Hello WvV!

Thanks for sharing those links.

I don't think it has been unknown to Telegram users that Secret
Chat is the ONLY true E2EE channel.

And.. starting a Secret chat isn't "buried" so deep as has been
suggested. All that is required is to [1] tap on the user's
icon, [2] clink on the 3-dots, and [3] "Start Secret Chat" is
right there.

But I think Green's comments omits mentioning a few things.
Although the Secret Chat channel may be the only true E2EE
part, the Telegram FAQ goes to quite a bit of length mentioning
the following:

"All Telegram messages are always securely encrypted. Messages
in Secret Chats use client-client encryption, while Cloud Chats
use client-server/server-client encryption and are stored
encrypted in the Telegram Cloud (more here). This enables your
cloud messages to be both secure and immediately accessible
from any of your devices - even if you lose your device
altogether."

So.. in-traffic chats are encrypted too. The FAQ claims that
ALL messages remain encrypted on the servers, but Telegram
holds the keys for the public chats to support message history/
backups that people may want restored if they change to another
device.

The FAQ also goes to some length explaining why Whatsapp and
Signal are not entirely E2EE especially if the messages are
stored on cloud servers.

More here:

https://telegram.org/faq#secret-chats

..and here:

https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-
Default-08-14

--
../|ug

--- OpenXP 5.0.58
* Origin: tg_bbs-> https://t.me/joinchat/TWCQfOZqwwOmweR1 (2:221/1.58)

Hi August,

On 2024-09-16 21:18:00, you wrote to me:

I don't think it has been unknown to Telegram users that Secret
Chat is the ONLY true E2EE channel.

Probably only to users who care (a bit) about this, and investigated it.

And.. starting a Secret chat isn't "buried" so deep as has been
suggested. All that is required is to [1] tap on the user's
icon, [2] clink on the 3-dots, and [3] "Start Secret Chat" is
right there.

After 2 I don't see 3 in the menu options that are presented to me!?


Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)

Hello Wilfred!

After 2 I don't see 3 in the menu options that are presented to me!?

AH.. my guess is that you are trying to do that in the DT gui.
But secret chats are a mobile thing .: the feature is only
available from the phone app.

--
../|ug

--- OpenXP 5.0.58
* Origin: (1:396/45.29)

Hi August,

On 2024-09-17 08:07:00, you wrote to me:

After 2 I don't see 3 in the menu options that are presented to me!?

AH.. my guess is that you are trying to do that in the DT gui.
But secret chats are a mobile thing .: the feature is only
available from the phone app.

Indeed... I don't think that was mentioned in the articles?
Btw: My goto device is always my desktop for Telegram, it's much more convenient to use a real keyboard to type in messages! ;-)

I've sent you an invite for a secret chat.


Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)

Hi Wilfred...

Hi August,
On 2024-09-17 08:07:00, you wrote to me:

AH.. my guess is that you are trying to do that in the DT gui.
But secret chats are a mobile thing .: the feature is only
available from the phone app.

Indeed... I don't think that was mentioned in the articles?
Btw: My goto device is always my desktop for Telegram, it's much more convenient to use a real keyboard to type in messages! ;-)
I've sent you an invite for a secret chat.
Bye, Wilfred.

Well.. in the section entitled "Secret Chats / Q: How are secret chats different?" of the FAQ, it states:

"All secret chats in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret chat from their device of origin. They are safe for as long as your device is safe in your pocket."

So.. "in your pocket" would exclude a DT, I would presume. ?

--
/|ug
https://t.me/aabolins

--- Want fido for iOS/MacOS/Android/Win/Linux? https://shrtco.de/tpJ9yV
* Origin: Fido by Telegram BBS from Stas Mishchenkov (2:460/256)

Hello Wilfred van Velzen!

AH.. my guess is that you are trying to do that in the DT gui.

[..]

Btw: My goto device is always my desktop for
Telegram, it's much more convenient to use a real
keyboard to type in messages! ;-)

Same here. It is interesting though that a pretty large
demographic is probably acclimated with their smartphones and
don't know anything else.

I've considered a BT keyboard for my phone incase I may need to
rely on the phone for more texting/email/research ..etc. But
I've held back. It would end up as a yet-another-device that
is easily misplaced and that needs battery maintenance.

--
../|ug

--- OpenXP 5.0.58
* Origin: tg_bbs-> https://t.me/joinchat/TWCQfOZqwwOmweR1 (2:221/1.58)

Hi Aug,

On 2024-09-17 15:36:22, you wrote to me:

Well.. in the section entitled "Secret Chats / Q: How are secret
chats different?" of the FAQ, it states:

"All secret chats in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret chat from
their device of origin.

