| >Most will never be under threat of a state actor that necessitates getting their friends and family "the hell out of Telegram as soon as possible". This isn't just about nation states. Companies get hacked by common criminals all the time. Consider the case of the Finnish psychotherapy center Vastaamo https://www.wired.com/story/vastaamo-psychotherapy-patients-... Now imagine all the private messages you've shared to your SO or dearest friends. I bet there's gazillion times more stuff to extort you with for the rest of your life, than the notes about few sessions with your therapist, have. So yeah, get the hell out of all "private" messaging platforms that aren't E2EE by default. You deserve the peace of mind of never having to feel like the TENS OF THOUSANDS of Vastaamo case victims. >but stop telling people not to use a thing because you believe E2EE is the next Jesus Christ Stop telling people to ignore best practices wrt security just because they cause your privileged life -- where you don't have to worry about actual oppression -- slight inconvenience. There's a good reason majority of top vendors for secure comms like Signal, Jitsi, Wire, Element, iMessage, Threema, Briar, Cwtch all default to E2EE. Telegram is free to not E2EE, but they should be UPFRONT about it. Not say things like "heavily encrypted" when in reality it uses the messaging industry's bare minimum, that is client-server encryption. Telegram devs also actively mislead by presenting two facts next to each other "Telegram uses E2EE called MTProto" and "All Telegram chats use MTProto". What a novice can't understand is "Telegram also makes the idiotic choice to call its non-E2EE cloud messaging protocol ALSO MTProto." So it's not wonder why a LOT of my contacts have been flabbergasted to learn Telegram isn't actually using E2EE for everything like WhatsApp. Telegram's marketing had succeeded in telling them it was more secure than WhatsApp, and thus E2EE. Whether or not this misconception was intentional, it's now Telegram's job to either make a public statement and correct the record, or preferably, make it E2EE: There is no reason for Telegram to deploy E2EE for everything except supergroups. If all the other vendors can pull that off, so can they. Pavel Durov has so much money but the only cryptographer he ever hired was his brother Nikolai who isn't even a cryptographer but a geometrician. Durov has the money to hire Moxie for a year to deploy Signal protocol, yet he won't. You should be terrified of both why he won't, and what his foolishness in the context of Vastaamo can, and eventually will do. |