239 comments

[ 4.7 ms ] story [ 280 ms ] thread
Next part in the series: Why using Telegram is dangerous.
I doubt it, Pavel Durov (the author) is the owner of Telegram
> On the contrary, Telegram apps have been open-source and its encryption fully documented since 2013.

Yeah and well known to be a cryptographically poor.

Just different. Is it weaker? How?
Citation?

I know a lot of people who use telegram over whatsapp because it's more secure.

it's not more secure, just perhaps more trustworthy privacy wise. but without e2e encryption even that is doubtful.
Gizmodo is 2016. Do not spread false information.

p.s. and is based on information which in 2020 is not anymore actual as most things were corrected.

Edited to fix dates and references.

Got a citation for this? I'm having a hard time finding it:

> p.s. and is based on information which in 2020 is not anymore actual as most things were corrected.

Those people haven't done their research. Telegram is marketed as secure but two big issues exist:

(1) homegrown encryption which hasn't been extensively audited, which should be considered suspect by default because it's usually broken.

(2) Most chats are not encrypted at all.

Not true. You're spreading false and old FUD.

ad1: starting from quite a long time, secret chats use MTProto 2.0 which is build on stanard crypto primitives you're seeing everywhere. Read it here high level: https://core.telegram.org/api/end-to-end and free to verify on github.

ad2: this is not true, and is discussion about user choice, not security.

please do not spread false old information. world changes.

I'm seeing this guy pushed down when he's totally correct. MTProto 1.0 is dead, 2.0 is built on standard crypto primitives.

Chats are in fact encrypted in non-Secret chats, just to the server and not e2e.

Please, people, don't contribute to misinformation.

First, calling my information FUD is absurd. I wasn't aware of MTProto 2.0 because I don't follow telegram since I think it's a bad choice. Anyway,

(1) I don't see any review by cryptographers that MTProto 2.0 is safer. Where is the evidence?

(2) Unless this is also a recent change, it is true. It's not about choice really, it's about the default behavior, since most users won't choose.

It is not well known to be cryptographically poor but they are rolling their own crypto, which is something many cryptographers rightfully dislike.
I have searched an answer for this question for a very long time. Who's supposed to roll the crypto if rolling your own crypto is looked down upon?
I'm not a fan of Telegram but i get tired of people claiming its crypto is bad. If so why cant they fucking break it yet and collect the reward?
(comment deleted)
Can't comment on WhatsApp's security profile, but it's probably the least convenient among the messengers I use - there is no easy way to access the API to set up a bot for my personal use or do any other kind of scripting / automation. I hope that it will change at some point.
Yes, It may be least convenient for you but not for a majority of users who don't want/need bots. Telegram has bots and lot of it is just spam.

Facebook has decided a B2B sort of model for bots for this specific purpose

> Yes, It may be least convenient for you but not for a majority of users who don't want/need bots.

No one's going to make them use bots against their will.

> Telegram has bots and lot of it is just spam.

Bots can't even initiate conversations.

> Facebook has decided a B2B sort of model for bots for this specific purpose

Which almost certainly will be used for Spam because that's Facebook's line of business.

This is like the pot calling the kettle black. Why are people still recommending Telegram over solutions like Signal or Matrix?
Why are people still recommending Telegram over solutions like Signal

Usability, freedom.

>Usability, freedom.

Uh? Isn't Telegram's server-side code closed/proprietary?

Who cares? You can't verify a server's claim that its software was actually compiled from some specific source code, so this could be a valid criticism of any service.
Signal is no better from Telegram because it doesn't allow anonymous usage without a phone number. And Telegram has relatively lightweight native non-Electron apps.
WhatsApp is bad, but Telegram isn't great either. All chats that you haven't explicitly made "secret" are not end-to-end encrypted. They're apparently "encrypted", but the keys are controlled by Telegram.

Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.

Their reason for why you can trust them with encryption keys was "we didn't hand them over to <insert country here> and so they banned us where we could have cooperated and continued to have operating in said country", which seems like a pretty weak argument.

For truly decentralised, private and encrypted communication, I highly recommend matrix+riot.im.

EDIT:

> To support this idea, Pavel Durov claims that Telegram is banned in Russia and Iran, where both governments asked him for encryption keys to access the platform’s messages. Hence for refusing the proposal given by the governments of those countries, the app was banned.

From https://outline.com/BK8f7h

Even if telegram hasn't handed over keys so far, the fact remains that the keys are still controlled by them and tomorrow if they wished they could read/expose/publish/share all "private" communication.

Think of it this way. If Bezos had been using telegram like is recommended in the article and the CEO of telegram wanted to spy on Bezos' chats, he would have totally been able to.

They say that chats don't have e2e by default so that they can be backed up to the cloud [0], but there's no reason why you can't back up encrypted chats and ask the user for a pin and decrypt them on-device.

Furthermore, telegram forces you to link your account with a phone number, and that acts as the primary (or only) form of authentication, opening you up to sim-jacking.

Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.

[0] https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by...

I agree - Telegram's not ideal. But the reason they try and police adult content is because they're afraid of Apple booting them off the App store.
So Apple will boot an app that gives users the ability to send adult content to other users....?

That is completely ridiculous and if that is the reason Telegram is policing adult content then Telegram is ran by idiots. You can use any IM app to share adult content, there are plenty of groups on Whatsapp sharing porn, there are plenty of groups in iMessage sharing porn, there are porn accounts on Instagram and twitter, hell the entire reason snapchat even exists is so that you can send self destructing nudes to people.

