[vetinari]

Not supporting E2EE (cite: Telegram is not E2EE) and E2EE being not on by default are two very different things.

Not being on by default has an impact on other things, that the users value more. If they were on by default, they would lose it and Telegram would lose part of its appeal. This way, users themselves can choose the trade-off they are happy with.

[AegirLeet]

Not having it enabled by default means most people will never enable it at all. That's just plain reckless.

Privacy is a human right; it shouldn't be part of any "trade-off", just like you can't sell yourself into slavery, even if you really wanted to.

[vetinari]

> Not having it enabled by default means most people will never enable it at all. That's just plain reckless.

Yet, there we are. People value that other functionality more. You may not like it, but that's how they are.

> Privacy is a human right; it shouldn't be part of any "trade-off", just like you can't sell yourself into slavery, even if you really wanted to.

You are now off the rails. The problem with the trade-offs is not social.

[fwn]

> People value that other functionality more. You may not like it, but that's how they are.

I've once listened to a presentation given by someone from the company behind AdBlock Plus. They were explaining their (back then) new "Acceptable Ads" program and how an overwhelming amount of users chose to let the program enabled.

They even had a pie chart showing over 90% participation in the acceptable ads program and interpreted it as user choice. ("That's how they are")

After the presentation I asked whether they've tested how many users actively enable Acceptable Ads participation in the settings if it's off by default. To noones surprise they did not run such a test.

Not changing the defaults should not be interpreted as user choice if the same settings end-state is not reproducible with other defaults.

Usually any default, no matter how hostile, stays set. The reality is that users can be nudged easily and rarely ever change any settings at all.

[vetinari]

This is not about default being certain function off.

This is about that one functionality being mutually exclusive with other functionality. If you enable E2EE, you disable cloud sync/history, multi-device use, message forwarding, etc. In normal use, users want the latter and if they need the secret chat, it is available.

In your example with Adblock Plus, there was no trade-off (to the user; there obviously was for the company). With Telegram, there is.

[fwn]

> This is about that one functionality being mutually exclusive with other functionality.

That is a design decision made by Telegram. My e2ee Signal and Matrix groups sync just fine across devices, preserve message history, allow message forwarding, etc.

Not enabeling those features is a nudge against using the e2ee-feature. Facebook Messenger does the same by crippling their encrypted chat experience.

The reason most people on WhatsApp enable unencrypted cloud backups is not because they really desire their message history to be leaked to Google/Apple but because they get occasionally nudged by a popup to enable it.

Those nudges work. It does not matter whether it's a good or a bad action they nudge to make one central assumption about them: settings should not be interpreted as user choice if the results aren't tested against complementary nudges.

[vetinari]

Signal does not sync across devices; they have per-device queue and the message is encrypted with each device keys. If your device doesn't pick the message from the queue on time (either before queue getting full, or expiring after ~60 days), you won't have that message on that specific device, ever. You also won't have older messages (before you enrolled the device) on it (that also means you won't have the old messages on your new phone, without transferring them or restoring from backup).

Signal does it relatively right; but the nuances are difficult to explain. Even here, on HN, it is difficult to explain the Telegram's tradeoffs, how would you explain that to common users?

[0xy]

It's bothersome that you don't admit that your false statement was false and continue to double down with irrelevant discussion. Telegram has E2EE therefore you are wrong.

"Telegram is not E2EE" is factually incorrect.

WhatsApp has E2EE however it ships your private keys to cloud storage by default. So it's even less secure than Telegram.

[AegirLeet]

If you install Telegram and message someone, your message is not E2EE. That falls under "not E2EE" in my book.

[allarm]

You should probably adjust your book because not having e2ee and not having e2ee by default are two different things.