[maqp]

It's tiring to see people claim Telegram is Secure e.g. "because it hasn't been hacked yet" :D These people don't realize Telegram is front doored by design, it leaks 100% of your chats to Mark Zuckerberg of Russia, just like Facebook Messeger leaks 100% of its messages to Mark Zuckerberg of USA.

[tyrion]

I did not claim Telegram to be secure. It has nothing to do with what I said. Moreover, saying that something "is secure" does not make too much sense, without specifying secure against what.

Assuming you are in good faith, I will try to explain better: The title of the article states there are vulnerabilities in the encryption protocol.

According to RFC 4949 a vulnerability is:

> A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy.

Clearly stating that there are vulnerabilities in Telegram's encryption protocol raises concerns, a lot of confirmation bias among Telegram haters, and leaves people who only read the titles with the feeling that Telegram encryption is vulnerable to attacks.

However, among the 4 flaws reported by the researchers, 3 are not exploitable ("This attack is mostly of theoretical interest", "Luckily, it is almost impossible to carry out in practice", "Luckily, this attack is also quite difficult to carry out, as it requires sending billions of messages to a Telegram server within minutes") and the other one is about reordering encrypted messages.

Therefore, a more fair headline which would undoubtedly raise less interest could be "Researchers found a way to change the order of your Telegram messages, even if they still cannot read them", or "Researchers found some purely theoretical or almost impossible to carry out vulnerabilities in Telegram's encryption protocol".

And don't even get me started about the fact that literally everybody, including expert security researchers, feel entitled to bash Telegram for having rolled their own crypto at every chance they get.

[maqp]

>leaves people who only read the titles with the feeling that Telegram encryption is vulnerable to attacks.

I agree with you these attacks are not so severe the completely broke Telegram. But it is living proof Telegram authors don't have the know-how on how to implement secure protocols. If you heard some bridge builder had replaced every third bolt with fifty zip-ties, you wouldn't be defending the bridge, you'd want to know who the f is overseeing that project, and ensure the entire design was being reconsidered, and that qualified engineers were working on the fixes.

This set of vulnerabilities isn't an indication that Telegram's encryption is bound to have a breaking vulnerability. It's saying they don't have the qualifications to protect the data we know sits in their server effectively plaintext. And I'm saying effectively, because sure, it's encrypted, but the database key sits in the RAM, 4cm away from the CPU, and is one privilege escalation vulnerability away from compromise.

You using the term "Telegram hater" does disservice to everyone, because your lumping together people with no tech background parroting headlines, and legitimate concerns from people who've actually spent time looking into this on a technical level.

[tyrion]

> But it is living proof Telegram authors don't have the know-how on how to implement secure protocols

I strongly disagree with this claim. Can you back your claim with some evidence? The vulnerabilities shown here are mostly purely theoretical, I don't see how this goes to show that Telegram engineers are incompetent.

What I see is that Telegram engineers chose to ignore what the Computer Security academic community regards as best practices, and this has led to an infinite amount of criticism (including by the authors of the vulnerabilities we are discussing). Despite this, in ~8 years since launch, the only serious vulnerability which I am aware of, has been discovered and immediately patched right after Telegram was first launched.

[maqp]

>I strongly disagree with this claim. Can you back your claim with some evidence?

Absolutely. Telegram isn't end-to-end encrypted by default. The author admits so here: https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by...

Q.E.D.

This set of 4 vulnerabilities isn't the issue with Telegram. Vulnerabilities can often be patched. The issue is the fundamental way Telegram functions.

Also, since you're obviously going to claim the article justifies it as a design decision, read my refutal here before replying https://telegra.ph/Why-you-should-stop-reading-Durovs-blog-p...

Finally, I'm a bit puzzled, you seem to be "open minded" yet your post didn't even touch on this massive issue of failure to provide E2EE for groups, desktop clients, or anything by default. Were you unaware of it? Or would you argue the endless list of competition that actually does E2EE properly (Signal, Wire, Threema, Element...), over-do security?

You're also not even remotely interested in agreeing with the academic community, but instead just observe and basically imply: "no breaches have been made public, therefore it must be secure". How familiar are you with the field of computer security, do you know how security is quantified?

[tyrion]

Let's recap what is happening here, because we are going a bit off-track with this discussion.

My original post was about the fact that I am tired of media outlets making borderline denigratory titles all the time about Telegram.

You replied, stating that I claimed that "Telegram is secure", which I did not do. Then, I tried to clarify my original post.

Then you claim that these vulnerabilities show that "Telegram authors don't have the know-how on how to implement secure protocols". I asked you to back your claim, because I don't see how the discovery of a bunch of "almost impossible to carry out in practice" vulnerabilities might imply that Telegram's engineers are incompetent.

To which you reply that "Telegram isn't end-to-end encrypted by default". Now, unless I am missing something obvious here, you just stated a fact that has no relevance whatsoever with your former claim. The claim to prove was "Trivial vulnerabilities discovered --> Telegram authors are incompetent". Now, if you changed your mind, and want instead to argue that they are incompetent because they did not implement e2ee by default, it's a totally different discussion and has no relation at all with my original post, nor with the article we are commenting (imo).

> Finally, I'm a bit puzzled, you seem to be "open minded" yet your post didn't even touch on this massive issue of failure to provide E2EE for groups, desktop clients, or anything by default. Were you unaware of it?

I am aware of how Telegram works. But why do you suggest I should have talked about this? It is totally unrelated to my original point.

> Or would you argue the endless list of competition that actually does E2EE properly (Signal, Wire, Threema, Element...), over-do security?

I never stated such a thing.

> You're also not even remotely interested in agreeing with the academic community

It's not that I am not interested in agreeing with them. I am openly criticizing the behaviour of some of its members. It's a different thing. But also this is a different discussion, and I should not have included that comment, maybe.

> "no breaches have been made public, therefore it must be secure".

I did not claim this.

> How familiar are you with the field of computer security, do you know how security is quantified?

Please do not patronize me.

Finally, I am not interested in having a discussion that is unrelated with the topic of the article, or my original comment about it (because it would be too long and tiring). However, if you want to know my opinion on all this related issues that you brought up, you can read what I wrote about it here: https://germano.dev/whatsapp-vs-telegram/ (even though this does not talk about Signal or other open source e2ee messengers).

[maqp]

>Now, if you changed your mind, and want instead to argue that they are incompetent because they did not implement e2ee by default, it's a totally different discussion and has no relation at all with my original post, nor with the article we are commenting (imo).

No I didn't change my mind. The incompetence is all around. Both the presense of these vulnerabilities AND the fact Telegram's E2EE is practically non-existent tell of the incompetence. The vulnerabilities here are not the major problem, the major problem is focusing on the vulnerabilities is seeing trees without the forest.

If every time there is a discussion about Telegram's issues and we only focus on the narrow set of already fixed vulnerabilities, there's never place to discuss the elephant in the room, that the whole game is rigged. The backdoor massive, right in front of us, and nobody's doing anything to fix it. These security issues do not matter until the glaring hole is fixed.

>Please do not patronize me.

That wasn't my intention. I was genuinely interested. Because if you look at the infosec bubble on Twitter with big names like Matt Green, JPA et al. they all know about these issues yet don't even bother to name them. It's like the uncle you never talk about.

Given that you wrote your article before Signal had even desktop clients, I don't think it's even remotely up to date to vouch for any kind of fruitful discussion. But! Let me know if you update it at some point, I'm sure I'd like to read it then!