500 comments

[ 3.0 ms ] story [ 312 ms ] thread
(comment deleted)
Telegram has always felt like the catch-up of the messenger apps. I don't know a single person who uses it.
Many do. But most use it as a forum software, or to send files, than as a messenger.
i use it for messaging and everyone else i know does too. "most"? any sources?
"Most" was anecdota here.

Oh and I also use it for messaging sometimes. But my main use case is participating in various groups, like in a forum way. And my peer group does the same and I have not met a single person that uses telegram mainly for messaging. Most also have signal or whatsapp for that.

I don't know a single person who doesn't use Telegram.
What country do you live in?
Kazakhstan.
That makes sense, AFAIK Telegram is most popular in the post-Soviet countries.
That in itself is a red flag. Things don't 'just happen' in those places. Don't ask me how I know.
Same In the EU, no ones that's legit uses Telegram, except scammers that you can run into in local "graigslist" website.
"Same in the EU" - but you're actually make an opposite statement than the GP (GP said "everyone i know uses telegram" and you said "nobody uses telegram")
indeed you are right, I did read the opposite for some reason.
I don't know a single person who does.

Yeah, plenty have accounts, but nobody uses it to actually chat.

I use it since 2014 and have felt that it's very performant (more so than Signal or Whatsapp, Messenger, or Viber).

Also, it adds many useful features that other messengers didn't always have and many still don't have, for example Saved Messages, Scheduled Messages, Spoiler Messages, Reply to Message, message formatting (bold, monospace, etc), just to name a few off the top of my head.

Signal has "Scheduled Messages, Spoiler Messages, Reply to Message, message formatting (bold, monospace, etc)". I don't know what Saved Messages are, maybe it doesn't have those.

Oh, and it's end-to-end encrypted by default.

It does, in Signal it's called "Note to Self". I am saying that in general, Telegram is the first to offer such new feautres.
As with any messenger, it depends on countries and regions and groups of people.

Everyone in my friend group is using it.

In terms of functionality, speed, fluidity of the interface everyone is trying to catch up to Telegram. And doing a half-assed job of it

I don't think Signal is even trying tbh
I know a quite a lot of people (including me) who use it as a kinda RSS reader to keep up to date with Russian cyber security threat actors.
?!

Telegram is often praised here for their features that helped them to grow and made people keep using it. Something that Signal should consider doing.

They have 900million monthly active users.

Yes, their app and UX is absolutely delightful.
I don't get this. I'm in the EU and nearly everybody I know has Telegram.

Telegram has a huge advantage versus WhatsApp: it's not Meta. Then the Telegram UI is really excellent.

When you tell people all your friends and family are using it and that's it's not from Facebook, they usually install it on the spot. Then they're hooked.

(comment deleted)
I'm in France and don't know anyone using it.

Except the government, as reported in the news.

Actually the only time I used it it's because I needed to chat with a Russian SaaS personnel.

I know few people who use Telegram either. All my contacts and I use Signal here.
I don't mind WhatsApp being Meta but Telegram is more lightweight and UI is far superior (for instance, ability to edit messages). Unfortunately, most people still use WhatsApp, you can't really avoid using it.
For Russian language content it feels a lot like pre-enshittification internet. You get blogs on all possible topics without ads or "Algorithm". Just read what you subscribed to, in whatever order you want.

I would never trust in with any confidential information though.

This is the most out of touch comment. Everybody is running after telegram, they are innovating all the time. If you want to see what Whatsapp will look like in a year, use telegram now.
Can say the same for Viber and to a lesser extent Whatsapp. Not to mention Signal. I'd guess popular IRC servers have more real users than Signal.
A nitter instance that still works? What is this sorcery?
Lack of widespread use most likely. Maybe some people put Nitter on their personal user account and it works until it has too many users.
Nitter still works if you configure the instance to use valid accounts.
* enough valid accounts. If the instance gets popular, you're going to need hundreds of them to get past rate limits according to the announcements some time ago (maybe the rate limits have changed though)
Signal has reproducible builds for android now? Why not f-droid then, too?
Signal's definition of "reproducible" meant for quite a while "download this binary docker image and build Signal inside of it". I don't know if that has changed since.

