Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Note that telegram is not e2e encrypted, so you're sharing your private family communications with logging servers in russia.


Telegram is indeed not E2E encrypted, and messages sent to/from bots cannot opt into E2E; but would you happen to have a citation handy for more information on these logging servers in Russia you speak of? Thanks!


"In August 2014, SORM-2 usage was extended to monitoring of social networks, chats and forums, requiring their operators to install SORM probes in their networks."

https://en.wikipedia.org/wiki/SORM


Telegram didn’t comply that rule and Russia tried to block Telegram that time without success


Telegram is not hosted in russia, but you are right, trusting telegram, is trusting ceo Pavel Durov and hist good intentions, much better than any big tech, but not even close to a proper e2ee


My apologies, you're completely right, Telegram is not hosted in Russia. I don't know where I got that idea in my head from...


unlike say, Google Inc


USA: PRISM is probably still a very active project. This is the program where the NSA would request access to major US companies (notably Google and Microsoft) and the companies would grant them access to some of their databases. The NSA slide says that "it varies by provider" what information the NSA is privy to, but it never breaks it down fully to say exactly which provider is providing which data. The NSA slides do mention email contents, photos, etc., so it's probably safe to assume that at least some of the major providers are/were providing contents and not just metadata.


Googler, opinions are my own. I wasn't at Google when PRISM was discovered.

As far as I understand, your take on this is incorrect. At least for Google, people that worked there were pissed, some posting nasty posts about the NSA hacking their network. My understanding was, that the NSA tapped the lines between data centers.

The NSA was able to hack Google, because there inter datacenter communication was not encrypted, partially because it was on private fiber that they fully owned. After this project came to light, Google already had a project in the works to encrypt all traffic between data centers, which they enabled shortly after.


PRISM is the code for FAA702 collection, and has nothing to do with the Google/Yahoo WAN cable taps, which had the codename MUSCULAR.

PRISM continues to date. The USG can get any data they want out of Google without a warrant.


Your description of PRISM is wrong. The FBI issued court orders for the content (not metadata) of specific accounts to US Internet companies. The Internet companies reviewed the court orders and set up forwarding of some of those accounts' data. PRISM then ingested a subset of the data from the FBI DITU's systems (those collected from foreign accounts) into the NSA's databases. The slides Snowden released are very clear about this.


And? Everyone with a cloud cron job or doing the same thing on a compute instance hosted somewhere has the same reality

Telegram is just a nice platform, have you tried using it? basically just a standard ui so that none of your bots need frontend development

Why regurgitate something about the optional e2e feature




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: