Many people who focus on information security, including myself, have
long considered
Telegram suspicious and untrustworthy.
Now, based on findings
published by the investigative journalism outlet ISt
The entire article seems like an attack. The author finds a unique identifier and adds “Russia bad” throughout.
States the information is in cleartext but then explains how everything is encrypted (in transit).
What will the author do if they intercepted any single online stores transfer of credit card details. Also encrypted in transit but Is that also deemed as cleartext? Or is that okay?
I don’t think much new is learnt here. WhatsApp also sends metadata in “cleartext” (not really, as it’s encrypted in transit, but this article called that “cleartext”).
States the information is in cleartext but then explains how everything is encrypted (in transit).
That’s not how I understood it. The message context is allways encrypted in transit (using a novel encryption scheme). The auth_key_id however is not encrypted. And that can be used to track users as it is s(semi-)static.
That’s not what I understood from the post, but could you point to the specifics of what you’re talking about in regards to the identifier being encrypted in transit? It seems the ID is sometimes obfuscated, but that is trivial to remove and not meant for security as mentioned.
The entire article seems like an attack. The author finds a unique identifier and adds “Russia bad” throughout.
States the information is in cleartext but then explains how everything is encrypted (in transit).
What will the author do if they intercepted any single online stores transfer of credit card details. Also encrypted in transit but Is that also deemed as cleartext? Or is that okay?
I don’t think much new is learnt here. WhatsApp also sends metadata in “cleartext” (not really, as it’s encrypted in transit, but this article called that “cleartext”).
That’s not how I understood it. The message context is allways encrypted in transit (using a novel encryption scheme). The auth_key_id however is not encrypted. And that can be used to track users as it is s(semi-)static.
That’s not what I understood from the post, but could you point to the specifics of what you’re talking about in regards to the identifier being encrypted in transit? It seems the ID is sometimes obfuscated, but that is trivial to remove and not meant for security as mentioned.
Russia bad btw.
I don’t know… I think the author put a lot of effort on document things and presenting evidence.
Your post history and mod logs are also quite weird.
Lol what does that mean
That means you reply to things like a troll would and it is hard to assume you have good intentions
Really?! Okay. I think your troll radar is well off, but it’s your opinion so you do you I suppose.
Maybe you are the troll. Like 4D chess level of troll. =D
Yes, I do love to waste my precious time doing things like that.
Clearly, trolling is your passion as evidenced by this very thread.