425
Telegram is lying to you about privacy
(donald.cat)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 26 May 2026
425 points (100.0% liked)
Technology
85080 readers
4063 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
As long as the keys are handled via a closed source app and server system, e2ee is potentially broken.
Even if you generated the key, keep the private part locally and submitted only the public part to your communication partner, you can never be sure that the intransparent app does keep your private key private.
With WhatsApp I'm quite sure that they somehow can retrieve the private key. Certain events point to that. But I see no reason to consider signal or telegram any more trustworthy - they are all prone to governmental influence.
And as open source and closed app infrastructure are incompatible, I would not handle anything important on an Android or Apple device.
Why would you not trust Signal?
You don't have to trust their server infrastructure, because the end to end encryption has been verified by countless experts (and all their client side code can be looked at by anyone).
to be fair there is no way to verify the google play distributed app has been built from the published source code. there are also people arguing that the closed source google components built into it could work as a backdoor
You can build the app from source code though. Couldn't you compare that to the Google Build?
Also, you could use a fork like Molly, they removed all proprietary binary blobs and replaced them with FOSS alternatives. And it's still fully compatible with Signal
only if the app is built reproducibly. I suspect the google libraries are likely minified/obfuscated by default though.
I do, but that's only so much when the point of the app is communicating with other people
What events point there?
There were several (ex) Meta employees stating they could read any message if they wanted to.
Source for this
I don't know about WhatsApp, but macOS backups your keys on iCloud by default, so...
I've no proof of this, but technically the whatsapp app is closed source so they could push an update that collects the private keys, if they don't do this already
One way to prevent this is would be to re-sign the app with your own signing key and delete that key before court, I guess. But those people whose conversations appeared probably just had Google Drive plaintext backups enabled.
A number of WhatsApp conversations unexpectedly appearing in courts.
You can easily access any undeleted convo in any app if you achieve device access. I would like to read more about this to understand it more and because your reply is still a little unprecise, do you have links to examples?
This was not about device access, that's why I considered interesting. No, I don't have links to everything I have read in my life... IIRC it was in a discussion on Reddit, which I don't frequent anymore.