Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can sync messages across many independent devices despite e2ee.

Matrix has been doing that for years



Does Matrix encryption scale? Telegram rooms have a huge number of participants. Also last time I looked into this, Matrix encryption was also an opt in.


In Matrix all PM rooms are E2EE by default.

For public rooms however, it doesn't really make sense to enable E2EE.


Many people seem to think that Telegram tries to be a Signal or Matrix replacement. I dont think Telegram tries to be any of that. If anything you can compare it to Discord, except much better.

To enable synched e2e conversations accross many devices you also need to synch private keys, which is a security nightmare.


Either sync private keys or the messages itself.

Why would it be a security nightmare? In contrast to not even supporting e2ee in the first place?


How would you securely sync priv keys? How would you securely sync plaintext messages?

Telegram supports e2ee but it is device centric for this reason


> How would you securely sync plaintext messages?

Same as with private keys: Verified e2ee

> Telegram supports e2ee but it is device centric for this reason

At least this is what they told you


> Same as with private keys: Verified e2ee

Yikes


Anything meaningful to say?


About as meaningful as the suggestion to use "verified e2ee" to transmit private keys


Shoot


Even whatsapp does it now


Does it? Last time I used WhatsApp I could not use it on my desktop without scanning a QR code each time and keeping the phone nearby.


You need to scan the QR code only the first time using the desktop app.


Can you use the desktop app without the phone present? For example, if the phone is turned off.


I have heard you can, for about 2 weeks. Then the phone must be at least become active.


With Telegram I do not have to worry about losing my "primary" device in order to access my account. Telegram is more a social network than a chat app. Moreover Telegram does not require me to feed it my whole Contact List in order to communicate. WhatsApp has this limitation on purpose (there actually are workarounds but they are "hacks" and not how Meta wants you to use the app). It is very suspicious: why can't I search for a WhatsApp contact by manually typing in a number into WhatsApp? Instead I need to put it inside my Contact App and grant WhatsApp full access to it. LOL


There recently was a link making rounds here that purportedly allowed you to send WhatsApps to phone numbers not in your address book


Yes you can




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: