FBI Warns Americans to Start Using Encrypted Messaging Apps

Kid@sh.itjust.works · 8 days ago

FBI Warns Americans to Start Using Encrypted Messaging Apps

Justin@lemmy.jlh.name · 7 days ago

TLS isn’t sufficient for messaging apps in 2024

Opisek@lemmy.world · 7 days ago

Except Telegram doesn’t use TLS :) They use MTProto.

This is not me endorsing Telegram. I’m just pointing out your mistake. Telegram has other issues but it definitely does have transport encryption.

Justin@lemmy.jlh.name · edit-2 7 days ago

The above commenter said that their end-to-end MTProto protocol is not enabled by default.

Defaulting to just using transport encryption like TLS on a messaging app isn’t sufficient in 2024.

Opisek@lemmy.world · 7 days ago

MTProto is not end-to-end. MTProto is their obfuscated client-server transport encryption.

What the commenter above is referring to is Telegram defaulting to saving your messages on the server in plaintext. You can use a “secret chat” which enables end-to-end encryption, but that is separate from MTProto.

Your sentiment is correct though. Messages should not be visible in plaintext to the server.

Justin@lemmy.jlh.name · 6 days ago

I dont know much about it, but Wikipedia says that MTProto is specifically for “secret chats”:

For encrypted chats (branded as Secret Chats), Telegram uses a custom-built symmetric encryption scheme called MTProto.

https://en.m.wikipedia.org/wiki/Telegram_(software)#Architecture

Maybe Wikipedia is misleading here

Opisek@lemmy.world · edit-2 6 days ago

You’re right, it is misleading. There are different “flavours” of MTProto. See here:

https://core.telegram.org/mtproto

This page deals with the basic layer of MTProto encryption used for Cloud chats (server-client encryption). See also:

Secret chats, end-to-end-encryption

End-to-end encrypted Voice Calls

(The major difference is simply whether the server and client share a key or two clients)