Subj : Matthew Green on Telegrams Encryption
To   : Wilfred van Velzen
From : August Abolins
Date : Mon Sep 16 2024 21:18:00

Hello WvV!

Thanks for sharing those links.

I don't think it has been unknown to Telegram users that Secret  
Chat is the ONLY true E2EE channel.

And.. starting a Secret chat isn't "buried" so deep as has been  
suggested.  All that is required is to [1] tap on the user's  
icon, [2] clink on the 3-dots, and [3] "Start Secret Chat" is  
right there.

But I think Green's comments omits mentioning a few things.   
Although the Secret Chat channel may be the only true E2EE  
part, the Telegram FAQ goes to quite a bit of length mentioning  
the following:

"All Telegram messages are always securely encrypted. Messages  
in Secret Chats use client-client encryption, while Cloud Chats  
use client-server/server-client encryption and are stored  
encrypted in the Telegram Cloud (more here). This enables your  
cloud messages to be both secure and immediately accessible  
from any of your devices - even if you lose your device  
altogether."

So..  in-traffic chats are encrypted too.  The FAQ claims that  
ALL messages remain encrypted on the servers, but Telegram  
holds the keys for the public chats to support message history/ 
backups that people may want restored if they change to another  
device.

The FAQ also goes to some length explaining why Whatsapp and  
Signal are not entirely E2EE especially if the messages are  
stored on cloud servers.

More here:

https://telegram.org/faq#secret-chats

...and here:

https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by- 
Default-08-14

-- 
  ../|ug

--- OpenXP 5.0.58
 * Origin: tg_bbs-> https://t.me/joinchat/TWCQfOZqwwOmweR1 (2:221/1.58)

.