I am liking how this time around a lot of people are outright calling the media out on their parroting Telegram's PR bullshit about how "encrypted, secure, private" the service is.
(it is not.)
As in, not just writing about how Telegram is neither of these things, but very clearly pointing a finger at the media and going: "stop spreading this misinformation, you are putting people in danger."
Keep this pressure on!
Yesterday I shared my own write-up on Telegram's failings, today I came across Matthew Green's stellar blogpost:
https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/
And this blogpost *starts* with calling the media out on this.
Fantastic.
At this point it's clear Telegram has no interest in fixing their stuff. We should not be talking to them, we should be talking about them to the media so that they stop promoting it.
Because as I said yesterday: that constitutes journalistic malpractice.
Great post, hits the nail right on the head. Thanks for sharing this @rysiek.
This kind of journalistic malpractice is usually caused by ignorance, in which case they need to be called in and patiently educated. But in some cases I think there is an intent to mislead, by people who ought to know better. They need to be contacted in private and given a chance to retract and apologise, and if they don't, they need to be publicly called out on their wilful malpractice.
"Indeed, it no longer feels amusing to see the Telegram organization urge people away from default-encrypted messengers, while refusing to implement essential features that would widely encrypt their own users’ messages. In fact, it’s starting to feel a bit malicious."
#MatthewGreen, 2024
#Telegram always smelt like a honeypot to me;
* centralised, tick (like Signal)
* encryption doesn't work for groups, only 1:1, tick (like Signal)
* opt-in E2EE for 1:1 chats while heavily promoted as "encrypted messenger", tick (unlike Signal)
* Roll-Your-Own cryptography, tick (maybe like Signal, but crucially...)
* no source code published for server, so no independent auditing of cryptographic primitives or implementations, tick (unlike Signal)
I can't fathom why anyone uses it.
@Patton
> I think you've made a mistake, because the Signal groups are probably well encrypted
Does this link to any primary sources that disconfirm my claim, or is this just the reckons of someone on dReddit?
@strypey
Hi,
Just check directly the signal blog:
https://signal.org/blog/private-groups/
And this is an 2014 article so this feature has been around since many years
:)
One of the major features we introduced in the TextSecure v2 release was private group chat. We believe that group chat is an important feature for encrypted communications projects, so we wanted to try to summarize some of the existing work in this area, as well as how TextSecure’s group chat pr...
@Patton
> Just check directly the signal blog
Urggh. I'm pretty sure I already responded to this 2014 blog post. But thanks to Mastodon's dopey data retention policy, the server I'm on has already stuffed it all down the memory hole.
From memory, that post is about *potential* ways to encrypt private group chats. Please quote me the text at that link confirming that group encryption is a) implemented, and b) turned on my default.
Michał "rysiek" Woźniak · 🇺🇦
Strypey
Patton