this post was submitted on 12 Dec 2025
20 points (95.5% liked)

Privacy

43822 readers
437 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
20
What's with Telegram? Heard mixed opinions on it. (lemmy.world)
submitted 6 days ago by MeowerMisfit817@lemmy.world to c/privacy@lemmy.ml
55 comments fedilink hide all child comments
 

Some people say it's really privacy-giving and that you should use it as a privacy alternative. Others say it's alao on the big tech side. What's going on with telegram, really?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] peskypry@lemmy.ml 15 points 5 days ago (14 children)

Every text you send through Telegram is stored in plaintext. Telegram and authorities can access that without your knowledge. Also it will get leaked in a breach someday.

Now you decide for yourself if it's private.

[โ€“] airikr@lemmy.ml 0 points 4 days ago* (last edited 3 days ago) (6 children)

False. If you want to tell how things works, get your facts right!

All data sent to Telegram's servers will be encrypted once they reach the servers. With other words, the messages and media and other files, will be sent in "plain text" over HTTPS only when using Cloud Chat. In Secret Chat, MTProto is (based on how E2EE works) as safe as what Signal Protocol is.

But nothing will be stored in plain text, no matter what you use (Cloud Chat or Secret Chat).

But(!) since the source code for MTProto is closed, we don't know how it really works, and if we can trust their FAQ or not.

I trusted Telegram at first, but I don't trust it 100% anymore (still better than SMS). Am using my own Snikket server these days. Much safer with a lot of ๐Ÿ˜Œ๐Ÿ˜Š๐Ÿ˜๐Ÿ˜ƒ moments, even today, maybe a year later. Especially with OMEMO (Signal Protocol).

[โ€“] balsoft@lemmy.ml 1 points 2 days ago (2 children)

All data sent to Telegramโ€™s servers will be encrypted once they reach the servers

Except for "secret chat" (which are only 1-on-1 chats, have flaky client support, and require both participants to be online at the same time to initiate; in other words, they are near useless) - this is just simple at-rest storage encryption. They possess the keys to decrypt your messages (again, except for secret chats), because that is necessarily what happens when they serve those messages to recepients.

[โ€“] airikr@lemmy.ml 1 points 20 hours ago (1 children)

I am not defending Telegram in any way by saying this, but how can you be so certain that content supposely encrypted with MTProto when using Cloud Chat is only stored in plaintext on encrypted disks? Where is the proof of this?

No one can't prove that Telegram use MTProto to encrypt content sent using Cloud Chat, stores them encrypted, and them decrypt them upon opening because the source code for MTProto is closed. So how can you prove that what you're saying is the way they use?

Don't get me wrong in any of this discussion. I don't trust Telegram anymore. I don't trust any closed sourced softwares anymore! But one can't say "it is like this, not like that" without any proof.

[โ€“] balsoft@lemmy.ml 1 points 19 hours ago* (last edited 19 hours ago)

Telegram can serve you your old "Cloud" messages, in a decrypted form, on a new device, without any communication with the old device.

This means that they possess the keys to decrypt the messages, since they can send them to you in a decrypted form.

Those messages can't even be encrypted with your cloud password (which would be a pretty weak encryption anyways), because you can reset the cloud password via your recovery email, and still retain access to your messages.

Contrast this with encrypted chats on Matrix, where you have to go through the device verification procedure, which prompts the old device to send decryption keys to the new device (it's actually more complicated but this gets the point across). If you lose access to all your devices (and your recovery key), your encrypted messages are gone, the server admin can't restore them because they simply don't have the key.

No one canโ€™t prove that Telegram use MTProto to encrypt content sent using Cloud Chat, stores them encrypted, and them decrypt them upon opening because the source code for MTProto is closed. So how can you prove that what youโ€™re saying is the way they use?

This is a distinction without a difference.

My claim is:

They possess the keys to decrypt your messages

Whether this is implemented via MTProto encryption or disk encryption or whatever, it doesn't matter, they can read your messages if they want to.

Telegram is actually pretty transparent that Cloud chats are not e2e encrypted in their FAQ. They also go on to babble about "MTProto client-server encryption" but if you spend 2 minutes looking at it, you can see it's just 256-bit AES with a shared key generated via Diffie-Hellman, not too dissimilar from plain HTTPS. In that sense it's about as secure as e-mail over encrypted IMAP/SMTP, or IRC over TLS, or DMs here on lemmy.

They also claim that their at-rest encryption keys are separate from the data they encrypt, and claim that somehow this "requires court orders from multiple jurisdictions" to force them to give over your data, which is just ridiculous from a legal standpoint and won't stand up in court. And actually, it's way more likely that they will just cave in and give up your message history without a lawsuit at all, just look at what happened to Durov in France.

load more comments (3 replies)
load more comments (10 replies)