Comment by alerighi
1 year ago
Well of course, but this is a feature of Telegram. It's the only messaging app where messages are stored on the cloud. This of course has security implications, but also allows you to have a big number of chats without wasting your device memory like WhatsApp does, or having to delete old conversations, and allows you to access your chats from any device. By the way you can also set a password to log in from another device (two factor authentication, also on WhatsApp now you have this option).
To me it's a good tradeoff, of course I wouldn't use Telegram for anything illegal or suspect.
> It's the only messaging app where messages are stored on the cloud.
Besides Slack and Discord and Teams and whatever the heck Google has these days and iMessage and...
I think you mean it's the only messaging app that purports to have a focus on security where messages are stored in the cloud, which is true, but also sus. There's a reason why none of the others are doing it that way, and Telegram isn't really claiming to have solved a technical hurdle that the E2E apps didn't, it's just claiming that you can trust them more than you can trust the major messaging apps.
Maybe you can and maybe you can't, the point is that you can't know that they're actually a safer choice than any of the other cloud providers.
Matrix also keeps your message on the server. Except you can run your own server. And the messages are end to end encrypted. And you can keep a proper backup of the keys.
Granted it can be clunky at times, but the properties are there and decentralised end to end encrypted messaging is quite and incredible thing. (Yes, Matrix nerds, it's not messaging per se it's really state replication, I know :))
As you alluded to, Matrix has really horrible UX. Telegram is meant to be easy for the many to use: finding content in chats or even globally across public channels for example is intuitive and snappy because their server does the heavy lifting. That's a huge sell for many, myself included.
1 reply →
My Matrix messages are, I presume, not encrypted, because every device I have prompts me to sign this device's keys with the keys of another device (which doesn't exist) and the option to reset the encryption keys and lose access to old messages doesn't work either (it just crashes Element).
4 replies →
Doesn’t Matrix replicate all chat metadata to any linked federated servers?
>it's just claiming that you can trust them more than you can trust the major messaging apps.
All the cool kids in the block eliminated the need to trust the provider decades ago. PGP: 33 years ago, OTR 20 years ago, Signal 14 years ago.
You have to trust the provider with signal; they are fiercely anti-third party clients, control the network and have released version of the code that are not tracked by sources- in extreme cases we’re aware of years old code being in there (mobile coin for example).
Signal evangelicalism needs to halt, you mean the Whisper protocol.
5 replies →
But that's literally the entire point of this article. That is, in this day and age, when people talk about "secure messaging apps" they are usually implying end-to-end encryption, which Telegram most certainly is not for the vast majority of usages.
Also, iMessage is very secure...but then all your stuff is backed up on iCloud servers unless you specifically disable it. That includes all your iCloud encryption keys and plaintext messages.
Worse, iPhones immediately start backing up to iCloud when set up for a new user - the only way to keep your network passwords and all manner of other stuff from hitting iCloud servers is to set the phone up with no network connection or even a SIM card installed.
Did I mention there's no longer a SIM slot, so you can't even control that?
And that iPhones by default if they detect a 'weak' wifi network will switch to cellular, so you can't connect the phone to a sandboxed wifi network?
You shouldn't have to put your phone in a faraday cage to keep it from uploading plaintext versions of your private communications and network passwords.
Well summed-up. Its crazy how efficient theese things are at working together to strip users of any agency or control, across many different domains.
That is the correct default. Every day users are far more likely to accidentally lose their data than to run into government snooping.
4 replies →
> That includes all your iCloud encryption keys and plaintext messages.
Are these stored encrypted or in the clear? If the latter, please cite your source.
2 replies →
Apple devices are also always gossiping about which devices are where
1 reply →
Luckily, microwave ovens make easy Faraday cages.
1 reply →
laf every image you take on an iphone is sent to apple server regardless of it being in icloud or not.
iMessage only encrypted messages in RSA 1280, why do you think it is very secure?..
iCLoud can be disabled by MDM profile installed by Apple Configurator at setup.
