[TheChaplain]

I fully understand. Privacy is important to me, but it's not a binary state.

What I talk about to my friends, girlfriends and family are all on different "privacy levels". If the chats with my friends were disclosed, I'd probably be made a laughing stock at most but it's no big deal. My family ones would probably be most boring, and the ones with my girlfriend could be material for a soap opera, and embarrassing.

But it's not the end of the world if someone at Telegram can read them of if they were disclosed by some hacker group.

My point is that it is an amazing chat app and have way too many benefits for me to not use it, but I _am_ fully aware that there are a chance what I write can be read by someone else, and therefore I take care what I write about.

Oh, and thank you for keeping the discourse on a respectful level. :)

[rakoo]

I have never used Telegram but not once have I ever read anyone being displeased with the experience; it's always about how it is the pinnacle of messengers. I'm a bit jealous about that because I want to experience it but I don't want to be tied to an app that doesn't do privacy by default.

Privacy is definitely not binary, but to me it is a bit like using Libre software. You can't realistically expect to live on the 21st century internet with the entirety of services and viewpoints it offers and only use Libre software. At this point you have to either follow your values and stick to a very small part of it that is guaranteed to work on your browser rejecting non-Free javascript, or you can make concessions and accept a bit of proprietary bits here and there. But you can still decide to be Libre-first and accept non-Libre from there, on a bit-by-bit basis. That is what I and others are talking about with e2ee first: Instead of asking "what is worth being hidden and being made public", I feel the more just mindset should be "supposing everything is private by default, what can I disclose and to whom". Your threat assumption regarding your conversations is a good example: of course every software has bugs and all your messages could be read by Telegram. But you're behaving as if Telegram might read it one day, when I believe you should believe as if Telegram is reading it every day. The danger is not that Telegram can make a soap opera out of your drama but that the whole world can.

As you say you take care what you write about and that is a good thing to do. So, following up: if you don't want anyone to be able to read it, then let's go to the end of this and make sure no one physically can read it, by default. Instead of asking what kind of conversations require e2e, let's ask what kind of conversation doesn't require e2e

[afiori]

I personally follow a different reasoning: I assume that using a precompiled app from X mean that you trust X. Personally I do not particularly care that whatsapp is e2e, I do not trust Facebook not to have side channels in their apps.

Something like Matrix are likely the best you can go (a federated network where bad actors are likely to get called out, I have high expectations for its future), but apart from this I consider e2e a red herring* as e2e would also need to include source code, compilation, installation, and platform. it is not a magic incantation that fixes privacy (not to talk about metadata)

we find reasonable to have not e2e emails, not e2e file sharing, not e2e phone calls. personally I care more about the long term commitment telegram has publically and repeatedly made (and the my assumption that they do not expect to be able to come out unscathed from obvious leaks)

I understand that others might want more, no problem with that, but there is so much more than just e2e encryption.

*telegram should still offer secret groups

[rakoo]

> we find reasonable to have not e2e emails, not e2e file sharing, not e2e phone calls

That's where we disagree: I don't find those to be reasonable but I have to make do with them because that's where the current status is. That doesn't refrain me from using e2ee file sharing by default, or doing e2ee phone calls by default, only resorting to the not encrypted when I can't do otherwise.

I'm not saying that e2ee must be the target for everyone and is the solution to all problems. I'm saying that there are very few situations where e2ee blocks features, so for most use cases if it works transparently for the user, why not use it ? It's the next step after point-to-point encryption like TLS: if you can have it on at all times without inconveniences, why not use it ? Both of those make the overall situation better with no discernable downsides.

[afiori]

To me they have downsides, like being unable access your messages if you lose your device. I care about not losing my 6+ years of old messages even more than I care not to lose my 10+ years of emails.

Security is good, but sometimes truted third parties are "gooder", maybe we disagree on the next example but I like that the police is able to forcefully block some financial transactions, or that my bank can disable my credit card remotely.

e2ee encryption with convenience is also very likely to be broken by design,

[dschuessler]

> If the chats with my friends were disclosed, I'd probably be made a laughing stock at most but it's no big deal.

That’s a privilege many people don’t have. Think about sexual preferences, controversial opinions or health problems that can be disadvantageous in their career or when obtaining insurance. Or that aren’t problematic now but might be in the political climate in 20 years.

You could argue that people worrying about this still have the choice to use an E2E encrypted messenger. After all different needs are served by different products. But if this behavior becomes the norm, people who hide possibly disadvantageous information can be identified simply by their messenger use, partially defying the purpose of hiding their information in the first place.

I consider this a very strong argument for privacy as the default regardless of particular people's lack of a need for privacy.

EDIT: Removed remarks that could be misunderstood as snark.