If you don't trust the server, then you shouldn't trust them to supply you a client either. Since a client is basically "whatever code they decided".
Very few people are building from FOSS, and those that do will include binary blobs too. It's theatre.
I doubt client-server is the only way to accomplish this.
I'm just clarifying. I agree the practical implications of the attack are not really meaningful to a general audience.
https://blog.cryptographyengineering.com/2024/08/25/telegram...
The Most Backdoor-Looking Bug I’ve Ever Seen
it's suspicious, but at the same time, iirc, nobody's been able to find a vulnerability in their encryption protocol :shrug
The reason they rolled their own was because it came out before the Double-Ratchet/Axolotl protocol and OtR (which double-ratchet is essentially based on) was extremely inconvenient to use properly and had its own weaknesses.
this actually makes a lot of sense lowkey, thanks :)
if you are on the same network and manage either intercept key to bruteforce it or guess encryption key with emoji it's possible to decrypt the whole chat. It works because telegram random generator uses time and some device information which is predictable
the study managed to decrypt 500 messages out of 500 on emulator devices. Brutewforcing takes like a few $100 worth of computing power
Honestly, durovs are exceptional people and enterpreneurs, however their encryption and what they say isn't always what it presented as
ethin•3h ago
Granted, I don't know how MTProto actually works all that well, but IMO Telegram should've just used Noise or something. Would've saved them a lot of trouble. Although that doesn't really resolve the underlying problem that people think Telegram is secure when it's not (i.e., you have to explicitly enable E2EE and it's off by default), at least last time I checked. I haven't used telegram in years so my knowledge might be out of date though.
jansper39•3h ago
I suppose it's what the actual goals of the app are, potentially it works out very well for someone.
dijit•3h ago
Most people dislike Telegram because:
A) It takes away from Signals market share
B) They don't enable E2EE by default
C) They're owned by Pavel Durov, the Russian Zuckerberg.
I am aware that it's an unpopular opinion, but the FUD spread against Telegram and the hagiographies of Signal make me think something weird is going on.
Telegram has third party clients, so you can just roll your own client that runs another encryption on top if you want, like Pidgin used to do with OTR.
[0]: https://mtpsym.github.io
hiimkeks•3h ago
E) (I believe) don't enable E2EE with more than one device
dijit•3h ago
E) Neither does Whatsapp/Signal; they rely on a backdoor interface to your phone to send messages.
tptacek•3h ago
dijit•3h ago
But I'm having trouble discerning what you mean.
Either you're saying group chats are encrypted E2EE - which, I never claimed.
Or, you're mentioning that you can have multiple phones/devices on the same account, which doesn't work the last time I checked.
mahemm•3h ago
That's wrong as `tptacek noted. If you meant something else, that wasn't clear.
dijit•2h ago
my response was:
> E) Neither does Signal/Whatsapp.
The thread of the "E" topic is relevant here, i'm not claiming that Signal/Whatsapp support (or do not support) encryption for group chats.
Sorry that it wasn't clear, I thought referring to them directly by letter would make it easier to differentiate.
rockskon•3h ago
dijit•2h ago
However, after doing a smidge more research it seems like somehow Signal is sharing it's key with the desktop app and only syncing history of messages directly: https://news.ycombinator.com/item?id=15596980
I'm not 100% sure how it works as the server is fake-open-source and not actual open-source.
porridgeraisin•2h ago
fsflover•3h ago
skeledrew•1h ago
crtasm•3h ago
dijit•2h ago
Wonder how that works then? Weird.
fsflover•3h ago
tptacek•3h ago
s17n•3h ago
People outside the US prefer telegram because they assume that Signal is probably compromised, or at least highly vulnerable to compromise, by US intelligence - they trust Pavel Durov's history of expropriation and arrest more than they trust some nerds who claim that our product is secure.
BoredPositron•2h ago
https://t.me/durov/452
asacrowflies•2h ago
ur-whale•1h ago
Can you point at anything in his message that's not factually correct?
simion314•1h ago
He also got involved in Romanian and Moldovan elections, by sending a message to target users in the day of the elections( when doing campaign is illegal) with claims he presented no evidence for, basically the bastard works for Ruzzia, he might be forced to but the facts do not lie.
skeledrew•1h ago
a57721•26m ago
Otherwise, the "doomer manifest" is OK, but the comically inflated ego of Durov is annoying, him thinking that such banal and commonplace sentiments are worth pushing as an alert message to all users, wrapping everything into announcing his birthday (that he doesn't want to celebrate, oh no).
jazzyjackson•3m ago
skeledrew•1h ago
weberer•2h ago
hiimkeks•3h ago
ProofHouse•3h ago