ad1: starting from quite a long time, secret chats use MTProto 2.0 which is build on stanard crypto primitives you're seeing everywhere. Read it here high level: https://core.telegram.org/api/end-to-end and free to verify on github.
ad2: this is not true, and is discussion about user choice, not security.
please do not spread false old information. world changes.
Can't comment on WhatsApp's security profile, but it's probably the least convenient among the messengers I use - there is no easy way to access the API to set up a bot for my personal use or do any other kind of scripting / automation. I hope that it will change at some point.
Who cares? You can't verify a server's claim that its software was actually compiled from some specific source code, so this could be a valid criticism of any service.
Signal is no better from Telegram because it doesn't allow anonymous usage without a phone number. And Telegram has relatively lightweight native non-Electron apps.
WhatsApp is bad, but Telegram isn't great either. All chats that you haven't explicitly made "secret" are not end-to-end encrypted. They're apparently "encrypted", but the keys are controlled by Telegram.
Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.
Their reason for why you can trust them with encryption keys was "we didn't hand them over to <insert country here> and so they banned us where we could have cooperated and continued to have operating in said country", which seems like a pretty weak argument.
For truly decentralised, private and encrypted communication, I highly recommend matrix+riot.im.
EDIT:
> To support this idea, Pavel Durov claims that Telegram is banned in Russia and Iran, where both governments asked him for encryption keys to access the platform’s messages. Hence for refusing the proposal given by the governments of those countries, the app was banned.
Even if telegram hasn't handed over keys so far, the fact remains that the keys are still controlled by them and tomorrow if they wished they could read/expose/publish/share all "private" communication.
Think of it this way. If Bezos had been using telegram like is recommended in the article and the CEO of telegram wanted to spy on Bezos' chats, he would have totally been able to.
They say that chats don't have e2e by default so that they can be backed up to the cloud [0], but there's no reason why you can't back up encrypted chats and ask the user for a pin and decrypt them on-device.
Furthermore, telegram forces you to link your account with a phone number, and that acts as the primary (or only) form of authentication, opening you up to sim-jacking.
Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.
So Apple will boot an app that gives users the ability to send adult content to other users....?
That is completely ridiculous and if that is the reason Telegram is policing adult content then Telegram is ran by idiots. You can use any IM app to share adult content, there are plenty of groups on Whatsapp sharing porn, there are plenty of groups in iMessage sharing porn, there are porn accounts on Instagram and twitter, hell the entire reason snapchat even exists is so that you can send self destructing nudes to people.
The idea that an app will be banned due to content shared with people using the app, and not uploaded and/or hosted on some public website accessible to anyone (CP on tumblr) sounds completely ridiculous to me.
I disapprove of Apple’s puritanical approach to sex, and agree that this is ridiculous given that the logic applies equally well to literally all apps with groups or arbitrary URL web access, but it does appear to be the sincere justification for this situation.
A thought: I hear that most of the complaints about “adult” TV channels crossing the line from “broadcastable” to “violating obscenity laws” are made by their competitors. Perhaps a similar thing happens here? That at least one of Telegram’s competitors constantly look for reasons to get them blocked from the App Store?
There are other apps that use universal e2e encryption and have not been banned by Apple. Also if someone idi want to use Telegram for seedy purposes, they still can by enabling full security, so it’s pretty clear this excuse is flat out bogus. Otherwise all the same arguments would apply to the other apps.
- A ton of cam models have private snapchat accounts where they share porn of themselves
- Reddit is basically a cornucopia of porn
- I can subscribe to a porn email list
- Share nudes to a group of friends on Facebook or even SMS
- I can join a hundred Discord channel to satisfy every single weird ass fetish I have,
- I can outright buy porn from Amazon and have it home delivered in 30 minutes.
And that's just from the top of my head. I'm sure you can find a metric ton of other apps that provide their users with easy access to sexual content. None of those apps will be banned for it since that is not the primary purpose of any of these apps. It's simply something that you're able to do with the tools provided. This is like banning all knives just because someone got stabbed.
If your plan is to ban apps that provide access to pornographic content, then you're gonna have to do a lot of banning.
I would also argue that a public blogsite where tagging and discovering new content is one of the key selling points of the platform, is very different from a Telegram channel where you need to specifically know the channel name to even join. As long as Telegram puts forth their best effort to eliminate illegal content from channels, they should be fine.
It might be OK for one app to allow such content and it might be not OK for Telegram. Because Telegram earlier had issues with Apple [1] and if they violate Apple's rules again it would become a convenient excuse to remove Telegram from App Store.
You are trying to find a reasoning in Apple's decisions, but isn't it easier to assume that not all apps are equally welcome in a private app store?
> So Apple will boot an app that gives users the ability to send adult content to other users....?
Yes they will, if they're on channels (which are considered public).
Not only are Whatsapp groups and Snapchat chats are considered private, those companies have much more clout (and lawyers) than Telegram. Facebook threatening to remove Instagram/Facebook/Whatsapp from iOS would hurt Apple more than Facebook.
Side note: Even lists with no adult content, but referring to adult activities get banned. The creator of an app listing Burning Man events had to remove all references to adult workshops or get the banhammer. Apple's walled garden, Apple's rules (sigh).
That's ridiculous. There are plenty of Reddit apps out there, for example, and they are just fine.
Telegram folks are just afraid that obscenity laws will be used against them by officially-not-censoring-but-actually-pretty-curious-about-everyone's-communications governments, like UK, France, Italy, and so on. "Oh, you cannot police your underage nudes? Law says we have to do it then, hand over the keys or shut it all down. We will absolutely not use these keys for anything else, honestly, uh-uh..."
That's the charitable reading that doesn't insult anyone's intelligence. I still don't particularly trust Telegram not to cooperate with authorities anyway - any centralized model is doomed to, at some point.
I understand that with MTProto 2 they stepped away from their homecooked crypto and follow a more traditional scheme which on the surface looks OK. It's still not the default (you must enter into a 'secret chat'), but if you do, isn't it acceptable? Telegram now is one of the last remaining clients that has excellent device support, its available for everything.
It's possibly because secret chats need to be started interactively (you can't send a message until the other party has come online), and later cannot be shared among different devices (open the same channel in desktop|web|mobile), so it degrades UX.
Signal has only e2e and is able to offer synced chat between phone and desktop - the phone just sends the content to the desktop instance and vice versa.
I think it's because they want to give both usability (history shared between devices) and security (E2E encryption). Not anybody or any kind of conversation need encryption, so you as the end user can choose what's more appropriate.
TBH I don't know how other secure messaging programs like Signal or Wire handle the multi-device history issue.
From what I understood, each time a new device joins the conversation, a new key is generated for everyone in the conversation (and each devices), so they are allowed to decrypt others' messages. That being said, they can't access chat history.
With signal each registered device will receive a copy of the chat while that device is registered. If a new device is enabled afaik it doesn't get sent any messages from the past, although technically the other devices could transmit previous messages.