The idea that an app will be banned due to content shared with people using the app, and not uploaded and/or hosted on some public website accessible to anyone (CP on tumblr) sounds completely ridiculous to me.

I disapprove of Apple’s puritanical approach to sex, and agree that this is ridiculous given that the logic applies equally well to literally all apps with groups or arbitrary URL web access, but it does appear to be the sincere justification for this situation.

A thought: I hear that most of the complaints about “adult” TV channels crossing the line from “broadcastable” to “violating obscenity laws” are made by their competitors. Perhaps a similar thing happens here? That at least one of Telegram’s competitors constantly look for reasons to get them blocked from the App Store?

There are other apps that use universal e2e encryption and have not been banned by Apple. Also if someone idi want to use Telegram for seedy purposes, they still can by enabling full security, so it’s pretty clear this excuse is flat out bogus. Otherwise all the same arguments would apply to the other apps.
You're not wrong. OTOH all it takes is media picking up on one single "hidden Telegram pedo network" and they'd get booted.

And it would be mostly due to public perception. Telegram is "used by terrorists because secret encryption" and already seen as suspicious.

Telegram offers channel subscriptions, it's like a blog without comments. Apple will absolutely ban apps like that (think tumblr).
No they won't.

- Instagram is stock full of sexual content

- A ton of cam models have private snapchat accounts where they share porn of themselves

- Reddit is basically a cornucopia of porn

- I can subscribe to a porn email list

- Share nudes to a group of friends on Facebook or even SMS

- I can join a hundred Discord channel to satisfy every single weird ass fetish I have,

- I can outright buy porn from Amazon and have it home delivered in 30 minutes.

And that's just from the top of my head. I'm sure you can find a metric ton of other apps that provide their users with easy access to sexual content. None of those apps will be banned for it since that is not the primary purpose of any of these apps. It's simply something that you're able to do with the tools provided. This is like banning all knives just because someone got stabbed.

If your plan is to ban apps that provide access to pornographic content, then you're gonna have to do a lot of banning.

Tumblr itself wasn't banned for porn, it was banned for child porn https://www.theverge.com/2018/11/20/18104366/tumblr-ios-app-...

I would also argue that a public blogsite where tagging and discovering new content is one of the key selling points of the platform, is very different from a Telegram channel where you need to specifically know the channel name to even join. As long as Telegram puts forth their best effort to eliminate illegal content from channels, they should be fine.

It might be OK for one app to allow such content and it might be not OK for Telegram. Because Telegram earlier had issues with Apple [1] and if they violate Apple's rules again it would become a convenient excuse to remove Telegram from App Store.

You are trying to find a reasoning in Apple's decisions, but isn't it easier to assume that not all apps are equally welcome in a private app store?

[1] https://www.theverge.com/2018/5/31/17412396/telegram-apple-a...

Please, note that the parent post talks about channels. It does not apply to chats and group chats.
> So Apple will boot an app that gives users the ability to send adult content to other users....?

Yes they will, if they're on channels (which are considered public).

Not only are Whatsapp groups and Snapchat chats are considered private, those companies have much more clout (and lawyers) than Telegram. Facebook threatening to remove Instagram/Facebook/Whatsapp from iOS would hurt Apple more than Facebook.

Side note: Even lists with no adult content, but referring to adult activities get banned. The creator of an app listing Burning Man events had to remove all references to adult workshops or get the banhammer. Apple's walled garden, Apple's rules (sigh).

Thankfully no one shares adult content on WhatsApp daily /s
Shouldn't then Safari and all other browsers be banned as well? Lots and lots of adult content can be distributed and accessed with those.
Of course not. Some Apps get the preferencial treatment, eg. Sports Illustrated.
That's ridiculous. There are plenty of Reddit apps out there, for example, and they are just fine.

Telegram folks are just afraid that obscenity laws will be used against them by officially-not-censoring-but-actually-pretty-curious-about-everyone's-communications governments, like UK, France, Italy, and so on. "Oh, you cannot police your underage nudes? Law says we have to do it then, hand over the keys or shut it all down. We will absolutely not use these keys for anything else, honestly, uh-uh..."

That's the charitable reading that doesn't insult anyone's intelligence. I still don't particularly trust Telegram not to cooperate with authorities anyway - any centralized model is doomed to, at some point.

Many people have sent me stuff they want to keep secret on Telegram thinking they were in an end2end chat when they weren't. Terrible UX.
I understand that with MTProto 2 they stepped away from their homecooked crypto and follow a more traditional scheme which on the surface looks OK. It's still not the default (you must enter into a 'secret chat'), but if you do, isn't it acceptable? Telegram now is one of the last remaining clients that has excellent device support, its available for everything.
Does anybody have an idea why they don't make it default? Is there a cost involved? Any problems with it?
It's possibly because secret chats need to be started interactively (you can't send a message until the other party has come online), and later cannot be shared among different devices (open the same channel in desktop|web|mobile), so it degrades UX.
Signal has only e2e and is able to offer synced chat between phone and desktop - the phone just sends the content to the desktop instance and vice versa.
I imagine multi-device sync and group chats would be a lot more complex with E2E encryption.
Works with Signal flawlessly.
I think it's because they want to give both usability (history shared between devices) and security (E2E encryption). Not anybody or any kind of conversation need encryption, so you as the end user can choose what's more appropriate.

