[AdamHominem]

I'm not particularly thrilled, given Telegram is based in the United Arab Emirates, its client-server encryption is almost purposefully garbage (they basically rolled their own TLS, and predictably researchers keep finding vulnerabilities in "MTProto"), they don't enable e2ee chats by default, and they don't e2ee group chats at all.

Do. Not. Use. Telegram.

[fluential]

Telegram is miles ahead in terms of scalability and features that makes it fun to use and work with their API. Kudos to the engineering team for creating such a great product. Imagine you can have groups up to 200 000 people, post files up to 2GB, have options to share your screen with unlimited amount of users - both desktop and mobile. Its really good. Yes if you need secrecy you may look elsewhere.

[otachack]

Don't use it for e2e, then? There are plenty other solutions for incredibly sensitive chats (Signal, Tox, etc)

I think Telegram is a good trade off for group chats, personally. It's feature rich compared to others.

[tasogare]

Signal is asking phone number to use, I don't see how this is good for sensitive communication (since metadata alone are often very informative).

[14u2c]

Exactly. I have found the phone number requirement idiotic from day one. I recognize the decision was made as a trade off between usability and security (enabling discovering friends via phone etc), but they seem unwilling to admit that this does compromise security.

[bellyfullofbac]

I've thought about a phone-numberless messaging app, but then it'd be full of spammers.

[14u2c]

Is that really a problem though? Most people would just add their friends via username and bypass the whole user discovery process. Discord has demonstrated that this works perfectly fine, even with anonymous accounts not tied to emails.

[katbyte]

I’ve only used discord a couple months in a handful of servers and I get spam dms..

[f1refly]

that problem was solved like 25 years ago, just ignore everyone who you didn't seek out yourself by default. Basically, make liberate use of the block functionality.

[pkulak]

Matrix seems to be doing just fine.

[AegirLeet]

Any messaging app that allows users to communicate without E2EE is actively harmful.

[hagbard_c]

Handwavy rants about shoddy cryptography tend to be just that, handwavy. Repeating that Telegram does not enable end-to-end encryption by default does not make it more of a reason not to use Telegram. Here's what you can do to live comfortably on the net, having conversations with the world and its dog while still being able to plot the overthrow of the government without inviting prying eyes: use Telegram for the former, use your private XMPP server with OMEMO for the latter. There, done, problem solved. No need for angry righteous rants about MTProto or the Emirates - and why exactly would that be the reason not to use Telegram by the way, would it have been less of an issue had they been located in Jakarta or Ouagadougou or Silly Valley - and all the bragging rights of using trusted cryptography for your local knitting club meetings where you plan to overthrow the government.

Source: this is what I do, except for the knitting. Telegram for talking to the family, XMPP standby on the server-under-the-stairs for when the going gets tough, with Conversation (which supports OMEMO) installed on target devices.

[pkulak]

To quote a popular movie from my youth; I dunno, man; that sounds like a lot of work.

I don't want to have to decide if every message I send is sensitive or not, then if it is, swap to a totally different app. Even worse: convincing friends and family to do the same!

[hagbard_c]

> I don't want to have to decide if every message I send is sensitive or not, then if it is, swap to a totally different app

Only those messages which are sensitive enough should be sent over the secure channel, the rest goes over Telegram. Assuming that you're not a full-time professional anarchist of the comic-book type (picture man in cloak with a lit bomb in hand) you won't have all that many messages which are so sensitive that you don't want to run the risk of the enemy getting hold of them so don't worry, you'll be fine. As said, there is always the end-to-end encrypted 'private chat' function in Telegram for exchanging passwords and such, those have not caught the ire of the handwave-brigade (yet).

> Even worse: convincing friends and family to do the same!

Unless they're all wearing black cloaks while holding lit bombs in their hands (see above) the same goes for them. It is not the knitting patterns the enemy is interested in. Even more, the enemy might become suspicious if you all of a sudden stop sharing them in such a way that it might be theoretically feasible to decrypt them. What are you planning on knitting next, they'll wonder, sweaters with subversive messages on them? Before you know it they'll be hiding bugs in your cereal, and I don't mean weevils.

[holler]

99.999% of people simply don't care about e2e, and even if they may have some concern about privacy (most don't), they'll prioritize a top-notch UI that let's them talk with friends and family over anything else.

For the remaining people who are concerned about privacy there are plenty of options.

[jcelerier]

new account posting fearmongers on telegram ? how common. i wonder who's paying you.

Telegram was good enough for people to use during actual protests in authoritarian regimes (Iran: https://dayan.org/content/demonstrations-islamic-republic-te... and Belarus: https://dayan.org/content/demonstrations-islamic-republic-te...).

Meanwhile Signal adds some bullshit cryptocoin to their app, no thank you.

[grishka]

Any sources about any real vulnerabilities in MTProto?

[prirai]

Mtproto did have. Mtproto 2.0 hasnhasn't seen such vulnerability. Reporters are still on the older method as that's what creates an effective login.

[grishka]

One thing I know is that it was possible in mtproto 1.0 to append something to a packet and have a client still accept it. This didn't allow anyone to modify the contents of the packet or see its plaintext. This was possible because the plaintext hash (the one in header, used to verify packet integrity after decryption) didn't include the padding. In mtproto 2.0, the hash is sha256 instead of sha1, and it does include the padding.

[BTCOG]

Post some links with any evidence that any researchers have found vulnerabilities in MTProto?

[prirai]

That was the MTProto. The newer one is MTProto 2.0 but they are still on the older method. Also they have servers distributed across regions so there's no single point of failure. Perhaps they are considering e2e for smaller groups.

[0x000000001]

You're exaggerating the state of MTProto 2.0. They haven't rolled their own with this release.

[stiltzkin]

Same as Discord, Teams, or Slack. If you do not want to chat sensible messages just use Matrix.