Signal rejects F-Droid for a different reason, though: They only want to distribute through channels where they get download statistics and control update rollouts.

Hm f-droid provides privacy friendly https://fdroid.gitlab.io/metrics/ for some time now.

I'm not sure what sort of "control" they have over the Play Store compared to f-droid, but I'd rather have a trusted 3rd party do the building transparently and verifyable.

F-Droid uses a package maintainer-esque process where the maintainers of F-Droid can intervene and prevent an update to an app from reaching users if it's deemed to be malicious or to add anti-features.

It's of particularly high need on mobile since popular apps, even those who were originally FOSS, are sold to scummy publishers who fill it with ads and subscription schemes (oft called anti-features, since removing them could be seen as a feature in and of itself), ruining the original. You can't really trust mobile app devs because the track record is downright awful. Recently that happened with the "Simple" collection of apps, where the Play Store version got filled with junk but the F-Droid maintainer froze the version and marked the apps as outdated since nobody could conceivably want the new versions.

Of course, that strokes poorly with developers who a. don't want to deal with potential third parties in their distribution chain rejecting their updates or b. are planning to add anti-features to their apps later down the line. With signal, I'm gonna guess it's mainly a; the Play Stores checks and balances are much less invasive than the sort of thing an F-Droid maintainer might check for. (As I understand it, Google Plays checks mostly are anti-exploit and keyword scans.)

> where the maintainers of F-Droid can intervene and prevent an update to an app from reaching users if it's deemed to be malicious

That sounds like a feature you want when using FOSS.

Imagine distros wouldn't have been able to intervene quickly and malicious xz would be still deployed through their channels just because the authors want to.

Oh yeah, it's an absolutely wonderful feature. F-Droid is pretty much the main app store I'd recommend to get "the basics" from if you're ever in the unfortunate position of having to manage the mobile devices of family members. Having a maintainer "on the lookout" gives so much peace of mind. Not suddenly having the gallery app turn into a data collection machine and baiting less tech-savvy people into vaguely defined subscriptions is a value that's too good not to pass up on.

FOSS isn't really the important part for me there; it's nice, but the real value is that F-Droid is pretty much the only app store that has some reckoning on how the relationship between mobile devs and mobile customers should be far more adversarial than on any other platform due to the poor track record of mobile devs and empowers users to be able to deal with that in a way that restores some degrees of trust.

It's a fucking shame there's not an equivalent on iOS where you can just say "yeah, what you find here can be trusted" and then not have that gets polluted a year down the line. Apple used to somewhat police the App Store back in the early 2010s for similar peace of mind, but that's not the case anymore.

> With signal, I'm gonna guess it's mainly a; the Play Stores checks and balances are much less invasive than the sort of thing an F-Droid maintainer might check for. (As I understand it, Google Plays checks mostly are anti-exploit and keyword scans.)

It might have been b as well – Signal did keep their server code proprietary for many months to add their custom cryptocurrency to it, and added this cryptocurrency for microtransactions into the app as well. There may be many more features like this planned, some of which F-Droid might oppose.

Their problem is that F-Droid releases are signed by F-Droid, not by Signal. This way F-Droid could potentially insert a backdoor in an update.
That's not true tho. f-droid supports (true) https://f-droid.org/en/docs/Reproducible_Builds/ for quite some time now. Those are signed by both, f-droid and the author.
> This way F-Droid could potentially insert a backdoor in an update.

Google requires app developers on play store to give goole the keys that enable google to insert backdoors in any release. I can't trust anything on the play store for this reason. There is no way to tell which apps have been backdoored by google for whatever reason (the usual reason is a NSL).

