

Exactly. I have friends that outright refuse to use secret chats because stickers are so important to them. They literally have said to my face "stickers > human right to privacy".

akimbostrawman a day ago | parent | prev | next [-]

Telegram E2EE only 1:1 that is opt-in vs Signal E2EE everything by default.

Its clear which is an actually private chat app. Defaults matter

maqp a day ago | parent | prev [-]

>Are you aware the article you link to technically critiques MTProto 1, including links to web archives of the MTProto 1 docs?

Yes, but surely you realize a competent cryptographer wouldn't have implemented a backdoor looking design in the first place?

>Telegram does in fact have E2EE available in the form of Secret Chats, so that's just an incorrect statement from you.

No it's 100% correct and you just made my point for me.

1. Secret chats are not used by default, meaning most of users don't even know about it.

2. Secret chats are not available for group chats, not even small ones that have reasonable expectation for privacy.

3. Secret chats are not available for desktop chats, so you can not really use them seamlessly. I've spent six hours in front of my computer today. My phone is 30cm from my left hand. And I absolutely can't be arsed to pick it up every time my friend would send me a secret chat. Telegram's backdoor works exactly this way. They know I'm lazy. They make it my fault. Whereas with Signal, I can just alt-tab into the chats and reply there.

When I said Telegram only has E2EE in internet debates, that means people like you who love to point out it's technically there, but who also fail to understand what it takes for such feature to be even used on a daily basis.

>facile language invented by the person who has the most to gain from its use.

I've been criticizing Telegram for over a decade now. You trying to make it sound like it's Moxie who's the devil pulling all the strings and making my arguments for me, makes you look like an astroturfer employed by Telegram: https://tsf.telegram.org/

emptysongglass a day ago | parent [-]

> When I said Telegram only has E2EE in internet debates, that means people like you who love to point out it's technically there, but who also fail to understand what it takes for such feature to be even used on a daily basis.

But you are being dishonest when you make an incorrect statement like this. Don't do that.

EDIT:

> makes you look like an astroturfer employed by Telegram: https://tsf.telegram.org/

I just read the linked page through: this is a request for volunteers to answer support questions for Telegram. How did you make the mental leap from a request for support volunteers to recruitment ad for astroturfers?

maqp 21 hours ago | parent [-]

The content is lies. E.g.

https://tsf.telegram.org/manuals/e2ee-simple#are-cloud-chats...

Talks about "unique distributed architecture" which I have debunked here

https://security.stackexchange.com/a/243172

When people parrot those lies, they're being useful idiots, which Russia has used for ages https://en.wikipedia.org/wiki/Useful_idiot Durov is trained in information warfare and propaganda https://www.nytimes.com/2014/12/03/technology/once-celebrate... He knows what he's doing.

emptysongglass 15 hours ago | parent [-]

You've gone way off base here and have made a colorful array of unfounded accusations, including strongly hinting I must be part of an astroturfing brigade, that Secret Chats only available on mobile devices constitutes an intentional "backdoor", that I am a "useful idiot", that for the purposes of internet argumentation E2EE chats don't actually exist, etc.

What I asked you to do was to stop misrepresenting your own bizarre theories as fact and stop linking microblog posts and blog posts describing vulnerabilities of a completely rewritten protocol that have nothing to do with its current. That is dishonest and not a reasonable basis for any argument.

There are many ways of honestly portraying the problems of Telegram without resorting to false inventions, such as its immense problem of spam and ads and the fact that E2EE is not available across all devices and for group chats.