So far I don't read it can't originate from the desktop app.

They are safe for as long as your device is safe in your pocket."

So.. "in your pocket" would exclude a DT, I would presume. ?

Mwhoa... Indirect effidence. And for instance a raspberry pi, is small enough to put in your pocket.


Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)

Hello Wilfred!

So far I don't read it can't originate from the desktop app.

True.. it seems that the FAQ doesn't seem to specifically state
the difference or that limitation in the DT. I started using Tg
with the DT gui prog. I naturally expected Secret Chats to be
available too. Phone chats worked, so why couldn't all the
features? It baffled me for a long time.

They are safe for as long as your device is safe in your
pocket." So.. "in your pocket" would exclude a DT, I
would presume. ?

Mwhoa... Indirect effidence. And for instance a raspberry
pi, is small enough to put in your pocket.

But doesn't a Pi need a wire running from it for a power
source? And.. a Pi doesn't come equiped with a monitor and
keyboard for "mobile" use. ;) So.. it doesn't qualify as a
mobile device in the formal sense.

--
../|ug

--- OpenXP 5.0.58
* Origin: tg_bbs-> https://t.me/joinchat/TWCQfOZqwwOmweR1 (2:221/1.58)

Hi August,

On 2024-09-17 19:58:00, you wrote to me:

They are safe for as long as your device is safe in your
pocket." So.. "in your pocket" would exclude a DT, I
would presume. ?

Mwhoa... Indirect effidence. And for instance a raspberry
pi, is small enough to put in your pocket.

But doesn't a Pi need a wire running from it for a power
source?

So the secret chats are even safer if the device is turned off and in your pocket! ;-)

And.. a Pi doesn't come equiped with a monitor and
keyboard for "mobile" use. ;) So.. it doesn't qualify as a
mobile device in the formal sense.

It doesn't state that the device has to be turned on in your pocket! You can't opperate it anyway when it is in your pocket! ;-)


Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)

Hello Wilfred!

But doesn't a Pi need a wire running from it for a power
source?

So the secret chats are even safer if the device is
turned off and in your pocket! ;-)

Hmmm... now I think you are being too clever! :| I am
guessing that the parts regarding secret chat were written when
Telegram first came out for portable phones.

What I find somewhat more mysterious in the FAQ is this:

"After the secure end-to-end connection has been established,
we generate a picture that visualizes the encryption key for
your chat. You can then compare this image with the one your
friend has - if the two images are the same, you can be sure
that the secret chat is secure, and no man-in-the-middle attack
can succeed."

I am not sure how to view that image, do you?

--
../|ug

--- OpenXP 5.0.58
* Origin: tg_bbs-> https://t.me/joinchat/TWCQfOZqwwOmweR1 (2:221/1.58)

Hi August,

On 2024-09-18 08:08:00, you wrote to me:

So the secret chats are even safer if the device is
turned off and in your pocket! ;-)

Hmmm... now I think you are being too clever! :|

;-)

I am guessing that the parts regarding secret chat were written when Telegram first came out for portable phones.

What I find somewhat more mysterious in the FAQ is this:

"After the secure end-to-end connection has been established,
we generate a picture that visualizes the encryption key for
your chat. You can then compare this image with the one your
friend has - if the two images are the same, you can be sure
that the secret chat is secure, and no man-in-the-middle attack
can succeed."

I am not sure how to view that image, do you?

I found out. If you click/tap on the user (in the header in the secret chat), you get that option.

But you have to be in each others neighbourhood to view/compare it on each others phones. I don't if it's secure to make a screenshot and share that in the secret chat?


Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)

On Wednesday September 18 2024, August Abolins said the following...

What I find somewhat more mysterious in the FAQ is this:

"After the secure end-to-end connection has been established,
we generate a picture that visualizes the encryption key for
your chat. You can then compare this image with the one your
friend has - if the two images are the same, you can be sure
that the secret chat is secure, and no man-in-the-middle attack
can succeed."

I am not sure how to view that image, do you?

When you've established a secret chat with a contact, tap their name or picture at the top of the screen to bring up their contact info.

One of the options will be "Encryption Key" which you can tap on to see the key and image.


Jay

... Computers run on faith, not electrons
--- GoldED+/LNX 1.1.5-b20240309
* Origin: Northern Realms (1:229/664)

Hello Wilfred!