On Signal vs Telegram:

Telegrams Encryption is off most of the time. They have serverside access to messages. The optional E2E is annoying to use and isnt even available on every platform. For example Tdesktop afaik still has no E2E support. (And has a very brittle software architecture.) You can't register Telegram accounts with the open source client anymore. This should be a non-Discussion.

MG implying that just because other messengers like Whatsapp use Signals encryption scheme does not make them more more trustworthy.

Yes you can verify in a binary if the stuff is implemented well. But if a vendor has control over the update channel or beta rollout features its kinda easy to hide targeted features. Wasn't Whatsapp caught exfiltrating chats in ways that don't involve the normal channel bypassing E2E?

Btw there is no Signal in Fdroid but nowadays there is an accepted by upstream third party implementation. You could separate software and infra vendor. Look at Molly.im

Better to bring non tech folk to Signal than to other messengers that do the same but less protected.

Matrix? Lol!

You can buy "anonymous number" on fragment without using any client and without providing any personal information and use it as much as you can

When signal becomes at least remotely as popular as telegram it will implement same protection to fight against spammers because you can't have free unrestricted registrations and don't drown in spam

Telegram currently makes it as accessible as possible: either use it freely but register using phone number and official app or pay and use anonymously as you want

I just looked at the fragment.com site to see how much such a number costs. The lowest possible bid you can currently make, and that is for an auction that has six days to go, so probably not even the final price, is over 100$. That is an unacceptable price for basic privacy.
Signal is already extremely popular, their anti-spam by default is that you need to get matched to the user's local contact list or the spam becomes an allow/deny prompt. They also require a confirmed phone number and handle registration throttling.
Both services are relatively insecure because they require phone authentication. In the EU at least the number can always be traced back to you if you don't buy specific burner phones.

The level of encryption isn't as important anymore at that point. It is less probable you get into problems by using a service that doesn't know your identity.

> Both services are relatively insecure because they require phone authentication.

That hasn't been the case for Signal for some months: https://signal.org/blog/phone-number-privacy-usernames/

You still require a phone number for sign up for Signal, but your phone number isn't visible to anyone you chat with.

> but your phone number isn't visible to anyone you chat with.

That's irrelevant - the phone number is known to Signal and can be request by law enforcement. And, since it's been made pretty much impossible to buy a SIM in the EU without showing identification [0], this will allow law enforcement to link the account to you.

[0] IIRC the Netherlands is the only country left where you can buy SIMs without ID.

> That's irrelevant - the phone number is known to Signal and can be request by law enforcement.

Maybe I'm missing something here, but if usernames are treated as ephemeral, what's the threat model here?

> That's irrelevant - the phone number is known to Signal and can be request by law enforcement.

So how does this work? Law enforcement asks signal if they have an account for a phone number, signal saying "yes, here's when they created it".

Then what?

"Get me all the numbers which talked to X, including all the numbers".

You won't get the actual plaintext messages, but the contact graph + metadata (timestamps) are pretty sensitive.

Signal doesn't store the graph, nor does it log message timestamps.
How can you know without access to their servers?
> Law enforcement asks signal if they have an account for a phone number, signal saying "yes, here's when they created it".

Law enforcement says that the suspect chatted with some username/told people to contact him by his Signal username, then they go to Signal and request the linked phone number, which is then linked to the ID shown when the card was bought.

This only works as long as the username is active/unchanged. It would probably be better if usernames were never linkable to phone numbers, but if your threat model requires a persistent, non-ephemeral username to remain anonymous when targeted by law enforcement that has access to your telecom records and warrants... that's going to require a pretty high level of opsec.

The UX on usernames in Signal might be non-ideal. It might be helpful to have a toggle that regularly cycles your username if that's important for your threat model.

> [0] IIRC the Netherlands is the only country left where you can buy SIMs without ID.

As far as I know, in Romania you can still buy and activate a prepaid SIM card without having to show your ID. There was an attempt a few years ago to make it mandatory to tie the phone number to an ID, but it was overruled by the Constitutional Court.

