Server-side encryption = encryption. The fact that you don't find it sufficient and other opinions are irrelevant when it comes to people just plain wrongly stating things, such as "unencrypted" for clearly encrypted data.
It's like going outside in the rain, getting wet and saying "Well, it's not actually raining, I didn't get a pint of water in my boots."
> Server-side encryption = encryption. The fact that you don't find it sufficient and other opinions are irrelevant when it comes to people just plain wrongly stating things, such as "unencrypted" for clearly encrypted data.
We have clearly talked about E2EE (end-to-end encryption) and server side encryption is not that. E2EE means that it is encrypted between you and the message target. Server is the middle man, which should not have the access.
Almost everything is already encrypted with TLS on the current world during transmissions and regulations require server side encryption. It is not even our main interest to talk about that anymore, we are past that.
The main issue on the original post is the lack of E2EE.
Look up Grice's Maxims sometime. Conversations have context. The context here is a comment section for an article about a nation state requesting chats from Telegram. The only relevant kind of encryption that would be able to prevent this is end-to-end encryption; in such a context, 'Telegram is unencrypted' is easily and near-universally understood to refer to E2E encryption, even if absent such context the meaning would be less clear.
A better rain analogy would be someone saying 'I'd like to go for a smoke, is it raining', and you reply 'yes' because there is somewhere in the world where it is raining (just not there). You would be technically correct, but in the context of the question, the person was clearly interested in whether it was raining _there_.
But that's not "real" encryption. You're just abusing language — as most are in this thread — to get a result you want.
If you want to discuss E2EE, do so but it does not make it more "real" than other encryption.
Unencrypted is false. Not E2EE is true. Most use the former to wage war against an app they don't like because they prefer an app like Signal that satisfies their desirable qualities. Moxie actually started this trend and it is despicable. I'd say the exact same thing if Durov started referring to E2EE as "pedo-encryption" or anything else that distorts meaning.
Useless encryption is the same as no encryption.
If you put the key next to the lock, it's nit locked.
It's an abuse of language to call that encryption because if you say encryption you imply security.
But this is not secure and if it's not secure encryption is useless because security is the reason for encryption.
Encryption is not used for the sake of encryption but to protect the content of a message from unwanted access.
> Encryption is not used for the sake of encryption but to protect the content of a message from unwanted access.
Yes, that is what Telegram is doing. It may not be protecting the contents from who you want it protected from (everyone but you and the message recipient) but it does protect the contents from other (notice I did not say all) adversaries Telegram and its users don't want accessing.
It is still encrypted so use correct language, please and do not weaponize words to your own designs.
The context doesn't change the definition of encryption.
> It is more likely that you are trying to weaponize the words for your own designs.
Please point to where I have weaponized a word because on its face that accusation doesn't make any sense. I have not decided encryption means unencrypted. I have doggedly insisted words be used appropriately and even went so far as to give an example of mischaracterization of E2EE where I would call someone out.
If we go by definitions, it is not encrypted.
Ideally encryption means the process of encoding when only authorized parties can understand the information.
During the transportation of the information for the target recipient, the data in this case is on plaintext at some point on Telegram's server, and therefore it is not encrypted for the whole duration, going against the idea of transferring or holding information only for authorized parties in ciphertext format.
If we think that Telegram is the targeted party, then it would be encrypted as data is transferred or hold in ciphertext format for the whole process. However the Telegram is no the target, and the encryption is removed in the middle of process.
> Please point to where I have weaponized a word because on its face that accusation doesn't make any sense. I have not decided encryption means unencrypted. I have doggedly insisted words be used appropriately and even went so far as to give an example of mischaracterization of E2EE where I would call someone out.
You brought it up in the first place with a twisted definition.
From Wikipedia which you quoted bits from: "In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information."
> You brought it up in the first place with a twisted definition.
I did no such thing. You appear to be confusing idealism with the definition of encryption.
In any case we already have words for transport encryption, encryption at rest, and end to end encryption when referring to modes of encrypted data. Those are sufficient to cover the spectrum of encryption which exists. Calling encryption of one mode "unencrypted" which is not your ideal mode of encryption is disingenuous at best.
It's like going outside in the rain, getting wet and saying "Well, it's not actually raining, I didn't get a pint of water in my boots."