Comment by supermatou
17 hours ago
Excellent article about Telegram's encryption from Matt Green (cryptographer, for those who haven't heard of him):
https://blog.cryptographyengineering.com/2024/08/25/telegram...
17 hours ago
Excellent article about Telegram's encryption from Matt Green (cryptographer, for those who haven't heard of him):
https://blog.cryptographyengineering.com/2024/08/25/telegram...
I was gonna post "why do people keep calling it 'encrypted' if the encryption is not on by default?" It has always seemed odd to me that it is put into the same category as WhatsApp and Signal (which even those are a bit weird to compare).
What confuses me more is how passionate people are about Telegram. Weirdly I see those posts degrade into Signal vs Telegram and it really feels like apples and oranges but very one sided. I get that Telegram is more feature rich, and that's a good argument, but feels weird that many argue it is also more secure. Some of those arguments even appear in the thread r721 linked.
I like Telegram because it gets my friends & family to not do everything in SMS or iMessage. If I'm the only one using it, what's the point after all? Feature-wise, the app is nice to use, and one I can use on all platforms, even Linux.
Since it has a public API, I can easily make a custom frontend if I ever want to. Most social media does not offer this or tries to lock you into their shitty ecosystem.
I basically just treat it as unencrypted, but the pretend encryption features at least puts the company in a position where blatantly selling data would be a liability. In this respect, I place it on the same level as WhatsApp. Because even if WhatsApp has solid encryption, all it takes is one forced update from Meta to undo all that. They are like the inverse of each other.
My uncle is the only one I know who refused to use Telegram, insisting Signal was better and because he didn't want to use something with vague connections to Russia. Yet even he did not actually use Signal, and simply insisted if we should all switch to something it's either that or he sticks to SMS. So well, when I couldn't sell Signal to anyone else, Telegram it is, sorry uncle, but Verizon is pretty transparent about how they sell all my data.
> vague connections to Russia
Vague only if you don't follow the news. Telegram has added "third-party verification" [1] around January 2025 which conveniently and accidentally coincided with time when Russian authorities made it mandatory to register social network channels having more than 10K subscribers (I was secretly hoping Telegram would instead hide the subscriber count). Such channels are required to add a government bot with high privileges for verification. Note that announce for 3P verification doesn't mention Russia at all and contains some unrealistic examples instead, like a fictional game "Great Theft Starship" channel verified by "Bug-free Agency". Who on Earth would need that.
But to be fair, the western companies are the same, once government hinted they need more control, the companies rushed to introduce face-based "age verification" which allows identification. I would rather use some other body part for this.
[1] https://telegram.org/verify#third-party-verification
People using Telegram doesn't bother me. People calling Telegram secure or "more secure than Signal" does.
But I'm curious, what makes Telegram an easier sell to your friends and family? I've gotten most people to switch over to Signal and the hardest problem is just getting them to use another app. I would be surprised if the API is the killer feature lol. And very few people seem to be concerned with the phone number thing with Signal. So I'm just curious, what is the features that normal people are missing?
> Since it has a public API, I can easily make a custom frontend if I ever want to.
Note that you need to get an API key for that, and there are additional conditions for getting it (for example, you cannot remove ads in your version, you cannot remove Instagram-like "stories", and so on).
HN discussion (2024): https://news.ycombinator.com/item?id=41350530
Thanks! Macroexpanded:
Is Telegram really an encrypted messaging app? - https://news.ycombinator.com/item?id=41350530 - Aug 2024 (583 comments)
and another one from king of encryption in golang
The Most Backdoor-Looking Bug I’ve Ever Seen
https://words.filippo.io/telegram-ecdh/
Note that this is about MTProto 1 and not the MTProto 2 under consideration here.
note that it has a note related to MTProto 2
Yeah this one isn't relevant at all to the current protocol version.
I think he is professionally called Matthew Green.
Know about him for at least 3 decades as I read almost all of his published works.