when telegram has been proven insecure? in every topic about telegram people keep saying telegram is not secure. i failed to find info about how insecure their secure chats. maybe you can help me?
tl;dr: they tried to use SHA-1 as a MAC. This is something of a crypto 101 mistake. Had they even used HMAC they'd be in much better shape. Worse, even after this was pointed out to them and people started writing papers about potential attacks, they have stood by their shaky design, refusing to update it or even admit mistakes were made in the initial design.
But even worse than that, end-to-end encryption is off-by-default, and users must opt into it. Why?
"This allows Telegram to be widely adopted in broad circles, not just by activists and dissidents, so that the simple fact of using Telegram does not mark users as targets for heightened surveillance in certain countries. We are convinced that the separation of conversations into Cloud and Secret chats represents the most secure solution currently possible for a massively popular messaging application."
Putting aside the fact that if Telegram's cryptography were properly implemented, an outside observer shouldn't be able to tell whether or not end-to-end encryption is being used or not (i.e. Telegram does not provide proper separation of data-at-rest versus data-in-motion), this seems to be the "I don't need encryption because I have nothing to hide" argument, but perpetrated by what's allegedly supposed to be a secure messenger.
The real reason why Telegram doesn't enable end-to-end encryption is pretty clear: they don't have the features to provide a good end-to-end encryption experience: They don't support end-to-end encrypted group chats. They don't have encrypted backups like Signal and WhatsApp.
> But even worse than that, end-to-end encryption is off-by-default, and users must opt into it. Why?
Because it is unusable. It has no synchronization between devices, only 1 device to 1 device. And if you accidentally closed the chat, you have to verify it again. You can't store trusted key fingerprint.
It is not suitable for mobile devices. Secure chats are like OTR, but with bad crypto. Signal and WhatsApp are the same protocol as OMEMO, originally designed for Signal.
> so that the simple fact of using Telegram does not mark users as targets for heightened surveillance in certain countries
And yet Telegram is associated with terrorism more that, e.g., WhatsApp.
I think he's spreading a lie.. based on what I've seen, at least.
It's a not yet proven secure protocol, is the worst you can say against it I believe. I'm not a security guy mind you, I'm just parroting what I keep seeing. Rightfully so, lack of deep audit is a very valid reason to worry. Yet, worry and untrusted is vastly different than actively exploitable / broken.
Many prominent and respected HNers have laid out the case for why Telegram has security issues. If you use the search function at the bottom, you will easily find these issues raised. I don't personally possess the knowledge to determine the soundness of Telegram's crypto, but there have been enough red flags raised on HN over the years to merit skepticism.
While I absolutely agree with you about the "tptacek & friends" agenda, that really has no bearing whatsoever on the actual problems they've raised with MTProto, their weird KDF, and IGE in general.
Whenever one can consider a person's arguments in isolation from your opinion of said person, it's wise to do so. This is one of those opportunities.
Is that how you prove something - by reading comments on HN?
Oh, how about all these red flags are raised to scare people to not let them use Telegram which is really secure?
Moxie Marlinspike's reputation is dependent on his ability to deliver a secure product. Signal/Signal Protocol development is funded by donations and grants from groups like the Freedom of the Press Foundation, EFF, etc, and those groups desire a secure messaging product. Moxie has staked his reputation on WhatsApp's implementation of the Signal Protocol multiple times on the OWS blog, which he would not do if he disapproved of WhatsApp's implementation. There's no hard proof (except what can be gained through analysis of the executables), but there's no incentive for Moxie to lie, therefore, WhatsApp's implementation should be reasonably secure.
That article is false. A large number of people in the security community have spoken out against that article, which had the effect of convincing people in dangerous situations to switch to less secure communication methods.
"Security researchers call for Guardian to retract false WhatsApp backdoor story" [1]
The Guardian claims they have offered to let Zeynep Tufekci write a rebuttal; according to Tufekci, they have repeatedly delayed and are not taking the offer they made seriously.
If you have spread this misinformation in other places, you might want to follow up with the people you misled.
There is absolutely nothing wrong with the article, claiming that it is FUD will not change the fact that WhatsApp can re-send messages encrypted with different keys at will (which makes it ABSOLUTELY USELESS for people who actually care about their privacy). The argument against the article seems to be around "we can trust whatsapp not to abuse their ability", which blows my mind. You should not have to trust anyone with cryptography.
> WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor
The problem is that I have to take their word for that, while they have the ability to activate the backdoor at will.
I linked to HN for a reason, so that people could see what other people think concerning the article. Here is the HN version of that opinion https://news.ycombinator.com/item?id=13394900
The misleading is that people are told that proprietary and centralised messaging services such as whatsapp can guarantee security - the truth is that they probably can't.
I'm going to go out on a limb and say that Zeynep Tufekci knows more people who need crypto to survive than the average HN user, and understands their trust model better.
