[latk]

Transport encryption is table stakes. It's really no longer something that can be mentioned as if it were something special. When I browse to a random website I don't think “wow HTTPS, so secure”. The channel client <-> service is encrypted, but the service still gets all of the data in plaintext.

On a technical level, Telegram is are as secure as Facebook Messenger. Both offer transport encryption and optionally E2EE secret chats. Actually, I might trust Facebook more (on a technical level) because they don't have Telegram's disastrous history with home-brewed crypto protocols.

[oblio]

The thing with E2E encryption, is it really verifiable? Has anyone actually gotten/extracted the WhatsApp secrets and then checked that what goes in one end comes out the other fully encrypted, systematically?

After all, everything goes through WhatsApp's proprietary clients and servers, we don't know what voodoo they do along the way. Just because they claim it's E2E encrypted, doesn't really make it so, I'd imagine. Has their E2E encryption been confirmed independently?

[indigo945]

They had Moxie Marlinspike, who is behind Signal, audit their encryption code. Of course, we can't know if the code they let him audit is actually the code that gets deployed, and it's also been a few years since then, but the E2EE has been independently confirmed.