53 comments

[ 2.6 ms ] story [ 97.2 ms ] thread
So does the NSA (Telegram is still not encrypted end-to-end by default, lest we forget).
I thought Telegram had security issues beyond that as in non validated crypto?
Didn't they offer a bounty for anyone braking their crypto? I am not sure - but thought I heard something like that.
Yes, which is exactly why you should not trust it. Bounties are no substitute for an audit by professional (or academic) security researchers, and if the expected value of exploiting the vulnerability (i.e. to the NSA) is greater than the bounty payout, the person who discovers it would do better to sit on the information.

From 1998: https://www.schneier.com/crypto-gram/archives/1998/1215.html

Thanks for pointing that out. Wasn't aware of this line of very valid reasoning.

Kudos and hat tip.

Yet it's the only user-friendly, "full featured" messaging app that offers an E2E option.

I'm not a fan of Telegram. Their custom crypto and arrogance while seemingly denying any issues doesn't inspire confidence. Yet I have not found another option that's friendly enough to get other users to sign up for. I tried TextSecure/Signal, but message deliverability wasn't reliable enough, and it lacks things like sending voice messages. It feels less polished than Telegram, which impacts users wanting to use it.

I don't use Telegram, but Threema seems "full featured" enough for me. It is proprietary though. It is what I recommend to friends until TextSecure/Signal is good enough.
The problem is that most of my family and friends won't pay for a messaging app. Messaging apps are seen as something that is (always) free. So, the incentive to switch from Facebook Chat, Hangouts, or Whatsapp to Threema is near zero.

Although I haven't pushed any messaging app, at least some of my friends are on Telegram.

iMessage is pretty user-friendly, "full-featured," and end-to-end encrypted for those inside the Apple ecosystem.
With zero way to verify the E2E, right?
True, but is Telegram any better in that regard, really? It's protocol is at least open source, but the threat model is basically the same as Apple as far as I remember (it's been a while since I looked at it).
Yes, with the added bonus that you can talk to people that don't want to own Apple hardware.
I would use Signal but the UX isn't great.
> “If you have WhatsApp on your phone and your battery’s low and your phone goes dead, suddenly you can’t get access to your messages. It’s over. It’s not cross device. It doesn’t have cross-device sync. You can’t send documents or big media. There are lots of limitations in the group chats, in your communication. It’s not private. So I’m not sure I was a big fan of WhatsApp about three years ago, and I’m not sure I am now,” he said.

Unfortunately, E2E encrypted chat doesn't work when using these multi-device features, and so most contacts of mine don't use the privacy or security features of Telegram.

How doesn't it work? Having a shared passphrase would work just fine - and it wouldn't even be more complex UX wise. Not being able to receive WhatsApp messages on two devices is one of the major annoyances with having browser tethered to the phone being the second in line.

Especially when you have flakey wifi on the phone it gets really unbearable.

It can; Apple's approach is to distribute lists of public keys instead of single ones. The seem to have the same threat profile: Apple can be compelled to silently add a public key to the keybag; Telegram can probably be compelled to silently replace a public key with an MITMed version.
You're right and I believe WhisperSystems is doing something similar (or was at least working on it last year when I spoke with one of the developers). I vaguely remember them claiming that group chat is about the same as multi-device, cryptography-wise.

I specifically meant Telegrams E2E implementation. Apart from other problems with it [1] the fact that it's not on by default, as others have stated, makes that most people (especially non-technical users) don't use it.

[1] https://github.com/zhukov/webogram/issues/126#issuecomment-1...

It does work, Silent Circle does it, for example. It's much more complicated and thus much more prone to failure and complicated UX, but it does work.

In the trivial case, you share the key between all devices. This loses you a bunch of security, but it demonstrates trivially that it works. You can also just encrypt the message once per device, which increases your data volume, but is a good compromise otherwise.

I've gotten most of my friends to switch to Telegram from Hangouts and SMS.

Love all the features, especially group chats.