Groups on Telegram can have 100k+ members. Enabling Signal like E2E encryption scheme and ensuring you can have that many members in a group is basically impossible. See this video to understand why, https://www.youtube.com/watch?v=Q0_lcKrUdWg
I guess they could enable E2E encryption in private messages but being able to sync conversation across different telegram clients you are logged into is one of the features. Enabling E2E encryption by default will probably break this. I guess they could try and implement it like Signal has done for Private messages but I don't know why they have not done that already.
It's about priorities. Signal's priority is security. If the current state of the art is you can chose security or foozles, then Signal doesn't have foozles. If people really want foozles then they need to do the work to figure out how to deliver foozles securely and then Signal can integrate that work.
All of the other products have some other priorities, and so if security gets in the way, too bad security loses. Even WhatsApp, which uses the Signal protocol, has other priorities so the actual client software isn't focused on security, they were just happy to get a secure protocol out of the box.
The interesting thing is that years of research hasn't found many things that are just plain impossible securely, there are just a lot of unknowns or places where the secure option is harder. For example when you add a popcorn GIF to a chat Signal proxies this twice, masking your request from the GIF provider (Somebody used a popcorn GIF but the GIF provider doesn't learn who) and also from Signal's own servers (ishanjain28 used a GIF but Signal doesn't learn which one). Most outfits wouldn't bother, who cares about security anyway? But the feature now just works, without unnecessarily giving away information to people you might not trust.
_native_ clients, mind you. Their desktop client is built on top of (heavily patched) Qt and is relatively light on resources. That's pretty rare these days, unfortunately.
What is the point of going truly native on apps like chat?
They have a web version anyway and with Electron for desktop and webview for mobile, they can concentrate on the responsive single design instead of hiring different talents to communicate with each others left and right to slow down their development with inconsistencies.
>>Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... I don't like them much.
My understanding was that it isn't Telegram that bans them, but Apple that doesn't let certain channels be shown in the iOS app. Android and the web version show all channels.
Apple doesn’t dig into third party apps to police their forums, chat channels and content. That is very clearly the responsibility of the app developers. More bullcrap excuses from Telegram. Come on. E2e disabled by default, phone numbers exposed by default. Channels stalked by moderators. It’s a joke.
My understanding was if Apple got a report about NSFW/hate speech/whatever channels, then they had to be hidden on the Apple version or else the app gets pulled from the app store.
As to the rest of the app's quality, no idea. I use it on my phone and it seems OK, but I've not really dug into it.
Happened to us, we built a bot[1] to buy and sell bitcoins privately on Telegram. Someone messaged me saying that they would get a 'SCAM' label on our bot if we didn't pay them the ransom. We didn't comply and within a few days we got the label(guess they managed to get a lot of accounts on our bot to report scam). Their support team was unresponsive and it took around 3 weeks to get it resolved.
Needless to say, our users lost trust and we couldn't risk this happening again.
We still run the service(from request of a few existing users) but not actively promoting it.
End-to-end encryption is available, but not yet enabled by default for private rooms/direct messaging. See this for status, it seems it will soon be enabled by default: https://github.com/vector-im/riot-web/issues/6779
It is amazing how fast the goalposts can move to fit a narrative. So chats in Matrix are not E2E encrypted? The very thing Telegram is being called out for in this thread?
If the chat isn't e2e, you are warned at every moment because the message text box that you type into prominently says "(unencrypted)". You can easily enable e2e for all conversations, and it will soon be the default. The data is on your own homeserver, and no one else has access to keys. Riot/matrix is vastly superior to telegram.
Edit: also, telegram doesn't support e2e encrypted group chats, unlike riot.
One of them does rather dishonest marketing, the other is upfront about capabilities and defaults.
Telegram: we do E2E!* That makes us MORE SECURE than other messengers!
Matrix: you can enable E2E if you want.
* just not by default†
† unless you count "E2E" security between your client and our servers,‡ which we'll confusingly highlight in our security documentation as if it were special††
‡ you don't really need E2E anyway because we store your data in shell companies across the world
†† I guess it is "special" because Telegram invented its own crypto algorithms?
I'd like Telegram a lot more if they would stop with their bullshit claims, because it's actually a good service for some usecases. While reading the article I was hoping it was just written by a clueless Telegram fanboy, but reality is disappointing…
> Furthermore, telegram forces you to link your account with a phone number, and that acts as the primary (or only) form of authentication, opening you up to sim-jacking.
Linking phone or use it for 2FA should be like red light today. For Telegram, banking app, don't matter.
Actually, there's something interesting to note. If you enable 2FA, it's not possible to recover your account without either the password or the recovery email (if any). However, via SIM-jacking an attacker can still erase all data in your account and then take it over.
> Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.
You can disable that behavior in your privacy settings iirc
Because most people are not privacy conscious and just want their messaging app to work (including having people know they are available to message on said platform).
Sorry, you are right. That being said, it's a remarkable approach to messaging. E2E, decentralized, can be used over WiFi, Tor, Bluetooth (In case there is a blockage)[1]. Has been pentest reviewed[2] before the first release.
Or to sum up:
"Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging tools such as email, Twitter or Telegram, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices. If the Internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the Internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance."
> Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.
If you are uncomfortable about content being read by humans -- (they claim) that only happens for public channels (open for anyone to read/search)
> They're apparently "encrypted", but the keys are controlled by Telegram.
Yes, but they take steps to ensure they cannot easily be forced to decrypt chats via a court order in a single country. From the Telegram FAQ:
To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data.
> Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.
AFAIK messages are only forwarded to Telegram support if they are reported by users. Chats spreading pornographic content are often banned on iOS due to the App Store guidelines (and in certain countries due to local laws), but illegal channels (e.g. CP) may be blocked globally.
> Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.
This is not true anymore, a while ago they added new privacy settings that allow you to prevent others from finding you unless they are in your Telegram contact list. (Of course, this means if you don't want anyone in your phone's contacts to be able to find you on Telegram, you should deny the app contacts permission.)
> Yes, but they take steps to ensure they cannot easily be forced to decrypt chats via a court order in a single country. From the Telegram FAQ
Again, this is just what they claim. Doesn't mean they don't read chats because they feel like it. And this doesn't mean that they won't cooperate with other entities in the future. Or that the keys won't get leaked.
Your data being encrypted is pointless if it's stored one someone else's servers, and they have the keys to it.
IMO it's a reasonable trade-off for general use as a chat platform with public groups and all, you can use secret chats if you really want to be confident in your privacy. Maybe they could add support for end-to-end encrypted groups though.
If we are going with a conspiracy theory that whatsapp deliberately included a buffer overrun bug as a backdoor... then why the heck would we trust telegram about this?
I see no reason why open source helps here. Closed source clients aren't black boxes. You can examine the bytecode. You can decompile the binaries.
I see no reason why a conspiracy dedicated enough to hide a backdoor as a buffer overrun wouldn't also be capable of making the Telegram server store key material in a single country to make it available to legal requests (since, as you say. the back-end software isn't open source).
Bytecode is basically the same as source. Decompiled binaries are harder to read, but there are oodles of professionals who are very skilled at reading decompiled code. The actual structure of the program itself plays (to me) a much bigger role in the auditability of a system.
Really. It's a constant fight between Telegram and the not-so-great Russian Firewall. There are actually public channels you can join in Telegram that run a tally of Telegram IPs blocked by Roskomnodzor.
We even had a speaker advertise a telegram channel for everyone I was there with to talk to each other, and the Russian audience laughed to his amusement. I didn't get the joke; kind of funny now.
I still never ended up using it, have too many messaging apps as it is. It's really sad how much that can limit staying in touch with international friends though.
It's my understanding that one reason people like Telegram is unlike Signal, you can use a username and hide your phone number. (Please correct me if this is incorrect, I don't know anyone who uses it so I stick to Signal)
Signal is the gold standard for confidentiality, but forcing folks to disclose a phone number as a primary identifier has privacy issues.
I use both telegram and signal and I find that the general user experience (syncing chats across devices, bots, rich media types) is better in telegram, at the expense of privacy.
Telegram also has native, non-Electron apps, for many platforms, could it be an advantage? It also has convenient public chats and "channels" (microblogs). It has support for proxy servers, allows sharing proxy servers and has traffic obfuscation which Signal (I assume) doesn't have.
But for me Telegram and Signal are equally insecure because they don't allow anonymous accounts without a phone number. Using phone number for authentication is insecure because it is very easy to intercept SMS messages, especially if you are a telecom or the government. You better avoid using such messengers and not support them unless you want to provide your ID in future for registration on any website.
The native apps certainly help… Signal’s desktop app is pure afterthought and it shows.
The other thing is that Telegram is just far more feature rich. It feels like what you’d like expect from a modern messaging app.
Perhaps the most unfortunate thing about this all, though, is that third party devs can’t make their own Signal clients to try to improve the situation. If you want to use Signal, you have to take it with all of its warts, and that’s a hard sell.
Last I tried WhatsApp it refused to let me use it without giving it access to my entire contact list. Even when “giving it access” to a blank list via PrivacyGuard, I couldn’t see a way to add a contact manually. That was a deal breaker for me.
Contact list access is literally THE thing that makes WhatsApp valuable to Facebook. You lock down that and they are now staring at a massive hosting bill with nothing in return.
I think that the actual discussion's metadata is more valuable that the contact list itself.
Knowing that I discuss everyday with X, is more interesting than to know that I somehow have the phone number of A,B,C,D...X,Y,Z.
But yeah I agree that's not surprising. When I personnally hit this issue I was like "ain't that a good old facebook product behind all that fresh paint"
I was willing to let it have my phone number, which is the thing that would cut down spamming (as a hard-to-generate-in-bulk identifier). I just wasn't willing to give it my contact list.
On the contrary; having to type each in Whatsapp is much harder than just bulk importing to Android contacts, which you can do by the thousands at once.
You used to be able to set up different user profiles on Android - I set one up just for WhatsApp, and only WhatsApp contacts went in it.
I am dismayed to find that my new Android phone no longer has this feature, except as part of some bullshit "work profile" nonsense that apparently isn't possible for me to set up by myself, on my own phone. "You'll need a code from your IT admin", I'm told, and "a management tool will be downloaded and used by your IT admin to manage your work profile". Great.
Same. I had a visiting relative from overseas who needed to contact me and WhatsApp was their only means, but despite installing the thing and using my Google Voice Number to register, the thing refused to let me do anything without giving the thing carte blanche access to my contacts. No thanks. I had to ask my spouse to use her existing WhatsApp profile to contact the number.
There's zero technical reason why I can't have a silo'd list of contacts WITHIN WhatsApp. Facebook knows it. Fuck them.
> Had Jeff Bezos relied on Telegram instead of WhatsApp, he wouldn't have been blackmailed by people who compromised his communications
You can have a healthy debate about whether Telegram is a better option than WhatsApp for the average Joe (I don't think it is, but that's just my opinion). Jeff Bezos is not the average Joe.
The idea Telegram somehow offers people like Bezos more protection than WhatsApp from nation state attacks is crazy. Pavel Durov is irresponsible for suggesting otherwise.
If you're a Bezos level target and Saudi Arabia wants your messages to blackmail you, they will get them. This is a country with effectively unlimited resources and no moral qualms. The app you're using is irrelevant.
President of Ecuador was forced to give up Julian Assange because he was blackmailed using content from conversations he had with his relatives in Telegram. This makes me think that Telegram is not as safe as it tries to appear. At least there's a backdoor for CIA/USA government.
Yeah I've found that too but it's quite thin. This inapapers.org link strangely links to facebook. Don't know what to think about that. Especially with all the other sources for data mentioned there I'd assume they had control of the device not really access to the apps.
Yes, but I doubt there's will be anything more substantial. It's kind of information that is only useful if kept secret. If everybody starts to distrust some IM network because there's a proof that it's wiretapped, people will start using something else.
The only mentions of Telegram on that page also mention WhatsApp right next to it. I’d love to read more about the alleged Telegram hack/leak but this link does not appear to be a source for the accusations levelled upthread.
Also, his phone can be hacked. After Snowden revelations I do not trust any piece of electronic equipment. I don't worry because I don't believe any privacy is possible in contemporary society. Every device has tons of bugs. Every application I use phones multiple networks gathering facts about me.
Just yesterday I've visited Off-facebook activity and was very surprised to find there information that I though nobody could trace back to me. And I believe it's only tip of an iceberg. Probably there wasn't even direct wiretapping - it was guessed by comparing some patterns of my checkins or pages I've browsed.
Still, I don't believe Telegram and Pavel Durov. Also, the first story I've read about this case mentioned only Telegram. I'm not sure I can find it now - it was almost one year ago - it's long gone from my browsing history.
At least WhatsApp has End to End encryption by default. I would be surprised if more than 1% of Telegram communications were similarly secure. I also find the constant mention of the vulns being "backdoors" disingenuous.
I'm a big fan of Telegram for its top notch bot support, but I'm flagging this submission.
If you activate WhatsApp on another phone while your first phone is still active and you open both apps it will copy them over, but that wasn’t the point I was making.
The case for whatsapp web is absolutely true- and you can’t say that it 100% doesn’t have any remote admin features, because it’s closed.
EDIT: I'd like to clarify; many people's reasoning seems to be:
> If you activate WhatsApp on another phone while your first phone is still active and you open both apps it will copy them over, but that wasn’t the point I was making.
To my knowledge, that's not true. But even if true, that doesn't mean e2e encryption isn't in effect.
---
> The case for whatsapp web is absolutely true
The web interface is completely driven by your phone, acting as a remote control and WhatsApp still doesn't have access to your conversations.
https://signal.org uses the exact same model and it's open source, so you can review it.
It is true that WhatsApp being proprietary, Facebook could insert local content scanners that bypasses e2e encryption. Which they actually threatened to do in the past, not sure what the status of that is.
But in spite of this, WhatsApp is still much better than any other service that doesn't do e2e encryption by default. Yes, I'd prefer Signal.org personally, but it's not what my acquaintances use ¯\_(ツ)_/¯
And I'll never use Telegram, unless it reaches FB Messenger levels of popularity.
> To my knowledge, that's not true. But even if true, that doesn't mean e2e encryption isn't in effect.
It's not true. I just recently switched phones. If you activate your phone on the app, you can't use the app on your previous phone without authenticating again, and it only shows your local history. I lost all my history when moving phones, as I chose not to back up my messages (who would?).
> I lost all my history when moving phones, as I chose not to back up my messages (who would?).
The trick is to use the local backup option (it's encrypted with a key from the whatsapp servers, but all the files are kept on your device), and use syncthing to copy the whole folder structure (containing the backup and the media) to the new phone before installing whatsapp. When first run, the whatsapp client detects the presence of that backup, asks whether you want to use it, gets the key from the whatsapp servers (after you authenticate your account), and restores the backup.
(By the way, Signal can do the same trick, but it's slightly less user-friendly: the encryption key does not come from the signal servers, it's a sequence of numbers you have to write down and type on the new phone.)
> The web interface is completely driven by your phone, acting as a remote control and WhatsApp still doesn't have access to your conversations.
> https://signal.org uses the exact same model and it's open source, so you can review it.
To be clear, Signal's desktop interface does not work like WhatsApp's web interface: Signal is not completely driven by your phone. Signal Desktop can still send and receive messages even if the phone it is tied to is completely off.
I might have misunderstood what you're trying to say, but wanted to clarify this.
> If you activate WhatsApp on another phone while your first phone is still active and you open both apps it will copy them over,
This is not true on Android. You cannot activate WhatsApp on 2 phones at once. If you try, the first will instantly deactivate and will not do any copying of messages. Message restore is from Google Drive backups. There is also a way to backup to a file, but it's an unsupported hack.
Since both client and server side are proprietary, it can't be proven that the OpenWhisper implementation wasn't tampered with. and it's very disheartening to see Signal licking WhatsApp's metaphorical feet every step of the way.
Open source isn't magic. Closed source isn't a black box.
Reading bytecode is trivial. Reading decompiled binaries is even not so bad. Hiding some tampering of the protocol in closed source clients is not that much easier than hiding it in open source clients. Especially if tens of thousands of engineers have access to the whatsapp source and change history and a deliberate backdoor would be international news.
> Do you trust claims made by Facebook about privacy and encryption?
I trust facebook that when they say something is E2E encrypted, it really is (except in the case of targeted attacks). If it weren't, I would expect an internal whistleblower to very quickly report it.
End to end encryption has its disadvantages. If only 1% of communications use it then in only 1% of communications require the users consider it necessary and worth it. And there's nothing wrong with that.
The problem is that many users think they are using E2E, because that's what Telegram advertises. Those people needed security, and looked for it, and are now vulnerable.
Besides, security and privacy should be the default. It's not like the user experience of WhatsApp is drastically worse for having E2E.
> The problem is that many users think they are using E2E
Source, please.
> Besides, security and privacy should be the default.
Not at the cost of usability and freedom. Especially considering E2E encryption isn't necessary to protect against the attackers most people can expect.
> It's not like the user experience of WhatsApp is drastically worse for having E2E.
It absolutely is. WhatsApp doesn't even allow you to use multiple devices!
He keeps referring to the video encoding vulnerability in WhatsApp as a "backdoor". That is not supported by the source[1] he cites, which instead refers it to as run-of-the-mill buffer overflow vulnerability. There is massive difference here - backdoor implies something that was planted purposefully. Extraordinary claims require extraordinary proof.
I don't think this post is fair in its assessment and seems more like an advertisement for Telegram, which itself has its own security issues (like lacking E2E encryption by default and terrible[2] code quality).
As an aside, this isn’t true. There are many things right in front of us that we dismiss routinely, and “everyone knows” these things are extraordinary/insane/wrong and so on. Usually, if you spend the time to learn about such things you can discover that they’re very normal and provable, you just have to go against the crowd. That’s different from needing extraordinary evidence.
Primarily this seems to be due to disinformation efforts and plain old human biases.
It probably isn't, but I don't think we can know whether it was on purpose or not.
If I had to put a backdoor in something, it'd definitely be a buffer overflow. It gives full remote code execution, it may be hard enough to find to be NOBUS, and it has perfect plausible deniability.
The huge majority of applications with any c++ code have some sort of memory safety vulnerability. Codecs are a classic place where this shows up all the time. Why would this vuln out of the literally gazillions of similar vulns be considered a backdoor?
The underhanded C contest has many examples of malicious code that appear like plausible bugs. An intentional but rare buffer overflow would be a perfect backdoor.
Even if they did, it would just mean that Facebook (WhatsApp's parent company) could now see your messages, but that is still no worse than the default Telegram setting, which guarantees that the company will be able to decrypt your messages. And what prevents Telegram from tampering with their own end-to-end encryption for the binary they upload to app stores? Hardly anyone compiles their own apps if they can download it from a convenient app store instead.
Telegram clients are open source and have reproducible builds. There is so much FUD being spread in the comments here which could probably be resolved by sticking your HN comment directly into your search engine of choice.
They started having reproducible builds since the start of this month, when they released v5.13, and I admit that I had not checked to see if it had changed since the last time I looked.
However, this still lets Telegram decrypt people's messages (on the default setting), which makes it less secure than WhatsApp and Signal.
The article itself is riddled with FUD about WhatsApp, and the author has written similar FUD/unfounded claims before.
FUD "against" proprietary software is pretty much the "reverse racism" of technology.
Again, there is no proof OpenWhisper wasn't tampered with. It'd take WhatsApp becoming Free Software and having independent audits to be reliable as a communications platform. Suspiscion is but a matter of survival, and chances will continue to be usually against the most vulnerable party: the users.
Why would it need to be Free? Surely a license for modifying the code has exactly nothing to do with being able to audit it. They could distribute the source in a different manner if you really really really need to be able to see it in order to audit it (professionals don't).
There's no way to prove that any client hasn't tampered with a protocol. Halting problem and all that.
But reading closed source code isn't hard. Most of whatsapp on android is implemented in dalvik bytecode, which is basically like reading source without good names or comments. And there are piles of professionals who are very skilled at reading decompiled binaries for the native code in the app. The idea that oss code is easy to verify and closed source code is impossible to verify is just bogus.
In Italy fake news about the corona virus are spreading like a bushfire on the platform, thanks to the broadcast features and the utter absence of any possible moderation on something Facebook turned into a proto-social network. That’s really why using whatsapp is dangerous.
This is an interesting consideration - but it seems to be much more "why democracy won't work" than anything to do with specific communication platforms.
If everyone was on matrix, with solid end-to-end encryption, surely that problem would be equally bad?
Lack of trust, lack of authoritative sources that can be trusted; that's different to having secure mass communication means.
