[w3rhn2j34oh5o]

Telegram is unencrypted by default. All standard messages are stored on the server. Telegrams secret chat mode (end-to-end encryption) uses home made cryptography, and has been panned by experts in past. All group chat is in the clear and stored on the server. This is not the case with imessage. Comparing Telegram to iMessage, telegram is not in the same league as Apple. I don't trust either from TLA's or well funded adversaries.

[golergka]

> All standard messages are stored on the server.

It's a feature: history synchronization between different devices and fast search through hundreds of thousands of messages is, for most uses and users, more important than concerns that Telegram or nation-state level attackers (one capable of silently breaching Telegram infrastructure) would choose to read your chats.

[w3rhn2j34oh5o]

Signal also does historical synchronization between devices. It bootstraps the history from another device. It also has search which can be done locally. Telegram is, by design, capable of being accessed by 3rd parties (beyond governments). iMessage is capable of being accessed by 3rd parties via iCloud backups, which is an opt-in situation.

Be aware, wechat sends every message with geolocation to the authorities in real time. It is more critical than ever that we be aware of the mechanisms in the systems we build and use -- else dystopia awaits.

[dpq]

Plain wrong. It's not end-to-end encrypted by default, that's true. But all chats are encrypted with key portions distributed between different jurisdictions in case some country gets funny ideas.

Chat archives are stored encrypted, not in plain text. Please cite your sources if you claim otherwise.

[heinrich5991]

The Telegram service has the capability to get the plain text of your chats, without any interaction with you.

I think that's what the parent wanted to say.

I think saying "chats are stored in plain text" is a reasonable way to convey that message and I think "plain wrong" is an overstatement.

[eitland]

> think saying "chats are stored in plain text" is a reasonable way to convey that message

If I keep your messages encrypted in my database and your keys on another unonnected database in another building, would it then be fair to say that I store your messages in plaintext?

No. They are encrypted. It is a matter of fact.

The word you are looking for is "not E2E encrypted" which can be a problem, but a different and smaller problem.

> and I think "plain wrong" is an overstatement.

No. It is a statement of a fact.

[heinrich5991]

>If I keep your messages encrypted in my database and your keys on another unonnected database in another building, would it then be fair to say that I store your messages in plaintext?

If you can still access them, I don't think it is fair (or maybe rather: it is misleading) to say that you store them encrypted.

[eitland]

If you cannot trust me it doesn't matter.

If you trust me but are worried that someone else might break into the server it makes a huge difference.

[Tepix]

It‘s not homemade crypto. It‘s just not the latest and greatest modern crypto but it has no glaring weakness.

[_tulpa]

[citation needed]..

But it’s absolutely homemade by math PhDs (not crypto specialists). And if you search for ‘telegram security’ you’ll find any number of articles pointing out a bunch of weaknesses. It’s also only half open source.

[aasasd]

> half open source

Not just that. The official clients repos (specifically Android) lag several weeks, if not months, behind the apps, or at least they did at one point.

Though that doesn't matter much with not-quite-verifiable releases...

[w3rhn2j34oh5o]

Granted, there are no known weaknesses with their protocol -- however, Telegram leads the user to believe their conversations are encrypted, which, unless they opted in to secret chats (and this is not supported on desktop ), its all in the clear.

So if you are using it on desktop, all your messages belong to Telegram, and whomever they are sharing it with.

[eitland]

As has been pointed out before this should be plain wrong. Keys and messages are kept separate, in separate jurisdictions even.

This way Telegram can back up messages without dumping them to Googles servers like WhatsApp does by default.