Telegram says it has 'about 30 engineers'; security experts say that's a red flag - eviltoast
  • frezik@midwest.social
    link
    fedilink
    English
    arrow-up
    87
    arrow-down
    2
    ·
    4 months ago

    Headline is terrible. The big red flags are that they don’t do end-to-end encryption by default, the servers are in Dubai, and use a proprietary algorithm.

    Last part should be clarified further. They didn’t reinvent AES or anything. It’s more like a protocol that puts together existing algorithms. It means they can use transport layers without TLS or anything else that wraps your messages in crypto otherwise.

    https://core.telegram.org/mtproto

    I’d still say this is a red flag. How you wrap encryption around your messages has several pits you can fall into. It’s not as bad as reinventing AES, though.

    • AwesomeLowlander@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      2
      ·
      4 months ago

      Headline is terrible

      They do explain though that given how below average their headcount is, it means they’re likely understaffed, overworked, and have zero capacity to respond to intrusion attempts.

      • mostlikelyaperson@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        4 months ago

        They seem to have 0 clue what they are “explaining “ though. I don’t know if those engineers are overworked or how (in)competent they are, I don’t even use telegram. But they apparently do have other non-engineering people on staff and content moderation and dealing with legal issues aren’t the job of an engineering team.