- cross-posted to:
- [email protected]
- technology
blog.cryptographyengineering.com
- cross-posted to:
- [email protected]
- technology
A reminder
Highlights
Many systems use encryption of one sort or another. However, when we talk about encryption in the context of modern private messaging services, it typically has a very specific meaning: the use of default end-to-end encryption to protect message content. When used in an industry-standard way, this feature ensures that all conversations are encrypted by default — under encryption keys that are only known to the communication participants, and not to the service provider.
Telegram clearly fails to meet this stronger definition, because it does not encrypt conversations by default. If you want to use end-to-end encryption in Telegram, you must manually activate an optional end-to-end encryption feature called “Secret Chats” for each private conversation you want to have. To reiterate, this feature is explicitly not turned on for the vast majority of conversations, and is only available for one-on-one conversations, and never for group chats with more than two people in them.
Even though end-to-end encryption is one of the best tools we’ve developed to prevent data compromise, it is hardly the end of the story. One of the biggest privacy problems in messaging is the availability of loads of meta-data — essentially data about who uses the service, who they talk to, and when they do that talking.
In certain contexts, this is a very, very good thing. For instance, child sexual abuse material is often shared in pedophile Telegram groups. The fact that the chats can not be secret because they’re group chats makes it much easier for people trading in CSAM to be caught. If the material and identities of all the participants was, by default, encrypted, that would make it extremely challenging to catch the people that feed this market.
there’s always someone out there trying to make encryption all about CSAM…
it’s not, it’s about freedom of speech and privacy…
it’s great when pedos get caught, but i’m not giving up all of humanity’s freedoms to government and corporate overlords because a small percentage are bad people and we want them caught….
there are other ways besides spying on all information….
…Which I’m explicitly not doing. Telegram has end-to-end encrypted chats, but not group chats. The group chats have never been encrypted, and AFAIK Telegram never implied that they were. (TBH, I’ve more than once had to tell people to stop fed posting on Telegram because they stay stupid shit on unencrypted channels that will bring the wrong kind of attention down.) Signal still exists - and is better than Telegram in every way. For the deeply paranoid there’s Briar. Tor is definitely a thing. Encrypted communications are fantastic, and I support them.
I fully support stupid people doing their stupid, illegal shit on open channels where it’s easy to bust them. I also fully support encryption.
Then you’d use other methods to catch them.
“What about the children” is just an excuse made by authoritarians to justify their actions.
So let’s install camera in every house then, that will surely help find some more and prevent some from happening to begin with. No?