I wouldn’t put a lot of trust in Telegram. Not only is their cryptography off by default, it’s a bespoke hand-rolled non-standard algorithm that might not work as well as they say. Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.
Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.
From the very start rather.
And there’s been a few cases where not FSB, but mundane police was reading suspects’ messages before arresting them.
Don’t trust Telegram, I use it because, eh, most people use either that or VK DMs in Russia as the default IM. But never trust it for something which should be secret.
You can even have “opposition”-themed channels there or call for rebellions, but don’t ever expect anything to be secret or even pseudonymous. Even without ill intent regularly flaws are found which allow to get a lot of information, and the code quality is sewer-level.
In general, people are wise to use ciphers and protocols that have been examined by the global cryptography community and have held up to that scrutiny.
The algorithm was neither proposed nor designed by the US government, it was made by (what is now known as) Signal, a 501c nonprofit.
The claims of signal being “state-sponsored” come from assuming how money flows through the OTF - Open Tech Fund - which has gotten grants from government programs before. (IIRC)
It wouldn’t make sense for the US Gov. to make such a grant to make a flawed protocol, as any backdoor they introduce for themselves would work for any outside attacker too - it’s mathematics. It works for everyone or for no one. Would they really wanna make tools that they themselves use, just to have it backdoored by other state actors?
I wouldn’t put a lot of trust in Telegram. Not only is their cryptography off by default, it’s a bespoke hand-rolled non-standard algorithm that might not work as well as they say. Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.
https://www.cnet.com/tech/tech-industry/telegram-reportedly-ordered-to-share-encryption-keys-with-fsb/
From the very start rather.
And there’s been a few cases where not FSB, but mundane police was reading suspects’ messages before arresting them.
Don’t trust Telegram, I use it because, eh, most people use either that or VK DMs in Russia as the default IM. But never trust it for something which should be secret.
You can even have “opposition”-themed channels there or call for rebellions, but don’t ever expect anything to be secret or even pseudonymous. Even without ill intent regularly flaws are found which allow to get a lot of information, and the code quality is sewer-level.
Why the hell should encryption be optional at all? Except like debugging or something.
Also, if the (as the article hints at), the keys were compromised well then it’s just utter dog shit architecture.
thats exactely the point lol. Why would you use an algorithm designed and proposed by the US government in a “secure” messenger?
Which algorithm are you referring to exactly?
In general, people are wise to use ciphers and protocols that have been examined by the global cryptography community and have held up to that scrutiny.
The algorithm was neither proposed nor designed by the US government, it was made by (what is now known as) Signal, a 501c nonprofit.
The claims of signal being “state-sponsored” come from assuming how money flows through the OTF - Open Tech Fund - which has gotten grants from government programs before. (IIRC)
It wouldn’t make sense for the US Gov. to make such a grant to make a flawed protocol, as any backdoor they introduce for themselves would work for any outside attacker too - it’s mathematics. It works for everyone or for no one. Would they really wanna make tools that they themselves use, just to have it backdoored by other state actors?
And again, Durov’s claims are entirely assumptions, and that coming from someone that has had [various](https://mtpsym.github.io// different vulnerabilities and weird bugs on their platform