32 comments

[ 0.26 ms ] story [ 80.5 ms ] thread
Finally, been waiting on this for a while. Will be much easier to convince family and friends to make the switch from WhatsApp. Interesting that the recent Apple drama is making its way into the update as well. I really doubt it's Apple being petty after Telegram's CEO attacked them but, considering yesterday's Epic vs Apple debacle, I wouldn't be surprised if this escalates.
> Interesting that the recent Apple drama is making its way into the update as well

The actual scandal to me is that Apple used to be given unfair advantages by developers delaying updates on Android because the iOS version hadn't been approved yet.

> Interesting that the recent Apple drama is making its way into the update as well

Where? I didn't see it. (Is it possible that the blog post was edited after the fact?)

They didn't wait for Apple's approval of the iOS app before releasing the Android app this time.
>Our apps for Android and iOS have reproducible builds, so anyone can verify encryption and confirm that their app uses the exact same open source code that we publish with each update.

This is impressive. I wish also chats on desktop would be end to end encrypted...

And lose message history of messages sent on phone? That would be terrible
No you just share the private key between your mobile and desktop.
Or encrypt the private key by a pin
That seems very easy to bruteforce.
What alternative is there? Its also very easy to loose keys, if your target audience is not hackernews...
It has been my messenger of choice for about 6 of these 7 years and watching its evolution has been pretty cool.

It's grown to be a much wider social platform now than it used to be, but it hasn't distracted from personal chats much. That's pretty amazing! It hasn't even been destroyed by commercial interests yet and my feeling says that Durov will approach commercialization carefully, which gives me hope.

It's definitely one of the nicest IM services around. Well built apps with useful features that look good and are available everywhere. I was never able to get enough of my friend group on it to really make use of it, though.
> It is also possible to independently verify that Telegram apps available on Google Play and App Store are built using the same code that we publish on GitHub.

How does that work exactly? Could anyone give me the steps perhaps? I am honestly curious as to how I can be certain of this.

Is telegram considered trustworthy now?
As far as I gather it is considered socially trustworthy (they will not add spyware to the app like some doubt of Facebook's WhatsApp) but not as technically trustworthy (early on people reported that they received messages of groups they never joined and there is a lot of homebrewd crypto).

personally I care more about the fact that it is an actual possible competitor to big tech in terms if userbase and functionality than it being less secure than signal

I feel like IM is a pick-your-poison kind of deal. Signal is technically superior, but it's UX is laughably bad. Facebook, Microsoft, Google and Apple are cartoonishly evil corporations. Telegram is a bit rough in places, but has to me been the least offensive of the bunch.
Its hands down the smoothest, fastest and most reliable messenger out there. And I don't have to ever worry about losing messages between devices or taking backups.
Signal still exposed your phone number no? When you join groups that is.
Telegram truly has the best UX of all messengers out there; it’s a shame I can’t switch to it because they don’t do E2EE by default. If I’m going to be switching to a new app it will have to be a Matrix (https://matrix.org/) client. Anyone want to work on a Telegram fork that runs on Matrix?
What I don't understand is why the free software movement so often reinvents the wheel, Telegram releases all the code to their UI but any new security focused chat app always starts from the ground up.
I think developers prefer writing code they understand over trying to understand someone else's code. I've taken a look at Telegram's codebase, and replacing the Telegram API with the Matrix API is way harder than it sounds. Telegram wasn't developed with this flexibility in mind, and the Matrix SDK has its own way of doing things.
This. I often end up writing my own libraries because of this reason. Kinda hard to get into other people's minds...
Now if only they had a bot API which wasn't so restrictive...
Running a user bot isn't that difficult
You can tell they had long meetings about the eggplant and peach animations.
When it comes to privacy telegram is not great. The privacy is handled by splitting the cryptographic key in to multiple segments and storing it in servers located at different countries making it harder for any single government to force to provide without involving legal process that has to go-through multiple countries. This sounds not that bad in theory but in practice any developer knows you need the entire key on a single machine to process the data which means every server that processes the data has the entire key and any government can intervene and spy on the message.