[HappyTypist]

I think this is a good opportunity to plug Signal. Telegram uses a non-standard DIY crypto protocol that already had attacks, its chats are not end to end encrypted by default, and Telegram stores all your messages in the cloud by default while deceptively advertising as a 'private' alternative.

Signal / TextSecure on the other hand is encrypted by default, implements more thoroughly audited cryptography, and is recommended by Edward Snowden and Bruce Schneier.

[spost]

Signal's great.

I don't use it because it doesn't sync chats between devices or have a desktop client.

Full-on e2e is great, and I'd use Signal if it supported my use case, but it doesn't. So I use Telegram instead, as a fast, easy-to-use, grandparent-compatible chat client with sane picture and file-transfer support. The oddball encryption and the fact that it's not end-to-end by default is a downside, but it's better than plaintext and it's actually useful to me, so…

Don't get me wrong, Signal is absolutely the right choice for people who don't need or care about multi-device syncing and only need a mobile client, or people who want the best security they can get. I fully support the widespread adoption of top-tier cryptography, including by people who don't need to protect their communications from global powers. But right now Signal is not (yet?) a one-size-fits-all solution.

[escobar]

There is an unfinished Browser plugin (Chrome) for Signal that has seen quite a bit of activity recently. I am excited at the prospect of being able to use Signal from a desktop, and am hoping that it gets an actual release date in the next year or so. https://github.com/WhisperSystems/Signal-Desktop

[notspanishflu]

Not an option for me. Signal / TextSecure is not available for Ubuntu Phones yet and coding efforts like janimo is doing (1) are only half-cooked by now.

(1) https://github.com/janimo/textsecure-qml

[heitortsergent]

Are there any links that show those pieces of information about Telegram?

[dmix]

Matthew Green (a well regarded cryptographer) summarized it well:

> The UX is nice. The crypto is like being stabbed in the eye with a fork. https://twitter.com/matthew_d_green/status/66668673163526553...

Which pieces of information do you need exactly? You can search HN for 'Telegram', it get's criticized nearly every time it makes headlines. Or just look at Telegram's interface and you'll see that 'secret chat' is not the default option, it's not end-to-end encrypted by default making it marginally more secure than HTTPS.

Signal/TextSecure on the otherhand has been the 'golden child' of the privacy and infosec scenes since it was released and their website has plenty of documentation on their protocol.

[sasvari]

unfortunately it isn't currently possible to use Signal on android without the gapps/google play store installed, which is a deal breaker (I'm not arguing about whether this makes sense or not from the developers' perspective, it's just a fact).

[nibnib]

Why is this a deal breaker for you?