• rdri@lemmy.world
    link
    fedilink
    arrow-up
    7
    arrow-down
    4
    ·
    edit-2
    9 months ago

    Some misleading info here.

    • that homebrew encryption thing is a subject to security focused bounty program an there were positive results from that.

    • there is always some encryption by default, read their docs. If you mean the end to end encryption, it’s a fancy thing that doesn’t even have a standardized way to work in group chats. It works in a feature called secret chat, that you have to enable whenever you need it.

    • mox@lemmy.sdf.org
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      edit-2
      9 months ago

      that homebrew encryption thing is a subject to security focused bounty program

      That doesn’t change the fact that it’s homebrew, and therefore not examined, understood, or trusted remotely as well as ciphers and protocols that have been thoroughly vetted by the global cryptography community. A bounty program doesn’t change that, and it’s not misleading to point it out.

      there is always some encryption by default, read their docs. If you mean the end to end encryption,

      Sigh. Yes, I meant end-to-end encryption. (My use of the word “any” simply meant inclusive of homebrew.) I thought that would be obvious, since point-to-point encryption is commonplace, and is the default for even simple web sites these days, so hardly worth mentioning in this context. But since you didn’t pick up on that, or were concerned that someone else might not, I have updated my comment to be more specific.

      It works in a feature called secret chat, that you have to enable whenever you need it.

      In other words, not enabled by default. As I said.

      • rdri@lemmy.world
        link
        fedilink
        arrow-up
        4
        arrow-down
        3
        ·
        9 months ago

        You should probably also update the “leaks likely” part with a history of encryption related leaks from telegram over 10 years.

        In other words, not enabled by default.

        It’s not enabled by default because people expect their chat history to not get wiped every time they finish talking, in most cases.

        • mox@lemmy.sdf.org
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          9 months ago

          I think it was clear from context that “accidental leaks” meant forgetting to enable e2ee, thereby exposing the conversation directly to Telegram, with not even the homebrew encryption protecting it.

          Obviously, there is no recorded history of every time anyone has made that mistake, but your gibe about it does at least confirm that you’re arguing in bad faith, which makes this easier: Goodbye.

          • rdri@lemmy.world
            link
            fedilink
            arrow-up
            4
            arrow-down
            3
            ·
            9 months ago

            If you really mean that, the leak resulting from such a mistake will only happen if you missed the fact that your chat history is saved after a talk (even though it’s right there just like any other history), then enough time passed for your friend to change views on you and leak whatever they had saved (since you didn’t remove that part of chat history before that happened).

            I’m sure that such a scenario is insanely unlikely. A much more likely scenario would be for you to not know that a friend of yours already changed their views and making records of all end to end encrypted content you make together by simple means, like another phone.

            I like when people hate questionable stuff. But I hate when they do it for silly or made up reasons.