The entire set is then encrypted again in transit.
Citation? The author of the article provides theirs, and a cursory glance at the chart that telegram themselves provides reveals that the authentication key is not encrypted at all.
Here’s the part of the article you may have missed that clarifies why that’s actually a huge issue:
This enables anyone who has sufficient network visibility and a bit of dedication to identify traffic originating from a given user device.
IStories found evidence that all network communication to and from Telegram’s infrastructure go through a company linked to the Russian FSB. This would provide the kind of network visibility that combined with auth_key_id would allow it to identify traffic coming from specific users, globally.
Why exactly did Telegram create a proprietary messaging protocol that uses this “surprising and unnecessary protocol design choice, present neither in Signal nor WhatsApp”?
Maybe it was just a huge coincidence, compounded by other huge coincidences. You tell me. You have the opportunity to blow this article wide open.
Citation? The author of the article provides theirs, and a cursory glance at the chart that telegram themselves provides reveals that the authentication key is not encrypted at all.
Here’s the part of the article you may have missed that clarifies why that’s actually a huge issue:
Why exactly did Telegram create a proprietary messaging protocol that uses this “surprising and unnecessary protocol design choice, present neither in Signal nor WhatsApp”?
Maybe it was just a huge coincidence, compounded by other huge coincidences. You tell me. You have the opportunity to blow this article wide open.