[sz4kerto]

Hey, sorry, you may have misunderstood me -- I'm not saying that it's only Moxie who's considering Telegram insecure. I meant that Telegram is considered insecure by many experts; but when it comes to the security of Whatsapp we can only rely on the claims of Moxie and Facebook, without the chance for open review.

> With a closed client that allegedly implements a secure encryption method (we also know it's good because it's open as well) there's a chance it doesn't work the way it's supposed to work, but there's also the chance it's working as intended.

However, from the other side: Telegram is not _trivially_ breakable (there's a 2^64 attack, which is not 'trivial'), but Whatsapp might very well be simply MITM-ed by Facebook. So you could also look at this from a different perspective and say "A powerful adversary could probably break Telegram messages, but maybe all Whatsapp messages are immediately decodeable by Facebook".

Also note: you have provided 5 links, but [0] simply refers to [1] and [2], [1] says that "We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack", [2] claims that there could be attacks (but does not provide one), [3] is a real attack, [4] is not about an attack.

So while I see that there are valid concerns re. Telegram's security, the links you have provided are a nice example of the Internet echo chamber.

[embik]

Uhm, yes, you're absolutely right, I have missunderstood you and I absolutely agree with what you're saying. An open client with a secure encryption is always preferred, but I doubt we will see Telegram become that one because they have been ignorant to people pointing out flaws before.

> but Whatsapp might very well be simply MITM-ed by Facebook

As long as you're not inspecting the binaries you use for Telegram (or build the applications by yourself) however, you can't guarantee it's not MITM-ed by someone either. Maybe you do, but most users certainly do not. When downloading the Telegram app from Google Play, there is not much difference to the WhatsApp app. You're basically trusting small groups that they provide the "real" binary to you. Not much of a difference to trusting Moxie's words, is it?

Link 0 was to remind you of the link I posted before and the other links might not provide specific (or effective) attacks, but they point out flaws in Telegram's protocol (1,2,3) and the way they test / value the strength of their encryption (4). More flaws are very much plausible for a homebrew crypto solution.