Well, it's about the same level of security as other messengers like Facebook Messenger/Skype/..., it has a great robot API, is continuously updated on all platforms, is adding features fast, it has a great GUI, it "just works" everywhere.
Yeah, it's possible to have security like Signal, but then synchronization between devices is PITA and the rate of new features is slow.
It was not done by VK. It was done by Pavel Durov after he escaped from Russia.
> Well, it's about the same level of security as other messengers like Facebook Messenger/Skype/.. [...]
> Yeah, it's possible to have security like Signal [...]
Actually, WhatsApp has implemented Signal's encryption and they worked together with Moxie Marlinspike (the developer of Signal) who verified those claims (or something along these lines. I'm not 100% sure this is how it happened, please take it with a grain of salt). So at least one popular messenger implements security that is better than Telegram.
BTW, if we treat any claims about privacy and security with extreme skepticism (rightfully), then why do we trust Moxie and Facebook without being able to verify their claims? (I'm not saying that Moxie et al. are untrustworthy.)
The skepticism is right. The person leading the charge for "but but Telegram rolled their own crypto, so you shouldn't use it" is actually one of the developers of Signal.
Not a single working proof of concept attack on telegram has been released and no one even claimed to have decrypted a single message.
I'm not saying Telegram is impervious to ever being cracked, but it's certainly not cracked yet or at all proven to be insecure.
Being able to decrypt messages should certainly not be the benchmark you use when evaluating crypto, especially when it comes to rather new protocols. History has shown that severe theoretical issues that cryptographers have been warning against for years (see: CBC and padding oracle attacks) will almost always lead to practical attacks eventually.
Telegram has a number of those weaknesses, and many of its implementation details don't paint a good picture in terms of security either[1].
Can you cite anyone working professionally in cryptography, whose reputation we might be aware of, who has said anything positive about Telegram's crypto? It's not just Moxie Marlinspike criticizing Telegram. Look what Matthew Green has had to say.
In short, "sources do not guarantee anything, and it's better to inspect the binary directly".
About Telegram, there have already been a few papers and so many articles pointing out its obvious security flaws that it is not even worth discussing anymore. Any search engine will return enough results for you to decide whether you should trust Telegram or not.
> Any search engine will return enough results for you to decide whether you should trust Telegram or not.
I think this is a fallacy: if you live your life by "nothing but the safest option" rule you are missing out in a number of ways.
I do not use chat programs for anything that is likely to cause me serious trouble, only for sharing photos with my family, chat with my wife etc.
Telegram is more open source than Whatsapp, isn't owned by Facebook, delivers features faster, has a better desktop client, has a an api and encourages useful bots.
I do use serious crypto when I need it. Where I live I luckily don't need it for photos shared with my family.
MTProto isn't considered secure[0], so I'd rather trust someone (Moxie) who actually developed open source encryption[1] that is considered secure. I'm not blindly following Moxie here but I'd argue that it's in his own interest to only verify correct claims - reputation is your CV in cryptography. Someone actually cracking WhatsApp would be a serious issue for OpenWhisperSystems.
yeah, but it's not cross device. web/desktop clients use your phone to talk to whatsapp's servers, while telegram is actually cross platform with working message sync
>It was not done by VK. It was done by Pavel Durov after he escaped from Russia.
It's Durov's bullshit. Telegram is developed one floor beneath the VK office in Saint-Petersburg, Russia. Moreover, Durov himself often visits the office. Sources: [1] [2]
So yeah, between this and "MTProto is secure" I'm not sure if one can trust any other claim about Telegram's security (like "your chat logs are secure on our servers").
I wondered who is financing Telegram since it's really moving fast and it has no apparent source of revenue; it makes sense that it's even coming from Russian government, since they want alternatives to US-owned services.
2. "Many concerns" only accumulate to one bad default setting (namely end to end encryption opt-in).
People should stop spreading the same FUD over and over, it makes me wonder whether those people posting messages on social media to influence online conversions also post on HN.
Why? It was made by VK (russian Facebook) devs and there are many concerns about its security.