Jump to content

User talk:Evergreenstreet

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Maqp2 (talk | contribs) at 12:59, 17 February 2021 (Created page with '"Sir, please stop, look at the header of the same competitor Whatsapp, there is nothing said about encryption at all, you say that you can not allow additional a...'). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

"Sir, please stop, look at the header of the same competitor Whatsapp, there is nothing said about encryption at all, you say that you can not allow additional amendments from others, the problem is that they will start saying the same thing as you. If you think the opposite, then please register and start a talk so that everyone can give their opinion. If the participants&administrators agree, then you can administer this part of the header yourself. Until then, all such changes are canceled."

Wikipedia isn't a marketing platform. What WhatsApp page says has nothing to do with what Telegram page should say. Arguing that is whataboutism which is not just a logical fallacy, it's a propaganda technique. Also, I did not say you can't allow amendments from others. Wikipedia isn't a fanboy platform either, its users don't get to deny factual information just because they don't like it. Furthermore, Since WhatsApp always uses Signal protocol, it does not suffer from the same issue of servers having access to decryption keys.

Considering the vast majority of private messaging apps, Telegram is a major exception to the rules "everything is always end-to-end encrypted". Telegram is constantly portrayed on media as being equal to always-E2EE apps like Signal, or Threema, and this has spread a major misconception that Telegram is private. It is not.

Telegram is actually less secure than WhatsApp, because with WhatsApp, all messages are always E2EE, but all metadata leaks to service provider. With Telegram, all metadata also leaks, but also, all group messages leak to service provider, all Linux/Windows desktop client messages leak to server, and all messages by default, unless the user explicitly opts in for E2EE secret chats, leak to the server.

Telegram intentionally obfuscates this fact by using proprietary client-server encryption, with exact same name as it's end-to-end encryption: MTProto. They do not even attempt to distinguish that.

Using proprietary protocol prevents Wikipedia from linking to e.g. article on TLS. However, non-technical users wouldn't even follow that link, and they would never understand the meaning of client-server encryption.

There is excessive amount of misinformation that combines sentences like "Telegram is always encrypted with MTProto..." "The end-to-end encryption protocol MTProto..." which lie by omission by leaving out the crucial detail "client-server encryption with completely different threat model is also called MTProto".

Explaining that with cloud chats the server has access to the keys allows users to make informed decision on what they say in cloud-encrypted chats. People who have "ok I'm not going to discuss this in case server gets hacked" in the back of their heads, are much more safe than people who naiively write anything they think without thinking of the long term consequences.

Telegram's server is not invulnerable against hacks, it's impossible to prove it's unhackable from the fact it hasn't been hacked yet. If users have a misconception that Telegram always uses E2EE, their security is at risk.

I understand many readers and editors here think Telegram is a great application to get people to switch away from Facebook, and it's completely understandable they'd like to give passes to Telegram for doing bad job at security if it means "freedom from GAFA" or whatnot, but this is false dichotomy. Not only is it the case there are multiple alternatives to both, including Signal, Threema, Wickr, Session, Briar..., but the fact is this article needs to provide relevant information about Telegram to its users, and future users, and people who want to understand the program.

Telegram does extremely bad job in explaining the proper implications to security wrt. its client-server encryption, but this article must not do so.

I'm not asking you to explain all this in the top header, although it would provide more substance than it does now, but critical piece of information what client-server encryption does, is VITAL to not just the neutrality of the article, but to also dissidents' lives in oppressive countries. Encryption saves lives, and vice versa, badly understood encryption actually endangers peoples' lives.

Retrieved from "https://en.wikipedia.org/w/index.php?title=User_talk:Evergreenstreet&oldid=1007309775"