[encryptluks2]

I love Telegram, but it is one of those apps that since it requires a phone number I don't really trust them with ultra-secret data. I think their E2E protocol is fairly sound, but even that isn't ideal. I think you may also get some minimum benefit by using the open-source Android app vs the Google Play Store app. Regardless, if you really desire secrecy (and I believe in privacy but would never advocate for serious crimes like mentioned in the article) then you're probably better off using Signal or XMPP.

[theshrike79]

For me, despite its flaws in E2E, Telegram is the sweet spot for small to medium sized groups.

Easy to install, works on every platform I need it, super-simple bot support and the UX is very nice. You even have tools to make write-only groups (microblogs of sorts) and actual moderation tools for larger groups.

For a "community", I'd pick Discord though.

Matrix as a technology is a good competitor, but the UI/UX for every client I've tried rangers from "death by a thousand cuts" to atrocious.

Case in point: I got a notification about a message on a channel on my phone from my Element client. I open it and what do I see? Not the message. A "Syncing" -message that lasts longer than I can stand to wait. My phone actually falls back to sleep and turns off the screen while I'm waiting for it to sync. And after it has synced, does clicking the notification take me to the channel? Of course not and now I've already forgotten where the notification was from.

[pkulak]

Sounds like you were running with an account on the default matrix.org server? It's gotten faster, but there were a bunch of months when it was dog slow. The point is kinda to run your own server.

[theshrike79]

I don't have the time to run my own infrastructure. That's why I pay someone else to host my mail, compute and everything else.

[pkulak]

You can pay someone to host a Matrix server too.

[sgjohnson]

> I think their E2E protocol is fairly sound

How come? It's completely proprietary and it's never been audited.

[jeroenhd]

Like other algorithms, it's a fairly simple mix of existing encryption paradigms.

One paper tried to validate Telegram's protocol: https://www.researchgate.net/publication/346702021_Automated... That seems to have gone well. The mechanisms used seem very similar to the mechanism used in Signal's last audit from 2017.

Another paper only verified part of the protocol in a specific way: https://www.computer.org/csdl/proceedings-article/sp/2022/13... This last paper found flaws that should allow some side channel attacks (though I find it hard to believe that 3 microsecond differences can be measured against the client unless the attacker controls the server) but concludes that the protocol should be secure enough with their proposed fixes, which Telegram seems to have implemented; the problems mainly stem from implementation bugs, something the Signal protocol wasn't necessarily checked for during their extensive audit.

Based on this research I can't say I can find much wrong with mtproto2. It's proprietary in the same way the Signal protocol is proprietary, in that it was originally invented for a specific purpose inside a specific app. Just because nobody has bothered to copy the protocol to their app like WhatsApp did with Signal doesn't mean it's any more or less secure.

In the context of an app that can't encrypt group messaging and doesn't encrypt private messaging by default, I don't think focusing on the potential insecurity of mtproto2 makes sense. Telegram made some dubious, foolish security theatre ("hack our server and win a prize!") but on a protocol level there are no glaring mistakes that necessarily invalidate the protocol itself. The big problem here is that only a fraction of users actually use this seemingly-secure protocol on the first place.

[jmprspret]

Signal's protocol is not proprietary. You are mistaken

[vetinari]

The point of GP was that both Telegram and Signal have the same level of "proprietaryness". Either you call both proprietary, or neither.

They are both documented, both have source code of implementation available.

[jeroenhd]

Exactly. And neither is Telegram's.

[str3wer]

it has been audited, and they said it was a total mess and was full of vulnerabilities

[jeroenhd]

Source? My cursory search hasn't found much wrong with the current protocol, though mtproto 1 relied on some rather weak cryptography which luckily got replaced years ago.

[skrowl]

Audited and found to be a mess is a complete lie. 0 encrypted telegram messages have ever been cracked. Full stop.

They even took some ideas that people in the crypto had pointed out and updated their mtproto protocol to 2.0 https://core.tlgr.org/mtproto

[str3wer]

mess ≠ cracked

[pards]

Signal also requires a phone number, IIRC

[jotm]

So does Telegram, last time I checked?

I always found it funny - here's a privacy focused alternative to Whatsapp! But we'll need your phone number, first. Why? Oh, y'know, to limit spam and stuff. 'cuz that definitely can't be done any other way.

Sure, I can get prepaid cards. Or I can just use Whatsapp. If I do anything illegal, I can do better than Telegram.

[tintedfireglass]

If you want signal without using a phone number, you can use a fork of signal called Session(https://getsession.org/). That's the power of opensource :)

I feel that the average person would be inclined to use signal more if it required a phone number than otherwise.

[sgjohnson]

Yes, a significant flaw, however, it's not that difficult to source a disposable phone number.

[izacus]

It's impossible to get a phone number without a personal ID in a large amount of western countries (number of which is increasing).

[dijit]

That very much varies with country. Most countries I’m familiar with the rules for require ID when buying pre-pay SIM cards these days.

[jotm]

A prepaid SIM having the same security checks as a bank account definitely felt sour. And for some reason people think they have any privacy from the government.

[alldayeveryday]

Is this the case now in the US? Is the "burner phone" a thing of the past?

[jotm]

My experience was in Germany. They checked my passport, face, name, address via PostIdent video.

Same procedure as with N26 and ING online banks, though the latter didn't work due to connection problems so I had to do it at the post office.

I like prepaid because I avoid contracts whenever I can. And I liked that I can get one fast.

I understand the reasoning - they can tie an identity to any SIM card and find you pretty fast if your number/IMEI pops up in some suspicious communications, but still, privacy blah blah.

This is the country that recently was against the EU wide chat surveillance directive that surfaces every few years now.

[encryptluks2]

It really depends. Most prepaid phones require some sort of identify verification in the US. There may be a few that you can buy with cash, but i don't have the cash to find out which ones. I think it is also important to note that they are probably doing some sort of GPS and tower tracking, so even if you buy prepaid... activating it and what not probably discloses enough location information to help identify you.

[trevyn]

No. I believe they may be required to ask for a name on activation, but definitely not to verify it.

Individual retailers and service providers may have different policies, of course.

[tintedfireglass]

or you can just use session