[embik]

> Well, it's about the same level of security as other messengers like Facebook Messenger/Skype/.. [...]

> Yeah, it's possible to have security like Signal [...]

Actually, WhatsApp has implemented Signal's encryption and they worked together with Moxie Marlinspike (the developer of Signal) who verified those claims (or something along these lines. I'm not 100% sure this is how it happened, please take it with a grain of salt). So at least one popular messenger implements security that is better than Telegram.

[sz4kerto]

BTW, if we treat any claims about privacy and security with extreme skepticism (rightfully), then why do we trust Moxie and Facebook without being able to verify their claims? (I'm not saying that Moxie et al. are untrustworthy.)

[skrowl]

The skepticism is right. The person leading the charge for "but but Telegram rolled their own crypto, so you shouldn't use it" is actually one of the developers of Signal.

Not a single working proof of concept attack on telegram has been released and no one even claimed to have decrypted a single message.

I'm not saying Telegram is impervious to ever being cracked, but it's certainly not cracked yet or at all proven to be insecure.

[pfg]

Being able to decrypt messages should certainly not be the benchmark you use when evaluating crypto, especially when it comes to rather new protocols. History has shown that severe theoretical issues that cryptographers have been warning against for years (see: CBC and padding oracle attacks) will almost always lead to practical attacks eventually.

Telegram has a number of those weaknesses, and many of its implementation details don't paint a good picture in terms of security either[1].

[1]: https://twitter.com/matthew_d_green/status/72646884513381171...

[tptacek]

Can you cite anyone working professionally in cryptography, whose reputation we might be aware of, who has said anything positive about Telegram's crypto? It's not just Moxie Marlinspike criticizing Telegram. Look what Matthew Green has had to say.

[hiq]

About e2e encryption in WhatsApp and the fact that it is closed-source software, see this thread for tptacek's views on the topic:

https://news.ycombinator.com/item?id=11432047

In short, "sources do not guarantee anything, and it's better to inspect the binary directly".

About Telegram, there have already been a few papers and so many articles pointing out its obvious security flaws that it is not even worth discussing anymore. Any search engine will return enough results for you to decide whether you should trust Telegram or not.

[reitanqild]

> Any search engine will return enough results for you to decide whether you should trust Telegram or not.

I think this is a fallacy: if you live your life by "nothing but the safest option" rule you are missing out in a number of ways.

I do not use chat programs for anything that is likely to cause me serious trouble, only for sharing photos with my family, chat with my wife etc.

Telegram is more open source than Whatsapp, isn't owned by Facebook, delivers features faster, has a better desktop client, has a an api and encourages useful bots.

I do use serious crypto when I need it. Where I live I luckily don't need it for photos shared with my family.

[lucb1e]

Especially when we have open source alternatives like all Telegram clients that implement MTProto (Telegram's end to end encryption protocol).

[embik]

MTProto isn't considered secure[0], so I'd rather trust someone (Moxie) who actually developed open source encryption[1] that is considered secure. I'm not blindly following Moxie here but I'd argue that it's in his own interest to only verify correct claims - reputation is your CV in cryptography. Someone actually cracking WhatsApp would be a serious issue for OpenWhisperSystems.

[0] https://security.stackexchange.com/questions/49782/is-telegr...

[1] https://github.com/WhisperSystems/libsignal-protocol-c

[sz4kerto]

So you trust a person's word (believing that telling the truth is in his interest) more than an open client? I'd really like Telegram to implement something that _is_ considered secure by many experts, but trusting _one_ experts word without any proof seems wrong to me.

> Someone actually cracking WhatsApp would be a serious issue for OpenWhisperSystems.

Why can't you imagine that e.g. Moxie has been blackmailed/etc. by some government authority? Again, I have no problem with Moxie's person in particular, I'm sure he would also agree that a single persons claims should not be trusted automatically.

[embik]

> I'd really like Telegram to implement something that _is_ considered secure by many experts, but trusting _one_ experts word without any proof seems wrong to me.

Please read the link I provided before[0], it features links to a bunch of people saying Telegram is not secure[1][2][3][4]. It's not just Moxie. I actually have not seen any expert saying that Telegram is secure, but I'm interested in such thing. As the Telegram protocol is open, everybody is able to see how flawed it is. We know that. With a closed client that allegedly implements a secure encryption method (we also know it's good because it's open as well) there's a chance it doesn't work the way it's supposed to work, but there's also the chance it's working as intended. I'd rather take one percent chance over zero.

[0] https://security.stackexchange.com/questions/49782/is-telegr...

[1] https://eprint.iacr.org/2015/1177.pdf

[2] https://unhandledexpression.com/2013/12/17/telegram-stand-ba...

[3] http://www.alexrad.me/discourse/a-264-attack-on-telegram-and...

[4] http://thoughtcrime.org/blog/telegram-crypto-challenge/

[reitanqild]

> Please read the link I provided before[0], it features links to a bunch of people saying Telegram is not secure[1][2][3][4]. It's not just Moxie. I actually have not seen any expert saying that Telegram is secure, but I'm interested in such thing.

I don't like Telegram claiming that it us unbreakable in the early days.

That said: I don't care for the things I use Telegram for. Most people seem to post their thoughts to Facebook or Twitter anyway, compared to that Telegram is a better option in my case.

For serious stuff we use seriohs crypto anyway, don't we?

[lucb1e]

Re [3]: I was not aware of that one. If it costs upwards of $300k it's beyond what I'd consider a personal risk, but it's very much something they should be looking to fix!

[sz4kerto]

Hey, sorry, you may have misunderstood me -- I'm not saying that it's only Moxie who's considering Telegram insecure. I meant that Telegram is considered insecure by many experts; but when it comes to the security of Whatsapp we can only rely on the claims of Moxie and Facebook, without the chance for open review.

> With a closed client that allegedly implements a secure encryption method (we also know it's good because it's open as well) there's a chance it doesn't work the way it's supposed to work, but there's also the chance it's working as intended.

However, from the other side: Telegram is not _trivially_ breakable (there's a 2^64 attack, which is not 'trivial'), but Whatsapp might very well be simply MITM-ed by Facebook. So you could also look at this from a different perspective and say "A powerful adversary could probably break Telegram messages, but maybe all Whatsapp messages are immediately decodeable by Facebook".

Also note: you have provided 5 links, but [0] simply refers to [1] and [2], [1] says that "We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack", [2] claims that there could be attacks (but does not provide one), [3] is a real attack, [4] is not about an attack.

So while I see that there are valid concerns re. Telegram's security, the links you have provided are a nice example of the Internet echo chamber.

[lucb1e]

Re: [0]: You are linking a question, not an answer. I downvoted the top answer months ago because it has the same logical traps as the argument you bring forward. "Someone invented it themselves [as if moxie didn't] and it doesn't follow some best practices." All the while not being able to mention a single real issue.

[nicolapcweek94]

yeah, but it's not cross device. web/desktop clients use your phone to talk to whatsapp's servers, while telegram is actually cross platform with working message sync