Transport encryption does not make it private. Optional e2ee is as good as no e2ee. And they rolled their own crypto... For some reason my non-technical friends still would be very surprised to learn that Whatsapp is more private than Telegram.
I don't think you understand how Telegram encrypts its chats. MTProto is also used to encrypt Cloud Chats at rest. It's not just transport. Cloud Chats are not e2ee because the keys are held by Telegram.
Moxie also "rolled his own crypto". "Rolling your own crypto" is typically used disparagingly by those who claim moral or intellectual superiority over the competition. The Signal Protocol was rolled by someone, yes? The version of MTProto that had vulnerabilities discovered was deprecated many years ago.
This is where the privacy promise falls apart. From a user's perspective on-disk encryption makes no difference, because there is no real enhancement of privacy for them. If a third party holds the key, they hold the key. If you put something into the hotel safe, the hotel could still steal it from you. As far as I can tell, most TG users are not aware or do not care, but for those who are not aware, but actually do care, this should be made much more clear.
> Moxie also "rolled his own crypto"
Besides Moxie being a bit dubious himself, the more interesting question is: was there something that was already verified by many people that could have been used instead?
I’m interested to know about what makes Moxie a bit dubious, can you share more information? I have to say I’m slightly fascinated by the character, but it’s true it doesn’t tell anything about why I should trust him.
I think you are being far too uncharitable and you've simply gotten the facts wrong a number of times, which I've needed to correct you on.
Use another messenger if you like but e2ee encryption is not some moral imperative that must be done. There are always trade-offs. I appreciate Telegram for the purposes I use it for. If I want e2ee, I turn on a Secret Chat.
Rolling your own crypto is bad, unless you’re an authority on crypto. Moxy certainly is. Also, Signal Protocol isn’t an encryption algorithm. As far as I know, it still uses AES and Curve25519 for the actual encryption.
Most people think of “private” as between the conversation parties, not everyone in the conversation, the company, and any government with leverage on them.
Encryption at rest prevents from some intrusion attacks but does absolutely nothing against a warrant if the government has leverage.
Pavel Durov seems to be proud of never having disclosed user data to authorities and mentions it every time he disses another messenger. Guess he can't do that anymore now.
(Just to clarify: I like Telegram. I just don't like Durov very much and the way he positions Telegram as the superior messenger in every way, even though it obviously isn't when it comes to encryption in particular.)
It is not the first case for Telegram. So, Durov will continue with his show... they claim that Telegram is e2e encrypted, but don't mention that needs to be activated per chat
I'm a little bit sad because I'm sure if they invested some effort into it, they could make all chats e2e encrypted while still allowing sync with their server. They "just" need to figure out a way to safely exchange the private key between devices. I know it's not completely trivial, but if anyone could create a good user experience for this, it's certainly Telegram.
But a court can easily get UNENCRYPTED message while in at-rest stage directly from the hard drive on their server.
Don't worry, you're safe from hackers, deep state, and foreign nation-state from eavesdropping on ya over the net through their awesomely robust and intensely-touted advertised EE2E capability.
> Private
> Telegram messages are heavily encrypted and can self-destruct.