I don’t know, I just stated a fact. Also, WhatsApp is worse than other messaging apps because of many social-style features Facebook introduced to prioritize interaction metrics, such as stories, on a platform born to br based on peer-to-peer and get-to-know trust.
Clegg is presumably referring to the fact that the Saudis had access to data from Bezos's phone that the WhatsApp app itself did not have, indicating a privilege escalation (iOS issue) in addition to the RCE (WhatsApp issue).
Reading this article, I was thinking that Durov was really over-exagerating when saying that WhatsApp plant backdoors, while it was simply security flaws.
But then I looked at the flaws, and that definitely raises questions. At least two of the flaws are in mp4 parsing done by WhatsApp itself, while both Android and iOS provide hardened platform tools for that.
There are two reasons you would want to do that:
- Increase security. Yeah that's a bit paradoxal considering what I said before, but it is possible you could want to do that, because Android devices are barely updated, and even though the mp4 parsing is hardened, there are known not fixed flaws on many devices.
If that was the intent, then the very first thing they would have done, is have this run inside a dedicated sandboxed process (Android allows that pretty easily), with no access to either the data or the internet.
Or they could have written it in a managed language, where the worst case of failed parsing is crashing/DoS-ing.
Or they could do it in rust of course :-)
- Increase compatibility with a wider range of mp4 files. As far as I know, mp4 support of those platforms should be good enough for most cases, but ok, let's say such a case exist, that means that they don't actually care about the security. As Durov say, they are using "end-to-end encryption" to say they are secured, but don't seem to care much past that.
I'm still not convinced those are actual purpose-built backdoors, but I will at least agree that security doesn't seem to be a core value of WhatsApp.
Video decoding ability on Android devices varies widely device to device, and on some devices if you try to play a video it is incapable of playing, you have no way to know the user is looking at a blank screen. On a few devices, trying to play a bad file even results in an instant device reboot. You 100% don't want to be sticking untrusted data into the platform media api's, and in fact I'd caution against using them at all unless power usage is so important you need hardware accelerated decodes.
Considering that, I can completely see why WhatsApp decided to bundle their own libraries.
In my understanding, they are using only mp4 files, and control the mp4 writers, so they should be fine with most devices' Android MediaPlayer.
Though yeah, I'd personally rather go to ExoPlayer to have a managed, maintained solution that already contains most fucked up hardware workarounds you might need.
Sure it's not cross-platform, but just define a high-level player api, use iOS' native player, ExoPlayer on Android, vlc on other platforms, and you're good to go.
As for "sticking untrusted data into platform media api's", well the power consumption of reading a video with CPU is absurdly high. You'd be going from 6 hours view time on a standard smartphone to 2 I'd say? You could decide that you value security /that much/. But then if you do, the very first thing to do is to run the player in a dedicated isolated process.
I doubt WhatsApp is doing software video decoding, but if they are, it is all the more ridiculous.
> At least two of the flaws are in mp4 parsing done by WhatsApp itself, while both Android and iOS provide hardened platform tools for that.
I imagine this choice was made at least partly for consistency across platforms, because WhatsApp supports a lot of devices and OS versions. You can use the current apps on Android back to 2.3.7 (2011) and on iOS 8+ (2014).
Until 2018, WhatsApp also ran on BlackBerry 7+ (2011).
This is a case of the pot calling the kettle back, to be honest. Telegram controls encryption keys centrally as well. If you want true end to end encrypted messaging then Signal is the way to go.
FWIW, I don’t understand the trend in open source projects to use Telegram for messaging given its closed source / proprietary origins.
“Telegram's security model has received notable criticism by cryptography experts. They criticized the general security model of permanently storing all contacts, messages and media together with their decryption keys on its servers by default and by not enabling end-to-end encryption for messages by default.”
> Telegram, an application used by hundreds of millions of people including heads of states and large companies, has had no issues of that severity in the last 6 years.
Sounds misleading no? Should rather say: no issues of that severity "reported" in the last 6 years.
Coincidently, I deleted my Whatsapp account today. Apart from the fact that I can't really judge yet how much more secure Telegram is, I find Telegram also much more usable. Let alone being able to edit messages when swipe-writing words selected totally different words than I had intended. How often did I send a second Whatsapp message just because the first was full of swipe detection errors.
It pains me to read these comments even on HN. Telegram is strictly less secure than Whatsapp. Telegram is not designed with security in mind and if I was a TLA I'd be pretty happy about people using it.
Can we stop using "Apple fanboy" as a derogatory term? You insult everyone - every single person - who likes the company. A lot of the times I'm tempted to say "those who don't like Apple's products are tasteless idiots" but I never say that out loud. Nope I don't :) So keep your opinion to yourself.
I tried searching, but couldn't find a good explanation online on the differences between Keybase and Riot, and why one is better than the other. Could anyone help?
Riot is open source. Matrix is an open protocol that is designed to federate so that users on different servers can talk to each other. Is the keybase server open source?
239 comments
[ 4.7 ms ] story [ 280 ms ] threadYeah and well known to be a cryptographically poor.
I know a lot of people who use telegram over whatsapp because it's more secure.
2016 (corrected from 2019): https://gizmodo.com/why-you-should-stop-using-telegram-right...
2017: https://courses.csail.mit.edu/6.857/2017/project/19.pdf
2018: https://twitter.com/tqbf/status/987372998935105539
2019: https://www.forbes.com/sites/zakdoffman/2019/08/25/chinese-a...
2019: lmao https://twitter.com/durumcrustulum/status/116034777473242316...
Etc
p.s. and is based on information which in 2020 is not anymore actual as most things were corrected.
Got a citation for this? I'm having a hard time finding it:
> p.s. and is based on information which in 2020 is not anymore actual as most things were corrected.
(1) homegrown encryption which hasn't been extensively audited, which should be considered suspect by default because it's usually broken.
(2) Most chats are not encrypted at all.
ad1: starting from quite a long time, secret chats use MTProto 2.0 which is build on stanard crypto primitives you're seeing everywhere. Read it here high level: https://core.telegram.org/api/end-to-end and free to verify on github.
ad2: this is not true, and is discussion about user choice, not security.
please do not spread false old information. world changes.
Chats are in fact encrypted in non-Secret chats, just to the server and not e2e.
Please, people, don't contribute to misinformation.
(1) I don't see any review by cryptographers that MTProto 2.0 is safer. Where is the evidence?
(2) Unless this is also a recent change, it is true. It's not about choice really, it's about the default behavior, since most users won't choose.
Facebook has decided a B2B sort of model for bots for this specific purpose
No one's going to make them use bots against their will.
> Telegram has bots and lot of it is just spam.
Bots can't even initiate conversations.
> Facebook has decided a B2B sort of model for bots for this specific purpose
Which almost certainly will be used for Spam because that's Facebook's line of business.
Usability, freedom.
Uh? Isn't Telegram's server-side code closed/proprietary?
Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.
Their reason for why you can trust them with encryption keys was "we didn't hand them over to <insert country here> and so they banned us where we could have cooperated and continued to have operating in said country", which seems like a pretty weak argument.
