• @woelkchen
    link
    English
    144 months ago

    Telegram, including secret chats, is not blocked because Russian elites happen to use that, too.

    • @[email protected]
      link
      fedilink
      English
      454 months ago

      I could put on my tinfoil hat and say if signal is blocked but telegram isn’t, maybe that means that telegram isn’t as secret as they make it out to be.

      • @woelkchen
        link
        English
        -24 months ago

        It’s open source. Look can up the encryption yourself.

        • @[email protected]
          link
          fedilink
          English
          214 months ago

          No need, all you have to do is read the whitepaper. they home brewed the encryption algorithm and nobody actually knows if it’s worth a damn. That’s not exactly a secret.

          • @woelkchen
            link
            English
            34 months ago

            nobody actually knows if it’s worth a damn.

            After all these years, security researchers still don’t know if the encryption is any good?

            • @HarriPotero
              link
              English
              114 months ago

              On that level it usually falls on computer scientists. Formal methods can prove that any implementation is correct, but proving the absence of unintended attacks is a lot harder.

              Needham-Schroeder comes to mind as an example from back when I was studying the things.

              • @woelkchen
                link
                English
                -14 months ago

                On that level it usually falls on computer scientists.

                And not a single one has been able to analyze the encryption in all these years? Fact is, Telegram is the tool the Russian opposition and even Ukrainians use to communicate without Putin being able to infiltrate.

                • @HarriPotero
                  link
                  English
                  2
                  edit-2
                  4 months ago

                  No. It kind of falls on Dijkstra’s old statement. “Testing can only prove the presence, not absence of bugs.”

                  You can prove logical correctness of code, but an abstract thing such as “is there an unknown weakness” is a bit harder to prove. The tricky part is coming up with the correct constraints to prove.

                  Security researchers tend to be on the testing side of things.

                  A notable example is how DES got its mixers changed between proposal and standardisation. The belief at the time was that the new mixers had some unknown backdoor for the NSA. AFAIK, it has never been proven.

        • @doodledup
          link
          English
          124 months ago

          They don’t have reproducible builds afaik (unlike Signal). You can have a completely different code running on your phone than on GitHub.

          Besides, who is using Secret Chat anyways? All default chats and group chats are unencrypted.

          • @woelkchen
            link
            English
            04 months ago

            You can have a completely different code running on your phone than on GitHub.

            Just use the F-Droid version if there is any doubt.

            Besides, who is using Secret Chat anyways?

            Probably Russians who used Signal before.

            • @doodledup
              link
              English
              74 months ago

              The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

              • @Nonononoki
                link
                English
                14 months ago

                It’s reproducible if you compare it with F-droid’s tarball, which has all the source code in it.

              • @woelkchen
                link
                English
                04 months ago

                The F-droid version is also not reproducible. The binary you install has a different hash than the one you build from the GitHub.

                F-Droid builds from source, so any suspicion whether the Google Play version has been tampered is completely irrelevant for the F-Droid version.

          • @woelkchen
            link
            English
            -54 months ago

            Just use the F-Droid version if there is any doubt.

              • @woelkchen
                link
                English
                14 months ago

                What about iOS users?

                Apple is not selling iPhones in Russia after the beginning of the invasion.

                  • @woelkchen
                    link
                    English
                    14 months ago

                    It’s not about everyone, it’s about people needing to hide their communication from the Putin regime.

    • @lemmylommy
      link
      English
      154 months ago

      Telegram is shady as fuck and also afaik only uses end to end encryption in „secret“ one on one chats.

      • @woelkchen
        link
        English
        04 months ago

        Telegram is shady as fuck and also afaik only uses end to end encryption in „secret“ one on one chats.

        I was very explicitly referring to secret chats.