• rdri@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    There is no normal e2ee because there is no standard for implementation, especially when it comes to group chats with >2 people.

    • rottingleaf@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      There are a few standards. OMEMO for group chats, though that, of course, requires support in the protocol itself, unlike OTR or PGP.

      • rdri@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        It doesn’t look like any of those are used by “major” messengers. Especially signal. This means “major” players prefer their own implementations, which removes the meaning from calling unused stuff a “standard”.

        • rottingleaf@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          OMEMO is literally what’s used by Signal, but standardized separately and adopted for XMPP. You didn’t even bother to look it up apparently.

          OTR is a time-honored standard. The issue is that it doesn’t work with multiple logins.

          PGP is an even more time-honored standard. The issue is that keys aren’t temporary.

          Also in cryptography the absolutely basic rule is to trust cryptographers, not “major players”, so what you wrote is not as smart as you think. Actually quite ignorant.

          • rdri@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Cool. So that gives people authority to say “if it’s used by signal and is standardized then it should be used by everyone”?

                • rottingleaf@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  4 months ago

                  I think you are arguing against your own imagination. Something not being vetted by someone competent does mean it’s bogus in cryptography. Standardization is an unconnected subject. Most police forces over the world right now are using something standardized, but known to be utter crap.

                  I think you are falling for the “genius inventor” fallacy clueless normies love a lot.

                  TG’s E2EE is simply garbage until known otherwise. There’s no more depth to it. The reason it’s not known to be broken is that it’s not a high value target - most people don’t use “secret chats” in TG.

                  • rdri@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    4 months ago

                    I think you are falling for the “genius inventor” fallacy clueless normies love a lot.

                    People advertising signal everywhere look like those kind of normies to me too. Doesn’t mean much.

                    The reason it’s not known to be broken is that it’s not a high value target - most people don’t use “secret chats” in TG.

                    Fair assumption. But it means you accept most people are stupid enough to not want such a feature or smart enough to not need it. Telegram user base is reported to be 900 million though.

    • Noxious@fedia.io
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      The Signal protocol is the de-facto standard for E2EE, and it works just fine even in large group chats. But you refuse to accept this reality. The Signal protocol is used by so many apps, obviously Signal itself, WhatsApp, Facebook Messenger, Instagram direct messages, Google Allo (back when it existed), Google Messages (RCS), Skype, Wire and many others. MTProto is developed by Telegram, only used by telegram, not properly audited and full of flaws. No one should actually use it. And the fact that it doesn’t support group chats is a design choice, because ultimately Telegram doesn’t give a fuck about their users privacy or security. They have repeatedly worked with governments and worked against the interests of their users. Their funding is also pretty unclear and shady, and the entire company just appears scummy. Give me one single reason why anyone should use this trash over a proper E2EE messenger like Signal, Threema, SimpleX or Wire.

      • rdri@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        You switched the topic of the discussion. My original comment stands, as it corrects some part of your first comment.

        I didn’t suggest anyone to use telegram.

        They have repeatedly worked with governments and worked against the interests of their users.

        Even though those allegations are arguable, I know what you mean. And those cases don’t involve compromising the actual encryption from what I understand.