@kravietz
> group chats can’t be end-to-end encrypted (E2EE), so their contents are readable to at least Telegram operators
Only today this came to me: little is known about it in the rest of the world, but due to sanctions, Russian enterprises and government organizations can't acquire proper security certificates recognised by most widely used browsers.
@robryk
Yandex might be compromised and has security services representatives on board — therefore should no be trusted, but it's not officially a state-owned company — they might be exempt to these sanctions, but they still distribute their own Yandex Browser with said CA baked in. Few others might be using certs that are still valid — those didn't get revoked, they just can't renew them.
@kravietz
@robryk
It was on the news in 2022, e.g. here: https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/
In Russia it's a well known fact, maybe not so much outside of it, hence my remark
Check out https://sberbank.ru/ for example, this is one of the biggest banks in Russia and their cert expired only just recently.
@kravietz
@robryk
Yes, that statement was indeed too broad, sorry!
I'm not sure that Yandex is exempt BTW, not versed enough in this topic to tell. They did have to split off the operations in Russia into a separate company and distance the main one from it, maybe they are affected by a different set of sanctions and have problems of their own coming 🤷
@kravietz
@m0xee @kravietz
Ah, got it -- it's about ~state-owned enterprises as opposed to all Russian ones.