// , βIt is not so important to be serious as it is to be serious about the important things. The monkey wears an expression of seriousness... but the monkey is serious because he itches."(No/No)
But seriously, glad I finally found someone willing to disagree with me on this. I don't actually think Telegram's a bad tool. Truth be told, I'm more frustrated with what keeps it from becoming a great tool.
the message sending protocol
Anyway, to which type of chats are you referring? The Secret Chat that I wish was the default, or the trash that's the current default?
The architecture is extremely flexible in that it can (and does) transmit the already encrypted packages using any available transfer protocol.
As I understand it, this is how most of the best in class end to end encryption systems work. For example, if it's encrypted at layer 7 it could be sent over SMS. 37coins set up an SMS Bitcoin wallet with credible security guarantees based on this kind of thing. But in the case of Telegram, doesn't all that heap of awesome only apply to the Secret Chat option?
Also, keep in mind that I didn't explore the question of mere encryption, but its intended result: Privacy
Which depends just as much on UX and product management as it does on any kind of encryption mechanisms.
Here's how I understand "roll your own" cryptography.
...it's not readily available on GitHub or at the NSA offices...
I think it's bad for at least one reason: Because I don't think we can afford to be so sure about the latter part of the quoted phrase above.
The National Surveillance Agencies in recent years are back in the J Edgar Hoover days, and that's to say nothing of the rise of the SSF/FSB.
Say the National Surveillance Agencies just so happens to have the source code, algorithms, and access to devs. We the people still don't. That's an information imbalance that disfavors you, me, and the crypto community at large. And open sourcing a crypto algorithm or a protocol that makes use of it helps close the gap.
It's not so much that "roll your own" encryption is necessarily bad, more that the high stakes of crypto magnify the benefits of a FOSS approach.
This is NOT the same as saying it's "security by obscurity"...
So, security by what? Hiding the source code from anyone but the developers and, presumably, the major nation state surveillance organs, is what? Security by restricted access control?
Also, you gonna address the Telegram admins' rumored exercise of "editorial privilege"? "Private Chats! But some are more private than others, you see. Which ones? We don't need to make that quite so obvious or opt in, now, do we?"
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
1-2-3-4 I declare a flame war!
But seriously, glad I finally found someone willing to disagree with me on this. I don't actually think Telegram's a bad tool. Truth be told, I'm more frustrated with what keeps it from becoming a great tool.
Anyway, to which type of chats are you referring? The Secret Chat that I wish was the default, or the trash that's the current default?
As I understand it, this is how most of the best in class end to end encryption systems work. For example, if it's encrypted at layer 7 it could be sent over SMS. 37coins set up an SMS Bitcoin wallet with credible security guarantees based on this kind of thing. But in the case of Telegram, doesn't all that heap of awesome only apply to the Secret Chat option?
Also, keep in mind that I didn't explore the question of mere encryption, but its intended result: Privacy
Which depends just as much on UX and product management as it does on any kind of encryption mechanisms.
Here's how I understand "roll your own" cryptography.
I think it's bad for at least one reason: Because I don't think we can afford to be so sure about the latter part of the quoted phrase above.
The National Surveillance Agencies in recent years are back in the J Edgar Hoover days, and that's to say nothing of the rise of the SSF/FSB.
Say the National Surveillance Agencies just so happens to have the source code, algorithms, and access to devs. We the people still don't. That's an information imbalance that disfavors you, me, and the crypto community at large. And open sourcing a crypto algorithm or a protocol that makes use of it helps close the gap.
It's not so much that "roll your own" encryption is necessarily bad, more that the high stakes of crypto magnify the benefits of a FOSS approach.
So, security by what? Hiding the source code from anyone but the developers and, presumably, the major nation state surveillance organs, is what? Security by restricted access control?
Also, you gonna address the Telegram admins' rumored exercise of "editorial privilege"? "Private Chats! But some are more private than others, you see. Which ones? We don't need to make that quite so obvious or opt in, now, do we?"