Got some good news today, Australia's PM (Malcolm Turnbull) doesn't want a backdoor in encryption! All he just wants is "support" from companies to "access" their users encrypted data.

See the difference?

I don't 😒

I'll admit it's well worded, "support" could be anything, "access" could be just to the encrypted data, not decrypted data..

But like.. no.. just no.

They can ask for it.
Some companies will even give access.
You just need to take controlof your data.
Telegram, PGP, full disk encryption, limited trusted CA and other solution.
the problem will be the muggles who don't care about this, or net neutrality.

*Disables encryption*

TFW any politician anywhere in the world starts talking about technology. "You absolute goat heads! You have not got the slightest clue how any of this works!"

@magicMirror I use it, but Telegram isn't proven to be safe. They use their own proprietary encryption, which might be full of holes and backdoors. Same goes for WhatsApp's end to end encryption, if it isn't auditable, it isn't secure.

Safer would be a non-SaaS self hosted solution, but you quickly end up feeling like you're living in the 90s. That's the biggest problem with security: It's almost always very inconvenient.

@bittersweet Telegram swear that encrypted chat is between two devices only, without keys or messages stored anywhere but the involved client apps. This sounds safe.

Just use RSA public/private keys or just Diffie-Hellman key exchange and with strong enough keys it can be considered safe. And if the key generator sits in the client app, it can be checked.
Disclaimer: i didn't touch source code of Telegram client. I speak only from my best knowledge and experience.

There is actually a big difference.

If a backdoor was built in then it could be exploited by anyone with the smarts to do so.

By relying on the makers of the products to “provide support” its much more likely that the government will only get access to user data when its really really essential; like with terrorism or murder etc.

@SSDD It still means that data isn't truly encrypted end to end, a backdoor has to exist for the company to provide access.

@mt3o You have to trust Telegram for that. They might be honest, they might have sold all data to the highest bidder from day one. In my opinion, it's best to treat all digital communication as semi-public.

@SSDD so not a back door, a one sided back hatch like it's a secret club and you need to know this week's codeword for the big muscular bald dude to open the hatch, which on the outside, looks like a wall...?

@bittersweet indeed, my dear friend!

@SSDD The only reason any government is even mentioning this at all is because currently a lot of data cannot be decrypted, even by the company that holds it - since the government wants access, they want that to change.. the only way that can change is with some sort of a backdoor (documented or otherwise).

You can't just try really hard and magically the data decrypts - if you can, stop using SHA-1.. 🤣

That is why they are called as POLITICIANS

*all they try to do is trick people*

@CrankyOldDev gotta have that cyber. The best cyber.

@bittersweet telegram is open source. whatsapp is based on openwhisper whitepaper. go read about it.