TBH I don't know how other secure messaging programs like Signal or Wire handle the multi-device history issue.

From what I understood, each time a new device joins the conversation, a new key is generated for everyone in the conversation (and each devices), so they are allowed to decrypt others' messages. That being said, they can't access chat history.
With signal each registered device will receive a copy of the chat while that device is registered. If a new device is enabled afaik it doesn't get sent any messages from the past, although technically the other devices could transmit previous messages.
Groups on Telegram can have 100k+ members. Enabling Signal like E2E encryption scheme and ensuring you can have that many members in a group is basically impossible. See this video to understand why, https://www.youtube.com/watch?v=Q0_lcKrUdWg

I guess they could enable E2E encryption in private messages but being able to sync conversation across different telegram clients you are logged into is one of the features. Enabling E2E encryption by default will probably break this. I guess they could try and implement it like Signal has done for Private messages but I don't know why they have not done that already.

It's about priorities. Signal's priority is security. If the current state of the art is you can chose security or foozles, then Signal doesn't have foozles. If people really want foozles then they need to do the work to figure out how to deliver foozles securely and then Signal can integrate that work.

All of the other products have some other priorities, and so if security gets in the way, too bad security loses. Even WhatsApp, which uses the Signal protocol, has other priorities so the actual client software isn't focused on security, they were just happy to get a secure protocol out of the box.

The interesting thing is that years of research hasn't found many things that are just plain impossible securely, there are just a lot of unknowns or places where the secure option is harder. For example when you add a popcorn GIF to a chat Signal proxies this twice, masking your request from the GIF provider (Somebody used a popcorn GIF but the GIF provider doesn't learn who) and also from Signal's own servers (ishanjain28 used a GIF but Signal doesn't learn which one). Most outfits wouldn't bother, who cares about security anyway? But the feature now just works, without unnecessarily giving away information to people you might not trust.

_native_ clients, mind you. Their desktop client is built on top of (heavily patched) Qt and is relatively light on resources. That's pretty rare these days, unfortunately.
On macOS you have the option of using a Cocoa client (same codebase as the iOS version) in addition to the Qt app. It’s great to have the choice.
What is the point of going truly native on apps like chat?

They have a web version anyway and with Electron for desktop and webview for mobile, they can concentrate on the responsive single design instead of hiring different talents to communicate with each others left and right to slow down their development with inconsistencies.

>>Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... I don't like them much.

My understanding was that it isn't Telegram that bans them, but Apple that doesn't let certain channels be shown in the iOS app. Android and the web version show all channels.

Such channels aren't viewable on Android, dunno about web.
Apple doesn’t dig into third party apps to police their forums, chat channels and content. That is very clearly the responsibility of the app developers. More bullcrap excuses from Telegram. Come on. E2e disabled by default, phone numbers exposed by default. Channels stalked by moderators. It’s a joke.
My understanding was if Apple got a report about NSFW/hate speech/whatever channels, then they had to be hidden on the Apple version or else the app gets pulled from the app store.

As to the rest of the app's quality, no idea. I use it on my phone and it seems OK, but I've not really dug into it.

(comment deleted)
Happened to us, we built a bot[1] to buy and sell bitcoins privately on Telegram. Someone messaged me saying that they would get a 'SCAM' label on our bot if we didn't pay them the ransom. We didn't comply and within a few days we got the label(guess they managed to get a lot of accounts on our bot to report scam). Their support team was unresponsive and it took around 3 weeks to get it resolved.

Needless to say, our users lost trust and we couldn't risk this happening again.

We still run the service(from request of a few existing users) but not actively promoting it.

[1] https://t.me/megadealsbot

I really like the idea of Matrix. Is it really secure though? Isn't E2E a newer feature?
End-to-end encryption is available, but not yet enabled by default for private rooms/direct messaging. See this for status, it seems it will soon be enabled by default: https://github.com/vector-im/riot-web/issues/6779

Also interesting is to see that it has been adopted by the French government: https://lwn.net/Articles/779331/

It is amazing how fast the goalposts can move to fit a narrative. So chats in Matrix are not E2E encrypted? The very thing Telegram is being called out for in this thread?
If the chat isn't e2e, you are warned at every moment because the message text box that you type into prominently says "(unencrypted)". You can easily enable e2e for all conversations, and it will soon be the default. The data is on your own homeserver, and no one else has access to keys. Riot/matrix is vastly superior to telegram.

Edit: also, telegram doesn't support e2e encrypted group chats, unlike riot.

One of them does rather dishonest marketing, the other is upfront about capabilities and defaults.

Telegram: we do E2E!* That makes us MORE SECURE than other messengers!

Matrix: you can enable E2E if you want.

* just not by default†

† unless you count "E2E" security between your client and our servers,‡ which we'll confusingly highlight in our security documentation as if it were special††

‡ you don't really need E2E anyway because we store your data in shell companies across the world

†† I guess it is "special" because Telegram invented its own crypto algorithms?

I'd like Telegram a lot more if they would stop with their bullshit claims, because it's actually a good service for some usecases. While reading the article I was hoping it was just written by a clueless Telegram fanboy, but reality is disappointing…

> Furthermore, telegram forces you to link your account with a phone number, and that acts as the primary (or only) form of authentication, opening you up to sim-jacking.

Linking phone or use it for 2FA should be like red light today. For Telegram, banking app, don't matter.

