185

FBI Warns Americans to Start Using Encrypted Messaging Apps (gizmodo.com)

submitted 2 weeks ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

53 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Opisek@lemmy.world 9 points 1 week ago

Except Telegram doesn't use TLS :) They use MTProto.

This is not me endorsing Telegram. I'm just pointing out your mistake. Telegram has other issues but it definitely does have transport encryption.

[-] jlh@lemmy.jlh.name 7 points 1 week ago* (last edited 1 week ago)

The above commenter said that their end-to-end MTProto protocol is not enabled by default.

Defaulting to just using transport encryption like TLS on a messaging app isn't sufficient in 2024.

[-] Opisek@lemmy.world 6 points 1 week ago

MTProto is not end-to-end. MTProto is their obfuscated client-server transport encryption.

What the commenter above is referring to is Telegram defaulting to saving your messages on the server in plaintext. You can use a "secret chat" which enables end-to-end encryption, but that is separate from MTProto.

Your sentiment is correct though. Messages should not be visible in plaintext to the server.

[-] jlh@lemmy.jlh.name 2 points 1 week ago

I dont know much about it, but Wikipedia says that MTProto is specifically for "secret chats":

For encrypted chats (branded as Secret Chats), Telegram uses a custom-built symmetric encryption scheme called MTProto.

https://en.m.wikipedia.org/wiki/Telegram_(software)#Architecture

Maybe Wikipedia is misleading here

[-] Opisek@lemmy.world 2 points 1 week ago* (last edited 1 week ago)

You're right, it is misleading. There are different "flavours" of MTProto. See here:

https://core.telegram.org/mtproto

This page deals with the basic layer of MTProto encryption used for Cloud chats (server-client encryption). See also:

Secret chats, end-to-end-encryption

End-to-end encrypted Voice Calls

(The major difference is simply whether the server and client share a key or two clients)

this post was submitted on 05 Dec 2024

185 points (97.9% liked)

Cybersecurity

5834 readers

196 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social