undefined | Better HN

0 pointsemptysongglass3y ago0 comments

I don't think you understand how Telegram encrypts its chats. MTProto is also used to encrypt Cloud Chats at rest. It's not just transport. Cloud Chats are not e2ee because the keys are held by Telegram.

Moxie also "rolled his own crypto". "Rolling your own crypto" is typically used disparagingly by those who claim moral or intellectual superiority over the competition. The Signal Protocol was rolled by someone, yes? The version of MTProto that had vulnerabilities discovered was deprecated many years ago.

0 comments

ls153y ago

> the keys are held by Telegram

This is where the privacy promise falls apart. From a user's perspective on-disk encryption makes no difference, because there is no real enhancement of privacy for them. If a third party holds the key, they hold the key. If you put something into the hotel safe, the hotel could still steal it from you. As far as I can tell, most TG users are not aware or do not care, but for those who are not aware, but actually do care, this should be made much more clear.

> Moxie also "rolled his own crypto"

Besides Moxie being a bit dubious himself, the more interesting question is: was there something that was already verified by many people that could have been used instead?

abyssin3y ago

I’m interested to know about what makes Moxie a bit dubious, can you share more information? I have to say I’m slightly fascinated by the character, but it’s true it doesn’t tell anything about why I should trust him.

ls153y ago

I have to say that I find him fascinating too, but there are a few things that raise my suspicion, but of course do not convict him of anything:

The way he is attacking this alternative Signal client and rules out interoperability:

https://github.com/LibreSignal/LibreSignal/issues/37#issueco...

Signal was a word before he decided to turn it into a brand.

The signal server source code repo was not updated for a year. Communication intransparent.

https://www.androidpolice.com/2021/04/06/it-looks-like-signa...

I am not even against crypto integration, but I found the choice of MobileCoin odd. Instead of integrating an existing privacy coin or working with the community, he decided to integrate MOB and to be one of their "advisors":

https://techcrunch.com/2018/04/24/mobilecoin-moxie-marlinspi...

https://www.coingecko.com/en/coins/mobilecoin

emptysongglassOP3y ago

I think you are being far too uncharitable and you've simply gotten the facts wrong a number of times, which I've needed to correct you on.

Use another messenger if you like but e2ee encryption is not some moral imperative that must be done. There are always trade-offs. I appreciate Telegram for the purposes I use it for. If I want e2ee, I turn on a Secret Chat.

ls153y ago

> I think you are being far too uncharitable

I just think that Telegram tries to position itself as some kind of subversive and secure messenger (successfully so), which it isn't and I find that dubious. I can see that many people prefer it for its user experience, which is fair, but people should not be lured by a false sense of security.

> e2ee encryption is not some moral imperative that must be done.

It is not a moral imperative, but a protection against many evils, that most people probably would benefit from if used consistently. I've got low tolerance for trying to artificially limit e2ee though.

ViViDboarder3y ago

Rolling your own crypto is bad, unless you’re an authority on crypto. Moxy certainly is. Also, Signal Protocol isn’t an encryption algorithm. As far as I know, it still uses AES and Curve25519 for the actual encryption.

j / k navigate · click thread line to collapse

0 comments

ls153y ago

> the keys are held by Telegram

> Moxie also "rolled his own crypto"

Besides Moxie being a bit dubious himself, the more interesting question is: was there something that was already verified by many people that could have been used instead?

abyssin3y ago

ls153y ago

I have to say that I find him fascinating too, but there are a few things that raise my suspicion, but of course do not convict him of anything:

The way he is attacking this alternative Signal client and rules out interoperability:

https://github.com/LibreSignal/LibreSignal/issues/37#issueco...

Signal was a word before he decided to turn it into a brand.

The signal server source code repo was not updated for a year. Communication intransparent.

https://www.androidpolice.com/2021/04/06/it-looks-like-signa...

https://techcrunch.com/2018/04/24/mobilecoin-moxie-marlinspi...

https://www.coingecko.com/en/coins/mobilecoin

emptysongglassOP3y ago

I think you are being far too uncharitable and you've simply gotten the facts wrong a number of times, which I've needed to correct you on.

ls153y ago

> I think you are being far too uncharitable

> e2ee encryption is not some moral imperative that must be done.

ViViDboarder3y ago

j / k navigate · click thread line to collapse