End to End Lattepunk
Lattepunk
Telegram’s CEO got arrested. That’s a big deal, maybe?
Telegram’s CEO, Pavel Durov, was arrested when his private jet landed in France. Looking at my subscribers, I feel confident in admitting to you all that I’m not a journalist. There’s real reporting on what is happening so I’m not going to act like the bearer of truth. Here’s some good links:
Telegram Faces a Reckoning in Europe. Other Founders Should Beware / Wired
All the news on Telegram CEO Pavel Durov’s arrest / The Verge
Telegram Founder Charged With Wide Range of Crimes in France / NY Times
What I want to do is focus on what Telegram’s core focus was. A privacy first chat app. Telegram sells itself as that, but the truth is a bit more...murkier than that. Before I continue, I should emphasize something:
Lattepunk and Lattepunk’s writer is not a cryptographer or even knowledgable in cryptography. The opinions expressed here on out are just that, opinion.
Telegram’s chats aren’t actually encrypted. Maybe I should explain what I mean. End-to-End Encryption (E2EE) is a technology where only the people chatting see the conversation. If I message you, only you and I see it, no one else. Let’s use this newsletter for example. This is not E2EE. Buttondown (my newsletter platform) can see the content. When it hits your inbox, your email provider (Gmail, iCloud, etc.) can then see the content as well. Which is okay! This isn’t a private conversation.
Telegram encrypts the messages on their server and claim that no one can see them.
But Luis, I have nothing to hide. Why do I need to care about this?
The good ol’ “I have nothing to hide” argument. Privacy Guides has a good point on this:
You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. There are always certain facts about us—say, personal health information, or sexual behavior—that we wouldn't want the whole world to know, and that's okay. The need for privacy is legitimate, and that's what makes us human. Privacy is about empowering your rights over your own information, not about hiding secrets.
Of course you and I have nothing to hide reader! But when you and I go to take a shit in the bathroom, you close the door right? I know what you’re doing there. So why do you bother closing the door? That’s privacy.
And that’s where E2EE comes in! I want to tell you, and only you, something. Even if it’s this new beer I like, or a YouTube video I think you’d like, no one but you and I need to know that. That simple. Our communications should be between us. You’d be surprise, you may be using this already.
Apples’ iMessage has the ability to do it, just need to turn on Advanced Data Protection. While you’re at it, you should turn on Contact Key Verification and start verifying who you’re messaging. If you’re an Android user, Google has implemented E2EE in their RCS chats. Keep in mind: when Apple adds RCS support to iMessage in a few weeks, those messages will not be E2EE because that feature is not part of the RCS standard. Silly stuff, I know.
So what if and Android and Apple user wants to have a normal, private conversation? It pains me to say this but you could join the rest of the world and use WhatsApp. Yup, their conversations are all E2EE. Underneath the Meta nonsense is one of the most recommended and scrutinized encryption software. Let’s give credit where credit is due. Meta didn’t make that, Signal did. That’s what I’d recommend today if you were considering a new group chat app for all your friends. Signal don’t fuck around when it comes to your privacy.
So know that even if you don’t think about this stuff, the big companies already are thinking about it for you. It doesn’t end there though! Ever wonder how Gmail (and others) manage to do all those cool “tricks” with your emails? It’s cause they are reading your emails. Why is this okay? Ever wonder why your doctor’s emails have you click out of the email to read the messages or results? That’s why.
So do we have to succumb to a world where none of our emails are actually private? Of course not reader! There’s two popular options, Proton and Tuta. Both offer E2EE emails between the sender and the receiver. It works seamless when both are on the same service (Proton to Proton or Tuta to Tuta) but they have a feature where you can encrypt an email to anyone, they just need to use a password that you supply to them to open it online. Really helpful when you need to send sensitive files around (like your taxes for example).
What if I don’t want to sign up for a new service?
There are always options reader! You could set up Pretty Good Privacy (PGP), just have to switch to a different email client to handle your emails. But remember, the receiver of the email also needs to have PGP set up as well.
All this is to say, if you’re going to land your private jet in France, make sure your communications are actually private. Don’t want anyone to know you’re a fan of Lattepunk, do you?
Recommendations:
Drink more water! Also read these:
Blood puddles, mold, tainted meat, bugs: Boar’s Head inspections are horrifying (by Beth Mole, ArsTechnica) (umm, don’t buy boar’s head meat?)
The right to repair electronics is now law in 3 states. Is Big Tech complying? (by Maddie Stone, Grist)
Here’s the Pitch Deck for ‘Active Listening’ Ad Targeting (by Joseph Cox, 404 Media) (maybe our devices are listening to us?)
Struggling to Unlock Your Phone? You Might Have Lost Your Fingerprints (by Dawn Fallik, Wired)
The Unequal Effects of School Closings (by Alec MacGillis, ProPublica)
Google tags a tenth Chrome zero-day as exploited this year (by Sergiu Gatlan, Bleeping Computer)
Google increases Chrome bug bounty rewards up to $250,000 (by Sergiu Gatlan, Bleeping Computer) (might be time for a career change, sheesh)
Samsung TVs will get 7 years of updates, starting with 2023 models (by Scharon Harding, ArsTechnica)
A Prominent Accessibility Advocate Worked With Studios and Inspired Change. But She Never Actually Existed. (by Grant Stoner, IGN) (this was a wild piece)
Man posing as teen YouTuber gets 17 years for horrific global sextortion scheme (by Ashley Belanger, ArsTechnica)
Turns out Martin Shkreli copied his $2M Wu-Tang album—and sent it to “50 different chicks” (by Nate Anderson, ArsTechnica)
A Video Game Dynamo With Strange Ideas Always Swirling (by Harold Goldberg, NY Times)
Harmful 'Nudify' Websites Used Google, Apple, and Discord Sign-On Systems (by Matt Burgess, Wired)
Apple’s Huge “Dual Use” Face Swap App Problem Is Not Going Away (by Emanuel Maiberg, 404 Media)
Inside Ford’s private off-road track where it tests its wildest electric machines (by Tim Stevens, The Verge)
Sunk cost (by Ben Weiss, The Verge) (this is about OpenSea, where people would buy and sell NFTs. super interesting read)
If you enjoyed this, share it with someone.