For me, Telegram's small user base is actually what got me on it. My whatsapp is full of way too many groups that I can't leave without negative social consequences. So the one group that I cared about the most (a group with my siblings), we all decided to move to Telegram and haven't looked back since! It's awesome to just have the few closest people on an app and not having to fear that you'll accidentally send a message to the wrong person or group.
Regarding negative social consequences ... Today I switched phones and wanted to transfer my Whatsapp contacts to the new phone. What Whatsapp did: Somehow they managed to delete me from each and every group I had been in, deleted every chat and I cannot access this anymore.
I already had to explain to three friends why I left our group as they were furious because we had talked about important things in those groups.
Just to say this didn't happen with Telegram. Recovered everything smoothly with no errors.
This happens because whatsapp stores all the information in your phone itself. On the server side, at least before FB bought it, they didn't store your info. this is the reason their team was so small despite the billion users, because they just need to store data on a need basis, since they were a paid messenger.
The moment you switch phones, all the data is lost, because they do not have it in the cloud! This is the reason your phone needs to be connected to Internet when using whatsapp web or whatsapp desktop, because they literally stream your data i.e. chats from phone to desktop!
Telegram is a cloud messenger, data is stored in the cloud and loaded everytime in your devices, ironically this makes whatsapp better than telegram :D at least before facebook bought it.
Well... I did, at least I thought so. I had it on "weekly" but am not able to recover it. Doesn't matter, just wanted to make the point that I'm in favor of adapting a new messaging up not as widely used as WhatsApp.
I didn't say you can't, I said Whatsapp doesn't store it. I meant to say that it won't automatically backup and restore your stuff when you change phones.
You have to backup the data yourself in an sd card or a cloud service that you choose. It isn't stored in Facebook's servers.
Try to convince them anyways. Once they get past the grumbling of installing a new app and the entirely hypothetical inconvenience of having multiple chat apps, they'll realize that in practice it isn't really much cause for inconvenience.
Oddly enough I expected to run into that problem, but in practice it's hardly ever been an issue. I think in my particular case it helps that I generally insist on using email or telegram for communication where it's important to find it again later.
But you're right. At times I've had to search for information because I didn't remember which communication tool we used.
I work on lots of projects with lots of people, and I end up with hundreds of conversations spread over Email, SMS/Signal, Facebook, Skype and WhatsApp. It frustrates the hell out of me. The great thing about Signal for me is that it also handles SMS so there's no extra app to check. But yeah, no group chats, no desktop client, most conversations are unencrypted anyway because normal people don't care about privacy. If anybody were to ask me to use Telegram I'd be pleased they had an interest in encrypting our communications but annoyed about having to install yet another app.
Is this really a concern people have? Do people think on-prem is somehow inherently more secure? They expose their services through the internet. Minus a few details it's all the same. There are pros/cons in both sides.
There was a serious FUD campaign started by one of the developers of now competing app Signal a few years ago. Now if you mention Telegram on Reddit you're immediately bombed with "OMG TELEGRAM CRYPTO IS BROKEN!" even though 0 people on earth have ever provably decrypted a Telegram message. They even offered a $300K bounty where you could act as the server... no takers.
I don't have skin in this game, but I want to mention that contests are not evidence of security. Furthermore, cryptographers other than those working at Signal have expressed distrust for its security.[1][2]
What Telegram should do to earn the trust of the technical community (specifically, the security savvy people who criticize it for unorthodox encryption methodologies), is contract a real audit from a leading security firm that specializes in cryptanalysis, like Riscure.
>is contract a real audit from a leading security firm
Suggestions like this do nothing to dispell the image that modern security firms are little more than a protection racket. If you don't pay for "an audit" from an "industry leading" firm, you'll be shunned by everyone.
You pay for an audit, or you release the code/algorithms for the community to publicly audit.
Otherwise, you're just making claims that are unbacked by anything. Presumably only the fact that there hasn't, yet, been a public exploit. But that's not a useful metric.
Somehow, I don't think you are going to find more sympathy for Telegram's broken crypto (or Signal's "FUD" campaign) here on HN.
At the end of the day, for many nerds looking at these two pieces of software and their developers-- Moxie comes out looking a lot more serious about privacy and more experienced with crypto than Nikolai and Pavel. To say nothing of Telegrams closed source cloud app model, questionable financing strategy or debatable ties to the Russian intelligence apparatus.
Well... People said to them "don't roll your own crypto. Whatever you've got going now doesn't look too sane".
The Telegram devs more or less said "f*ck you, we are programming world champions and PhDs".
Then, about 6 months after they were all cocky, a russian guy showed that the telegram server could mitm every secret chat by providing the client with shitty entropy. Either it was a back door, or the telegram devs showed that everyone else was right.
Don't use it for the crypto. If that is what you want, use something else.
Probably not, but the hilarious thing is that a year or so after attacking Telegram for that, the developers of Signal took a substantial chunk of cash from Google to promote Allo as using Signal Protocol and end to end encryption, even though it's disabled by default so Google can mine your chat history for ad targeting (and enabling it has the inconvenient side effect of disabling your own local chat history).
Basically, it's about the cash. Signal's business model is to convince everyone that their protocol is the only secure one and charge everyone to licence it. If that means promoting non-E2E services that store and mine chat history, that's fine so long as they pay up.
The protocol is publicly described. They've blogged about it. I can imagine people being able to reconstruct it from memory.
The first Google result for "signal protocol license" is https://whispersystems.org/blog/license-update/ , clarifying that it's under GPLv3 (i.e., patent grant) with an exception for the App Store. Has anyone paid money to license the protocol? Has Signal asked for money? Is it even possible to give them money for the protocol?
GPLv3 is cool as open source goes, but is pretty restrictive. Basically you can't link to it and distribute your app without it being open source. A company like Google can probably not use it.
What I meant with GPLv3 is "and they are even willing to grant any patent rights to the general public". I don't know if they hold patents on it, but if they either don't, or are willing to license them freely, then you can implement the protocol from the public documentation of it.
Is Allo using the same code, or a different implementation?
(And it's not so obvious to me. The thing I linked is licensed under GPLv3 + MPL if used on the App Store. You can totally ship an Android app that runs a separate GPLv3 subprocess, and an iOS app that uses it under the terms of the MPL. The GPLv3-subprocess thing is what JuiceSSH does for running Mosh.)
It does not use end-to-end encryption for normal chats. They're encrypted only during transport on the network, but stored as plain text on the devices and on the Telegram servers in order to make multi-device sync and searching easier. Only "Secret chats", which are restricted to one device on each side, are encrypted end-to-end.
If their own FAQ is correct, then definitively NO.
Q: So how do you encrypt data?
We support two layers of secure encryption. Server-client encryption is used in Cloud Chats (private and group chats), Secret Chats use an additional layer of client-client encryption. All data, regardless of type, is encrypted in the same way — be it text, media or files.
Our encryption is based on 256-bit symmetric AES encryption, RSA 2048 encryption, and Diffie–Hellman secure key exchange. You can find more info in the Advanced FAQ.
Multi-device support and message sync do not necessarily preclude end-to-end encryption. Of course, it's a lot easier to accomplish these without end-to-end encryption.
Wire [1] (which I discovered a few months ago) is a platform that has end-to-end encryption, multi-platform support and multi-device sync. It also has text chats, voice calls, video calls, doodling, etc. The UX still needs a lot of improvement (compared to Telegram).