Turns out you can also add a password to your telegram account to act as a form of 2FA, kinda odd but that's that I guess.
Because Telegram like many mobile apps, doesn't want anonymous users because you cannot sell them to advertisers.
Actually, there's something interesting to note. If you enable 2FA, it's not possible to recover your account without either the password or the recovery email (if any). However, via SIM-jacking an attacker can still erase all data in your account and then take it over.
> Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.

You can disable that behavior in your privacy settings iirc

And the reason this isn’t the default is?....
Because most people are not privacy conscious and just want their messaging app to work (including having people know they are available to message on said platform).
(comment deleted)
Sharing a URL with no meaningful supporting words isn’t pushing. What’s interesting, comparing to existing messengers?
Sorry, you are right. That being said, it's a remarkable approach to messaging. E2E, decentralized, can be used over WiFi, Tor, Bluetooth (In case there is a blockage)[1]. Has been pentest reviewed[2] before the first release.

Or to sum up:

"Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging tools such as email, Twitter or Telegram, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices. If the Internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the Internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance."

[1] https://briarproject.org/how-it-works/

[2] https://briarproject.org/raw/BRP-01-report.pdf

Why you don't recommend Tox ? P2P software is always better than server depending software.
> Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.

If you are uncomfortable about content being read by humans -- (they claim) that only happens for public channels (open for anyone to read/search)

> They're apparently "encrypted", but the keys are controlled by Telegram.

Yes, but they take steps to ensure they cannot easily be forced to decrypt chats via a court order in a single country. From the Telegram FAQ:

To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data.

https://telegram.org/faq#q-do-you-process-data-requests

> Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.

AFAIK messages are only forwarded to Telegram support if they are reported by users. Chats spreading pornographic content are often banned on iOS due to the App Store guidelines (and in certain countries due to local laws), but illegal channels (e.g. CP) may be blocked globally.

> Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.

This is not true anymore, a while ago they added new privacy settings that allow you to prevent others from finding you unless they are in your Telegram contact list. (Of course, this means if you don't want anyone in your phone's contacts to be able to find you on Telegram, you should deny the app contacts permission.)

> Yes, but they take steps to ensure they cannot easily be forced to decrypt chats via a court order in a single country. From the Telegram FAQ

Again, this is just what they claim. Doesn't mean they don't read chats because they feel like it. And this doesn't mean that they won't cooperate with other entities in the future. Or that the keys won't get leaked.

Your data being encrypted is pointless if it's stored one someone else's servers, and they have the keys to it.

"several court orders from different jurisdictions are required to force us to give up any data"

How can we as users be certain that they wouldn't decrypt our chats anyway, contrary to their stated policy?

As long as they have the technical capacity to decrypt my chats, I wouldn't feel secure on their platform, no matter what they say.

IMO it's a reasonable trade-off for general use as a chat platform with public groups and all, you can use secret chats if you really want to be confident in your privacy. Maybe they could add support for end-to-end encrypted groups though.
If we are going with a conspiracy theory that whatsapp deliberately included a buffer overrun bug as a backdoor... then why the heck would we trust telegram about this?
Telegram's clients are open source with verifiable builds. Sure, the back-end software isn't open source, but it's at least safer than WhatsApp.
Why?

I see no reason why open source helps here. Closed source clients aren't black boxes. You can examine the bytecode. You can decompile the binaries.

I see no reason why a conspiracy dedicated enough to hide a backdoor as a buffer overrun wouldn't also be capable of making the Telegram server store key material in a single country to make it available to legal requests (since, as you say. the back-end software isn't open source).

> I see no reason why open source helps here

Open source doesn't make things automatically secure, but one can't argue that it isn't much easier to inspect.

I really can.

Bytecode is basically the same as source. Decompiled binaries are harder to read, but there are oodles of professionals who are very skilled at reading decompiled code. The actual structure of the program itself plays (to me) a much bigger role in the auditability of a system.

Open source code is much easier easier to inspect than compiled bytecode, no matter how you look at it.
What about Signal?
Still trusted by both left coast technolibertariananarchists and Republicans in DC.
"Telegram is banned in Russia"

Really? I just went there recently, and nearly everyone used Telegram as their primary messaging application (other than Instagram)

Really. It's a constant fight between Telegram and the not-so-great Russian Firewall. There are actually public channels you can join in Telegram that run a tally of Telegram IPs blocked by Roskomnodzor.
We even had a speaker advertise a telegram channel for everyone I was there with to talk to each other, and the Russian audience laughed to his amusement. I didn't get the joke; kind of funny now.

I still never ended up using it, have too many messaging apps as it is. It's really sad how much that can limit staying in touch with international friends though.

I like Matrix+Riot.im, especially as a Slack killer and as a self-hosted option.

But in terms of getting less technical people on board (frankly, often the sort to go to WA anyhow), I deeply suggest Signal.

It's my understanding that one reason people like Telegram is unlike Signal, you can use a username and hide your phone number. (Please correct me if this is incorrect, I don't know anyone who uses it so I stick to Signal)

Signal is the gold standard for confidentiality, but forcing folks to disclose a phone number as a primary identifier has privacy issues.

I use both telegram and signal and I find that the general user experience (syncing chats across devices, bots, rich media types) is better in telegram, at the expense of privacy.
Telegram also has native, non-Electron apps, for many platforms, could it be an advantage? It also has convenient public chats and "channels" (microblogs). It has support for proxy servers, allows sharing proxy servers and has traffic obfuscation which Signal (I assume) doesn't have.

