• DaseinPickle@leminal.space
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 months ago

    Yes “cloud chat” is not end to end, but only encrypted to the server. That’s what all services to including Facebook and Instagram. If it’s not end to end it’s useless.

    • rdri@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      Now you’re just denying the obvious. You complained chats on telegram are not encrypted, and that’s false.

      That’s what all services to including Facebook and Instagram.

      Since both Facebook messenger and Instagram messenger use e2e you seem to really mean just Facebook and Instagram websites. And I wonder how could they be functional if they used e2e.

      If it’s not end to end it’s useless.

      It’s not and you probably realize that much.

      • DaseinPickle@leminal.space
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        No I’m being serious here.If it’s not end-to-end encryption in groupchat, it’s not private. And Telegram does not provide e2ee in groupchat. Thats the whole issue. Signal does that. Even iMessage does that.If it’s not e2e somebody else does have access to your chats. In this case everybody with access to Telegrams servers, can read your group chats. And that makes it useless IMO. That is not the case with Signal.

        • rdri@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          Well then it really is “hey one company decided to do it this way so anything less than that is no longer acceptable” for you. For me, it’s not all about absolute security. From my experience, people seeing my messages through the app and people accessing my phone is much more dangerous than people seeing my messages on a server used by the service. I know roughly what e2e for group chats implies and reasons why it’s not implemented everywhere asap. We’ll see where this leads Signal, maybe we’ll also see cases of someone accessing data on Telegram servers etc.

          For now, I mainly use my PC, so not going to infect it with another electron app, or recommend it among friends.

          Even iMessage does that.

          Seems false as I didn’t find confirmations for that.

          • DaseinPickle@leminal.space
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            I know roughly what e2e for group chats implies and reasons why it’s not implemented everywhere asap

            It’s not implemented because it requires more resources and Telegram is too cheap to offer that. The same reason Telegram does not encrypt chat by default, but you have to actively choose secret chats. It’s a way for Telegram to save money on server ressources. Both Signal and iMessage can provide e2e encryption for 1-1 messages and group messages and sync across devices.

            Seems false as I didn’t find confirmations for that. All messages between iMessage clients are end-to-end, also groups, it has been so for years, it’s not news. iMessage has other problems, mainly that the private key is synced in iCloud by default (you can turn this off), and that Apple save a bit too much meta data. So iMessage is not perfect. It is still better than Telegram. As you can see here https://security.apple.com/blog/imessage-pq3/ Telegram have not even implemented a post-quantum cryptographic protocol, both Signal and iMessage have that.

            For now, I mainly use my PC, so not going to infect it with another electron app, or recommend it among friends

            We can agree that the Signal desktop app is kind of clunky, and I do hope it gets better in the future. Telegram might provide some usability, but it’s not much better than using Facebook, if your concern is privacy. Mainly because the lack of e2ee in default chats and group chats.

            • rdri@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              9 months ago

              because it requires more resources

              Not just more. Exponentially more, if one is going to host the data on server.

              Telegram is too cheap to offer that

              It’s dumb to call telegram cheap at this point. User base is too large and it handles it relatively well.

              Signal, however, chose to not keep almost anything on servers, which mean it’s literally cheap to serve, and it’s very easy to call them cheap for not offering more features.

              Telegram does not encrypt chat by default, but you have to actively choose secret chats

              This is false. Again, “not using e2e” is not the same as “not encrypting”.

              Both Signal and iMessage can provide e2e encryption for 1-1 messages and group messages

              Again, I have yet to see proofs of iMessage using e2e for group chats. Rather, things I read suggest the opposite.

              but it’s not much better than using Facebook, if your concern is privacy

              Arguable due to many differences. But not going to waste our time on this. Though if your only concern is privacy better don’t use the internet in the first place.

              • DaseinPickle@leminal.space
                link
                fedilink
                English
                arrow-up
                1
                ·
                9 months ago

                It’s dumb to call telegram cheap at this point. User base is too large and it handles it relatively well.

                Apple does it.

                Again, I have yet to see proofs of iMessage using e2e for group chats. Rather, things I read suggest the opposite.

                It’s on iMessage wiki and on the first page that comes up when you Google it:

                We designed iMessage to use end-to-end encryption, so there’s no way for Apple to decrypt the content of your conversations when they are in transit between devices. Attachments you send over iMessage (such as photos or videos) are encrypted so that no one but the sender and receiver(s) can access them. These encrypted attachments may be uploaded to Apple. To improve performance, your device may automatically upload attachments to Apple while you are composing an iMessage. If your message isn’t sent, the attachments are deleted from the server after 30 days. When a passcode or password is set on your iOS, iPadOS, visionOS, or watchOS device, stored messages are encrypted on your device so that they can’t be accessed unless the device has been unlocked.

                https://www.apple.com/legal/privacy/data/en/messages/

                But do you have sources that proof that Apple is lying?

                Though if your only concern is privacy better don’t use the internet in the first place.

                Nah, I will just use services that use e2e encryption for my private conversations. There are plenty of services that do that, not just Signal. But if you want to use a service that require access to your private conversations, you are free to do that. But why use a sketchy service with headquarters in Dubai that is like “trust us bro, we need access to your private conversations for totally legit technical cloud reasons, we totally wont look or share that information with anyone, pinky promise.”

                • rdri@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  9 months ago

                  It’s on iMessage wiki

                  It doesn’t say it works for group chats.

                  But do you have sources that proof that Apple is lying?

                  I got some complaints from people unable to leave conversations if they have less than 3 or 4 people, which suggests there are technical differences in how they work with many people. It’s logical to suggest the switch from e2e to shared keys happens there.

                  Also no credible source suggests what you suggest

                  Also trusting apple is not a good thing in my book.

                  But why use a sketchy service with headquarters in Dubai that is like “trust us bro, we need access to your private conversations for totally legit technical cloud reasons, we totally wont look or share that information with anyone, pinky promise.”

                  Apple is more sketchy for me lol.

                  You choose to rely on a service’s promise that it doesn’t host your data. I prefer relying on my experience which says dangers from individuals and conversations are more grave and more likely to be triggered than dangers from services those are being hosted on. I can’t imagine anyone would benefit from spending time on reading or processing my conversations anyway. My messages can get long and it’s not optimal for my devices to spend resources on constantly re-encrypting them for every chat member.

                  • DaseinPickle@leminal.space
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    9 months ago

                    It doesn’t say it works for group chats. It says all messages send between iMessage users are end to end encrypted. That, of cause, also goes for group chats. It is only the Telegram marketing machine that act that group chats is some special edge case.

                    But if you must have it spelled out, here it is: https://support.apple.com/en-gb/guide/security/sec70e68c949/web

                    I got some complaints from people unable to leave conversations if they have less than 3 or 4 people, which suggests there are technical differences in how they work with many people. It’s logical to suggest the switch from e2e to shared keys happens there.

                    Now you are just making things up. Apple explicitly write in their documentation, that this is not the case. So again, you suggest they are lying without any proof.

                    You choose to rely on a service’s promise that it doesn’t host your data. I prefer relying on my experience which says dangers from individuals and conversations are more grave and more likely to be triggered than dangers from services those are being hosted on. I can’t imagine anyone would benefit from spending time on reading or processing my conversations anyway.

                    I see, you don’t understand the nature of mass surveillance and surveillance capitalism. It’s not really about individuals reading specific conversations…