#Cryptocat social gets insanely backing to update
Worse, even after this was pointed out to them and people started writing papers about potential attacks, they have stood by their shaky design, refusing to update it or even admit mistakes were made in the initial design.īut even worse than that, end-to-end encryption is off-by-default, and users must opt into it.
![cryptocat social gets insanely backing to cryptocat social gets insanely backing to](https://techcrunch.com/wp-content/uploads/2019/06/GettyImages-645261630.jpg)
Had they even used HMAC they'd be in much better shape. This is something of a crypto 101 mistake. Logic, though, is probably no match for conspiracy theories. Security professionals know that's not how we should think about security (never trust people!), because Durov is leaving a lot out: there aren't safe jurisdictions, servers get hacked, and centralized databases will get compromised. That's not good, unless you've been trained to think that "privacy" is just about choosing the company, government, or legal jurisdiction that gets total access to your data. Telegram stores the messages you send/receive unencrypted on their servers. They want people to think like that because they've built businesses that require it. The way Pavel Durov and others like him present "trust" is (ironically) shady corporate structures, shell companies, or use of the word "Switzerland." Most companies in that business do the same, because it's easier than building something that doesn't require trust in people. Pavel Durov wants everyone to think security is about trust in people.