this post was submitted on 05 Dec 2024
185 points (97.9% liked)
Cybersecurity
5847 readers
12 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The above commenter said that their end-to-end MTProto protocol is not enabled by default.
Defaulting to just using transport encryption like TLS on a messaging app isn't sufficient in 2024.
MTProto is not end-to-end. MTProto is their obfuscated client-server transport encryption.
What the commenter above is referring to is Telegram defaulting to saving your messages on the server in plaintext. You can use a "secret chat" which enables end-to-end encryption, but that is separate from MTProto.
Your sentiment is correct though. Messages should not be visible in plaintext to the server.
I dont know much about it, but Wikipedia says that MTProto is specifically for "secret chats":
https://en.m.wikipedia.org/wiki/Telegram_(software)#Architecture
Maybe Wikipedia is misleading here
You're right, it is misleading. There are different "flavours" of MTProto. See here:
https://core.telegram.org/mtproto
(The major difference is simply whether the server and client share a key or two clients)