[qwertox]

To me Telegram feels like the red corner district of a city. I simply don't feel like I can trust it, there's something very shady about it. I wouldn't be surprised if Telegram reads those exclusive Bitcoin whale groups and uses that insider info. Group chats are not end to end encrypted.

That being said, WhatsApp is like the authorized garage where you know that you'll get the service which is officially recognized (by the government) and will keep your car's value "at its best", but which screws you over in so many ways.

Everything else is somewhere in between these two platforms.

[throwaway13337]

Care to qualify that speculation with some evidence?

It seems like whenever telegram is brought up here, there's a lot of speculation about it not being trustworthy but no concrete evidence.

The client is open source. While not end to end encrypted by default, it shares that property with most messengers. E2E limits search-ability and other features so it's a tradeoff.

I have to wonder if part of why this is mostly brought up is due to the origin of the app being a group with a Russian nationality. That's pretty sad.

The app is damn good. The best messenger app I've used - much better than signal. I'm so disappointed by this attitude.

[stereoradonc]

I( completely agree with whatever you have listed here and the reason why the app is up for bashing is because of the antecedents of the owner.

How does everything which has its origins in US is touched up with fairy duust while anything that may have a remote link with Russia is garbage?

Signal is garbage. They are riding on the coattails of marketing (and that's what investment money does)

[bhtru]

Care to elaborate why you believe Signal is garbage? Is it for technical reasons?

[stereoradonc]

1) Platform sync is bad. 2) Backups drain my battery. 3) Notifications across platform are weird. 4) Video calling quality is now an issue. Previously it wasn't. 5) No usernames and no ingrained privacy controls to prevent users from calling me.

[truth_]

1. Having to share the phone number is the biggest issue for me. This shouldn't be the case in 2021. I can only use Signal with my close friends. OTOH, I can confidently share my Telegram handle with anyone I have known for a some months, even online (not in anonymus forums, of course).

2. Notifications in one platform is weird for me.

3. Video quality is extremely bad to the extent of unusable.

4. Completely agree with the lack of settings whether other users with my number can text/call me on Signal.

[colordrops]

The whole point of signal is privacy, so the fact that it's tied to a number is insane to me. I have friends in china that can't use it because china blocks the verification SMS. It's otherwise great app IMO but this is nearly a fatal flaw.

[colordrops]

When it first started getting popular I was curious about whether they were trustworthy, so I chatted with the devs and they said it was 100% open source. I looked through the source and found a pre-compiled binary blob buried deep in the folder structure, and they came up with some strange excuse that I can't recall and then it disappeared after a while.

Also, the evidence that it's not end to end encrypted by default for many operations is out in the open.

[benhurmarcel]

> I have to wonder if part of why this is mostly brought up is due to the origin of the app being a group with a Russian nationality.

I think it has more to do with the fact that there is no known reason for the organisation behind Telegram to provide it. It doesn’t make money from users, it has large operating and development costs, it keeps access to a lot of personal data without regulation, it is not a non-profit funded by donations and being open about their operation…

So most realistic hypotheses about that organization is that it’s shady. There are very few other possible explanations.

[novok]

Telegram is about as private as facebook messenger or discord is the basic assertion. FB messenger is a much nicer client than the more private chat messengers, but telegram is essentially a client you can't assume is private, much like FB messenger itself, even if it has an E2EE chat mode that nobody uses.

But people are deluded that it's as private as Signal or Matrix, which is laughable.

[qwertox]

This is one of the API entry points with which the apps communicate: http://149.154.167.51/

Nginx is currently at 1.21.0

Why wouldn't you care about your load balancer being so outdated? That's over 15 years.

There could be an explanation for this, but I'd have to put some unnecessary trust into it before I get the valid explanation. It is http and no https is offered on that server, which probably indicates that there's no need for TLS, that the communication is secure enough for it not to rely on TLS. But anyway...

[fragileone]

They roll their own crypto and group chats can't be end-to-end encrypted anyway. It's even worse security than WhatsApp, let alone Signal.

[playpause]

> Care to qualify that speculation with some evidence?

This is a weird way to respond to someone using a metaphor to describe how an app makes them feel.

[aleksi]

> I wouldn't be surprised if Telegram reads those exclusive Bitcoin whale groups and uses that insider info.

That's not a metaphor, though.

[tinus_hn]

Does Telegram even offer server side searching?

[reader_mode]

Telegram works better as a chat app for my use case which is why I prefer it.

I use an iPhone for iOS development and as a backup phone, I use Android as a daily driver - WhatsApp couldn't sync history when I broke my phone twice in a year and had to switch to iPhone. And I prefer using a desktop app over mobile one, if my phone dies I can still use telegram desktop (this was useful a few times I left my phone in the car and wife drove off with it, I could keep using telegram to message her, my only other option would be messenger at that point).