For truly decentralised, private and encrypted communication, I highly recommend matrix+riot.im.
EDIT:
> To support this idea, Pavel Durov claims that Telegram is banned in Russia and Iran, where both governments asked him for encryption keys to access the platform’s messages. Hence for refusing the proposal given by the governments of those countries, the app was banned.
From https://outline.com/BK8f7h
Even if telegram hasn't handed over keys so far, the fact remains that the keys are still controlled by them and tomorrow if they wished they could read/expose/publish/share all "private" communication.
Think of it this way. If Bezos had been using telegram like is recommended in the article and the CEO of telegram wanted to spy on Bezos' chats, he would have totally been able to.
They say that chats don't have e2e by default so that they can be backed up to the cloud [0], but there's no reason why you can't back up encrypted chats and ask the user for a pin and decrypt them on-device.
Furthermore, telegram forces you to link your account with a phone number, and that acts as the primary (or only) form of authentication, opening you up to sim-jacking.
Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.
[0] https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by...
That is completely ridiculous and if that is the reason Telegram is policing adult content then Telegram is ran by idiots. You can use any IM app to share adult content, there are plenty of groups on Whatsapp sharing porn, there are plenty of groups in iMessage sharing porn, there are porn accounts on Instagram and twitter, hell the entire reason snapchat even exists is so that you can send self destructing nudes to people.
The idea that an app will be banned due to content shared with people using the app, and not uploaded and/or hosted on some public website accessible to anyone (CP on tumblr) sounds completely ridiculous to me.
A thought: I hear that most of the complaints about “adult” TV channels crossing the line from “broadcastable” to “violating obscenity laws” are made by their competitors. Perhaps a similar thing happens here? That at least one of Telegram’s competitors constantly look for reasons to get them blocked from the App Store?
And it would be mostly due to public perception. Telegram is "used by terrorists because secret encryption" and already seen as suspicious.
- Instagram is stock full of sexual content
- A ton of cam models have private snapchat accounts where they share porn of themselves
- Reddit is basically a cornucopia of porn
- I can subscribe to a porn email list
- Share nudes to a group of friends on Facebook or even SMS
- I can join a hundred Discord channel to satisfy every single weird ass fetish I have,
- I can outright buy porn from Amazon and have it home delivered in 30 minutes.
And that's just from the top of my head. I'm sure you can find a metric ton of other apps that provide their users with easy access to sexual content. None of those apps will be banned for it since that is not the primary purpose of any of these apps. It's simply something that you're able to do with the tools provided. This is like banning all knives just because someone got stabbed.
If your plan is to ban apps that provide access to pornographic content, then you're gonna have to do a lot of banning.
Tumblr itself wasn't banned for porn, it was banned for child porn https://www.theverge.com/2018/11/20/18104366/tumblr-ios-app-...
I would also argue that a public blogsite where tagging and discovering new content is one of the key selling points of the platform, is very different from a Telegram channel where you need to specifically know the channel name to even join. As long as Telegram puts forth their best effort to eliminate illegal content from channels, they should be fine.
You are trying to find a reasoning in Apple's decisions, but isn't it easier to assume that not all apps are equally welcome in a private app store?
[1] https://www.theverge.com/2018/5/31/17412396/telegram-apple-a...
Yes they will, if they're on channels (which are considered public).
Not only are Whatsapp groups and Snapchat chats are considered private, those companies have much more clout (and lawyers) than Telegram. Facebook threatening to remove Instagram/Facebook/Whatsapp from iOS would hurt Apple more than Facebook.
Side note: Even lists with no adult content, but referring to adult activities get banned. The creator of an app listing Burning Man events had to remove all references to adult workshops or get the banhammer. Apple's walled garden, Apple's rules (sigh).
Telegram folks are just afraid that obscenity laws will be used against them by officially-not-censoring-but-actually-pretty-curious-about-everyone's-communications governments, like UK, France, Italy, and so on. "Oh, you cannot police your underage nudes? Law says we have to do it then, hand over the keys or shut it all down. We will absolutely not use these keys for anything else, honestly, uh-uh..."
That's the charitable reading that doesn't insult anyone's intelligence. I still don't particularly trust Telegram not to cooperate with authorities anyway - any centralized model is doomed to, at some point.
TBH I don't know how other secure messaging programs like Signal or Wire handle the multi-device history issue.
I guess they could enable E2E encryption in private messages but being able to sync conversation across different telegram clients you are logged into is one of the features. Enabling E2E encryption by default will probably break this. I guess they could try and implement it like Signal has done for Private messages but I don't know why they have not done that already.
All of the other products have some other priorities, and so if security gets in the way, too bad security loses. Even WhatsApp, which uses the Signal protocol, has other priorities so the actual client software isn't focused on security, they were just happy to get a secure protocol out of the box.
The interesting thing is that years of research hasn't found many things that are just plain impossible securely, there are just a lot of unknowns or places where the secure option is harder. For example when you add a popcorn GIF to a chat Signal proxies this twice, masking your request from the GIF provider (Somebody used a popcorn GIF but the GIF provider doesn't learn who) and also from Signal's own servers (ishanjain28 used a GIF but Signal doesn't learn which one). Most outfits wouldn't bother, who cares about security anyway? But the feature now just works, without unnecessarily giving away information to people you might not trust.
They have a web version anyway and with Electron for desktop and webview for mobile, they can concentrate on the responsive single design instead of hiring different talents to communicate with each others left and right to slow down their development with inconsistencies.
My understanding was that it isn't Telegram that bans them, but Apple that doesn't let certain channels be shown in the iOS app. Android and the web version show all channels.
As to the rest of the app's quality, no idea. I use it on my phone and it seems OK, but I've not really dug into it.
Needless to say, our users lost trust and we couldn't risk this happening again.
We still run the service(from request of a few existing users) but not actively promoting it.
[1] https://t.me/megadealsbot
https://telegram.org/faq#q-there-39s-illegal-content-on-tele...
Also interesting is to see that it has been adopted by the French government: https://lwn.net/Articles/779331/
Edit: also, telegram doesn't support e2e encrypted group chats, unlike riot.
Telegram: we do E2E!* That makes us MORE SECURE than other messengers!
Matrix: you can enable E2E if you want.
* just not by default†
† unless you count "E2E" security between your client and our servers,‡ which we'll confusingly highlight in our security documentation as if it were special††
‡ you don't really need E2E anyway because we store your data in shell companies across the world
†† I guess it is "special" because Telegram invented its own crypto algorithms?
I'd like Telegram a lot more if they would stop with their bullshit claims, because it's actually a good service for some usecases. While reading the article I was hoping it was just written by a clueless Telegram fanboy, but reality is disappointing…
Linking phone or use it for 2FA should be like red light today. For Telegram, banking app, don't matter.
You can disable that behavior in your privacy settings iirc
[1] https://briarproject.org/
[2] https://news.ycombinator.com/item?id=17695266
Or to sum up:
"Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging tools such as email, Twitter or Telegram, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices. If the Internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the Internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance."
