Many in the crypto and privacy community mistakenly trust Telegram because it’s “end to end encrypted”, but there are huge issues including not hiding the metadata, censorship, centralization, and phone numbers.
Send this video to your friend that asks why you won’t join: https://video.simplifiedprivacy.com/why-telegram-sucks/

  • Dark Arc@social.packetloss.gg
    link
    fedilink
    English
    arrow-up
    43
    ·
    edit-2
    1 year ago

    Wow, not to pick on the narrator, but this comes off like the worst small town used car dealership TV advertisement I’ve ever seen.

    Here’s a real rundown I’ve put together over the years:

    Pavel Durov’s argument is that there should be a high functioning UI/UX experience for “non-secure” communication, and when you need it there’s something much closer to Signal’s very secure client-to-client encryption.

    Arguably Telegram secret chats are even “close enough” to cloud chats an adversary might not notice you’re doing the “super secret things” (making it harder to identify what to target).

    MTProto Cloud: https://core.telegram.org/file/811140746/2/CzMyJPVnPo8.81605/c2310d6ede1a5e220f

    MTProto Secret (Wrapped in MTProto Cloud): https://core.telegram.org/file/811140633/4/hHw6Zy2DPyQ.109500/cabc10049a7190694f

    They also provide verified builds even on iOS (though it’s a bit of a hack, not “really” quite the same thing).

    The only things that can really be said about Telegram’s secret chat crypto are that:

    1. It’s not “the default”
    2. It’s their own crypto (i.e., they broke “rule #1” and “rolled their own”)

    Ultimately though, it’s been just shy of 10 years since Telegram entered the scene, and nobody has actually broken Telegram crypto in any meaningful way – AFAIK, to this day. Still, there are hypothetical holes in the crypto when scrutinized vs something like signal. So, is it as good as Signal or Threema? Eh, probably not, is it good enough for the average person that isn’t target by a nation state? I’d say probably.