Hacker News new | past | comments | ask | show | jobs | submit login

And let's not forget. People are studying their encryption protocol and they're not finding anything special. It's not like you can actually decrypt messages.



There is nothing to break when the cloud chats are a backdoor by design. Imagine a vendor selling bullet proof glass. They're arguing the glass itself is extremely durable. These jabs at Telegram protocol are like attempts to break the glass. Here's the problem, that glass has a three meter hole in the middle of it. That hole is called cloud encryption. Telegram leaks

* 100% of messages by default to server. This is the same as if Signal had a backdoor for all of its messages.

* 100% of group messages with no chance to opt out. This is the same as Signal had backdoor for all of its group messages.

* 100% of all messages for Windows/Linux desktop clients. This is the same if Signal desktop client for Windows / Linux had a backdoor that leaked all messages to Moxie.

Telegram's strategy is to exploit that three meter hole. They published a bounty for 100,000 dollars for anyone who could break the glass. But the competition didn't award any points for pointing at the massive hole in the glass.

So no, nobody's finding anything special in Telegram's encryption, because EVERYONE got bored of pointing at the hole back in 2013 when Telegram was released.

Telegram's backdoor is the front door. It's so absurdly obvious it's insane anyone would ever have to point it out. But it's right there, if you just bother to look.


As I said, easily fixed by just using secret chats... Worse things it's that they don't work with group messages and etc. They gave people the choice though. You can use however you feel like it. Basically what you're doing is what Apple does for its users: patronizing. You just think what's great for everyone.

Also, they explain in their FAQs that they don't have the encryption key in the same datacenter, that they have those keys in different datacenters in different jurisdictions so law enforcement can't force them to decrypt the messages.


"They gave people the choice though"

There is no choice for opting in for E2EE group chats, exccept using another application.

"You just think what's great for everyone."

... Obviously?

"Also, they explain in their FAQs that they don't have the encryption key in the same datacenter"

Ok, explain to me on a technical level how the database encryption of incoming packet is done, (before the packet is committed to the encrypted database), when the key is not located on the RAM of the server? I.e. How does a CPU encrypt data without the key being present on the system?

Is it quantum teleported into the CPU registers from another country?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: