telegram chats are also not end to end encrypted to my knowledge, only the secret chats which have some limitations afaik. and group chats also aren’t encrypted. unless that changed recently. id even trust Whatsapp more than telegram, at least they say they’re end to end encrypted.
Wait, the centralized service that security experts warned for years could be easily compromised because a centralized messaging service is inherently insecure has now been compromised? Surprised Pikachu face
It is. But it is open source and the encryption is solid. All communication data is end-to-end encrypted. They have been subpoenaed before and all they could provide was when the account was first registered and when it was last used. The signal protocol is well documented and open source. The foundation and LLC behind it are registered in California and are run by reputable people.
Telegram is run by shady people, supposedly out of Dubai, while it is registered in the British Virgin Islands. Its clients are also open source, however the encryption, if enabled, is of the home cooked variety, although it was improved over time. Unfortunately it is not enabled by default, you need to enter a „secure chat“ for that, which only works with single contacts, not with groups. Despite having access to everything else, and working like a social media-messenger-hybrid, telegram is very reluctant to get rid of clearly illegal content.
The data is not centralized in the same way, making it slightly better, but yeah. A lot of the same pitfalls of centralization happen there. The whole system doesn’t operate without the corporate servers in the middle, even though they don’t see or store the data. They have total access to Metadata. The organization could be sold for profit, shut down, change terms, etc.
If security is important, you’re better off with something decentralized like matrix. I’m not an expert, so hopefully, a lot of people here who are smarter than me will fact check these statements, but at least those are my impressions.
It is, which is why the comment didn’t advocate for it. Signal has more robust encryption than telegram, but its not zero-trust. They should really be using private hosted services instead of public or pgp, but when battle kicks off you use whatever works and then go back and revise as needed when you’re not dodging bombs.
Was kinda wondering when they were gonna cut the cord, Telegram is likely thoroughly compromised and compromising
I know nothing about cyber security, but it’s funny to me that depending on the time of day these comment sections either mostly criticize Telegram or mostly support it. I have no idea what to believe or whether it’s safe for me to use Telegram.
Tl;dr: big name services are to be avoided as much as possible, but even if I use alternatives like signal, telegram, simplex and such, I wouldn’t say I trust them since they are made by humans, no matter how much the fans defend them.
As far as I’m concerned, no messenger is 100% safe, there will always be one reason or another to suspect a backdoor, man in the middle, your messages being spied inside the server or the host (a remainder that very few people can host their own things for one reason or another), whatever, you name it. It gets increasingly more suspicious the moment multiple people suddenly appear to attack one service and sing praises to another, specially if they ignore your needs or the chances to move that group of people you need inside that new app.
At least we can count on big corpo apps to be compromised, anything meta, tiktok, microsoft, apple or google; nothing to be done about it since most normal people are afraid of improvement and just stick to what they already know.
I use telegram because of how it works (like, it fills my needs); the pretty stuff and the design allowed me to bring my family and some people I know into it. Signal didn’t really had pretty things back then (nowadays I have no idea since all the fans yell at me is about it’s privacy and that I shouldn’t question any further) and was complicated to setup, no way I could bring anyone over.
I’ve been looking into SimpleX but it’s still not where I could convice anyone to jump over… And I would still need use someone else’s host, so I wouldn’t say I trust it completely.
It’s basically a pick your poison kind of thing.
Honestly curious, what was missing on Signal and what was complicated? I can’t even remember the sign up process and never felt I was missing out on features, at least not on features available elsewhere
I’m speaking waaaaay far at the beginning so my mind is foggy as fuck, but there was something about configuration and messages not being sent if the host wasn’t correct, I think you had to configure the host or something, it put away a lot of normal users (with good reason) who only wanted to install an app and talk. Also it had nothing pretty about it, text only in a time when Telegram had gifs, was already adding stickers and shit, so it being complicated and having nothing pretty made it impossible for me to bring normal people into it.
I know it has changed a lot since then, but I stopped paying attention after that and with the time they got super buddy-buddy with meta for a while and how hostile their fanbase is against anything else… I dunno, it left a terrible impression so I rather keep searching for something else, right now I’m waiting for SimpleX to pretty-up so I can attempt to bring people over (it’s gonna take years since they first need to take it to a better state, but so far so good).
I presume this will have zero effect, especially since it includes this huge exemption.
Those who use Telegram “part of their job duties” will not be affected by the move.
