This (admittedly terrible, but now rectified) location flaw aside, what safety disadvantages does Telegram have over other communication platforms without end-to-end encryption like Discord, Teams, Slack, or Messenger?
> Telegram stores all your contacts, groups, media, and every message you've ever sent or received *in plaintext* on their servers. [emphasis mine]
This implies they don’t use encryption “at rest” - unless I’ve missed something in their FAQ[0] (entirely possible, I’m far from an expert on cryptography), they seem to imply they do.
If it is indeed the case that they don’t encrypt data at rest, I can definitely see how that would be a problem.
If data is encrypted at rest though, I don’t see how any of that is fundamentally different from the other messengers I listed in the parent - the server still holds the keys, and thus must be a trusted party - but it’s nothing new.
Even if they store the data encrypted on their servers and hold the keys - it is not different from plaintext.
There's another thing. Some years ago Russian FSB demanded encryption keys from telegram threatening to ban it in Russia, and publicly they refused to do that. But then somehow FSB has quietly dropped the case. Question is - why?
Ultimately what Moxie is doing here is disingenuous and an abuse of language to prop his argument. He could have just stated the facts but instead he's using propaganda to create fear in his audience. You can use correct language (messages are encrypted at rest) and still make the argument that Telegram does not use E2EE unless Secret Chats are turned on but he doesn't do that.
Really poor behavior from a leader in this space.
The Russian FSB dropped the case because there was no way to block Telegram without collateral damage and most of the Russian population uses it, including politicians. There's no need to get "shadowy council" here, especially in light of Durov's quite public support for the Euromaiden protests that got him in such trouble with VK.
If this is the first place your head goes, I don't know what to tell you except perhaps that this paranoia exhibited from the security community is often not rational, and frequently resorts to takes-no-prisoners stakes.
Here's an article [1] that goes over the attempts at blocking Telegram after the FSB demanded the encryption keys, was denied and the collateral damage that resulted from Roskomnadzor attempting to enforce that ban.
From how I understood it, they weren't able to properly block it. Or at least that is the official story. I'm skeptic about this whole ordeal though.
edit: Some article about it says[0]
> Russia on Thursday lifted a ban on the Telegram messaging app that had failed to stop the widely-used programme operating despite being in force for more than two years.
> Some Russian media cast the move as a capitulation, but communications watchdog Roskomnadzor said it had acted because the app’s Russian founder, Pavel Durov, was prepared to cooperate in combating terrorism and extremism on the platform.
> Even if they store the data encrypted on their servers and hold the keys - it is not different from plaintext.
That's the important point. Encryption at rest is little more than a marketing gimmick if the same entity also has the key.
Edit: also, Telegram is hoarding this data and nothing prevents them from using it for financial gain in the future. Or selling it/themselves to someone who does.
Better be safe and do not give this data to the intermediaries. Signal does the right thing here.