emptysongglass 4 days ago

And every time someone makes this comment. MTProto 2 uses standard crypto primitives. Besides this, do you know who else rolled their own crypto? Moxie. You don't get to roll your own crypto first and then weaponize this against your opponents but that's exactly what he did along with abusing words like "plaintext" to describe any encryption not E2EE.

Reply View 12 replies
  • maqp 4 days ago

    AES-IGE is not best practice. Neither is this https://words.filippo.io/dispatches/telegram-ecdh/

    The difference is Moxie isn't an amateur when it comes to cryptographic design. Wikipedia actually lists him as a cryptographer. The company has also employed an actual mathematician/cryptographer, Trevor Perrin.

    Meanwhile, Telegram employed the CEO's brother who's a geometrician, which is not the same. You wouldn't hire a dentist to perform brain surgery even though both studied medicine.

    Signal protocol's double ratchet is considered best practice by pretty much every competent cryptographer.

    MTProto's main issues are not the teething issues of the yester-years. It's the fact every chat is sent to the server that can then read the messages. Telegram only has E2EE in internet debates about it's non-existent E2EE in practice.

    Reply View 10 replies
    • emptysongglass 3 days ago

      Are you aware the article you link to technically critiques MTProto 1, including links to web archives of the MTProto 1 docs?

      > MTProto's main issues are not the teething issues of the yester-years. It's the fact every chat is sent to the server that can then read the messages. Telegram only has E2EE in internet debates about it's non-existent E2EE in practice.

      Telegram does in fact have E2EE available in the form of Secret Chats, so that's just an incorrect statement from you.

      Regardless, that wasn't what I was rebutting. If anyone is going to have a reasonable debate about Telegram's problems, at least do so reasonably, without resorting to well-worn and facile language invented by the person who has the most to gain from its use. Moxie is not at all innocent in any of this and I'm glad he's no longer involved with Signal, which I use every day.

      Reply View 9 replies
      • rlpb 3 days ago

        > Telegram does in fact have E2EE available in the form of Secret Chats, so that's just an incorrect statement from you.

        But if you turn that on, other features turn off.

        Reply View 1 reply
        • maqp 3 days ago

          Exactly. I have friends that outright refuse to use secret chats because stickers are so important to them. They literally have said to my face "stickers > human right to privacy".

          Reply View 0 replies
      • akimbostrawman 3 days ago

        Telegram E2EE only 1:1 that is opt-in vs Signal E2EE everything by default.

        Its clear which is an actually private chat app. Defaults matter

        Reply View 0 replies
      • maqp 3 days ago

        >Are you aware the article you link to technically critiques MTProto 1, including links to web archives of the MTProto 1 docs?

        Yes, but surely you realize a competent cryptographer wouldn't have implemented a backdoor looking design in the first place?

        >Telegram does in fact have E2EE available in the form of Secret Chats, so that's just an incorrect statement from you.

        No it's 100% correct and you just made my point for me.

        1. Secret chats are not used by default, meaning most of users don't even know about it.

        2. Secret chats are not available for group chats, not even small ones that have reasonable expectation for privacy.

        3. Secret chats are not available for desktop chats, so you can not really use them seamlessly. I've spent six hours in front of my computer today. My phone is 30cm from my left hand. And I absolutely can't be arsed to pick it up every time my friend would send me a secret chat. Telegram's backdoor works exactly this way. They know I'm lazy. They make it my fault. Whereas with Signal, I can just alt-tab into the chats and reply there.

        When I said Telegram only has E2EE in internet debates, that means people like you who love to point out it's technically there, but who also fail to understand what it takes for such feature to be even used on a daily basis.

        >facile language invented by the person who has the most to gain from its use.

        I've been criticizing Telegram for over a decade now. You trying to make it sound like it's Moxie who's the devil pulling all the strings and making my arguments for me, makes you look like an astroturfer employed by Telegram: https://tsf.telegram.org/

        Reply View 5 replies
  • [removed] 4 days ago
    [deleted]
    Reply View 0 replies