People who think telegram is doing dubious things with encryption and security: are there any good write-ups of the critiques that respond to https://core.telegram.org/techfaq ?
-
-
Replying to @wycats
I may be late... But last time (6+mo ago) I discussed this it was consensus that MTProto was not secure. Not sure if they fixed that now.
1 reply 0 retweets 0 likes -
Replying to @aleattorium
I want to know whether people have specifically responded to the technical details they have given. For example, they talk about why certain algorithms are secure in the context in which they are used. They might be wrong, but it's nuanced.
1 reply 0 retweets 0 likes -
Replying to @wycats
yeah, they did not answer directly, even with PoC showing that you could read Telegram messages within the same local network. follow this link: https://security.stackexchange.com/questions/49782/is-telegram-secure … It basically says the same we discussed before and looks like it is being updated (last update dec/17).
1 reply 0 retweets 0 likes -
Replying to @aleattorium
These comments in all places seem 90% rhetoric, 10% moment-in-time papers/analyses from years ago. I want the analysis without the rhetoric. Anything that spends words on "non standard crypto" and berating people for even considering it is not analysis.
1 reply 0 retweets 1 like -
Replying to @wycats @aleattorium
This is not analysis.pic.twitter.com/LoQ5zTzLLG
1 reply 0 retweets 0 likes -
Replying to @wycats @aleattorium
If cryptographers spent time doing in depth analysis of every crank encryption app out there, they'd never have time to get anything done. It's valid to dissmiss them for the same reason physics professors don't give in-depth refutals for perpetual motion machines.
2 replies 0 retweets 0 likes -
Yeah... But then again: a working prototype and asides the bad things that you highlighted, there is also a paper linked. It's easy to just dismiss security professionals, but they do have a field of their own that is not easy to be an expert. I prefer to respect their knowledge
2 replies 0 retweets 0 likes -
Replying to @aleattorium @zofrex
I'm definitely not dismissing security researchers. I could believe that there's some up-to-date place that responds to the Telegram arguments, but simply calling them "cranks" based on 2015-era research is not very interesting to me.
2 replies 0 retweets 0 likes -
Replying to @wycats @aleattorium
You are dismissing them imo. After working in security a while you learn to use heuristics to cut through things because 99.9% of what's out there is snake oil. The experts are convinced and satisfied. You're not? Well, either trust the experts, become one, or pay them! ;)
1 reply 0 retweets 0 likes
Security experts usually do more than yell at the top of their lungs once a product reaches hundreds of millions of users. I'm surprised that if their security is so bad, there aren't tons of script kiddie attacks on the internet.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.