Telegram keeps talking about how private and secure it is, but all group and private chats are not encrypted by default. Its end to end encrypted chats are very limited (only direct messages and only on one device) and rely on self-baked crypto. Their voice chat is also almost definitely not end to end encrypted, as I'm not aware of a way to do e2ee voice chat with many participants without linearly increasing bandwidth requirements for users
I wonder if it’s possible to do in the same way WhatsApp does for media uploads.
When you send a video to a contact on WhatsApp, it takes some time to upload the video. When you then forward the video a few minutes later, it’s near instant. This set off red flags for me, as that can’t be E2EE if so.
Someone explained that the media is encrypted using one key, which is stored locally. The key is then encrypted and transmitted to the recipient using the clients public key. When you forward the media, you only need to send the second recipient the encrypted key using their pubkey (along with the identifier for the media that is still present in WhatsApp server side cache).
This in itself raises some more red flags relating to the encryption of the media being transmitted and cached in the first place, but if that’s all done sensibly, then this isn’t the worst solution to reduce bandwidth utilisation by end users.
A similar approach could be used for E2EE group calls. Encrypt the payload using one key, send the payload to all participants via a central server (which generally has to happen anyway due to NAT traversal issues, especially with mobile internet), and send each participant the keys individually. Voila, group call with 3 people or 30 people doesn’t result in having to retransmit the same audio payload multiple times.
Obviously this is a simplistic overview of how this could work. I am not a cryptographer, I have no expertise in this area, everything above could be total baloney. Anyone with expertise should absolutely correct me please and thank you.
All that said, hope this helps.
EDIT: changed the above to reflect that forwarding media is “near instant” rather than “instant”
Thanks, I’ve edited the comment to better reflect that it’s near instant rather than actually instant.
I’ve done a packet capture to verify that my phone is not uploading the entire payload a second time when forwarding media I’ve recently uploaded or received, which is what compounded my original concern.
I always wondered why Telegram gets criticism for their boring cryto based on well respected algorithms while Signal gets hardly any criticism for their crypto based on unique concepts.
> I'm not aware of a way to do e2ee voice chat with many participants without linearly increasing bandwidth requirements for users
This can be almost trivially extended from one-to-one end-to-end encrypted text chats: One peer picks a random symmetric key and forwards it to all participants over the existing encrypted and authenticated channel.
Afterwards, you can just use the most appropriate way of relaying encrypted voice data: Full mesh peer to peer, one party acting as relay for everybody else, using an SFU that relays incoming data from one peer to all others (without being able to decrypt it)...
I found it interesting that direct calls (just calling one of your contacts) can be peer-to-peer if you enable it in the settings. They even have a unique code at the top of the screen (like 5 emojis) that you can verify match on the other participant's phone.
By default, it's as good (or as bad) as email with secure transport. "Secret chats" are end-to-end encrypted, but it supports only one-to-one conversations. There is no group secret chat feature. Voice chat also being a group feature, would have the same transport level encryption as the default chats, I suppose.
Big-time Telegram user for usability reasons, but their encryption is a joke. "Server-client encryption" whose server anyway, the NSA's? It might as well be.
Since it is a group thing it would likely only be encrypted to the server. Telegram only does end to end encryption for "Secret Chats" which is a different mode.
The gotcha in the German university system is studying 4-5 years and then dropping out without degree, because there is very little support and a culture of expecting knowledge and not teaching knowledge, which hits underclass students the hardest.
The Virus Total detection list is very interesting [1]. How can your antivirus-software not detect a dangerous, publicly known, two year old exploit? How can anyone take these products seriously? Of course McAfee does not detect it.
While I'm an advocate of the US entirely removing itself militarily from the Middle East, none of those properly qualify against the parent's point.
The parent referred to starting wars. The first one doesn't qualify at all.
The US and NATO have intervened in the two civil wars (along with numerous other countries; with France recently pleading with the US to remain in Syria). It's an overreach to claim the US started the Libyan Civil War or the Syrian Civil War, neither is true. The US was opportunistic in trying to squeeze Syria's dictator Bashar al-Assad out (with Russia on the other side, trying to prop up the dictatorship). Those civil wars are the inevitable result of decades of extreme oppression by dictatorship, which will always end in armed revolution.
- Airstrikes are not a war and the US is not at war with Iran (believe me, you'd know if they were)
- Libya was started by France who begged the US to join them on their little sorties, Italy ran air command too, the US was just along for the ride)
- The Syrian Civil War has basically nothing to do with America, blame Russia as the leadership there gassing civilians and genociding undesirables is a Putin stooge.
Unlikely. I think they are just spread very thin, internal communications between groups is still broken, the dev process is/was broken (but is supposedly being fixed), and departments probably still don't cooperate. Priorities lie with features that sell the eco-system, not fixing bugs.
From personal anecdote I find that it's just poor culture which prevents qualified people from getting hired. Even with tons of reqs open, no one new as added to the staff.
Yes, they should. The vast majority of QA should be automated unit and integration tests.
> QA is unnecessary
This is objectively false. Even if you perform 99.999% of all QA in an automated way, you're still going to miss those edge cases, like the infamous daily kernel panics due to buggy support for external USB-c displays that only real humans testing your product in the real world with 3rd-party devices can find. QA is still extremely important, and when companies like Apple neglect it, they end up shipping buggy and disappointing products.
It is quite plausible, that the quality problems of Catalina and iOS13 at the launch were a consequence of shifting the development team around to also support the development of MacOS on ARM.
On the surface, there isn't so much new in Catalina oder iOS 13, that you would think that things break so badly, but they did.
Starting a new branch of the development always is a disruption. Developers would be reassigned to new groups, probably the best ones even, new developers would join the existing groups. This process probably has started like 2-3 years ago and intensified like 1-2 years ago, especially after they had the first silicon to play with - and I assume the CPU will be sufficiently different from an iPhone so that you want to at least optimize your code for it, there might also be entirely new features to support.
mac os at large has a quality problem. I have gotten more kernel panics on my personal and work laptops in the last 6 months than I have on my windows machines in the past 5 years.
I think the difference is, that Apple threw everything they could to fix iOS13, as their survival depends on it, so it did stabilize, while Catalina still hasn't recovered.
I don't quite agree -- I think iOS has been decreasing in quality as well. Apple in general is producing software of lesser quality than it has in the past, in my opinion. Very disappointing as I used to be a huge fan of their products :\
This is not as common as you might think. Some universities do closely collaborate with their regional industry, but the vast majority of master thesis have zero practical application, just like in the US.
It generally depends on where the funding comes from, at least from what I've seen. Chairs or individual projects that are funded by industry generally hand walk graduate students through partner-sponsored topics.
