E2E encryption is kind of a fucky thing, some suggest it is fundamentally impossible for central web services and even mobile / desktop apps. Basically, if there is a third party involved in the code besides Alice and Bob, the two can never guarantee E2E encryption.
Web part is simple, as there are countless ways you can get malicious code delivered from what you think is the correct, safe, web server.
Same concept applies to app store / desktop program updates, but with a slightly slower and more difficult attack prospect.
Anyways, Telegram does seem to have the best encryption of any major service, and it's what we use at my company for almost all internal communications.
>E2E encryption is kind of a fucky thing, some suggest it is fundamentally impossible for central web services and even mobile / desktop apps
"some suggest" How about you actually name some competent people who suggest this?
>Basically, if there is a third party involved in the code besides Alice and Bob, the two can never guarantee E2E encryption.
Oh, this is a downright insane, dishonest argument. Perfection is impossible, so we shouldn't even try!
>Anyways, Telegram does seem to have the best encryption of any major service, and it's what we use at my company for almost all internal communications.
Why do you think this? This is such a fundamentally ridiculous claim, I find it absolutely fascinating that someone might arrive at this conclusion.
> How about you actually name some competent people who suggest this?
As I don't remember the name of everybody I read about, it would take significant effort to go find the source.
It's much simpler to prove the concept logically:
Any time you're communicating on a service provided, programmed, and updated by at least one third party, it is fundamentally impossible to guarantee E2EE without being omniscient of what they're doing.
This is simply because the unen/decrypted data is in the software at some point in time, and the third party controls the software.
> Oh, this is a downright insane, dishonest argument. Perfection is impossible, so we shouldn't even try!
I did not say or imply this in any way, and no it is neither an insane nor dishonest argument, it's just a consequence of allowing a third party to control your data.
It's an american development by a company that refuses to release actually open software. Perhaps it's good in theory! As far as I am aware there is no open implementation of it and it is also inside a problematic regime and therefore just as suspect.
Signal clients are released aa open source as far as I am aware and mathematics doesn't care about what regime it is developed under.
You guys will normally find me defending Telegram here but the more important point is that we should stick to the facts even if they go in favor of "the other side".
I have not to date found anything that allows me to build a client myself and subsequently actually use it. Never mind the server, which is about as opaque as they come.
This isn't about Telegram advocacy, it's about how I keep reading "Signal is so good!" even though the devs have a very bad attitude to anyone asking about reproducible builds. When they are that hostile they do not earn trust, so it is mystifying to me that people seem to love them so much.
1. The man behind Telegram cannot even safely visit Russia after people with friends in high places stole his previous startup there or so the story goes.
2. As have been pointed out before, while this is really bad if true, but you are pointing to something that happened extremely early in the development of Telegram and later fixed (and as I've mentioned before you keep throwing a link to an old Russian post in a forun where most people have never read a word Russian. I'll add this time that it is almost as you don't want anyone to read it.)
>1. The man behind Telegram cannot even safely visit Russia after people with friends in high places stole his previous startup there or so the story goes.
Unfortunately the western press doesn't really care about Telegram or the Durovs so we don't really have heaps of high quality journalism to count on.
>but you are pointing to something that happened extremely early in the development of Telegram and later fixed
I'm not convinced that this is something that can be fixed. Sure, they removed the backdoor they added but does that really fix the organization?
I think it's utterly irrelevant that this backdoor was added and removed a while ago, the Telegram team hasn't significantly changed since then.
>I've mentioned before you keep throwing a link to an old Russian post in a forun where most people have never read a word Russian
I don't read Russian either, but I have no problem reading this post with google translate (or yandex translate if you'd like) and I assume that you too have access to this amazing technology.
Web part is simple, as there are countless ways you can get malicious code delivered from what you think is the correct, safe, web server.
Same concept applies to app store / desktop program updates, but with a slightly slower and more difficult attack prospect.
Anyways, Telegram does seem to have the best encryption of any major service, and it's what we use at my company for almost all internal communications.