Comment by ethin
11 hours ago
Is this really something new? If memory serves, Telegram has had it's own crypto since the beginning, and I don't remember anything about it ever being audited by... Well, anybody?
Granted, I don't know how MTProto actually works all that well, but IMO Telegram should've just used Noise or something. Would've saved them a lot of trouble. Although that doesn't really resolve the underlying problem that people think Telegram is secure when it's not (i.e., you have to explicitly enable E2EE and it's off by default), at least last time I checked. I haven't used telegram in years so my knowledge might be out of date though.
Well, the article is from 2023, but what you remember is most likely MTProto version 1, which was even more ridiculously broken, iirc
> Granted, I don't know how MTProto actually works all that well
I suppose it's what the actual goals of the app are, potentially it works out very well for someone.
It was audited, found to have some serious flaws[0], then those were rectified.
Most people dislike Telegram because:
A) It takes away from Signals market share
B) They don't enable E2EE by default
C) They're owned by Pavel Durov, the Russian Zuckerberg.
I am aware that it's an unpopular opinion, but the FUD spread against Telegram and the hagiographies of Signal make me think something weird is going on.
Telegram has third party clients, so you can just roll your own client that runs another encryption on top if you want, like Pidgin used to do with OTR.
[0]: https://mtpsym.github.io
People in the US prefer Signal over Telegram because Signal was created by people who took security seriously, and Telegram wasn't.
People outside the US prefer telegram because they assume that Signal is probably compromised, or at least highly vulnerable to compromise, by US intelligence - they trust Pavel Durov's history of expropriation and arrest more than they trust some nerds who claim that our product is secure.
As someone that uses Telegram almost every day, the sad true is that most messages are not private. Most people simply don't use "secure chats". Not only it's not the default, but encrypted chats also don't work across devices.
So it shouldn't be a surprise that Signal users speak against Telegram. It's simply not private for most people. It's like recommending using Facebook Messenger (pre-E2EE)... privacy minded people won't do that. Signal itself is criticised by other more privacy minded users because it requires a phone number.
Signal doesn't have the best call quality (voice/video) especially on slow connections, sending media can be a pain in the rear, their desktop client is way too simple, they move slowly, etc. Telegram beats them in almost everything, but not privacy...
Between having to trust Durov forever with our texts and system that uses e2ee by default and may or may not (no proof) have some flaw, I think most people that want privacy will use the option that uses e2ee for everything.
D) They don't enable E2EE for groups at all
E) (I believe) don't enable E2EE with more than one device
F) They added a third-party verification so that Russian authorities can add an "A+" mark to channels who are complying with the new law and are registered (social network channels/blogs with more than 10K subscribers must be registered with the government now and have the owner identified).
D) True aside from group calls afaik
E) Neither does Whatsapp/Signal; they rely on a backdoor interface to your phone to send messages.
13 replies →
F) They don't allow E2EE on GNU/Linux, including phones and desktop.
I like how you sandwiched "the encryption story is bad" between two irrelevant social claims.
D) They moved to the enshittification phase and started displaying ads
I mean Durov is going down the deep end in the last few weeks. Messaging all Telegram user with an Emergency feature with a doomer manifest.
https://t.me/durov/452
This really bugged me. I led adoption of Telegram as our family-internal standard chat tool several years ago because I was more anti-Zuck than I was concerned about backdoors or overt politicization of Telegram. Since the Ukraine war began, there has been literally no positive news about Telegram and Durov has become increasingly political (especially since his arrest in France) in his all-users blasts.
With the amount of known use of Telegram by unsavory actors, combined with Durov's own leveraging of his platform for activism, I've been using Whatsapp more and more lately, and don't feel bad about that.
I respect Signal, but it's missing too many product features and it doesn't have the reach Whatsapp does, so it's not compelling as a switching option at this point, even for family use.
I was pretty ticked off about this. I don't disagree with the message content itself, but having political content pushed to me is a big no-no. If this kind of thing keeps up I'll be dropping my premium sub.
> with a doomer manifest
Can you point at anything in his message that's not factually correct?
4 replies →
Seems pretty cognizant of the modd of entire HN front page past few weeks honestly
1 reply →
telegram is NOT safe. Far from it.