It actually seems more like a windows 10 compatibility dilemma for developers. You can support older systems but it would require some effort. The problem is not the absence of some specific certificates, but the absence of newer ciphers altogether.

This does give security but also removes backwards compatibility with some clients that might be important for some websites.

Hard disagree on denuvo. If it’s no problem for you then you must have tons of experience in re. Which puts you into some 1%-ish group. Depends on the type of mods you do of course.

You can. Google steamless.

Steam DRM is nothing like stuff people should be aware of. Ask any modder for confirmation.

I mean the basic logic of the service was designed somewhere before its release. Data policies, promises to users are nothing if you assume services should adapt to stuff like this, at the expense of breaking those policies and promises.

Here is an old article from telegram about reasons for how it works https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-Default-08-14

No, just personal experience (I use telegram for many years) and absence of server data implications anywhere across the issues in the past (at this time too). You can find questionable or illegal businesses in telegram with a few words, they are all public channels. Hence “no moderation” accuses mentioned in every article.

There are of course darknet-like private communities, but I assume they are not a subject of interest at this time. Authorities would need to dig very deep past all the obvious illegal stuff, and telegram shouldn’t care about resources consumed by such a small chunk of user base. Those groups will stay, as they are, private and safe, I assume, for quite some time.

Assuming things should work that way is ignorant. According to you, service owners should design and redesign their services to not store any data in order to avoid arrests. Also that a service owner should invent stuff they might not had a plan for if they have even a theoretical possibility to help identify individual users, in other words go against policies they designed at some point.

That’s a wild way of twisting the logic. Just because the platform doesn’t fall under your e2ee definition doesn’t mean they had to do something that is only possible on purely cloud services.

The reason for arrest doesn’t even have anything to do with encryption. All content that facilitates mentioned crimes is public. Handling it shouldn’t involve any backdoors or otherwise service-side decryption.

Wording is confusing. Here are some better takes that sound valid and are true:

• Telegram’s e2ee is only available for chats of 2 people, and only on official mobile client.

• Telegram’s e2ee is a feature you have to enable whenever you need it (called secret chats).

There is still plenty of fish for advertisers, sadly.

the messages are decrypted on the server

What you said means they can be decrypted on the server. But there is no proof of that happening in the past. People got into problems not because someone uncovered their content in telegram, but because that content was effectively public from the beginning.

You switched the topic of the discussion. My original comment stands, as it corrects some part of your first comment.

I didn’t suggest anyone to use telegram.

They have repeatedly worked with governments and worked against the interests of their users.

Even though those allegations are arguable, I know what you mean. And those cases don’t involve compromising the actual encryption from what I understand.

Ah yes, definitely go with a messenger that has known vulnerabilities in its crappy encryption protocol, instead of one with an actual secure E2EE implementation.

Feel free to go any way you want. I’m not asking you to use telegram.

You can still make encrypted backups

Spend time for that, and keep them where? Maybe also need a feature to sync them between mobile and desktop?

Only Telegram is too incompetent to do that.

Not an implementation issue but a trust issue.

Just stop lying. Telegram Secret Chats have been introduced in 2017

https://telegram.org/evolution see October 2013.

both Signal and WhatsApp have had E2EE (including for group chats!) for much longer.

Whatsapp had them inctorudec in 2016.

Are you mad that Signal is focusing on privacy and security by improving their encryption protocol, instead of wasting time on some UI garbage?

I’m perfectly fine with that. More apps using electron means less chance for my pc to run garbage applications on a regular basis.

keep in mind that Telegram can read all of your messages, as well as hand them over to governments.

Keep in mind that any person in your secret chats can read your message, copy or screenshot it and hand it to anyone else. Those people know much better if you’re doing anything sketchy (or something actually good but against their beliefs), than an app developer.

I think you are falling for the “genius inventor” fallacy clueless normies love a lot.

People advertising signal everywhere look like those kind of normies to me too. Doesn’t mean much.

The reason it’s not known to be broken is that it’s not a high value target - most people don’t use “secret chats” in TG.

Fair assumption. But it means you accept most people are stupid enough to not want such a feature or smart enough to not need it. Telegram user base is reported to be 900 million though.

Something not being standardized doesn’t mean it’s bogus.

Cool. So that gives people authority to say “if it’s used by signal and is standardized then it should be used by everyone”?

It doesn’t look like any of those are used by “major” messengers. Especially signal. This means “major” players prefer their own implementations, which removes the meaning from calling unused stuff a “standard”.

So if an app doesn’t support e2ee all data is being saved in plain text suddenly. You prefer calling telegram shitty because you don’t care to actually learn what it uses. So it should be fair for me to call any other client shitty for other nonsense.

has been proven to have critical weaknesses

Those are not critical, just some aspects being below some arbitrary expectational values. Also it seems there is still no proofs those vector attacks are being used at all.

Yes it can

They chose to target convenience over max security. Shoving strongest options to every user by default is agaiantt that. Reasons include: no history is being saved in this mode, and the desktop client doesn’t support it.

Signal has had group chats for many years now

Just because it was implemented by others doesn’t mean it’s a way to go for everyone. From what I understand, e2e in group chats means that there is going to be a transaction of keys between all members of the chat on adding any new member, and/or on new message, which excessively increases the burden on clients and servers in case of big active chats.

You can ask telegram to implement that, but you can’t blame it for keeping it behind some gates. Telegram got implemented e2e between 2 users before other messengers got it working in any form of group chats.

and use Signal

I’ll think about it if they ditch electron.

There is no normal e2ee because there is no standard for implementation, especially when it comes to group chats with >2 people.