Telegram has no end to end encryption by default.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
Wording is confusing. Here are some better takes that sound valid and are true:
-
Telegram's e2ee is only available for chats of 2 people, and only on official mobile client.
-
Telegram's e2ee is a feature you have to enable whenever you need it (called secret chats).
and only on official mobile client.
This is incorrect, it is also available in other mobile clients (at least those which are forks of the official one).
And telegrams e2ee destroys all cool features it originally had
Yeah, I'm siding with the French government on this one at first blush. E2EE platforms are a necessary tool for combating government overreach and corporate surveillance. But if you willingly make a platform that's not E2EE, the idea of users being able to share this vile shit being a "necessary evil" toward the greater societal good completely falls apart. If you 1) have this vile content on your platform, 2) know it exists, 3) can trivially combat it in a targeted manner, and 4) choose not to, then you're complicit in its distribution.
I have no sympathy for a CEO who tries to dupe their userbase into believing their app is private and then not even take advantage of the one single ethical benefit to the platform not being E2EE.
That's a wild way of twisting the logic. Just because the platform doesn't fall under your e2ee definition doesn't mean they had to do something that is only possible on purely cloud services.
The reason for arrest doesn't even have anything to do with encryption. All content that facilitates mentioned crimes is public. Handling it shouldn't involve any backdoors or otherwise service-side decryption.
It is about encryption though. Since it's possible for him to get access to anything said in those group chats, they asked him to provide all Telegram has on those users and chats. He didn't, he got arrested.
He wouldn't have been in as much trouble if those chats were encrypted and Telegram couldn't know anything about what's said in what chat by which user.
Because hw wouldn't be "betraying" his users by giving everything that was asked of him by the authorities.
Again, the materials are in public groups. Anyone with an account can see them. If we imagine that Telegram had the same functionality as it does now over E2EE, the offending users would be sharing their keys in public, and Telegram would still be as viable.
Telegram deserves some pushback for misrepresenting themselves as secure (and for lying about their connections to Russia), but I wish Moxie fanboys were able to talk about Telegram without shouting "it's not E2EE" over and over because they don't understand it's a social network disguised as a messenger.
It would not be the same, access might remain public but if it was E2EE and not stored on Telegram's servers, new users wouldn't have access to the history of the channel.
And since Telegram would not be able to read the messages as they go through its servers, they would have plausible deniability if they were asked if they knew what was going on on which channels.
I don't think Signal is the best messenger out there, I do think it's an good compromise between privacy and to have a enough appeal that most people would use it. I don't agree with most of what I have read Moxie write. But thanks for judging and generalizing by guessing who I must be.
You are right that it's probably more of a social network.
Assuming things should work that way is ignorant. According to you, service owners should design and redesign their services to not store any data in order to avoid arrests. Also that a service owner should invent stuff they might not had a plan for if they have even a theoretical possibility to help identify individual users, in other words go against policies they designed at some point.
Assuming things should work that way is ignorant. According to you, service owners should design and redesign their services to not store any data in order to avoid arrests.
If they don't want to be arrested yes, they should either do that or have good enough moderation to not get in the bad graces of some big entities like countries.
I'm not sure what you meant with the rest of your comment.
I mean the basic logic of the service was designed somewhere before its release. Data policies, promises to users are nothing if you assume services should adapt to stuff like this, at the expense of breaking those policies and promises.
Here is an old article from telegram about reasons for how it works https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-Default-08-14
The thing is I think he did think of stuff like this.
From what the article says and from what I knew. Telegram purposefuly made "distributed cross-jurisdictional encrypted cloud storage" to try and evade governments. So he did have them in mind.
If we lived in a world where we didn't have to think about governments spying on us, we might have not even needed encryption to begin with.
But thank you for the link, it was an interesting read even if I don't agree with what he's trying to convey / prove.
After reading the article and the links in the article, I'm not seeing anywhere where they stated the chats there requesting information on were public chats, did you have a source that discussed that I could read up on? It sounds fairly interesting to me.
