[maqp]

>leaves people who only read the titles with the feeling that Telegram encryption is vulnerable to attacks.

I agree with you these attacks are not so severe the completely broke Telegram. But it is living proof Telegram authors don't have the know-how on how to implement secure protocols. If you heard some bridge builder had replaced every third bolt with fifty zip-ties, you wouldn't be defending the bridge, you'd want to know who the f is overseeing that project, and ensure the entire design was being reconsidered, and that qualified engineers were working on the fixes.

This set of vulnerabilities isn't an indication that Telegram's encryption is bound to have a breaking vulnerability. It's saying they don't have the qualifications to protect the data we know sits in their server effectively plaintext. And I'm saying effectively, because sure, it's encrypted, but the database key sits in the RAM, 4cm away from the CPU, and is one privilege escalation vulnerability away from compromise.

You using the term "Telegram hater" does disservice to everyone, because your lumping together people with no tech background parroting headlines, and legitimate concerns from people who've actually spent time looking into this on a technical level.

[tyrion]

> But it is living proof Telegram authors don't have the know-how on how to implement secure protocols

I strongly disagree with this claim. Can you back your claim with some evidence? The vulnerabilities shown here are mostly purely theoretical, I don't see how this goes to show that Telegram engineers are incompetent.

What I see is that Telegram engineers chose to ignore what the Computer Security academic community regards as best practices, and this has led to an infinite amount of criticism (including by the authors of the vulnerabilities we are discussing). Despite this, in ~8 years since launch, the only serious vulnerability which I am aware of, has been discovered and immediately patched right after Telegram was first launched.

[maqp]

>I strongly disagree with this claim. Can you back your claim with some evidence?

Absolutely. Telegram isn't end-to-end encrypted by default. The author admits so here: https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by...

Q.E.D.

This set of 4 vulnerabilities isn't the issue with Telegram. Vulnerabilities can often be patched. The issue is the fundamental way Telegram functions.

Also, since you're obviously going to claim the article justifies it as a design decision, read my refutal here before replying https://telegra.ph/Why-you-should-stop-reading-Durovs-blog-p...

Finally, I'm a bit puzzled, you seem to be "open minded" yet your post didn't even touch on this massive issue of failure to provide E2EE for groups, desktop clients, or anything by default. Were you unaware of it? Or would you argue the endless list of competition that actually does E2EE properly (Signal, Wire, Threema, Element...), over-do security?

You're also not even remotely interested in agreeing with the academic community, but instead just observe and basically imply: "no breaches have been made public, therefore it must be secure". How familiar are you with the field of computer security, do you know how security is quantified?

[tyrion]

Let's recap what is happening here, because we are going a bit off-track with this discussion.

My original post was about the fact that I am tired of media outlets making borderline denigratory titles all the time about Telegram.

You replied, stating that I claimed that "Telegram is secure", which I did not do. Then, I tried to clarify my original post.

Then you claim that these vulnerabilities show that "Telegram authors don't have the know-how on how to implement secure protocols". I asked you to back your claim, because I don't see how the discovery of a bunch of "almost impossible to carry out in practice" vulnerabilities might imply that Telegram's engineers are incompetent.

To which you reply that "Telegram isn't end-to-end encrypted by default". Now, unless I am missing something obvious here, you just stated a fact that has no relevance whatsoever with your former claim. The claim to prove was "Trivial vulnerabilities discovered --> Telegram authors are incompetent". Now, if you changed your mind, and want instead to argue that they are incompetent because they did not implement e2ee by default, it's a totally different discussion and has no relation at all with my original post, nor with the article we are commenting (imo).

> Finally, I'm a bit puzzled, you seem to be "open minded" yet your post didn't even touch on this massive issue of failure to provide E2EE for groups, desktop clients, or anything by default. Were you unaware of it?

I am aware of how Telegram works. But why do you suggest I should have talked about this? It is totally unrelated to my original point.

> Or would you argue the endless list of competition that actually does E2EE properly (Signal, Wire, Threema, Element...), over-do security?

