[7v3x3n3sem9vv]

It's important to note that Telegram does store all your data by default as they do not enable E2EE for everything like Signal does. So if you're under the assumption that they don't, this is incorrect.

Telegram, for all intents and purposes, is about as secure as using Facebook. The best you can do with Telegram is hope they don't sell out or get compromised at some point in the future, because all your private communications are stored on their servers forever. Telegram does have "secret chats", which from what I can gather, don't even work for group chats, only one-to-one messages.

My general advice is to treat Telegram like a new Facebook if you have to use it, assume everything may by read by everyone, don't treat it like it's private and secure.

For "text messaging" friends and family use Signal. Everything is end-to-end encrypted by default, so you know nobody is collecting your data.

[llimos]

In a way, yes, Telegram is even less secure than WhatsApp for this.

The way I've been presenting it to people is that Telegram can look at more data than WhatsApp can. But WhatsApp will use the data they have more than Telegram will. That's the tradeoff.

And yes, obviously Signal is more secure than both of them but I've been steering non-techies to Telegram because of usability, backups, cross-device history etc. As usual, everything is a tradeoff, but if people were happily using WhatsApp up until now, and also use Gmail, Telegram is not worse than those.

[majormajor]

> The way I've been presenting it to people is that Telegram can look at more data than WhatsApp can. But WhatsApp will use the data they have more than Telegram will. That's the tradeoff.

I think you should look at the odds of that "can" turning into a "will" over time. After an acquisition, or a change in business fortunes, or a change in leadership...

[benhurmarcel]

It will happen. So far Telegram has developed without consideration for revenue, but it cannot last too long.

According to his own numbers [1], Durov's entire net worth [2] can only sustain Telegram for about a decade.

[1] https://t.me/s/durov/142 [2] https://www.forbes.com/profile/pavel-durov/

[jakub_g]

Durov recently announced they will smart monetizing through ads, but only in "channels" of people with huge subscriber count (which generates a lot of costs). Channels are 1:N public broadcasts, a bit like Twitter.

[hanniabu]

That's how it all starts. And how will they know what ads to show you? By mining your conversations.

[daredevil_kohai]

No. He confirmed that the ads will be generic. Not targeted to people based on their data.

[andreareina]

> 500 million active users

> A project of our size needs at least a few hundred million dollars per year to keep going.

Is it just me or does order of $1 per user sound like a lot?

[Jaxkr]

$1 per user/year sounds about right. I use Telegram more than any other chat app. People send lots of media (and even large files) and Telegram archives them forever. One group Telegram I’m in is 6 years old and has 500+ VIDEOS (and 10,000s of images) permanently archived in it.

I’d estimate I cost over $10/yr to telegram.

[benhurmarcel]

I could imagine a backup solution being built on top of that free storage. Uploading encrypted blobs of data.

[llimos]

It's true, and it's part of the consideration. But the current mass emigration from WhatsApp seems to show that it's not as hard to jump platform as everyone thought it would be.

[joshxyz]

What I don't get is people are trusting unverifiable builds of Signal, Telegram, WhatsApp, etc as "secure" on each of their E2EE implementations when that part of the binaries we install on our phones isn't even verifiable by code and compilable by ourselves.

But what I do like about Telegram is their good user experience and Bot API developer experience. It's soooooooooo fucking good I'm telling you. It just works, be it on web, mobile, and desktop.

At this point who the fuck knows if Durov can be trusted (hell we all wish, right, no harm in that). But regardless of that, at the end of the day I'd be willing to admit he's a fucking genius when it comes to Telegram's UX and DX.

[md_]

Signal does have reproducible builds: https://signal.org/blog/reproducible-android/

[joshxyz]

Sir that's a big Today I Learned. Thank you.

[danhor]

For telegram, you can use the F-Droid builds, which I'd rate as one of the most trustable sources for android apps.

[smoser0]

Telegram reports to have reproducible builds for android and ios. More information at https://core.telegram.org/reproducible-builds

[mschuster91]

> At this point who the fuck knows if Durov can be trusted (hell we all wish, right, no harm in that).

It's a threat model decision. If you're someone who wants privacy from the US or other Western governments (think Antifa on the left side, or corona-deniers, qanons and other conspiracy nuts on the right side), Telegram is the best option since the Western governments can't hold them accountable. If you're a Russian or Chinese dissident, or opposition in countries aligned with them (e.g. Serbia) Whatsapp and Facebook are your best bet.

[Ar-Curunir]

There are many anti fascists in Russia too. In general anti fascists face repression from every nation state

[Mediterraneo10]

Isn’t Telegram now based in Dubai, an emirate within a country that largely allies with the West?

[bobsterman]

Horcrux Encrypted Messaging combines multiple messaging options to protect you from all sides.

https://horcruxencryptedmessaging.jperla.com/

[bigiain]

FWIW, I personally trust the "unverifiable" Signal build I get from the app store more than I trust the OS my phone runs.

That's not true of Telegram/WhatsApp/etc...

[juniperplant]

> Everything is end-to-end encrypted by default, so you know nobody is collecting your data.

I think it's wise to remember that what happens on the other "end" is outside of your control.

If the other person in the conversation stores chat backups unencrypted you're still at risk, and there's not much you can do about it.

[andrepd]

The threat model assumes the other party is trusted. If not, in the limit they can film their screen and broadcast it to the internet, so there's nothing you can do about that.

[saladgnu054]

I believe you have self-destroy timers in Signal. Perhaps those help.

[laumars]

Snapchat was based around that and people still copied content.

If someone can read it, then they can copy it.

[LennyWhiteJr]

it more so prevents people from retroactively going back in time and scraping data they wouldn't have in the moment. Many of my chats expire all messages after 24 hours because of this.

Most people will not archive all texts they get in the moment, it's only after some fallout or event happens they there's motivation to dig up old messages.

[bigiain]

Yep.

Wickr does "screenshot notification" somehow, so now I occasionally get sent photos taken of phones showing "private" Wickr messages...

[mlindner]

In order for the message to be readable by the other party you fundamentally trust the other party. A self-destroy timer doesn't really help that aspect (which is why I don't use them).

[s_dev]

You're right to point out what is and isn't the users control.

As others are pointing out the reason a lot of people trust Telegrem and Signal is that corrupt governments don't!

That the few times the "kimono" had been opened both Telegram and Signal were doing what they said they were doing -- even if they both have different approaches.

This isn't like Facebook who just lie and have been caught doing so.

[luxuryballs]

Yep and also keep in mind that FBI/DOJ capitol breach presser yesterday the FBI dude basically said “it’s hard to tell who is shit posting and who isn’t so it takes some elbow grease” which I take to mean that it’s OK to shit post. Just you know, don’t use computers for anything you want to keep secret.

[ajsharp]

Yea, I believe telegram "secret chats" are E2EE and also have auto-destruct capabilities.

[SulfurHexaFluri]

The secret chats feature is almost useless. They only work on phones, only in direct messages and are not the default. I doubt 1% of telegram users use it.