> 1) Users don’t want to lose their entire message history when they lose/change their phones so apps of this kind never become massively popular.<p>I think this is a key point to consider for Signal and the other "good" messengers - there's ways to do secure backups, it just needs to be implemented so well that you won't miss the convenience of Google Drive backups.<p>I tend to fall back on anecdotes a lot, but the first thing my relatives ask me when setting up a new phone is "will I have my texts" - people want to be able to look through the past 10 years of conversation and especially media with someone and WhatsApp makes this as easy as one click during setup.
The why doesn't matter. (the tl;dr is that they apparently never bothered to support some popular features within the context of e2ee, and believe people ultimately don't care about e2ee by default)<p>What matters is that:<p>- It doesn't do e2ee by default.<p>- It is not a properly documented protocol[0].<p>- It is not an open protocol.<p>- It has a history of extremely poor cryptography practices[1][2].<p>- It is not open source.<p>Thus, we should steer people away from it, and into acceptable solutions that meet these fundamental requirements.<p>Matrix, Signal and Tox come to mind; I have experience with all of these, and I can only recommend Matrix.<p>[0]: <a href="https://core.telegram.org/mtproto" rel="nofollow">https://core.telegram.org/mtproto</a><p>[1]: <a href="https://news.ycombinator.com/item?id=25726068" rel="nofollow">https://news.ycombinator.com/item?id=25726068</a><p>[2]: <a href="https://news.ycombinator.com/item?id=25641399" rel="nofollow">https://news.ycombinator.com/item?id=25641399</a>
People complain here on HN that public or semi-public telegram groups are not e2e encrypted.
Yes, your HN comment isn't either. And there is no point in encrypting it if its mean to be read by others.
Telegram isn't just a messenger. Its a social media like platform with millions of groups and channels you can find trough telegram or they are linked form other places.<p>Would there be a use case for a fully private e2e group chat? sure, I have a family chat which probably counts as fully private. But even if it could be e2e it would not be because my family wants to have backups and seamless switch between devices. They are also unable to reliable protect they devices form third party accesses trough malware/spyware etc.
All my other groups are public or semi public (means link can only be found if you are part of the right internet community) The messages there are no other than the comments here.
Here is what puzzles me every time about telegram (which is my primary messager so far)<p>I can get the reasons behind not doing e2e encryption by default to reach more audience (msgs history, lack of resources on start, special backups)<p>What I cannot get is why Durov is blaming FB/WhatsApp that much, it seems to be the main competitor. As for me the story with WhatsApp is clear, it's Facebook and if you like being Zucked - go with it. But why so much hate on it?<p>On the other hand, every time Signal pops up the only answer I see: 'because it does only e2e well which is only one feature of Telegram' - wrong, Signal does secure messaging and messager has to do its job well, that's it. You need a media platform - go for Telegram/WhatsApp/Facebook, you need a messager - use Signal/Wire/etc<p>Does anyone else feels this bias towards WhatsApp? I cannot blame WhatsApp for being WhatsApp, that's how FB makes money
E2E chat is an interesting topic. Say I'm using XMPP, my own server, talking to a federated one, all over TLS, including S2S.<p>E2E on top of that, in my personal opinion, is a massive overkill for most cases and people.<p>Related read: <a href="https://homebrewserver.club/have-you-considered-the-alternative.html#cryptography-matters-but-then-it-also-doesnt" rel="nofollow">https://homebrewserver.club/have-you-considered-the-alternat...</a><p>It is, however, different, when it comes to a server that I don't control in any form. In that scenario, it is rather useful, but I'm still a lot more worried about the unencrypted meta surrounding it. See email and PGP in this topic, which has always been a pain point for many.<p>Thoughts?
Genuine question, and I'm certainly no expert in this - just a curious end-user, aren't the backups that WhatsApp creates and uploads to iCloud/GDrive kind of encrypted? As in, I can't simply download the backup file and access the messages and media?<p>My understanding is that in order to restore/access said messages and media, you would need the SIM/phone number that created the backup file and would have to register again with WhatsApp to receive a decryption key from WhatsApp servers. So doesn't this mean in effect that even though it's not super secure, the backup file stored on iCloud/GDrive is also protected from Apple and Google's prying eyes?<p>EDIT: For anyone interested, the backups are indeed encrypted. See: <a href="https://security.stackexchange.com/questions/136072/how-can-whatsapp-restore-local-or-google-drive-backups?rq=1" rel="nofollow">https://security.stackexchange.com/questions/136072/how-can-...</a>
Maybe I'm missing something, seems like any of these apps that might want local storage for some reason could store data in an encrypted format. A cloud backup would then be backing up and restoring encrypted data. Where the user holds the key in some form to unlock the data at the right time.<p>They bring up a good point that anyone with access to the message can leak it, no matter how tight you lock down your side. Something ephemeral seems best if you really want security.
This article touches on the core issue holding back E2E encryption today. There's currently no way for a sophisticated application to implement E2E encryption without accepting tradeoffs in terms of the product.<p>I'm working on starting a new company called Comm and we're trying to scale E2E. Some more context here: <a href="https://site.ashoat.com/comm/comm" rel="nofollow">https://site.ashoat.com/comm/comm</a><p>(We're currently hiring!!)
Even with e2e encrypted chats, the servers could store the encrypted conversations if the devices do not have enough storage to have all them stored locally.<p>Device Backups: it's an important point that users need to be educated about. But it's also a distraction just like talking about the privacy of keyboard apps or unwanted link previews while composing/reading messages.
Look at Ethereum smart contract wallets today[1]. They have social account recovery in case you shoot yourself in the foot.<p>If it can be used for your money, it can be used for your chat history.<p>[1]: <a href="https://www.argent.xyz/blog/a-new-era-for-crypto-security/" rel="nofollow">https://www.argent.xyz/blog/a-new-era-for-crypto-security/</a>
Here is an interesting version of 'any one with access to information can leak it, even if you secure your side'.
<a href="https://threatpost.com/social-profiles-leaked-chinese-data-scrapers/162936/" rel="nofollow">https://threatpost.com/social-profiles-leaked-chinese-data-s...</a>
It's beyond me how anyone can trust a Russian messenger. It's impossible to do anything in Russia without KGB involvement, let alone to run a secure messenger. Had the KGB not had access to Telegram data, Durov would have be long gone like Nemtsov, Politkovskaya, and others.
Note that Keybase is end-to-end encrypted and also supports persistent message history across multiple devices. This doesn't have to be an either-or thing.