9 replies →
Many companies in the industry mislead users about encryption and just try to use it as a buzzword to attract customers. Take Apple, as example. Apple cloud backups are not E2E encrypted by default (like Telegram chats), and even if you opt into E2E encryption, contact list and calendar won't be E2E encrypted anyway [1].
Yet, Apple tries to create an image that iPhone is a "secure" device, but if you use iCloud, they can give your contact list to government any time they want.
Apple by default doesn't use E2E for cloud backups, and Telegram doesn't use E2E for chats by default. So Telegram has comparable level of security to that of the leaders of the industry.
[1] https://support.apple.com/en-us/102651
I think a high definition photo taken on a recent phone takes up an awful lot more device memory than a "big number of chats"
Yeah, but Whatsapp chats tend to be full of those... and videos.
(On Android), if you don't care about the (old) WhatsApp media, just delete it from your phone. It's all just loose files in `/storage/android/data/com.whatsapp` (or thereabouts). The text content of the chats will remain available.
Whatsapp automatically resizes them (in standard settings)
But it still gets big.
This is such a misrepresentation. Telegram could at-will feed the cloud-2FA password to password hashing function like Argon2 to derive a client-side encryption key. Everything could be backed up to the cloud in encrypted state only you can access. Do they do that? No.
So it's not as much as trade-off, as it is half-assed security design.
Telegram currently has very intuitive and snappy search, even in very active groups with years of content. That's because the heavy lifting is done by the server. Think that'd still be possible if there was no way for the server to process the data?
PCs and phones been fast enough to have snappy search on text data for years now.
Is "grep" not snappy enough for you?
8 replies →
Yeah, try searching anything older than a year, the amazing snappy search grinds to halt. Meanwhile I'm storing years worth of stuff on Signal with no issues, and it searches ridiculously fast offline with no seconds long pause for buffering.
2 replies →
Apple could also use E2E for their cloud backups by default, but they don't (and if you enable E2E, it doesn't apply to contact list and calendar backup anyway). Why do you demand more from Telegram than from Apple or Google?
I'll have you know they had maths PhDs design their security, sir. Eight of them!
Yeah, it's a bit of a joke.
Yeah, put a geometrician* to do the job of a cryptographer. This is what you get.
* I'm being serious, Nikolai Durov's PhD dissertation title was "New Approach to Arakelov Geometry"
https://bonndoc.ulb.uni-bonn.de/xmlui/handle/20.500.11811/31...
https://arxiv.org/pdf/0704.2030
3 replies →
> It's the only messaging app where messages are stored on the cloud
Unreal. Please share how you came to this world view.
[dead]
> Well of course, but this is a feature of Telegram. It's the only messaging app where messages are stored on the cloud.
Wrong, Matrix does it too, but fully e2ee.
> and allows you to access your chats from any device.
No it doesn't, because it is possible withh e2ee as well
> It's the only messaging app where messages are stored on the cloud.
Instagram. FB Messenger. Skype. LINE. KakaoTalk. Discord. Slack. Teams. iMessage.
Google talk/Hangouts/Google Chat/Duo/Allo/Meet/another Meet/etc. Counts as one
You never know what may suddenly become illegal.
>It's the only messaging app where messages are stored on the cloud.
So do all the others with the exception of something like IRC.
Not really. WhatsApp only keep them temporarily (and E2EE!) until they're delivered to each device. Signal too. Telegram keeps everything for all time. Which is kinda handy too I have to say.
Of course you can send your backup to Google for WhatsApp and signal but that's optional. You can keep it locally too. And it's encrypted too. With WhatsApp you can even choose to keep the key locally only.
WhatsApp? The closed source app that AFAIK has never been externally audited, owned by one of the most privacy-disrespecting corporations in the world? You say I can trust it wholeheartedly as long as I don't upload backups to the cloud?
2 replies →