• JustinA
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    3
    ·
    1 month ago

    TLS isn’t sufficient for messaging apps in 2024

    • Opisek@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      2
      ·
      1 month ago

      Except Telegram doesn’t use TLS :) They use MTProto.

      This is not me endorsing Telegram. I’m just pointing out your mistake. Telegram has other issues but it definitely does have transport encryption.

      • JustinA
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        edit-2
        1 month ago

        The above commenter said that their end-to-end MTProto protocol is not enabled by default.

        Defaulting to just using transport encryption like TLS on a messaging app isn’t sufficient in 2024.

        • Opisek@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 month ago

          MTProto is not end-to-end. MTProto is their obfuscated client-server transport encryption.

          What the commenter above is referring to is Telegram defaulting to saving your messages on the server in plaintext. You can use a “secret chat” which enables end-to-end encryption, but that is separate from MTProto.

          Your sentiment is correct though. Messages should not be visible in plaintext to the server.

            • Opisek@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 month ago

              You’re right, it is misleading. There are different “flavours” of MTProto. See here:

              https://core.telegram.org/mtproto

              This page deals with the basic layer of MTProto encryption used for Cloud chats (server-client encryption). See also:

              • Secret chats, end-to-end-encryption

              • End-to-end encrypted Voice Calls

              (The major difference is simply whether the server and client share a key or two clients)