I don’t want to see PGP rejection based on usability. So, to level the field at user level we take Delta Chat, which uses PGP. If I understand that correctly.

I have no knowledge of telegram security at all.

  • Snot Flickerman
    link
    fedilink
    English
    arrow-up
    29
    ·
    edit-2
    4 months ago

    Beyond the fact that security on Telegram is a joke (E2EE not enabled by default, only available in 1-to-1 chats, groups chats are all unencrypted, homespun encryption algo), they have never had a full, independent audit of their encryption standard.

    It looks like there are a handful of papers that looked at parts of the earlier standard Telegram used (MTProto 1), but nothing on the current version (MTProto 2).

    https://courses.csail.mit.edu/6.857/2017/project/19.pdf

    https://eprint.iacr.org/2015/1177.pdf

    https://eprint.iacr.org/2015/1177.pdf

    Anyway, long story short, Delta Chat has had independent audits several times. I’d say that says it all, really.

    https://delta.chat/en/help#security-audits

    (Also, thanks for introducing me to Delta Chat, was unaware of the project up to now. Neat stuff.)

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      4
      ·
      4 months ago

      Agreed.

      No audit…then we don’t know.

      Have you seen an audit for SwissCows’ Teleguard?

      I’ve been testing it for a few days now, after a comment about it here.

      They claim to not store your chats, they’re deleted after delivery. To sync a new device requires an encrypted backup from an existing device.

      I’ve tested this by restoring a backup from yesterday to sync a new device, and it only has data from yesterday.

      That said, I really don’t know how trustworthy they are.

      • Snot Flickerman
        link
        fedilink
        English
        arrow-up
        5
        ·
        4 months ago

        Nice, I hadn’t heard of them until now, either.

        I’m just excited that end-to-end-encrypted services have become in such high demand that we’re seeing lots of different implementations.

        It took a while, but it looks like Veilid finally has a basic chat built in their protocol as well. It says it’s secure, but I can’t find any info on its particulars.

        https://gitlab.com/veilid/veilidchat

        • BearOfaTime@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          4 months ago

          Meh. I only read a translated version, so it’s hard to tell nuance.

          But nothing in there is inaccurate. Maybe overstated.

          Personally Signal seems trustworthy, but… I have some ambivalence, given their bullshit reasons for dropping SMS support. They claimed it cost them engineering, which is at best wrong, at worst a flat out lie. Signal has nothing to do with how SMS is managed - it merely hands the message to Android’s SMS system. It’s trivial. So why would they drop support and use that lie?

          When I’m being misled, I start to look at everything else as having a bit more validity.

          Plus UI/UX on signal sucks. It’s no better than the lamest SMS app. Hell, old SMS apps are better. And no multi-device sync. They claim it can’t be done and maintain encryption. Right. Clients just need to use the same encryption key…like Telegram does, and now Teleguard - and they’re claiming full e2e at all times.