(comment deleted)
> That hasn't been the case for Signal for some months

Wrong. Because:

> You still require a phone number for sign up for Signal

So, they have your phone number. What is displayed is irrelevant.

If they have your phone number (which they do), they will have to disclose it for any subpoena/NSL, so they do.

Please see the sibling comments, I feel this has already been addressed.
Anonymity and Encryption aren't flip sides of the same coin, they can be used together or separately, and are orthogonal in lots of use cases.
Ah so that's how Telegram got reproducible iOS builds:

> you need a jailbroken (old) iPhone. And at the end you still can’t verify the whole app. Some files stay encrypted

So basically, it works you just have to bend over backwards to verify that it's truly reproducible.

Woah, people are still doing that thing where they break a post into 10+ tweets?
Of course, it's either that or a png of the text from a text editor or pay for blue check account, neither of which are optimal for most people
(comment deleted)
Telegram is full of scammers. Something something bricks and a glass house.
I've started getting a lot of spam scam messages on Signal as well lately. What's going on with these platforms?
Personally I've never received a scam or spam message on Signal.
I am in a Signal group which has an invite link discoverable on public internet (it's a local OpenStreetMap group). From time to time, a bot joins and proceeds to spam the group's members one-on-one.
The same happens on the Telegram OSM group. Now, the easy and 99% effective mitigation is to make a "bridge group" where you need to click something to join the real deal but changing that would invalidate any existing links.
Isn't it an expected issue with popular services, particularly ones with proper e2e encryption?

Things like WhatsApp and iMessage get scam messages too, and the less visibility the operators have for contents of messages the harder it is to proactively filter out spam.

It feels like any platform that allows for one-way initiation of a conversation is bound to increase in spam as the platform grows in usage (phone calls, email, SMS, various social media, various messengers, etc.).

Do any platforms require that both parties add one another? (And/or allow for restricting an account to such a mode)

e.g. if user123 and user789 wish to communicate, then user123 must add/contact user789 AND user789 must add/contact user123. Until both do so, then nothing happens.

It's more work to legitimately establish contact with someone, but that seems like it pales in comparison to the effort produced by spam/scams.

Same thing with verifying identities. In order to actually establish proper contact with someone, you need to communicate with them via some outside means (ideally in person) in order to establish the connection. Requiring both parties to enter/scan some ID/code/whatever seems like it would only facilitate proper verification (though not guarantee it, of course).

I'm sure that I'm missing something, though. I assume I'm just not familiar enough with these platforms and that some/all of them provide such a feature. It's just odd to me that spam sounds like such a problem when it feels like the above solution would be highly effective and simple to include.

(comment deleted)
Not a huge fan of Signal (phone number requirement [0], crypto push a while ago), but there are worlds between those two, and every time the Telegram CEO makes a post it looks more like a scam than before.

[0]: Yeah, might be changing or has already. Now, after ages.

> phone number requirement. Yeah, might be changing or has already. Now, after ages.

A phone number is still required for registration. As of a few weeks, it's not necessarily communicated to your contacts anymore, which solves a few concerns (but not all).

> crypto push a while ago

I was worried about this, but I use Signal daily and I haven't even noticed anything in the UI about this, it seems like a non event in the end.

The crypto payments have to be manually enabled under Settings -> Payments, which is the correct way to handle such features imo.
FSB vs CIA?

You can check this thread where his claims are debunked https://discuss.privacyguides.net/t/according-to-elon-musk-s...

and who runs privacyguides.net ? the FSB or CIA?
Well... if you scrolled up a bit you would have found https://discuss.privacyguides.net/t/according-to-elon-musk-s... which says Signal isn't great either.
No, it does not.

Let's enumerate the purported problems:

- "Elon Musk said so", which does not matter. - Signal attachments can be viewed by an attacker with local access to the client. This is not Signal's job to protect against. - Signal offers an optional `--no-sandbox` flag which only has security options if enabled on Linux. - Weaknesses in sealed sender. This is the only one that might be an actual problem (two theoretical and one empirical attack, but the latter comes from an 18 page paper that I have not read). But this does not compromise the integrity of the chats, and is not something Telegram improves on.

Given how the posted described the optional `--no-sandbox` flag as "no sandbox on Linux", it's clear that they don't understand anything they're sharing, and they just want to spread FUD.

---

edit: Per discussion below, I was wrong about the `--no-sandbox` flag. It's enabled by default. The risk is that an attacker could figure out how to use Signal to run arbitrary JavaScript. I take back my insult- it was I who did not understand the linked issue.

I still stand by Signal > Telegram. The risk here is that an attacker could figure out how to abuse Signal to run arbitrary Javascript, e.g. through a specially crafted message.

>Given how the posted described the optional `--no-sandbox` flag as "no sandbox on Linux", it's clear that they don't understand anything they're sharing, and they just want to spread FUD.

Could you elaborate as you seem to be more "knowledgeable". This flag is clear at what it does and shouldn't be shipped into production. https://no-sandbox.io/

You can have a look where they specifically chose to force it https://github.com/signalapp/Signal-Desktop/commit/1ca0d8210...

You're right. It seems I am eating my words on that item, the `--no-sandbox` flag does seem to be on in most Linux installs. From context and search, it looks necessary for it to work on Debian.

Can confirm with `cat /usr/share/applications/signal-desktop.desktop`.

This still would require a pretty sophisticated attack to take advantage of, but I wouldn't rule it out as an attack surface. (We regularly see iPhone exploits that attack font and image rendering, after all.)

I'll amend my post given this.

I don't trust either side and having a cryptography expert located in Baltimore, MD trying to prove that the other side is wrong seems just as off as a Russian owner trying to prove the opposite.

In the end it doesn't matter if you are using a smart phone from Apple or Google as your soft-keyboard is such an easy target there is no need to decrypt anything.

Yes, afaik the whole point of all this tech is that it is compromised by design and intended to allow agencies/governments/corporations fine grained access to each individual.

I use both these apps fwiw. I'm under no illusions that anything is really private online.

For what it’s worth, Matt has a pretty damn good track record
[flagged]
We don’t have to trust the board. We have the binaries.
That you cannot verify matches the source code.

Telegram is shady, but the points made has a point. Not having reproducible builds on iOS is disappointing for such a security-critical product.

Would make more sense if it is reproducible builds. Shouldn't we just all switch to matrix clients which use Olm and Megolm cryptographic ratchets and it doesn't rely on one server/one entity.

And looks like it is implemented in Rust:

https://github.com/matrix-org/vodozemac/

The binaries? This sounds like some kind of joke.
It is pretty bad bait, but then this whole thread is a dumpster fire of distraction from any substance.
To follow on, it turned out not only did that stunningly milquetoast comment I made get flagged, but after I made it someone tried to DDoS everything associated with me.

I mean, do these people not know their Shakespeare?

What revelations ?
That the chair of the board believes truth is an inconvenience that stands in the way of getting things done, among other things.

Edit to add: The fact my post got flagged and not merely downvoted is because it hits the nerve way too strongly.

Do you have some sources ?
The internet is pretty good.
(comment deleted)
It’s a Telegram psyop that uses emotion, particularly fear and paranoia, to switch to their shite platform.
It’s also part of Christopher Rufo’s campaign to oust NPR’s new CEO. https://www.bugeyedandshameless.com/p/chris-rufo-katherine-m...
Is it possible to link to primary or neutral secondary sources, rather than hatchet-jobs?
That’s what the underlined bits throughout are, including to Rufo’s own tweets.

But here, primary: https://christopherrufo.com/p/the-zen-koans-of-npr

> This week, I have been engaged in a campaign to expose NPR’s new CEO, Katherine Maher, and her anti-speech, anti-truth philosophy.

How can we be sure it’s not the other way around? Are we supposed to just trust everything we read on Twitter (X) now?
Given the location of Telegram's servers (Dubai), and the nature of the government (neutral dictatorship) and the lack of encryption, my default assumption would be that not only are they selling access to your data to major governments, they've probably even streamlined the bidding process.
Yep. The magic of "you could turn on encryption" is that nearly all people using it won't.

"Ah, but if you need encryption then you'll..." - well, two things now. Suddenly you're the person who has encryption switched on. And also more likely, someone they talk to will forget to switch it on and just blab everything into cleartext anyway.

The entire importance of Signal's model is that it is always encrypted. It's why LetsEncrypt is also important: to have effective security you need to be able to hide in the crowd. If encryption usage is rare, then who's using it itself (or suddenly starts using it) becomes an extremely valuable datapoint.

(so I'd add: Telegram absolutely sell timeline details of which user accounts change their frequency of encrypted chat usage).

Addressing only one point, not your main one which I agree with:

> And also more likely, someone they talk to will forget to switch it on and just blab everything into cleartext anyway.

I expect that if you enable a Telegram Secret Chat with Bob, Bob cannot unilaterally un-secret it. I would be very surprised if that was the case.

Of course Bob can then share the contents with Carol via an un-encrypted channel. But every encrypted channel has that weakness.

Last I used Telegram, creating an e2ee chat with someone added an encrypted chat in addition to the unencrypted chat. This means if your not careful in which chat with a single person a message is sent to it's easy to accidentally send unencrypted data.

I'd guess this is possible because Telegram e2ee chats aren't multi-device capable, so it's necessary to be able to use unencrypted chats while using Telegram on something else than the phone with e2e.

Both Russians and Ukrainians use Telegram, including confidential messaging with their agents on the foreign territory. So that's a prove enough for me, that it's safe enough.
"including confidential messaging with their agents on the foreign territory"

Possible, as many ridiculous things happened around the whole war. (Recently german generals on a video chat were targeted by the russians, wasn't too hard, they did not use any encyption at all)

Sources would be nice though.

But it really would not be a reason for me to trust telegrams security.

Rather a confirmation again, that also secret services can show great incompetence.

> Recently german generals on a video chat were targeted by the russians, wasn't too hard, they did not use any encyption at all

They used Webex. Doesn't Webex use any encryption at all?

It can use encryption. But they choose not to for probably lazy reasons. Which is bad for normal persons, even worse for generals who should lead by example - and ridiculous for generals with an background in IT who really should know better. But as far as I know, there were no real consequences so apparently it was not such a big deal.

https://en.m.wikipedia.org/wiki/German_Taurus_leak

Which bits of this war scream “good judgement and opsec” to you?

https://www.nytimes.com/2023/01/04/world/europe/ukraine-russ...

> Ukrainian artillery targets Russian soldiers by pinpointing their phone signals. Despite the deadly results, Russian troops keep defying a ban on cellphone use near the front.

You're scared, likely to die face down in the mud. Would a little higher chance of death be worth completely cutting yourself of from your family?
The part where they make up stories about the other side doing dumb shit in order to boost/maintain their team's morale.

It's especially critical to drip-feed feel good news when you losing.

I mean, the Russian Ministry of Defense admits it.

> “It is already clear that the main reason of what took place included the massive use, contrary to the ban, of personal mobile phones in the range of enemy weapons,” the Russian Defense Ministry said in a statement. The cellphone data allowed Ukraine, it said, to “determine the coordinates of the location of military service members to inflict a rocket strike.”

It's not about ordinary soldiers. It's about special services agents contacting their "partisans" agents, while other side special services trying to catch them. They're supposed to apply best security possible in the given circumstances.

If you claim that neither Russian, nor Ukrainian special services are competent, I'd disagree with you.

How do we know that Russian and Ukrainian special services agents use telegram? Is that confirmed somewhere?
Sounds like another part of the product, so you just pay for the other side not being able to snoop on you.
I would guess that those two would turn encryption on?

IDK, the whole anti-Signal post really makes me suspicious of Telegram whereas I wasn't really before. Are trying to be the universal honeypot for agencies?

isn’t telegram the one that uses a wonky/sus custom encryption algorithm?

https://words.filippo.io/dispatches/telegram-ecdh/

They rectified that around the time it surfaced.

If you follow the discourse, the crypto quality is no longer brought up in factual Telegram-to-Signal comparisons, except as low-effort swipes at Telegram's general credibility.

Well, if you think that AES-256 that MTProto uses[1] is some wonky algorithm...

[1] https://core.telegram.org/mtproto

Going from "AES is safe" to "Any protocol that uses AES is safe" is the kind of leap that will ban you from any cryptography work
GP was talking encryption, not protocol. Randomly changing topics will get you banned from any crypto work too.
Because saying "AES" is enough to talk about encryption ? Nothing else is involved ? Because if we're going in this direction everyone should just use XORs for encrypting and everything would be fine, and the rest would be implementation details.
So the entire argument for "Telegram isn’t a secure messenger, full stop." is that E2EE is opt-in?

If that's all there is to it, then the opinion is rather weak.

edit: maybe post a comment in addition to pressing the downbutton. I'm curious what's so problematic about what I've said.

Defaults are important because (very) many people don't change them.
It's not just opt-in, it's a non-default option you have to actively seek out and enable with every new conversation you start. So yes, by default, without additional steps taken, telegram is not e2e encrypted.
"Non-default option" is exactly what "opt-in" means, no?
You can opt in to something and then have it enabled by default. Not so with e2ee in Telegram.
The non-standard crypto was also problematic, at least initially. Furthermore, as outlined, the claims on reproducible builds vis-a-vis Signal are debatable - both provide them on Android, neither satisfactorily on iOS.
I'd guess telegram can be secure if used correctly but the fact that their desktop client doesn't support secret chats at all feels weird. It has been one of the most requested features but they seem to have no interest in implementing it and have closed the issue on github.
Life will be much more boring if we cannot find humour even in the most boring things.

So, it's good that the personal involvement of the illustrious Elon turns even obvious political influence operations into a circus with talking horses and scary clowns.

It's good :)

This is a response to the following post from Telegram creator Durov

https://t.me/durov/274

- "I don't like where one of their board worked" (find someone high up in the cryptography ecosystem who hasn't been involved in this sort of thing somewhere in their career)

- "I don't like where their funding comes from" (US govt regularly funds secure software because they depend on it for their own operations, see: Tor)

- "An alarming number of people think their chats were leaked". It's easy to state things without sources. Also an alarming number of people think Facebook listens to them through their phones' mic. People are bad at opsec. Not news.

- "No reproducible builds. They closed a GitHub request from the community." Well, except Android is reproducible, and they explicitly state on that closed issue that they don't do feature requests via GitHub and asked the reporter to raise in the proper channel.

- "Telegram is the only service with reproducible builds". Telegram barely has encrypted chats, reproduce all you like, that doesn't make the chats secure. Signal has E2E encryption and verifiable builds for Android, that's a strictly better security position.

> An alarming number of people think their chats were leaked

Easily explained by direct access to the phone or Pegasus (or Pegasus-like) spyware. Both of which Telegram is also vulnerable to.

There seems to be a concerted effort to discredit Matthew's claims. Even here on HN. I find this suspicious. The Signal protocol has been heavily audited by many different people from many different countries. It's usually found to be sound. The telegram protocol has been found to have issues that are, if not malicious, amateur level mistakes.

Once again, this is not my opinion. This is the result of independent auditors who have no affiliation with either the USA or Russia.

There are positives to the UI of Telegram, there are negatives to the UI of Signal. None of these has much to do with the underlying protocol of either.

Personally I'd rather we all put our collective efforts into something like the protocol suggested by Matrix, but if only given the choice of Telegram or Signal, I'd avoid Telegram like the plague. They are either malicious or amateur. Either one isn't a good choice for security.

