There was a serious FUD campaign started by one of the developers of now competing app Signal a few years ago. Now if you mention Telegram on Reddit you're immediately bombed with "OMG TELEGRAM CRYPTO IS BROKEN!" even though 0 people on earth have ever provably decrypted a Telegram message. They even offered a $300K bounty where you could act as the server... no takers.
I don't have skin in this game, but I want to mention that contests are not evidence of security. Furthermore, cryptographers other than those working at Signal have expressed distrust for its security.[1][2]
What Telegram should do to earn the trust of the technical community (specifically, the security savvy people who criticize it for unorthodox encryption methodologies), is contract a real audit from a leading security firm that specializes in cryptanalysis, like Riscure.
>is contract a real audit from a leading security firm
Suggestions like this do nothing to dispell the image that modern security firms are little more than a protection racket. If you don't pay for "an audit" from an "industry leading" firm, you'll be shunned by everyone.
You pay for an audit, or you release the code/algorithms for the community to publicly audit.
Otherwise, you're just making claims that are unbacked by anything. Presumably only the fact that there hasn't, yet, been a public exploit. But that's not a useful metric.
Somehow, I don't think you are going to find more sympathy for Telegram's broken crypto (or Signal's "FUD" campaign) here on HN.
At the end of the day, for many nerds looking at these two pieces of software and their developers-- Moxie comes out looking a lot more serious about privacy and more experienced with crypto than Nikolai and Pavel. To say nothing of Telegrams closed source cloud app model, questionable financing strategy or debatable ties to the Russian intelligence apparatus.
Well... People said to them "don't roll your own crypto. Whatever you've got going now doesn't look too sane".
The Telegram devs more or less said "f*ck you, we are programming world champions and PhDs".
Then, about 6 months after they were all cocky, a russian guy showed that the telegram server could mitm every secret chat by providing the client with shitty entropy. Either it was a back door, or the telegram devs showed that everyone else was right.
Don't use it for the crypto. If that is what you want, use something else.
Probably not, but the hilarious thing is that a year or so after attacking Telegram for that, the developers of Signal took a substantial chunk of cash from Google to promote Allo as using Signal Protocol and end to end encryption, even though it's disabled by default so Google can mine your chat history for ad targeting (and enabling it has the inconvenient side effect of disabling your own local chat history).
Basically, it's about the cash. Signal's business model is to convince everyone that their protocol is the only secure one and charge everyone to licence it. If that means promoting non-E2E services that store and mine chat history, that's fine so long as they pay up.
The protocol is publicly described. They've blogged about it. I can imagine people being able to reconstruct it from memory.
The first Google result for "signal protocol license" is https://whispersystems.org/blog/license-update/ , clarifying that it's under GPLv3 (i.e., patent grant) with an exception for the App Store. Has anyone paid money to license the protocol? Has Signal asked for money? Is it even possible to give them money for the protocol?
GPLv3 is cool as open source goes, but is pretty restrictive. Basically you can't link to it and distribute your app without it being open source. A company like Google can probably not use it.
What I meant with GPLv3 is "and they are even willing to grant any patent rights to the general public". I don't know if they hold patents on it, but if they either don't, or are willing to license them freely, then you can implement the protocol from the public documentation of it.
That's not true. The patents grant in GPLv3 or other licenses (like APL) only holds if you're actually using that project in your work. So either you fork the GPLv3 project, and comply with a compatible license, or you don't have a patents grant.
This is basically why Google could be sued by Oracle, because Dalvik and their class library based on Apache Harmony were not a fork of OpenJDK.
Of course I cannot speak for Signal's protocol. Maybe it has no traps. I'm just commenting on that license. It's a strong license that makes some demands: good fit open source but bad for Google.
Sorry, I am being unclear. I don't mean that GPLv3 gives you a patent grant for all implementations, yes. I mean that the willingness to license code under GPLv3 means that there's an upper bound on how much Open Whisper Systems cares about licensing the protocol for money.
Which brings me back to the original question—why do we think that OWS's pushing of Signal Protocol is about money? Yes, I expect that for Allo they got paid by Google to write and maintain some code. But I don't think that their general claim "Signal Protocol is good crypto for everyone solving this problem" is motivated by money, because so many people solving this problem could use the GPLv3 version.
Is Allo using the same code, or a different implementation?
(And it's not so obvious to me. The thing I linked is licensed under GPLv3 + MPL if used on the App Store. You can totally ship an Android app that runs a separate GPLv3 subprocess, and an iOS app that uses it under the terms of the MPL. The GPLv3-subprocess thing is what JuiceSSH does for running Mosh.)
It does not use end-to-end encryption for normal chats. They're encrypted only during transport on the network, but stored as plain text on the devices and on the Telegram servers in order to make multi-device sync and searching easier. Only "Secret chats", which are restricted to one device on each side, are encrypted end-to-end.
If their own FAQ is correct, then definitively NO.
Q: So how do you encrypt data?
We support two layers of secure encryption. Server-client encryption is used in Cloud Chats (private and group chats), Secret Chats use an additional layer of client-client encryption. All data, regardless of type, is encrypted in the same way — be it text, media or files.
Our encryption is based on 256-bit symmetric AES encryption, RSA 2048 encryption, and Diffie–Hellman secure key exchange. You can find more info in the Advanced FAQ.
Multi-device support and message sync do not necessarily preclude end-to-end encryption. Of course, it's a lot easier to accomplish these without end-to-end encryption.
Wire [1] (which I discovered a few months ago) is a platform that has end-to-end encryption, multi-platform support and multi-device sync. It also has text chats, voice calls, video calls, doodling, etc. The UX still needs a lot of improvement (compared to Telegram).