No, just personal experience (I use telegram for many years) and absence of server data implications anywhere across the issues in the past (at this time too). You can find questionable or illegal businesses in telegram with a few words, they are all public channels. Hence "no moderation" accuses mentioned in every article.
There are of course darknet-like private communities, but I assume they are not a subject of interest at this time. Authorities would need to dig very deep past all the obvious illegal stuff, and telegram shouldn't care about resources consumed by such a small chunk of user base. Those groups will stay, as they are, private and safe, I assume, for quite some time.
Not to whatabout it but under this logic we got other "CEO"s who should see a similar treatment.
Will they?
And none for group chats.
Is that the point here? Telegram is not a messaging app, it have that functionality but it does not revolve around that. And there is e2ee if you enable it. Thanks
But Telegram IS a messaging app? Their motto is literally "a new era of messaging".
Now do Zuckerberg and Musk
Don't leave out Spez.
Meta is literally ad platform for scam. But it’s american, so it’s ok.
It's the same shit. I was advertised psylocibin shit on facebook before.
The problem is that those guys comply with the requests from governments.
do you agree with this arrest or are you pointing out the double standards ?
I don't really understand how he allowed crime. I can commit crime via sms, whatsapp, signal or mail. Does that mean they allow it?
I can commit crime via sms, whatsapp, signal or mail.
But you're not allowed to
Crime is generally illegal
Against the law at the minimum.
I think the distinction here is that if your phone provider, WhatsApp, Signal or mail carrier is informed that someone is engaging in illegal activity using their service, these entities would comply and give the information they have on you-- be it a lot like SMS or a little like Signal (phone number, registration date).
In the case of Telegram, they've been informed countless times that specific individuals are engaging in blatantly illegal activity and unlike the previously mentioned entities, Telegram is refusing to comply with any legal requests.
I believe that's the situation but if I'm wrong, by all means correct me because this is a very interesting subject.
Thanks, this is the first explanation that's actually clicked for me.
Presumably Moxie as well since I'm constantly being told that Signal is the most secure e2ee platform.
Telegram holds the keys, Signal doesn't
That's right, Signal only holds phone numbers for some unspecified reason.
Not the place
Telegrams moderation leaves a lot to be desired. I'm not saying they should look into or give governments people's private conversations but I am saying that certain public features of telegram that do allow you to report illegal materials have been used to spread them.
certain public features of telegram that do allow you to report illegal materials have been used to spread them.
I don't understand, what do you mean? Does clicking "report" on a message not simply send a report to moderators only?
I'm saying that Telegram's moderators are not moderating stuff they should be moderating and that they have admitted they should be moderating. I know that it's not their fault, it's the small size of the team compared to almost a billion monthly active users, but still.
I know that it’s not their fault, it’s the small size of the team
This part is directly Telegram's fault. If they cannot keep up with their moderation queue then they need a bigger moderation team. Preferably properly remunerated. There are news reports about how Facebook's sub-contracted moderators work for these extremely shitty companies who track them based on how many reviews a minute they do, and which causes extreme psychological damage to the workers both because of the extreme content they have to see as part of their jobs and the bad working conditions they must put up with.
Yes, basically every corporate social media site needs more moderators. A single person can barely moderate 200K users (cohost), so a platform with 900 million should probably have a trust and safety team larger than 30 or 60 (Durov didn't confirm it).
I do wonder how much "report" does.
Next up: Discord!
Pretty sure Discord keeps tons of data on their users and readily complies with warrants.
I mean, they shut down tons of Yuzu and Yuzu clone discord servers for Nintendo.
I think they're already in the good graces of those kind of folks.
Discord does not have this problem. Source: the US government and the issue of massive security breaches by people arguing in some discord chat
It is funny that his bail was a small fraction of his wealth. This situation is tense and uncertain but at least there is something funny about it.