From their docs, they do seem to have an emphasis on
doing secure and
private communications correctly. I would say that the only real
guarantee
that the org is practicing what it claims to be practicing is by having the
code (which is mostly open sourced) audited.
In the US, there's really no such thing as secure cloud-based encryption in
this manner (I believe I'm reading their docs right), because the US
government could secretly coerce them to divulge their private keys.
They do, however, provide what they call a "Secret chats, end-to-end
encryption" feature, which, if it's implemented as they suggest, appears to
provide secure forward secrecy between two clients. It's unlikely that this
feature would include some of the same fancy features of the larger
telegram platform (it likely wouldn't support sharing messages across
linked devices, though I could be wrong).
Before relying on something like this, though, I would probably wait for
larger adoption and/or a professional security audit, as it turns out that
actually implementing this kind of functionality can be difficult and prone
to bugs which render security guarantees invalid.
For the mesh, we're generally looking for/interested in decentralized
options. It doesn't currently appear that Telegram is offering the source
for setting up Telegram communications servers, which would be the crucial
routing hubs for all of these messages. If I'm wrong about that -- and
assuming that the telegraph protocol handles multiple routing hubs -- this
would be a terrific mesh service and would be a fantastic addition to a
mesh server apps list.
Max
On Fri, Jul 24, 2015 at 12:38 PM, Benny Lichtner <bennlich(a)gmail.com> wrote:
Usually I think of cloud-based services as necessarily
antithetical to
user data privacy, but telegram doesn't seem to think so. They claim to be
very interested in privacy (read here:
https://telegram.org/faq#q-what-are-your-thoughts-on-internet-privacy)
and also not to currently be or ever become motivated by profit, but they
store most of your data (encrypted) on their own servers for convenience
(easy access, search-ability, etc.)
Is user data safe with promises like these? Is the threat of legal action
enough to guarantee that an organization like Telegram is indeed practicing
what it claims to be practicing?
https://telegram.org/privacy
--Benny
p.s. Either way, it's nice to see user privacy get so much attention.
_______________________________________________
mesh mailing list
mesh(a)lists.sudoroom.org
https://sudoroom.org/lists/listinfo/mesh