I don't mind privacy implications of my random chats being read by telegram.

[dan-robertson]

I’m not sure I’d want group chats with thousands of members to be end-to-end encrypted. It doesn’t even seem that clear what the actual utility of it would be.

[meowface]

I agree, but where are you getting that number from? They said "group chats", not "massive group chats". I would certainly want group chats with less than 20 people to be end-to-end encrypted, if it were possible.

I think a decent compromise would be just enabling it by default for private group chats, since it'd be costly and pretty pointless for public ones.

[tinus_hn]

There is no point in encrypting the content of these public groups if anyone can just join and get access.

[meowface]

Right, that's what I was saying. There's just some confusion because the original poster was talking about small/medium-sized private chats, and then the replier wrote "I'm not sure I’d want group chats with thousands of members to be end-to-end encrypted" for some reason.

There's no point to encrypting public group chats. There's a ton of point to encrypting private group chats. They should support it for private chats and it should be the default. Or, better, there should be no way to disable it, even.

[est31]

From a defensive perspective, I agree, but from an offensive perspective it's way easier to, say, download the contents of the 500 largest channels in the country than having to join those channels yourself.

[jtsiskin]

https://en.wikipedia.org/wiki/Uyghur_genocide

[phwak]

> Group chats are not end to end encrypted.

End-to-end encrypted group chats are currently in the works.

Source - https://t.me/durovschat/518625

[winrid]

This doesn't say anything about encryption.

[phwak]

Read again, it does.

Durov mentioned they've been working on group "secret" chats. Secret is just another term for end-to-end encryption in telegram.

[winrid]

Ah. When I first read it, all I saw was the "self destructing". I suppose my eyes glanced over "secret"....

[godelski]

I laughed at this, but am curious where you place Signal and Matrix in this analogy? Both feel like good services that aren't authorized, per say.

[pmlnr]

XMPP would be the local electrician with a mustache and a calm tone that can fix anything for you pennies.

We used to have them in Hungary. I miss them. "Szaki"

[jhugo]

XMPP would be a loosely-organised community of people who know how to fix their own car and might be willing to fix yours for beers.

[ranguna]

Signal is recognazied by many European governments, and WhatsApp is just a street dog that was once loved and is now hated because it misbehaved.

[wiradikusuma]

I think maybe because your family and coworkers live in WhatsApp, while your dodgy friends and "random" groups are in Telegram? That's my case :)

[allarm]

Telegram is recognized by i.e. Singapore government. They have multiple official channels in Telegram, including ministry of manpower, public housing authority and ministry of foreign affairs. The official government site has their Telegram group as well.

[stereoradonc]

This is news to me. I assumed that they had presence because of outreach but this could hold true for most other governments.

[truth_]

Indian government has official channels in Telegram, too.

[risyachka]

None of the messengers except Signal give any confidence in being really private.

And when comparing Telegram and Whatsapp shady-wise, only one of them has obvious many reasons to track you as much as technically and legally possible.

And when it comes to app performance, UX and ease of use - Telegram beats all others with a huge margin.

[andrepd]

Well I don't think secure and high-quality applications like Signal fit in that spectrum :p

[stereoradonc]

Telegram accomodates over 200,000 users. I have my own community around Telegram; it has nothing to do with Crypto. Bots manage the rush; block words filter out conversations; spammers are blocked in their track, auto-delete or auto-removal of messages (if and when required).

Privacy controls on voice/video calling, restrictions on who can add me to groups and so on. Intelligent cache without looming storage limits on my device. Efficient application that doesn't drain battery. Cross platform client that even works in modern browser and remains in perfect sync.

I wonder why you are forgetting the virtues and only focused on the "shady aspects".

[hansel_der]

really like your garage analogy.

the missing piece seems to be the type of car.

if i put down a years income for a new car, the 'authorized garage' has it's perks because the value of holesome repairs is probably greater than the cost.

if on the other hand one has a ten year old, used car, which main purpose is a means of transport, that greasy, dusty garage, were the mechanic will let you know that there was only one screw missing and charges you a few bucks is golden.

[Egrodo]

Curious how WhatsApp makes you feel screwed over? The work they do to ensure end to end encryption is impressive.

[nokya]

Facebook doesn't really get a strong advantage in keeping keys to read your messages on its own servers. Intelligence services would benefit from this, so would fraudulent or corrupted employees. For Facebook, storing keys to your message is more a burden, if anything.

Facebook derives valuable data about you through WhatsApp in three channels:

- analyzing the content of your discussions before they get encrypted and sent,

- the app acts like a Trojan horse into you smartphone. It collects data such as your device model, geolocation, contacts, text messages with all activation/verification texts from third parties, the list of apps you installed, when you wake up or go to bed, when you sleep or do other things in bed (thank you gyroscopic sensors), etc.

