[nervousDev]

> Telegram is a downgrade in terms of both security and privacy

Care to elaborate? Haven't heard/read anything that points in that direction. Except for the "nearby people" feature but that its up to you to enable.

[cycomanic]

I trust Bruce Schneier on this stuff and he advises against telegram: https://www.schneier.com/blog/archives/2016/06/comparing_mes...

Also in the comments on that "article" some people link against a cryptoanalysis of telegram, which can be found here: http://cs.au.dk/~jakjak/master-thesis.pdf

Someone else also mentions that telegram stores message logs on their server, if that's true it is definitely a big no no.

[beertoagunfight]

Here's what Telegram has to say to that: https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by...

Seems like an okay compromise to me, but I'm no security expert.

[erinnh]

Some people are annoyed that the end-to-end encryption isnt on by default. You have to enable it yourself if you want to use it.

I agree its a downgrade in security. But I dont agree with it being a downgrade in privacy.

[viraptor]

By default anyone at telegram can read your messages. By default, nobody at Facebook can read your WhatsApp messages. Telegram is a privacy downgrade here.

[erinnh]

Can/Will is a difference. Especially when Facebook will definitely be using all the information it can get to sell profiles of me to others.

Another point is to compartmentalize information shared.

Id rather share my whole profile in parts to 100 different companies who all arent allowed to share it with each other, than all of it to one company.

[lrvick]

Facebook could push an update tomorrow that subtly modifies the RNG in a very difficult to detect way that allows them to easily brute force all messages.

No published source code or alternative implementations so it may take months of RE to notice if it is ever noticed at all.

If only a single party with no accountability controls your encryption keys with binaries they compiled from code they wrote that no one else can practically review with an undocumented protocol they can silently change or backdoor at any time, it is not end to end encryption. It is marketing.

I hate and refuse to use Telegram like all centralized chat services and feel it is hostile to freedom, privacy, and security but unlike Signal, WhatsApp, iMessage and others Telegram at -least- lets independent third parties like F-droid compile and distribute binaries offering accountability for their E2E claims.

[toper-centage]

Or the can partner with Google and Apple and get those backups from them, like the government does.