But for me Telegram and Signal are equally insecure because they don't allow anonymous accounts without a phone number. Using phone number for authentication is insecure because it is very easy to intercept SMS messages, especially if you are a telecom or the government. You better avoid using such messengers and not support them unless you want to provide your ID in future for registration on any website.

Telegram supports two-step verification with a password. As long as you have that enabled, your account can't be hacked with SMS interception.
The native apps certainly help… Signal’s desktop app is pure afterthought and it shows.

The other thing is that Telegram is just far more feature rich. It feels like what you’d like expect from a modern messaging app.

Perhaps the most unfortunate thing about this all, though, is that third party devs can’t make their own Signal clients to try to improve the situation. If you want to use Signal, you have to take it with all of its warts, and that’s a hard sell.

They mostly ban content for Apple users because of Appstore restrictions. And they ban Isis group chats which is a good thing in my book.
Better use P2P chat groups like Tox or Retroshare
Last I tried WhatsApp it refused to let me use it without giving it access to my entire contact list. Even when “giving it access” to a blank list via PrivacyGuard, I couldn’t see a way to add a contact manually. That was a deal breaker for me.
That's hardly surprising.

Contact list access is literally THE thing that makes WhatsApp valuable to Facebook. You lock down that and they are now staring at a massive hosting bill with nothing in return.

I think that the actual discussion's metadata is more valuable that the contact list itself.

Knowing that I discuss everyday with X, is more interesting than to know that I somehow have the phone number of A,B,C,D...X,Y,Z.

But yeah I agree that's not surprising. When I personnally hit this issue I was like "ain't that a good old facebook product behind all that fresh paint"

I think this helps prevent spamming, If I could add anyone manually, spamming a set of random phone numbers would be easy.
I was willing to let it have my phone number, which is the thing that would cut down spamming (as a hard-to-generate-in-bulk identifier). I just wasn't willing to give it my contact list.
On the contrary; having to type each in Whatsapp is much harder than just bulk importing to Android contacts, which you can do by the thousands at once.
You used to be able to set up different user profiles on Android - I set one up just for WhatsApp, and only WhatsApp contacts went in it.

I am dismayed to find that my new Android phone no longer has this feature, except as part of some bullshit "work profile" nonsense that apparently isn't possible for me to set up by myself, on my own phone. "You'll need a code from your IT admin", I'm told, and "a management tool will be downloaded and used by your IT admin to manage your work profile". Great.

Yeah. My approach has been to ask others to add me instead. If I ever meet another privacy-minded friend, I guess we'll just use Signal instead.
Same. I had a visiting relative from overseas who needed to contact me and WhatsApp was their only means, but despite installing the thing and using my Google Voice Number to register, the thing refused to let me do anything without giving the thing carte blanche access to my contacts. No thanks. I had to ask my spouse to use her existing WhatsApp profile to contact the number.

There's zero technical reason why I can't have a silo'd list of contacts WITHIN WhatsApp. Facebook knows it. Fuck them.

> Had Jeff Bezos relied on Telegram instead of WhatsApp, he wouldn't have been blackmailed by people who compromised his communications

You can have a healthy debate about whether Telegram is a better option than WhatsApp for the average Joe (I don't think it is, but that's just my opinion). Jeff Bezos is not the average Joe.

The idea Telegram somehow offers people like Bezos more protection than WhatsApp from nation state attacks is crazy. Pavel Durov is irresponsible for suggesting otherwise.

If you're a Bezos level target and Saudi Arabia wants your messages to blackmail you, they will get them. This is a country with effectively unlimited resources and no moral qualms. The app you're using is irrelevant.

President of Ecuador was forced to give up Julian Assange because he was blackmailed using content from conversations he had with his relatives in Telegram. This makes me think that Telegram is not as safe as it tries to appear. At least there's a backdoor for CIA/USA government.
Do you have a source on that? I couldn't google anything useful.
https://defend.wikileaks.org/2019/04/03/ecuador-twists-embar...

I found this, I think that’s what is being referred to.

Yeah I've found that too but it's quite thin. This inapapers.org link strangely links to facebook. Don't know what to think about that. Especially with all the other sources for data mentioned there I'd assume they had control of the device not really access to the apps.
Yes, but I doubt there's will be anything more substantial. It's kind of information that is only useful if kept secret. If everybody starts to distrust some IM network because there's a proof that it's wiretapped, people will start using something else.
Wow!

Citation?

https://defend.wikileaks.org/2019/04/03/ecuador-twists-embar...

I found this, I think that’s what is being referred to.

The only mentions of Telegram on that page also mention WhatsApp right next to it. I’d love to read more about the alleged Telegram hack/leak but this link does not appear to be a source for the accusations levelled upthread.
Also, his phone can be hacked. After Snowden revelations I do not trust any piece of electronic equipment. I don't worry because I don't believe any privacy is possible in contemporary society. Every device has tons of bugs. Every application I use phones multiple networks gathering facts about me.

Just yesterday I've visited Off-facebook activity and was very surprised to find there information that I though nobody could trace back to me. And I believe it's only tip of an iceberg. Probably there wasn't even direct wiretapping - it was guessed by comparing some patterns of my checkins or pages I've browsed.

Still, I don't believe Telegram and Pavel Durov. Also, the first story I've read about this case mentioned only Telegram. I'm not sure I can find it now - it was almost one year ago - it's long gone from my browsing history.