- Through the correlation of real-time data collected from other smartphones, Facebook also acquires who you met, spend time with, where and when.

As you can see, you don't get end to end encryption for philanthropic reasons but because that's simply not where the money is and that's what gullible customers ask for.

end to end encryption is like when you get offered tap water at the restaurant: for many customers, it provides then with a feeling of self satisfaction.

But it doesn't improve the quality of the food at all...

Hope I brought some light in the topic :)

[ec109685]

On iOS apps can’t find out what other apps you have installed.

With gdpr, you can at least download all the data they have collected about you. Have you verified your Trojan horse claim?

[vngzs]

Many of these claims are described in [0]:

> WhatsApp still won't be able to access any of your communications or share them with Facebook. Meanwhile, WhatsApp will be able to share user account information like your phone number, logs of how long and how often you use WhatsApp, device identifiers, IP addresses, and other details about your device with Facebook. Plus, WhatsApp can share transaction and payment data, cookies, and location information with Facebook if you grant permission. All of which has been true since 2016.

More is detailed in the WhatsApp privacy policy [1] (emphasis mine):

> We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services (including when you interact with a business), and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports. This also includes information about when you registered to use our Services; the features you use like our messaging, calling, Status, groups (including group name, group picture, group description), payments or business features; profile photo, "about" information; whether you are online, when you last used our Services (your "last seen"); and when you last updated your "about" information.

I suspect nokya was exaggerating somewhat, but only somewhat.

[0]: https://www.wired.com/story/whatsapp-privacy-policy-facebook...

[1]: https://www.whatsapp.com/legal/privacy-policy

[skinnymuch]

None of this is about knowing apps you have installed. Cant be exaggeration if it isn’t true in any sense. That’s the only specific point brought up by your parent comment.

[nokya]

Agree for iOS, i didn't know the list of installed packages was only known to Apple. On Android, it seems to be a new restriction that is being deployed in A11 (search for discussions on Android developers inquiring about the new "QUERY_ALL_PACKAGES" permission that some are struggling with already.

For the exaggeration, I would happily answer but I would need to know on which access you felt I exaggerated (except the fact I did not know Apple kept this list only to itself and friends). The data categories I mentioned are quite straightforward and not specifically obtained by WhatsApp only.

[geocar]

> With gdpr, you can at least download all the data they have collected about you.

I don’t believe this is correct: They may only have to provide data they “control” (in the GDPR-sense of the word; see Art.15,3)

If they merely downloaded it for processing into market segments or even just generated high-value marketing segments directly on the device, they would only have to and be able to give you the list of those segments, and maybe explain broadly that they learned this from “on-line activity”.

If they do exfiltrate everything, they could hold this data for “legitimate interests” such as for lawful intercept, fraud detection, or disaster recovery. If it is not a “normal” business practice to access[1] it they may not be required to reveal that they have it.

Note I am not verifying that Facebook does these things only what my understanding of their obligations are under the GDPR. This does not constitute legal advice, I am not your lawyer, and so on.

[1]: FB’s normal business is selling ads and they don’t typically let ad sales or traffickers access this raw data directly.

[nokya]

Indeed. This concept is sadly too often misunderstood. Many users feel they get everything when they ask for their data, but these data sets are usually restricted in two ways:

1. You only get the data you provided to the service, not the data they derived from your use of the service. Incidentally, this second data set can be as much critical when shared to third parties.

2. You only get the data they kept about you, not the data that resulted from the various transfers to their partner companies and which was thereafter correlated with other databases.

These two sets of data are about the user, but the user never gets to see it, unless it is explicitly requested to the partner companies.

Thanks Trojan horse GDPR.

[jhabdas]

Facebook works directly with oppressive central governments to implement censorship against their citizens.[1] Some might consider that getting screwed over.

[1] https://wikipedia.org/wiki/May_2019_Jakarta_protests_and_rio...

[stereoradonc]

They hold the decryption keys. Isn't it?

[alanwreath]

I don’t know if it’s the Russian style or the slightly nsfw emoji it packs by default but the program feels sus. Plus, I feel like it’s only hot news recently because of the Trump-follower-exodus. Plus all the gushing in this thread seems a bit over the top. What’s special about it over WhatsApp or heck even WeChat?

[nucleardog]

It Just Works(TM). Easy onboarding, doesn’t complain if you don’t let it vacuum up your entire address book, simple and usable interface, syncing is flawless, native desktop client, first party library for integrations and support of third party clients.

If you’re not willing to sacrifice too much UX for privacy, it kicks the pants off of a lot alternatives while still, ostensibly, not being the worst offender privacy-wise.