You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 3.12K Posts
- 78K Comments
- Modlog
Page 47. https://odr.chalmers.se/server/api/core/bitstreams/527d7251-f7f4-4a6c-ac7b-f8253d174336/content
how often do you check encryption keys in chats? How does WebRTC relay work need to be explained?
The KDE would need to intercept every single message from start to finish because of forward secrecy. Mass surveillance of such sort would have been noticed by now, even if only 0.01% of people check their safety number with QR code or manual confirmation.
MITM attacks on specific high-level targets would be still possible of course. But if you consider yourself a high-level target outside of mass surveillance you can just check your safety number before initiating a conversation. Because of forward secrecy, you only need to check that once!
But all of that aside, Telegram has none of these things. Telegram is straight-up unencrypted with their default chats and group chats. Telegram is absolute dogshit.
So, that’s why they call PUBLIC chats in first place. In private chats all work exactly like in signal (DH end-to-end crypto with key verifying). But after 5 years some journalist finally read the documentation and newspapers was exploded. I known that from first day.
Telegram also honestly declares that there is no need to rely on anyone in matters of privacy. For example: We do not store customer IP, says signal developers. And how should I check it? Teleram just honestly says, “You have an mtproto proxy, build any kind of proxying chains and we won’t even theoretically know your address.” Feel the difference.
And I still don’t understand why MITM can’t just match two DH keys so that Alice and Bob’s signature checks match. But maybe I just don’t understand the cryptography chain well.
I don’t want tell that signal have bad crypto or telegram greates private messager. I say that all of that messengers have same security in private messages. Yes, signal support group private chats too, but that’s all. And if anyone can’t read docs, that not a telegram problem.
If Signal was to pull a MITM, it would have been noticeable as it requires active intervention in the protocol (it hasn’t been noticed yet), it would destroy all plausible deniability for them going forward, and it wouldn’t be possible on existing chats (once the key exchange between two parties happens, it’s impossible to do MITM). Telegram can just straight up read your messages, past, present and future, do whatever they want with them, with no way for anyone to check if that happens. It’s two different tiers of communication security.
To quote another commenter,