At least WhatsApp has End to End encryption by default. I would be surprised if more than 1% of Telegram communications were similarly secure. I also find the constant mention of the vulns being "backdoors" disingenuous.

I'm a big fan of Telegram for its top notch bot support, but I'm flagging this submission.

No point having E2EE if you can just ask for the history of all chats from the application.

Not saying telegram is better. But this is a common use-case for whatsapp. (Whatsapp web transports all history).

So the E2EE argument is disingenuous if the client is closed imo.

No it doesn't. Your chats are on your phone. If you activate WhatsApp on another phone without having backed up your chats you will lose them.
If you activate WhatsApp on another phone while your first phone is still active and you open both apps it will copy them over, but that wasn’t the point I was making.

The case for whatsapp web is absolutely true- and you can’t say that it 100% doesn’t have any remote admin features, because it’s closed.

EDIT: I'd like to clarify; many people's reasoning seems to be:

"Whatsapp == Signal" && "Signal > *"

But that's not at all true.

> If you activate WhatsApp on another phone while your first phone is still active and you open both apps it will copy them over, but that wasn’t the point I was making.

To my knowledge, that's not true. But even if true, that doesn't mean e2e encryption isn't in effect.

---

> The case for whatsapp web is absolutely true

The web interface is completely driven by your phone, acting as a remote control and WhatsApp still doesn't have access to your conversations.

https://signal.org uses the exact same model and it's open source, so you can review it.

It is true that WhatsApp being proprietary, Facebook could insert local content scanners that bypasses e2e encryption. Which they actually threatened to do in the past, not sure what the status of that is.

But in spite of this, WhatsApp is still much better than any other service that doesn't do e2e encryption by default. Yes, I'd prefer Signal.org personally, but it's not what my acquaintances use ¯\_(ツ)_/¯

And I'll never use Telegram, unless it reaches FB Messenger levels of popularity.

You can review for Signal, but you can't for WhatsApp. which is VERY concerning.
> To my knowledge, that's not true. But even if true, that doesn't mean e2e encryption isn't in effect.

It's not true. I just recently switched phones. If you activate your phone on the app, you can't use the app on your previous phone without authenticating again, and it only shows your local history. I lost all my history when moving phones, as I chose not to back up my messages (who would?).

> I lost all my history when moving phones, as I chose not to back up my messages (who would?).

The trick is to use the local backup option (it's encrypted with a key from the whatsapp servers, but all the files are kept on your device), and use syncthing to copy the whole folder structure (containing the backup and the media) to the new phone before installing whatsapp. When first run, the whatsapp client detects the presence of that backup, asks whether you want to use it, gets the key from the whatsapp servers (after you authenticate your account), and restores the backup.

(By the way, Signal can do the same trick, but it's slightly less user-friendly: the encryption key does not come from the signal servers, it's a sequence of numbers you have to write down and type on the new phone.)

> The web interface is completely driven by your phone, acting as a remote control and WhatsApp still doesn't have access to your conversations.

> https://signal.org uses the exact same model and it's open source, so you can review it.

To be clear, Signal's desktop interface does not work like WhatsApp's web interface: Signal is not completely driven by your phone. Signal Desktop can still send and receive messages even if the phone it is tied to is completely off.

I might have misunderstood what you're trying to say, but wanted to clarify this.

> If you activate WhatsApp on another phone while your first phone is still active and you open both apps it will copy them over,

This is not true on Android. You cannot activate WhatsApp on 2 phones at once. If you try, the first will instantly deactivate and will not do any copying of messages. Message restore is from Google Drive backups. There is also a way to backup to a file, but it's an unsupported hack.

It is also not true across Android -> iOS, as I just made the switch and experienced the same thing.
Allegedly*.

Since both client and server side are proprietary, it can't be proven that the OpenWhisper implementation wasn't tampered with. and it's very disheartening to see Signal licking WhatsApp's metaphorical feet every step of the way.

Open source isn't magic. Closed source isn't a black box.

Reading bytecode is trivial. Reading decompiled binaries is even not so bad. Hiding some tampering of the protocol in closed source clients is not that much easier than hiding it in open source clients. Especially if tens of thousands of engineers have access to the whatsapp source and change history and a deliberate backdoor would be international news.

Have you seen sources of WhatsApp?

Do you trust claims made by Facebook about privacy and encryption?

> Do you trust claims made by Facebook about privacy and encryption?

I trust facebook that when they say something is E2E encrypted, it really is (except in the case of targeted attacks). If it weren't, I would expect an internal whistleblower to very quickly report it.

End to end encryption has its disadvantages. If only 1% of communications use it then in only 1% of communications require the users consider it necessary and worth it. And there's nothing wrong with that.
The problem is that many users think they are using E2E, because that's what Telegram advertises. Those people needed security, and looked for it, and are now vulnerable.

Besides, security and privacy should be the default. It's not like the user experience of WhatsApp is drastically worse for having E2E.

> The problem is that many users think they are using E2E

Source, please.

> Besides, security and privacy should be the default.

Not at the cost of usability and freedom. Especially considering E2E encryption isn't necessary to protect against the attackers most people can expect.

> It's not like the user experience of WhatsApp is drastically worse for having E2E.

It absolutely is. WhatsApp doesn't even allow you to use multiple devices!

>> It's not like the user experience of WhatsApp is drastically worse for having E2E.

> It absolutely is. WhatsApp doesn't even allow you to use multiple devices!

I'm pretty sure you couldn't use multiple devices before they implemented E2E.

