rdri

joined 1 year ago
[–] [email protected] 2 points 1 week ago

That one was hardly legal, not sure about "safe".

[–] [email protected] 109 points 2 weeks ago (1 children)

That's also a lie. There is no way it would be impossible to remove the protection code (or parts of it) or make it not execute. That alone makes him a clown.

[–] [email protected] 3 points 1 month ago (2 children)

Seems it's fixed now?

[–] [email protected] 3 points 1 month ago (1 children)

It actually seems more like a windows 10 compatibility dilemma for developers. You can support older systems but it would require some effort. The problem is not the absence of some specific certificates, but the absence of newer ciphers altogether.

This does give security but also removes backwards compatibility with some clients that might be important for some websites.

[–] [email protected] 2 points 2 months ago (1 children)

I mean the basic logic of the service was designed somewhere before its release. Data policies, promises to users are nothing if you assume services should adapt to stuff like this, at the expense of breaking those policies and promises.

Here is an old article from telegram about reasons for how it works https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-Default-08-14

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago)

No, just personal experience (I use telegram for many years) and absence of server data implications anywhere across the issues in the past (at this time too). You can find questionable or illegal businesses in telegram with a few words, they are all public channels. Hence "no moderation" accuses mentioned in every article.

There are of course darknet-like private communities, but I assume they are not a subject of interest at this time. Authorities would need to dig very deep past all the obvious illegal stuff, and telegram shouldn't care about resources consumed by such a small chunk of user base. Those groups will stay, as they are, private and safe, I assume, for quite some time.

[–] [email protected] 1 points 2 months ago (3 children)

Assuming things should work that way is ignorant. According to you, service owners should design and redesign their services to not store any data in order to avoid arrests. Also that a service owner should invent stuff they might not had a plan for if they have even a theoretical possibility to help identify individual users, in other words go against policies they designed at some point.

[–] [email protected] 10 points 2 months ago (9 children)

That's a wild way of twisting the logic. Just because the platform doesn't fall under your e2ee definition doesn't mean they had to do something that is only possible on purely cloud services.

The reason for arrest doesn't even have anything to do with encryption. All content that facilitates mentioned crimes is public. Handling it shouldn't involve any backdoors or otherwise service-side decryption.

[–] [email protected] 37 points 2 months ago (2 children)

Wording is confusing. Here are some better takes that sound valid and are true:

  • Telegram's e2ee is only available for chats of 2 people, and only on official mobile client.

  • Telegram's e2ee is a feature you have to enable whenever you need it (called secret chats).

[–] [email protected] 4 points 2 months ago

There is still plenty of fish for advertisers, sadly.

[–] [email protected] 1 points 2 months ago

It's barely anonymous, and poorly encrypted. The latter is the reason Durov is in custody

There is no logic here. If it was poor it would be very easy to track anyone including criminals. You can check the news to find the reasons.

There have absolutely been cases where a backdoor/weakness/lack of encryption used to catch criminals before

I meant telegram related cases.

Some are staying safe, others are being caught precisely because of this.

I didn't see any proofs of that.

Using better encryption schemes is definitely part of that.

Part of what? I don't get the point here.

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (2 children)

is not any different from just having TLS for transport

Yes, in simple terms, all encrypted transfer protocols are similarly protected from mitm attacks.

That just means that they store both your data in some encrypted way and the key. They can still read it trivially.

They can and they said the decryption keys are always kept separately (there are probably more layers than I can describe) from the data to make sure the servers are not used to decrypt the data locally. They can be lying for all I care. The bigger problem is that people somehow assume this a huge threat, while all previous cases didn't involve anything like that. People are getting into trouble for their public content - protected by some encryption but visible to anyone interested (who then report it to oppressive authorities).

While some go extra mile to explain to you how you should use e2e for your family group chats, real criminals do their stuff everywhere (especially on telegram) for years, staying safe. Problem is not how weak or strong the encryption is, but that once you are under oppression and do opposition activities, you're going to learn by yourself how to deal with it. Signal will not save you from people in your group chats if they are there to report on you.

view more: next ›