Why? Group chats aren't encrypted. What's the advantage?
It's a beautiful app with features being added every month or so. It really feels like the people behind this care. I've also managed to move most of my (at least the tech-savvy) friends from Messenger/SMS/WhatsApp to Telegram.
Access from multiple devices, lightweight client (hangouts is quite a resource hog on older devices), free (as in free beer for the protocol and free software for the client).
I've only ever heard people mention encryption on sites like HN etc. Do you guys think the normal IM user (vast vast majority) care in the slightest about encryption? Not trying to sound snarky.
Telegram was sold as the "secure messaging app".
Ok, did not know that. I do wonder if the majority of the users use it for that, or if they followed the early adopters that, obviously, care about that.
Sharing media is very easy, especially multiple pics.
Telegram group chats ARE encrypted (in transport) they're just not end-to-end encrypted. Telegram themselves (with server access) could potentially read the messages.
I have trouble encouraging people to migrate away from Facebook chat, even people I have on Telegram, often choose to contact me via Facebook or Hangouts (that latter because of its XMPP support).
Telegram is a pro-privacy app? In what universe?
It is an illusion of privacy app.
Yeah, which is worse because it creates a false sense of security.
Why not use TextSecure/Signal? It's now available on iOS and Android, is open source and encrypted by default.

I've tried Telegram, but only 1-on-1-chats could be encrypted, and also only optional.

Perhaps because the lag is a bit of a pain.

I use textsecure. Sometimes messages arrive nine hours late.

Really? My experience has been that for some reason, on some phones, messages are only downloaded when the app is opened, which is really annoying but seems to be an interaction-with-the-OS issue rather than a networking issue.

However, messages are always sent and received immediately on phones without this issue (still in my experience).

On my phone (a Nexus 5 running CM), messages arrive promptly on most days, but on some days they only arrive when I open TS. On my wife's phone (different brand) they mostly arrive only she opens TS.

But that's a digression. The point of my comment was that this experience can be rather a turnoff if you happen to notice it really soon after your first install. It's easy to believe that a whole group of people is turned off by one member's negative first experience.

iMessage, Facebook Messenger, Google Hangouts, and plain old XMPP all let me switch to my laptop keyboard when my thumbs get tired. That's table stakes in the messaging game. Until the promised browser extension is released, Signal is as worthless to me as Whatsapp.
Because Telegram supports many more platforms. I'm using Telegram on Linux (terminal client), Windows, Windows Phone. My wife uses the web client. Other friends use Android and iOS clients.

For messaging apps, platform support is crucial.

(comment deleted)
Signal has limited platform support, e.g. I can't use it on my OS X desktop nor is there a version for the iPad (I could us e the iPhone app but I'm not a savage and the user experience actually matters to me).

Worse though is the complete lack of support for using the same user profile on multiple devices, I want all messages to follow me where ever I go on whatever device.

Signal is nice and all, and I want it to succeed. I try to help in that regard by providing and maintaining their Danish translation (as well as for similar apps and services, except Telegram who despite repeated requests have not opened a Danish translation on Transifex).

I'm surprised by these numbers. 60m monthly actives generating 12bn messages per day. So on average each active user sends 200 messages every day. That seems astoundingly high. Can someone more familiar with engagement metrics for this type of service comment?
That probably means people use group chat.

Suppose five people chat for a minute. 20-30 lines of text sent to four people (5 minus the sender) equals 80-120 countable messages. And if Telegram users act like on some old IRC channels, and have long-running chat sessions that most attendees don't pay attention to, you can get thousands per day per user.

i have 5 active group chats (i had to turn off notifications for telegram on Ubuntu Phone because of this)
Got it. I was approaching it from messages sent, not messages received. I wonder if they are also counting messages received per device, rather than user. E.g. If I have a phone, a tablet, and a desktop, does every message I receive count triple for this metric?
They might also include presence messaging to inflate their numbers.
Unlikely; people's presence wobbliness may have grown since February, but by a factor of 12? Nah.

I have a feeling that the main change may have been a better UI on the group chat.

I am pretty sure they are including automated bot messages in the 12bn value. No way average user messages is 200 a day.
Yes, there is absolutely no doubt they are including service & bot messages in to the count. And they are plenty.
i think its reasonable, i push similar numbers.
I can’t comment with much more detail, but that number sounds reasonable to me.
I use Telegram daily and like it very much, but one thing has bothered me for so long, that there is no meaningful way to search through messages in a language like Chinese. It looks that they only allow search with words, not in characters within words. It is so arrogant for them to ignore this for so long after users brought up the issue.