11 comments

[ 3.9 ms ] story [ 36.0 ms ] thread
Does Telegram even have access to these?
Telegram is not end-to-end encrypted, so yes.
I'm very surprised by this. What about WhatsApp and other messaging apps?
WhatsApp is e2e by default. As is Signal, Wire, Threema (although Threema has no forward secrecy) and iMessage (which has no way of verifying keys, which makes it useless to the end user).
Threema doesn't have forward secrecy on the message encryption layer, but it does on the network transport protocol layer.
Which means that the server or any malicious person on the server could just save your messages and decrypt them all at a later date.
Theoretically yes, but for that the end user would have to get his private key stolen by someone with undetected server access or someone would have to break the XSalsa20 cipher.
It is not E2EE by default, but the "secure chat" feature is E2EE.
Which is hardly worth mentioning.

Nobody ever uses the “secure chat” feature, it’s not supported by the clients and it’s not what people mean when they say “Telegram”.

The Durovs sell their app on it’s “encryption”, while simultaneously going out of their way to make sure nobody uses that feature.

Not really surprising, I never really trust these encrypted messaging apps.