Comment by maqp

Telegram clients are open source. Anyone can verify that the client does the end-to-end encryption correctly.

Telegram has had its own history of really weird issues with its encryption protocol, like the IGE, 2^64 complexity pre-computation attacks, IND-CCA vulnerability and whatever the hell this was https://words.filippo.io/dispatches/telegram-ecdh/

But these are not the big issues here. The issues Green's blog post highlighted were

* Telegram doesn't default to end-to-end encryption.

* It makes enabling end-to-end encryption unnecessarily hard

* It has no end-to-end encryption for groups

Those matter gazillion times more than e.g. a slightly older primitive would.

End-to-end encryption matters because Telegram is not just a social media or Twitter wall. It's used for purposes that deserve privacy, and Telegram isn't providing.