[pdimitar]

I view it as marketing trade-offs. Deep in a sub-thread another poster pointed out that they rely on SIM identification which can be spoofed, for example. But IMO somebody had to make the call for the right balance between ergonomy and security.

I quite like Telegram as well but I am under no illusions that it's bulletproof in terms of protecting my chats. I still think it protects them better than WhatsApp though, by the mere virtue of not being hosted in the USA where you can be ordered to give away an unencrypted dump of your database and keep silent about it until your grave.

[ryanlol]

> Deep in a sub-thread another poster pointed out that they rely on SIM identification which can be spoofed, for example.

You missed the point, again. Not only does Telegram rely on your phone number to identify you, but unlike the competition it’ll happily send out your past conversation history to anyone who manages to take control of your phone number.

Actual encrypted messengers can’t do this.

>hosted in the USA

You think the UAE is better? I live here, it’s not. If the US government wants access to telegram conversation logs, the UAE government will happily retrieve them.

[pdimitar]

> Not only does Telegram rely on your phone number to identify you, but unlike the competition it’ll happily send out your past conversation history to anyone who manages to take control of your phone number.

Many, myself included, are aware of this. I prefer it because if I get a newer iPhone tomorrow I still want all of my conversations and all history to be there. I question how many people can to a SIM takeover. No, it's not "everyone". Very few will actually do it and it seems it was a marketing tradeoff. Quite a normal practice and Telegram is not an outlier in this case.

> You think the UAE is better? I live here, it’s not. If the US government wants access to telegram conversation logs, the UAE government will happily retrieve them.

Sigh. Suspected, but never knew for sure. Thanks for letting me know. Now "all" that remains is for somebody to both incorporate end-to-end encrypted chats and allow synchronization of history between devices without a central server, in a single app, I suppose. But Telegram isn't that app and I am aware and okay with it.

[K2L8M11N2]

Telegram has an option to add an additional password to your account precisely for that reason.

[ryanlol]

Why does Telegram make all important security features opt-in?

[pdimitar]

Ergonomics. The HN crowd is really quick to forget that many users have no patience to setup several passwords and/or keys after installing an app.

You and I discussed quite a bit already and we can't agree on many things -- but I can still see where Telegram's team is coming from in their security decisions. A balance between ergonomics and security has to be struck if you want wide adoption.

We likely both abhor how quick and easy it is for many users to just say "yeah, sure, get access to my contacts so I don't have to re-add my people one by one" -- I feel that this practice is responsible for trillions of personal data points sitting out there in warehouses waiting to be used for advertising profiling, but what can we do? Seems that this is what the people want.

Having stricter -- and thus non-ergonomic in terms of UX -- security as an opt-in is apparently the best we can do in this age. By "we" I mean "all programmers and corporations".

Before you say it: I used Matrix and Riot/Elements for several months. The app itself is hopelessly behind in basically everything: it's not responsive even on a very modern Linux laptop, it often hides messages (and shows them up again a few minutes later after the app somehow force-refreshes its UI by itself), synchronization of chats when logging in from a new device was almost non-existent and took minutes to recover a channel with like 30 messages (although I heard they are working on this)... Even notifications would fire 9 out of 10 times and I had to make it a habit to check the client every 10-15 minutes or so (since it was a work chat).

Very far from convenient. Not to mention part of the time non-functional.

Telegram makes security trade-offs, I have no doubts about it. But it's a damn good app in almost all regards -- and me and many others can forgive their lack of to-the-letter end-to-end encryption implementation.

If there's an app with such a good UX and polish like Telegram that also does end-to-end encryption and doesn't drown you in GPG-like keys and passwords management minutiae, I'll gladly switch tomorrow.

[pseudalopex]

Everyone would shut up about Telegram if they stopped making misleading security claims.

[gxnxcxcx]

> by the mere virtue of not being hosted in the USA

I don't know where Telegram is hosted, but whenever I fire the desktop app there is always at least a google DNS request, sometimes some additional connections to google hosts. It certainly does seem to partially rely on the USA.

[mvolfik]

The point was about where is the data hosted.

The answer is that it's distributed, so you would need court orders in an insane amount of countries to get any decrypted data from telegram

[ryanlol]

This is hilariously out of touch. If the telegram team is based out of UAE, then the UAE government can easily force them to hand over data even if it’s stored on foreign servers.

[pdimitar]

Fair point, thank you.