[xte]

Telegram is insecure by nature because it's a proprietary service. It doesn't really matter much how is coded or how appear to be coded.

Not to reduce the value of author's analysis of course, but just to clarify a point: no proprietary service can be considered secure, no matter how good and well intentioned it's property is.

[gtirloni]

Unless you're advocating for P2P chat, I don't see how it's any different for open source solutions. At some point you have to trust the people hosting the centralized servers, OSS or proprietary.

[xte]

Of course, we need decentralized solution at minimum, distributed at best.

Also about trust: I can trust a bit certain kind of paid hosting/services, for instance companies that are in my country under my country law can be trusted in the sense that I have a certain kind of legal protection and a clear signed contract. It does not stop them do thing I can't know with my data but I have few options. Against services hosted elsewhere in the world with "not-real-contracts" and zero formal fee my possibility of action is essentially ZERO so I can't even being protected by my country's law.