this post was submitted on 28 Aug 2024
33 points (100.0% liked)

GrapheneOS [Unofficial]

1713 readers
1 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 3 years ago
MODERATORS
 

Telegram has full access to all of the content of group chats and regular one-to-one chats due to lack of end-to-end encryption. Their opt-in secret chats use homegrown end-to-end encryption with weaknesses. Deleting the content from the app likely won't remove all copies of it.

Telegram has heavily participated in misinformation campaigns targeting actual private messaging apps with always enabled, properly implemented end-to-end encryption such as Signal. Should stop getting any advice from anyone who told you to use Telegram as a private messenger.

Telegram is capable of handing over all messages in every group and regular one-to-one chat to authorities in France or any other country. A real private messaging app like Signal isn't capable of turning over your messages and media. Telegram/Discord aren't private platforms.

A major example of how Telegram's opt-in secret chat encryption has gone seriously wrong before: https://words.filippo.io/dispatches/telegram-ecdh/.

The practical near term threat is for the vast majority of chats without end-to-end encryption: 100% of Telegram group chats and the regular 1-to-1 chats.

Companies should treat user data as toxic waste rather than as something they want to gather and hoard for business models like targeted advertising. It's not a good thing to have a bunch of sensitive data which could be obtained by adversaries or requested by a government.

Not using E2EE creates a lot more legal risk than using E2EE at least while E2EE is still legal in most of the world. Not using E2EE gives the technical capability to moderate, provide data, etc. and therefore governments expect that to be done. That's why they hate E2EE.

Apps like Signal and SimpleX can't access messages, media and profiles. Telegram has access to all content in private group chats and regular private messages unless people used a secret chat. They can automatically scan it, moderate and provide data to authorities based on it.

Telegram chose to have the technical capability to see all private group chats and regular direct messages. In doing so, they put private user data at risk of seizure by governments. The scramble to try to delete data shows lack of basic threat modelling:

https://x.com/sambendett/status/1827712700299821277

Even Facebook's WhatsApp uses end-to-end encrypted direct messages and group chats and WhatsApp is clearly not a private messaging app. It's not a niche feature. Telegram shouldn't have been heavily marketed as private/encrypted when most user data can be handed to governments.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 2 months ago

They had a flat text file with millions of users names/passwords in the office for almost a decade. I'm not so sure whether internal implementation details leak quicker than that or not