By the way, how does E2E cost freedom?

It doesn't, I conflated Signal/WhatsApp and E2E. Sorry.
He keeps referring to the video encoding vulnerability in WhatsApp as a "backdoor". That is not supported by the source[1] he cites, which instead refers it to as run-of-the-mill buffer overflow vulnerability. There is massive difference here - backdoor implies something that was planted purposefully. Extraordinary claims require extraordinary proof.

I don't think this post is fair in its assessment and seems more like an advertisement for Telegram, which itself has its own security issues (like lacking E2E encryption by default and terrible[2] code quality).

1: https://www.techspot.com/news/82843-hackers-can-use-whatsapp...

2: https://www.reddit.com/r/androiddev/comments/cazz4h/why_tele...

“Extraordinary claims require extraordinary proof”

As an aside, this isn’t true. There are many things right in front of us that we dismiss routinely, and “everyone knows” these things are extraordinary/insane/wrong and so on. Usually, if you spend the time to learn about such things you can discover that they’re very normal and provable, you just have to go against the crowd. That’s different from needing extraordinary evidence.

Primarily this seems to be due to disinformation efforts and plain old human biases.

It probably isn't, but I don't think we can know whether it was on purpose or not.

If I had to put a backdoor in something, it'd definitely be a buffer overflow. It gives full remote code execution, it may be hard enough to find to be NOBUS, and it has perfect plausible deniability.

Never attribute to malice that which can be adequately explained by stupidity. So - yes, possible in theory, but quite unlikely.
"Never" seems a bit much, if you accept the premise that all backdoors would be made to look like accidential security flaws.

But since there are probably a lot more accidential security flaws than backdoors, I agree that erring on the side of stupidity is justified.

The huge majority of applications with any c++ code have some sort of memory safety vulnerability. Codecs are a classic place where this shows up all the time. Why would this vuln out of the literally gazillions of similar vulns be considered a backdoor?
The underhanded C contest has many examples of malicious code that appear like plausible bugs. An intentional but rare buffer overflow would be a perfect backdoor.
Why using Telegram is Dangerous?

E2E is not by default and terrible UX to make people think they have secure communication

The one thing that made me quit WhatsApp was a few years ago when it got bought by facebook.
The whole article is disingenuous:

- This kind of vulnerability could happen in any app, including Telegram (similar issue also happened in the past with iMessage)

- WhatsApp conversations are all end-to-end encrypted by default, Telegram does not (have to explicitely create "secret chat")

- If this vulnerability used privilege escalation to access some data outside WhatsApp, iOS indeed had additional vulnerability (and Android too)

There is no way to prove WhatsApp didn't tamper with OpenWhisper internally.
Even if they did, it would just mean that Facebook (WhatsApp's parent company) could now see your messages, but that is still no worse than the default Telegram setting, which guarantees that the company will be able to decrypt your messages. And what prevents Telegram from tampering with their own end-to-end encryption for the binary they upload to app stores? Hardly anyone compiles their own apps if they can download it from a convenient app store instead.
Telegram clients are open source and have reproducible builds. There is so much FUD being spread in the comments here which could probably be resolved by sticking your HN comment directly into your search engine of choice.

https://core.telegram.org/reproducible-builds

They started having reproducible builds since the start of this month, when they released v5.13, and I admit that I had not checked to see if it had changed since the last time I looked.

However, this still lets Telegram decrypt people's messages (on the default setting), which makes it less secure than WhatsApp and Signal.

The article itself is riddled with FUD about WhatsApp, and the author has written similar FUD/unfounded claims before.

1. https://www.independent.co.uk/life-style/gadgets-and-tech/ne...

2. https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15

FUD "against" proprietary software is pretty much the "reverse racism" of technology.

Again, there is no proof OpenWhisper wasn't tampered with. It'd take WhatsApp becoming Free Software and having independent audits to be reliable as a communications platform. Suspiscion is but a matter of survival, and chances will continue to be usually against the most vulnerable party: the users.

Why would it need to be Free? Surely a license for modifying the code has exactly nothing to do with being able to audit it. They could distribute the source in a different manner if you really really really need to be able to see it in order to audit it (professionals don't).
There's no way to prove that any client hasn't tampered with a protocol. Halting problem and all that.

But reading closed source code isn't hard. Most of whatsapp on android is implemented in dalvik bytecode, which is basically like reading source without good names or comments. And there are piles of professionals who are very skilled at reading decompiled binaries for the native code in the app. The idea that oss code is easy to verify and closed source code is impossible to verify is just bogus.

In Italy fake news about the corona virus are spreading like a bushfire on the platform, thanks to the broadcast features and the utter absence of any possible moderation on something Facebook turned into a proto-social network. That’s really why using whatsapp is dangerous.
This is an interesting consideration - but it seems to be much more "why democracy won't work" than anything to do with specific communication platforms.

If everyone was on matrix, with solid end-to-end encryption, surely that problem would be equally bad?

Lack of trust, lack of authoritative sources that can be trusted; that's different to having secure mass communication means.

Why is this downvoted? The spread of fake news through Whatsapp is a real issue in many countries
I don’t know, I just stated a fact. Also, WhatsApp is worse than other messaging apps because of many social-style features Facebook introduced to prioritize interaction metrics, such as stories, on a platform born to br based on peer-to-peer and get-to-know trust.
Clegg is presumably referring to the fact that the Saudis had access to data from Bezos's phone that the WhatsApp app itself did not have, indicating a privilege escalation (iOS issue) in addition to the RCE (WhatsApp issue).
Reading this article, I was thinking that Durov was really over-exagerating when saying that WhatsApp plant backdoors, while it was simply security flaws.