[1] https://briarproject.org/how-it-works/
[2] https://briarproject.org/raw/BRP-01-report.pdf
https://code.briarproject.org/briar/briar/issues/445
If you are uncomfortable about content being read by humans -- (they claim) that only happens for public channels (open for anyone to read/search)
Yes, but they take steps to ensure they cannot easily be forced to decrypt chats via a court order in a single country. From the Telegram FAQ:
To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data.
https://telegram.org/faq#q-do-you-process-data-requests
> Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.
AFAIK messages are only forwarded to Telegram support if they are reported by users. Chats spreading pornographic content are often banned on iOS due to the App Store guidelines (and in certain countries due to local laws), but illegal channels (e.g. CP) may be blocked globally.
> Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.
This is not true anymore, a while ago they added new privacy settings that allow you to prevent others from finding you unless they are in your Telegram contact list. (Of course, this means if you don't want anyone in your phone's contacts to be able to find you on Telegram, you should deny the app contacts permission.)
Again, this is just what they claim. Doesn't mean they don't read chats because they feel like it. And this doesn't mean that they won't cooperate with other entities in the future. Or that the keys won't get leaked.
Your data being encrypted is pointless if it's stored one someone else's servers, and they have the keys to it.
How can we as users be certain that they wouldn't decrypt our chats anyway, contrary to their stated policy?
As long as they have the technical capacity to decrypt my chats, I wouldn't feel secure on their platform, no matter what they say.
I see no reason why open source helps here. Closed source clients aren't black boxes. You can examine the bytecode. You can decompile the binaries.
I see no reason why a conspiracy dedicated enough to hide a backdoor as a buffer overrun wouldn't also be capable of making the Telegram server store key material in a single country to make it available to legal requests (since, as you say. the back-end software isn't open source).
Open source doesn't make things automatically secure, but one can't argue that it isn't much easier to inspect.
Bytecode is basically the same as source. Decompiled binaries are harder to read, but there are oodles of professionals who are very skilled at reading decompiled code. The actual structure of the program itself plays (to me) a much bigger role in the auditability of a system.
If not, it's fine.
If you do, why are you using these sorts of technologies in the first place?
Really? I just went there recently, and nearly everyone used Telegram as their primary messaging application (other than Instagram)
I still never ended up using it, have too many messaging apps as it is. It's really sad how much that can limit staying in touch with international friends though.
But in terms of getting less technical people on board (frankly, often the sort to go to WA anyhow), I deeply suggest Signal.
Signal is the gold standard for confidentiality, but forcing folks to disclose a phone number as a primary identifier has privacy issues.
But for me Telegram and Signal are equally insecure because they don't allow anonymous accounts without a phone number. Using phone number for authentication is insecure because it is very easy to intercept SMS messages, especially if you are a telecom or the government. You better avoid using such messengers and not support them unless you want to provide your ID in future for registration on any website.
The other thing is that Telegram is just far more feature rich. It feels like what you’d like expect from a modern messaging app.
Perhaps the most unfortunate thing about this all, though, is that third party devs can’t make their own Signal clients to try to improve the situation. If you want to use Signal, you have to take it with all of its warts, and that’s a hard sell.
Contact list access is literally THE thing that makes WhatsApp valuable to Facebook. You lock down that and they are now staring at a massive hosting bill with nothing in return.
Knowing that I discuss everyday with X, is more interesting than to know that I somehow have the phone number of A,B,C,D...X,Y,Z.
But yeah I agree that's not surprising. When I personnally hit this issue I was like "ain't that a good old facebook product behind all that fresh paint"
I am dismayed to find that my new Android phone no longer has this feature, except as part of some bullshit "work profile" nonsense that apparently isn't possible for me to set up by myself, on my own phone. "You'll need a code from your IT admin", I'm told, and "a management tool will be downloaded and used by your IT admin to manage your work profile". Great.
There's zero technical reason why I can't have a silo'd list of contacts WITHIN WhatsApp. Facebook knows it. Fuck them.
You can have a healthy debate about whether Telegram is a better option than WhatsApp for the average Joe (I don't think it is, but that's just my opinion). Jeff Bezos is not the average Joe.
The idea Telegram somehow offers people like Bezos more protection than WhatsApp from nation state attacks is crazy. Pavel Durov is irresponsible for suggesting otherwise.
If you're a Bezos level target and Saudi Arabia wants your messages to blackmail you, they will get them. This is a country with effectively unlimited resources and no moral qualms. The app you're using is irrelevant.
I found this, I think that’s what is being referred to.
Citation?
I found this, I think that’s what is being referred to.
Just yesterday I've visited Off-facebook activity and was very surprised to find there information that I though nobody could trace back to me. And I believe it's only tip of an iceberg. Probably there wasn't even direct wiretapping - it was guessed by comparing some patterns of my checkins or pages I've browsed.
Still, I don't believe Telegram and Pavel Durov. Also, the first story I've read about this case mentioned only Telegram. I'm not sure I can find it now - it was almost one year ago - it's long gone from my browsing history.
I'm a big fan of Telegram for its top notch bot support, but I'm flagging this submission.
Not saying telegram is better. But this is a common use-case for whatsapp. (Whatsapp web transports all history).
So the E2EE argument is disingenuous if the client is closed imo.
The case for whatsapp web is absolutely true- and you can’t say that it 100% doesn’t have any remote admin features, because it’s closed.
EDIT: I'd like to clarify; many people's reasoning seems to be:
"Whatsapp == Signal" && "Signal > *"
But that's not at all true.
To my knowledge, that's not true. But even if true, that doesn't mean e2e encryption isn't in effect.
---
> The case for whatsapp web is absolutely true
The web interface is completely driven by your phone, acting as a remote control and WhatsApp still doesn't have access to your conversations.
https://signal.org uses the exact same model and it's open source, so you can review it.
It is true that WhatsApp being proprietary, Facebook could insert local content scanners that bypasses e2e encryption. Which they actually threatened to do in the past, not sure what the status of that is.
But in spite of this, WhatsApp is still much better than any other service that doesn't do e2e encryption by default. Yes, I'd prefer Signal.org personally, but it's not what my acquaintances use ¯\_(ツ)_/¯
And I'll never use Telegram, unless it reaches FB Messenger levels of popularity.
It's not true. I just recently switched phones. If you activate your phone on the app, you can't use the app on your previous phone without authenticating again, and it only shows your local history. I lost all my history when moving phones, as I chose not to back up my messages (who would?).
The trick is to use the local backup option (it's encrypted with a key from the whatsapp servers, but all the files are kept on your device), and use syncthing to copy the whole folder structure (containing the backup and the media) to the new phone before installing whatsapp. When first run, the whatsapp client detects the presence of that backup, asks whether you want to use it, gets the key from the whatsapp servers (after you authenticate your account), and restores the backup.
(By the way, Signal can do the same trick, but it's slightly less user-friendly: the encryption key does not come from the signal servers, it's a sequence of numbers you have to write down and type on the new phone.)
> https://signal.org uses the exact same model and it's open source, so you can review it.