Eh, split any important message into pieces, put a piece each in Signal, WhatsApp, Telegram, Threema, Line, and then the Americans, Russians, Swiss, and Koreans will each have some parts, but if you're lucky, nobody has all...
I didn't even know Line was still a thing!
At that point you're giving the metadata to everyone. That's not a great thing if you actually care about being protected from all of them.
You can have a secure verified protocol but an insecure implementation of the protocol (the app). Note though that Im not saying that Signal the app is insecure. However I do think that Signal can certainly do more to make itself more transparrent and to accomodate libre 3rd party implementations of their protocol
> The telegram protocol has been found to have issues that are, if not malicious, amateur level mistakes.

Please provide evidence of such issues. Because at most, the issues with MTProto were at the level of "we are not familiar with this, but seems ok". Which seem to be inflated by Signal activists into maliciousness.

You do make bear service here.

From your own link:

> Recently, in [MV21 ] MTProto 2.0 (the current version) was proven secure in a symbolic model, but assuming ideal building blocks and abstracting away all implementation/primitive details.

Translation: it is secure, except for bugs, if any.

That's a generous translation! They were shown to be double-encrypting, using nonces where they weren't required, and generally making a bunch of mistakes that would be fine if they were writing a student level implementation of a secure messenger protocol, but not one that went on to be tacitly endorsed by a bunch of nation states!

It's like a clunkier version of the backdoor in Dual EC DRBG. When problems like this are found, you can either assume deliberate malice (as in the case of NIST) or accidental incompetence. Either should be immediate grounds for not using the software. This isn't Flappy Bird. This is meant to be secure comms. The "This Is Fine" mentality doesn't cut it.

"You do make bear service here."

I'm not sure what this means.

> The meaning of "bear's service" originally comes from a fable about a man and a bear. The bear wanted to help the man by killing a gnat which sat on his forehead. As a result both the gnat and the man died.

Basically, by being proactive you do more damage as if you didn't do anything.

Thanks for the explanation. I'll try to be less proactive, I guess...
Proactive is fine, if you know what is the overall impact.

There's another: proactive idiot is worse than the class enemy[1].

[1] "Class enemy" or "třídní nepřítel" (cz) might be an unknown term in itself - https://en.wikipedia.org/wiki/Enemy_of_the_people#Soviet_Uni...

Ok, apparently I can now reply to this comment... Weird HN delays aside.

I don't care if the people who can decrypt Telegram chats are allied with any one side or another. I believe the idea of "Class enemy" to be abhorrent, and the moral / social threats of "the overall impact" to be negligible when compared to the fact that using compromised communications platforms will inevitably lead to greater problems than the act of calling them out.

This is the equivalent of "You'll keep quiet if you know what's good for you".

If Telegram is broken, certain people need to stop using it. The socio-political climate of the areas most likely to be using Telegram just makes this more urgent. This applies independent of if / how / why it's broken, and who, if anyone, may benefit from this.

Replying to this, as I can't reply to your down-thread reply for some reason.

What if the gnat isn't a gnat? What if the gnat is another man who now knows the communications of the first man? I'm not saying the Bear should kill both, but I'm pointing out that the analogy falls apart when the gnat isn't just a mildly annoying third party.

This is a literal translation of a Russian idiomatic expression.
Or a Polish one. (I guess the expression will be popular across Eastern Europe)

It's funny to see the basic cultural stuff float to the surface in comments like that. Like when there was a large number of "American" accounts some time ago on Twitter responding to financial news, but putting USD after the numbers... (To be clear, I'm not suggesting anything specific about the author here, just that sometimes you see enough opinions about something with the origin "leaking" through the side channel and wonder how organic it is)

It's also common in German ("einen Bärendienst erweisen").
This just seems like a knee-jerk reaction to Durov promoting his own platform as usual, what does Elon Musk have to do with this for example? Is there any evidence that the authorities have ever had access to private conversations? At the end of the day, the issue comes down to the fact that Telegram is such a superior messaging app compared to anything else.
I do not see the demonstration of the way they brake the cryptography ... Maybe they have some interest in that propaganda.