this post was submitted on 12 Jan 2024
81 points (75.8% liked)

Privacy

32159 readers
876 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

This is an article written by telegram's founder and CEO Pavel Durov in 2019 on "Why whatsapp will never be secure". Your thoughts?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 10 months ago (2 children)

WhatsApp's e2e encryption is based on the Signal protocol and active by default. Telegram's is opt-in. So much for Telegram's superior privacy...

[–] [email protected] 2 points 10 months ago

They tell whatever they want until their claims can be validated with the source code. If we take it for granted that they use an original, unmodified version of the signal protocol programming libraries, there are still multiple questions:

  • how often do they update the version they use
  • what are they doing with the messages after local decryption (receiving), and before encryption (sending)
  • how are they storing the secret keys used for encryption, and what exactly are they doing with it in the code

Any of these questions could reveal problems that would invalidate any security that is added by using the signal protocol. Like if they use an outdated version of the programming library that has a known vulnerability, if they analyze the messages in their plain data form, or on the UI, or the keypresses as you type them, or if they are mishandling your encryption keys by sending them or a part of them to wherever