To be clear, Signal's desktop interface does not work like WhatsApp's web interface: Signal is not completely driven by your phone. Signal Desktop can still send and receive messages even if the phone it is tied to is completely off.
I might have misunderstood what you're trying to say, but wanted to clarify this.
This is not true on Android. You cannot activate WhatsApp on 2 phones at once. If you try, the first will instantly deactivate and will not do any copying of messages. Message restore is from Google Drive backups. There is also a way to backup to a file, but it's an unsupported hack.
Since both client and server side are proprietary, it can't be proven that the OpenWhisper implementation wasn't tampered with. and it's very disheartening to see Signal licking WhatsApp's metaphorical feet every step of the way.
Reading bytecode is trivial. Reading decompiled binaries is even not so bad. Hiding some tampering of the protocol in closed source clients is not that much easier than hiding it in open source clients. Especially if tens of thousands of engineers have access to the whatsapp source and change history and a deliberate backdoor would be international news.
Do you trust claims made by Facebook about privacy and encryption?
I trust facebook that when they say something is E2E encrypted, it really is (except in the case of targeted attacks). If it weren't, I would expect an internal whistleblower to very quickly report it.
Besides, security and privacy should be the default. It's not like the user experience of WhatsApp is drastically worse for having E2E.
Source, please.
> Besides, security and privacy should be the default.
Not at the cost of usability and freedom. Especially considering E2E encryption isn't necessary to protect against the attackers most people can expect.
> It's not like the user experience of WhatsApp is drastically worse for having E2E.
It absolutely is. WhatsApp doesn't even allow you to use multiple devices!
> It absolutely is. WhatsApp doesn't even allow you to use multiple devices!
I'm pretty sure you couldn't use multiple devices before they implemented E2E.
By the way, how does E2E cost freedom?
I don't think this post is fair in its assessment and seems more like an advertisement for Telegram, which itself has its own security issues (like lacking E2E encryption by default and terrible[2] code quality).
1: https://www.techspot.com/news/82843-hackers-can-use-whatsapp...
2: https://www.reddit.com/r/androiddev/comments/cazz4h/why_tele...
As an aside, this isn’t true. There are many things right in front of us that we dismiss routinely, and “everyone knows” these things are extraordinary/insane/wrong and so on. Usually, if you spend the time to learn about such things you can discover that they’re very normal and provable, you just have to go against the crowd. That’s different from needing extraordinary evidence.
Primarily this seems to be due to disinformation efforts and plain old human biases.
If I had to put a backdoor in something, it'd definitely be a buffer overflow. It gives full remote code execution, it may be hard enough to find to be NOBUS, and it has perfect plausible deniability.
But since there are probably a lot more accidential security flaws than backdoors, I agree that erring on the side of stupidity is justified.
E2E is not by default and terrible UX to make people think they have secure communication
- This kind of vulnerability could happen in any app, including Telegram (similar issue also happened in the past with iMessage)
- WhatsApp conversations are all end-to-end encrypted by default, Telegram does not (have to explicitely create "secret chat")
- If this vulnerability used privilege escalation to access some data outside WhatsApp, iOS indeed had additional vulnerability (and Android too)
https://core.telegram.org/reproducible-builds
However, this still lets Telegram decrypt people's messages (on the default setting), which makes it less secure than WhatsApp and Signal.
The article itself is riddled with FUD about WhatsApp, and the author has written similar FUD/unfounded claims before.
1. https://www.independent.co.uk/life-style/gadgets-and-tech/ne...
2. https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15
Again, there is no proof OpenWhisper wasn't tampered with. It'd take WhatsApp becoming Free Software and having independent audits to be reliable as a communications platform. Suspiscion is but a matter of survival, and chances will continue to be usually against the most vulnerable party: the users.
But reading closed source code isn't hard. Most of whatsapp on android is implemented in dalvik bytecode, which is basically like reading source without good names or comments. And there are piles of professionals who are very skilled at reading decompiled binaries for the native code in the app. The idea that oss code is easy to verify and closed source code is impossible to verify is just bogus.
If everyone was on matrix, with solid end-to-end encryption, surely that problem would be equally bad?
Lack of trust, lack of authoritative sources that can be trusted; that's different to having secure mass communication means.
But then I looked at the flaws, and that definitely raises questions. At least two of the flaws are in mp4 parsing done by WhatsApp itself, while both Android and iOS provide hardened platform tools for that.
There are two reasons you would want to do that:
- Increase security. Yeah that's a bit paradoxal considering what I said before, but it is possible you could want to do that, because Android devices are barely updated, and even though the mp4 parsing is hardened, there are known not fixed flaws on many devices. If that was the intent, then the very first thing they would have done, is have this run inside a dedicated sandboxed process (Android allows that pretty easily), with no access to either the data or the internet. Or they could have written it in a managed language, where the worst case of failed parsing is crashing/DoS-ing. Or they could do it in rust of course :-)
- Increase compatibility with a wider range of mp4 files. As far as I know, mp4 support of those platforms should be good enough for most cases, but ok, let's say such a case exist, that means that they don't actually care about the security. As Durov say, they are using "end-to-end encryption" to say they are secured, but don't seem to care much past that.
I'm still not convinced those are actual purpose-built backdoors, but I will at least agree that security doesn't seem to be a core value of WhatsApp.
Considering that, I can completely see why WhatsApp decided to bundle their own libraries.
Though yeah, I'd personally rather go to ExoPlayer to have a managed, maintained solution that already contains most fucked up hardware workarounds you might need. Sure it's not cross-platform, but just define a high-level player api, use iOS' native player, ExoPlayer on Android, vlc on other platforms, and you're good to go.
As for "sticking untrusted data into platform media api's", well the power consumption of reading a video with CPU is absurdly high. You'd be going from 6 hours view time on a standard smartphone to 2 I'd say? You could decide that you value security /that much/. But then if you do, the very first thing to do is to run the player in a dedicated isolated process.
I doubt WhatsApp is doing software video decoding, but if they are, it is all the more ridiculous.
I imagine this choice was made at least partly for consistency across platforms, because WhatsApp supports a lot of devices and OS versions. You can use the current apps on Android back to 2.3.7 (2011) and on iOS 8+ (2014).
Until 2018, WhatsApp also ran on BlackBerry 7+ (2011).
Source?
“Telegram's security model has received notable criticism by cryptography experts. They criticized the general security model of permanently storing all contacts, messages and media together with their decryption keys on its servers by default and by not enabling end-to-end encryption for messages by default.”
Sounds misleading no? Should rather say: no issues of that severity "reported" in the last 6 years.
Can we stop using "Apple fanboy" as a derogatory term? You insult everyone - every single person - who likes the company. A lot of the times I'm tempted to say "those who don't like Apple's products are tasteless idiots" but I never say that out loud. Nope I don't :) So keep your opinion to yourself.
Wow, you are a real apple fanboy, aren't you.
Now I'll plug my friends company as an alternative for secure messaging (and because I like purple UIs) https://www.cyph.com/