Most cryptographers do not see Telegram as a secure encrypted protocol. This is for two reasons: the first one is that Telegram doesn't do end-to-end encryption by default (and if you enable it, functionality is limited). And secondly, they roll their own cryptographic protocol.
Telegrams crypto is based on their own, contested protocol and is disabled by default. Telling someone to use that for secure communications is difficult because you also need to remind people to turn on encrypted communications.
Furthermore, signal and WhatsApp do e2e in group chats where telegram doesn't.
Dont get me wrong, I use Telegram daily (it's desktop clients far outperform any of its competitors), but it's not as secure as WhatsApp or Signal.
I'd classify Telegram as "maybe secure" but I wouldn't recommend it to people depending on the security of their messenger application.
Telegram invented it's own crypto, without an audit it's untrustworthy. There's only Signal and Keybase that has been audited, so Whatsapp should be excluded from the list of trustworthy IM apps as well.
Whatsapp uses the exact same technology as Signal. If you consider that Signal is fine based on an audit of what is clearly an older version (do audits come out every day with new Signal releases? No, so the code you're running wasn't covered by the audit) then Whatsapp is fine based on being the same protocols with different branding.
An audited piece of software with relatively minor changes is definitely far more trustworthy than a piece of software that is much much more different. Whatsapp is garbage compared to Signal.
Most cryptographers do not see Telegram as a secure encrypted protocol. This is for two reasons: the first one is that Telegram doesn't do end-to-end encryption by default (and if you enable it, functionality is limited). And secondly, they roll their own cryptographic protocol.
Telegrams crypto is based on their own, contested protocol and is disabled by default. Telling someone to use that for secure communications is difficult because you also need to remind people to turn on encrypted communications.
Furthermore, signal and WhatsApp do e2e in group chats where telegram doesn't.
Dont get me wrong, I use Telegram daily (it's desktop clients far outperform any of its competitors), but it's not as secure as WhatsApp or Signal.
I'd classify Telegram as "maybe secure" but I wouldn't recommend it to people depending on the security of their messenger application.
Telegram invented it's own crypto, without an audit it's untrustworthy. There's only Signal and Keybase that has been audited, so Whatsapp should be excluded from the list of trustworthy IM apps as well.
Whatsapp uses the exact same technology as Signal. If you consider that Signal is fine based on an audit of what is clearly an older version (do audits come out every day with new Signal releases? No, so the code you're running wasn't covered by the audit) then Whatsapp is fine based on being the same protocols with different branding.
An audited piece of software with relatively minor changes is definitely far more trustworthy than a piece of software that is much much more different. Whatsapp is garbage compared to Signal.
"without an audit"
It would be more accurate to say that they have failed every attempted audit of the protocol.
I'd love to read more about this, could you please provide a few links?