I never stated such a thing.

> You're also not even remotely interested in agreeing with the academic community

It's not that I am not interested in agreeing with them. I am openly criticizing the behaviour of some of its members. It's a different thing. But also this is a different discussion, and I should not have included that comment, maybe.

> "no breaches have been made public, therefore it must be secure".

I did not claim this.

> How familiar are you with the field of computer security, do you know how security is quantified?

Please do not patronize me.

Finally, I am not interested in having a discussion that is unrelated with the topic of the article, or my original comment about it (because it would be too long and tiring). However, if you want to know my opinion on all this related issues that you brought up, you can read what I wrote about it here: https://germano.dev/whatsapp-vs-telegram/ (even though this does not talk about Signal or other open source e2ee messengers).

[maqp]

>Now, if you changed your mind, and want instead to argue that they are incompetent because they did not implement e2ee by default, it's a totally different discussion and has no relation at all with my original post, nor with the article we are commenting (imo).

No I didn't change my mind. The incompetence is all around. Both the presense of these vulnerabilities AND the fact Telegram's E2EE is practically non-existent tell of the incompetence. The vulnerabilities here are not the major problem, the major problem is focusing on the vulnerabilities is seeing trees without the forest.

If every time there is a discussion about Telegram's issues and we only focus on the narrow set of already fixed vulnerabilities, there's never place to discuss the elephant in the room, that the whole game is rigged. The backdoor massive, right in front of us, and nobody's doing anything to fix it. These security issues do not matter until the glaring hole is fixed.

>Please do not patronize me.

That wasn't my intention. I was genuinely interested. Because if you look at the infosec bubble on Twitter with big names like Matt Green, JPA et al. they all know about these issues yet don't even bother to name them. It's like the uncle you never talk about.

Given that you wrote your article before Signal had even desktop clients, I don't think it's even remotely up to date to vouch for any kind of fruitful discussion. But! Let me know if you update it at some point, I'm sure I'd like to read it then!

[tyrion]

> there's never place to discuss the elephant in the room, that the whole game is rigged. The backdoor massive, right in front of us, and nobody's doing anything to fix it

I am tempted to take the bait, and ask you what would be this massive backdoor, which nobody has time to discuss. If I am guessing right, you are still referring to "no default E2EE". In that regard, I would encourage you to consider that not everybody has the same security requirements, and many people are fine trusting Telegram and with the security it provides.

Personally, I cannot wait for Matrix to become more widely adopted, and to see the UI/UX of their clients to become remotely comparable with the one of Telegram.

Anyway, since it doesn't seem our discussion is going anywhere, maybe it's time to stop.

Thank you for the chat, I liked how we managed to stay polite even though we completely disagree :)

> Given that you wrote your article before Signal had even desktop clients, I don't think it's even remotely up to date to vouch for any kind of fruitful discussion

Yeah, I intentionally did not want to compare it to Signal (because the article was already too long that way).

[maqp]

>many people are fine trusting Telegram and with the security it provides.

So here's my concern: They would not be fine with waking up one morning with their entire message history out in the open after a massive hack. Surely you can't argue Telegram will never be hacked. Facebook has had multiple data breaches and I've never heard anyone be happy about that. This is what I've had to be second hand witness to https://www.wired.com/story/vastaamo-psychotherapy-patients-... I've seen the devastation someone's most private life out in the open does to them. I can't think of many things more terrifying than that.

There's a reason I made TFC (my work) E2EE by default. There's a reason Signal, Wire, Threema, Element, WhatsApp, Session all felt they didn't want to be liable or user data.

>Personally, I cannot wait for Matrix to become more widely adopted, and to see the UI/UX of their clients to become remotely comparable with the one of Telegram.

Yeah, Element is improving and will gether, and Signal's polishing the UX, hopefully adding the usernames etc by the end of the year.

>Thank you for the chat, I liked how we managed to stay polite even though we completely disagree :)

Likewise!