But you have to be in each others neighbourhood to view/
compare it on each others phones.

Tg's choice of image type doesn't seem very useful to me. The
pixelated-like image is too complex for easy comparison. A
better system might be the series of emojis that Session uses
for verifying contacts.

I don't if it's secure to make a screenshot and share
that in the secret chat?

Why not?

Besides, a secret chat can only be launched from an established
contact, so.. the chances are that it's the same person is
pretty high. :D So.. perhaps there is practically no point
in having the image comparison at all.

--
../|ug

--- OpenXP 5.0.58
* Origin: tg_bbs-> https://t.me/joinchat/TWCQfOZqwwOmweR1 (2:221/1.58)

Hello Jay!

When you've established a secret chat with a contact, tap
their name or picture at the top of the screen to bring up
their contact info.

One of the options will be "Encryption Key" which you can
tap on to see the key and image.

So.. you think the set of alphanumeric characters are the
actual encryption key that Tg uses? I thought it was just set
of chars for inperson verification/comparison purposes.

--
../|ug

--- OpenXP 5.0.58
* Origin: tg_bbs-> https://t.me/joinchat/TWCQfOZqwwOmweR1 (2:221/1.58)

Hi August,

On 2024-09-18 18:45:00, you wrote to me:

But you have to be in each others neighbourhood to view/
compare it on each others phones.

Tg's choice of image type doesn't seem very useful to me. The pixelated-like image is too complex for easy comparison.

Indeed. They should at least used more colors. But that might hamper the color-blind...

A better system might be the series of emojis that Session uses for verifying contacts.

I'm not familiar with that one.

I don't know if it's secure to make a screenshot and share
that in the secret chat?

Why not?

"After the secure end-to-end connection has been established,
we generate a picture that visualizes the encryption key for
your chat. You can then compare this image with the one your
friend has - if the two images are the same, you can be sure
that the secret chat is secure, and no man-in-the-middle attack
can succeed."

If there is a man in the middle he can change the picture or messages sent to the "correct" one.

Besides, a secret chat can only be launched from an established
contact, so.. the chances are that it's the same person is
pretty high. :D So.. perhaps there is practically no point
in having the image comparison at all.

If there is a man in the middle in the secret chat he will certainly already be in your system for the normal chat too...

But indeed the image isn't very usefull. The hex numbers also displayed, can for instance be compared in a life phone conversation. (unless you are talking to an AI generated voice on the other side, from the man in the middle ;-))


Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)

Hi August,

On 2024-09-18 18:48:00, you wrote to Jay Harris:

So.. you think the set of alphanumeric characters are the
actual encryption key that Tg uses? I thought it was just set
of chars for inperson verification/comparison purposes.

Below the picture and sequence of hex numbers it says: "This image and text were derived from the encryption key..."
So it's clear it's not the key itself!


Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)

On Wednesday September 18 2024, August Abolins said the following...

One of the options will be "Encryption Key" which you can
tap on to see the key and image.

So.. you think the set of alphanumeric characters are the
actual encryption key that Tg uses? I thought it was just set
of chars for inperson verification/comparison purposes.

From https://telegram.org/faq#secret-chats

"Newer versions of Telegram apps will show a larger picture along with a textual representation of the key (this is not the key itself, of course!) when both participants are using an updated app."

Looks like it might be a fingerprint of the actual key.


Jay

... To the guy who invented zero, thanks for nothing
--- GoldED+/LNX 1.1.5-b20240309
* Origin: Northern Realms (1:229/664)

Hello Jay!

From https://telegram.org/faq#secret-chats

"Newer versions of Telegram apps will show a larger
picture along with a textual representation of the key
(this is not the key itself, of course!) when both
participants are using an updated app."

At least they acknowledge there are issues with the current
representation. Meaning.. there maybe a significant number of
users who provided feedback to influence a change.

Looks like it might be a fingerprint of the actual key.

Yes.. that's a better way of describing that part.
--
../|ug

--- OpenXP 5.0.58
* Origin: (1:396/45.29)

Below the picture and sequence of hex numbers it says:
"This image and text were derived from the encryption
key..." So it's clear it's not the key itself!

Yeah.. I glossed over the accompanying text and derived a
stupid question. :( In restrospect it would seem dumb to
expose an actual key like that. Perhaps it would have been
better to call it "special comparison sequence". Jay's comment
about calling it a fingerprint is good.


--
../|ug

--- OpenXP 5.0.58
* Origin: (1:396/45.29)