← Back to context

Comment by taminka

11 hours ago

can anyone explain why telegram doesn't use an audited e2e implementation? is it really because they wanted more convenient and faster cross-device sync? have they been threatened and/or backdoored by the fsb? they basically stole vk from him, but left him alone w/ telegram?

it's suspicious, but at the same time, iirc, nobody's been able to find a vulnerability in their encryption protocol :shrug

The first version of MTProto was found to have weaknesses.

The reason they rolled their own was because it came out before the Double-Ratchet/Axolotl protocol and OtR (which double-ratchet is essentially based on) was extremely inconvenient to use properly and had its own weaknesses.

  • > The reason they rolled their own was because it came out before the Double-Ratchet/Axolotl protocol and OtR (which double-ratchet is essentially based on) was extremely inconvenient to use properly and had its own weaknesses.

    this actually makes a lot of sense lowkey, thanks :)

1,2) NIH syndrome 3) We don't know 4) Expropriation isn't "basically stolen", Telegram was a tiny side project at the time