But then I looked at the flaws, and that definitely raises questions. At least two of the flaws are in mp4 parsing done by WhatsApp itself, while both Android and iOS provide hardened platform tools for that.

There are two reasons you would want to do that:

- Increase security. Yeah that's a bit paradoxal considering what I said before, but it is possible you could want to do that, because Android devices are barely updated, and even though the mp4 parsing is hardened, there are known not fixed flaws on many devices. If that was the intent, then the very first thing they would have done, is have this run inside a dedicated sandboxed process (Android allows that pretty easily), with no access to either the data or the internet. Or they could have written it in a managed language, where the worst case of failed parsing is crashing/DoS-ing. Or they could do it in rust of course :-)

- Increase compatibility with a wider range of mp4 files. As far as I know, mp4 support of those platforms should be good enough for most cases, but ok, let's say such a case exist, that means that they don't actually care about the security. As Durov say, they are using "end-to-end encryption" to say they are secured, but don't seem to care much past that.

I'm still not convinced those are actual purpose-built backdoors, but I will at least agree that security doesn't seem to be a core value of WhatsApp.

Video decoding ability on Android devices varies widely device to device, and on some devices if you try to play a video it is incapable of playing, you have no way to know the user is looking at a blank screen. On a few devices, trying to play a bad file even results in an instant device reboot. You 100% don't want to be sticking untrusted data into the platform media api's, and in fact I'd caution against using them at all unless power usage is so important you need hardware accelerated decodes.

Considering that, I can completely see why WhatsApp decided to bundle their own libraries.

In my understanding, they are using only mp4 files, and control the mp4 writers, so they should be fine with most devices' Android MediaPlayer.

Though yeah, I'd personally rather go to ExoPlayer to have a managed, maintained solution that already contains most fucked up hardware workarounds you might need. Sure it's not cross-platform, but just define a high-level player api, use iOS' native player, ExoPlayer on Android, vlc on other platforms, and you're good to go.

As for "sticking untrusted data into platform media api's", well the power consumption of reading a video with CPU is absurdly high. You'd be going from 6 hours view time on a standard smartphone to 2 I'd say? You could decide that you value security /that much/. But then if you do, the very first thing to do is to run the player in a dedicated isolated process.

I doubt WhatsApp is doing software video decoding, but if they are, it is all the more ridiculous.

> At least two of the flaws are in mp4 parsing done by WhatsApp itself, while both Android and iOS provide hardened platform tools for that.

I imagine this choice was made at least partly for consistency across platforms, because WhatsApp supports a lot of devices and OS versions. You can use the current apps on Android back to 2.3.7 (2011) and on iOS 8+ (2014).

Until 2018, WhatsApp also ran on BlackBerry 7+ (2011).

This is a case of the pot calling the kettle back, to be honest. Telegram controls encryption keys centrally as well. If you want true end to end encrypted messaging then Signal is the way to go. FWIW, I don’t understand the trend in open source projects to use Telegram for messaging given its closed source / proprietary origins.
I guess it’s a matter of appearance and brand name, in addition to a really straightforward, capable and well documented API.
> Telegram controls encryption keys centrally as well.

Source?

See https://en.wikipedia.org/wiki/Telegram_(software)

“Telegram's security model has received notable criticism by cryptography experts. They criticized the general security model of permanently storing all contacts, messages and media together with their decryption keys on its servers by default and by not enabling end-to-end encryption for messages by default.”

That part does not refer to the E2EE Keys though. The Wikipedia article was also mostly written before MTProto2.
WhatsApp is kind of best digital and I vow for it
> Telegram, an application used by hundreds of millions of people including heads of states and large companies, has had no issues of that severity in the last 6 years.

Sounds misleading no? Should rather say: no issues of that severity "reported" in the last 6 years.

Coincidently, I deleted my Whatsapp account today. Apart from the fact that I can't really judge yet how much more secure Telegram is, I find Telegram also much more usable. Let alone being able to edit messages when swipe-writing words selected totally different words than I had intended. How often did I send a second Whatsapp message just because the first was full of swipe detection errors.
It pains me to read these comments even on HN. Telegram is strictly less secure than Whatsapp. Telegram is not designed with security in mind and if I was a TLA I'd be pretty happy about people using it.
Are all of your friends on Telegram? Were you a member of any Whatsapp group chats?
> I am not exactly an Apple fanboy

Can we stop using "Apple fanboy" as a derogatory term? You insult everyone - every single person - who likes the company. A lot of the times I'm tempted to say "those who don't like Apple's products are tasteless idiots" but I never say that out loud. Nope I don't :) So keep your opinion to yourself.

> A lot of the times I'm tempted to say "those who don't like Apple's products are tasteless idiots"

Wow, you are a real apple fanboy, aren't you.

I tried searching, but couldn't find a good explanation online on the differences between Keybase and Riot, and why one is better than the other. Could anyone help?
Riot is open source. Matrix is an open protocol that is designed to federate so that users on different servers can talk to each other. Is the keybase server open source?
If you can turn a blind eye to the absolute horror show that Whatsapp calls a UI you probably deserve whatever befalls you.

Now I'll plug my friends company as an alternative for secure messaging (and because I like purple UIs) https://www.cyph.com/