[dodgerdan]

I’m absolutely astonished that anyone trusts Telegram for their communication. Both on a technological, ownership, operational and geopolitical basis. Their “agreement” with the Russians government is beyond sketchy, they’re 100% authoritarian located/exposed and they’ve a track record of bad encryption, what am I missing?

[souvlakee]

As Russian, I can say that Telegram in Russia is the number one messenger among Russian government's oppositionists. Simply saying, if you have anti-goverment channels/chats/friends in you Telegram, before walk outside, you remove/hide them in order no to have issues if police officer stop you and ask to unlock your phone (rarely, but happens). Same for Belarus.

Many reasons why Telegram is (most probably) safe. There are a lot of black/gray area stuff here like drugs etc. That people (i don't support them) trust Telegram showing us it's secure.

And the Telegram's owner (Pavel Durov) relocated from Russia for ever due to issues with his previous project (VK) when goverment asked to show private/personal data.

[Andrew_nenakhov]

> That people (i don't support them) trust Telegram showing us it's secure.

No, if some people trust some service, it doesn't mean that this service is secure.

[souvlakee]

I rather meant, if a significant bunch of people use this service for illegal things still being out of prison, hence you can consider this "metric" too (along with others) whether Telegram is secure. However, thre is no statistic for "being out of prison" people who used Telegram like this.

[Andrew_nenakhov]

This particular surveillance and espionage tool might be far too valuable to employ it against some petty criminals. It is known that a lot of Russian dissidents and members of the opposition use Telegram - so covertly spying on them might be much more important for FSB directorate.

[Aachen]

EncroChat and SkyECC users would beg to differ

[orbital-decay]

Regardless of encryption or authorities cooperation shenanigans, Telegram has (had?) a serious privacy issue in that your number is public by default, and even if you set it to private after the registration, it gives enough time for a state actor to siphon your phone number off your profile, by running a bot with access to SMS. Which is enough for all practical purposes.

The only real reason ex-Soviet drug users keep using Telegram is they are careless and it's popular. Another suspicion of many is that most of the drug trade in Russia is under FSB "protection", and they have no reason to kill the goose that lays golden eggs. Drug dealers only run Telegram for their clientele though, with anonymous SIMs and Tor; for more serious purposes, they and other criminals use more secure communication channels, XMPP in particular.

>the Telegram's owner (Pavel Durov) relocated from Russia for ever due to issues with his previous project (VK)

...while keeping Telegram developers in Moscow and regularly showing up there himself. (no idea whether it's still true, probably not)

I can't say with 100% confidence that Telegram itself is compromised, though, there's no clear evidence for that. Some smoke probably, but no fire, sketchy indeed.

[rfoo]

> before walk outside, you remove/hide them in order no to have issues if police officer stop you and ask to unlock your phone

In China, too. With a more aggressive approach: just remove the app before going out.

[souvlakee]

Theoretically, they can install it and try to login with your current phone number.

[rfoo]

Unfortunately, Telegram is blocked by GFW. To do so, the police office has to demonstrate how to get around it in front of me, which is pretty unlikely :)

[f6v]

> rarely, but happens

Literally nobody in their sane mind does that.

[beckingz]

The police have ways (lead pipes and detention) of making you unlock your phone.

[sorenjan]

Telegram has been used by opposition and protestors in Hong Kong, Russia, and Belarus. Where are the reports of arrests based on intercepted Telegram messages? Russian police force people on the street to show their messages, but that kind of rubber hose attack is the same for all chat apps. Are there any police investigations from democratic countries where the investigators used Telegram communication in a prosecution?

I haven't seen anyone show that Telegram uses bad encryption. I've seen plenty of people repeat the "don't make your own crypto implementation" mantra, but just like the "don't optimize prematurely" truthism it's not always true. Where's the exploits?

And then there's another reason, most communication isn't particularly sensitive. Dinner suggestions, memes, thoughts on the latest season of The Crown... I chat about the same things that I talk about on the unencrypted phone "line", or at a cafe surrounded by strangers. If Telegram turns out to be unsafe, I wouldn't have any issue with continuing using it for everyday stuff, and using a different app for secrets. Compartmentalizing is probably a good idea anyway, I use my real name on Telegram with my family.

[d3nj4l]

> Are there any police investigations from democratic countries where the investigators used Telegram communication in a prosecution?

Literally a week ago in India: https://torrentfreak.com/telegram-discloses-user-details-of-...

> I haven't seen anyone show that Telegram uses bad encryption

The bigger point isn't that Telegram uses "bad encryption", it's that it isn't encrypted by default in all scenarios. This is a conscious choice they've made.

> If Telegram turns out to be unsafe, I wouldn't have any issue with continuing using it for everyday stuff, and using a different app for secrets.

Great, now every time you're talking on the "other" app the State knows you're talking about something sensitive. The point of encrypting everything is to ensure that encryption - by itself - is not a sign of illicit activity.

[sorenjan]

> Literally a week ago in India: https://torrentfreak.com/telegram-discloses-user-details-of-...

That wasn't by breaking the encryption, it was by court order.

> it isn't encrypted by default in all scenarios.

It is using encryption in all cases, but it's not using end to end encryption in all cases. I know plenty of people will argue that it's the same thing as no encryption, but by using encryption you then force anyone who want's to eavesdrop to go through court to get the data from Telegram, and not just listening on the same Wifi network. Saying it's unencrypted is disingenuous.

[19h]

They disclosed the phone number. A week later, they introduced a no-SIM signup. Go figure.

[dodgerdan]

> Telegram has been used by opposition and protestors in Hong Kong, Russia, and Belarus.

How successful have those protestors been? In each case it seems like the government was always one step ahead of them and all there. So I don’t think it’s a giant leap to think they’re communications are compromised.

[sorenjan]

I don't know what instances you're referring to, but few protests happen without any spectators so maybe the fact that a protest will happen isn't a well guarded secret. Was any of the organizers compromised because of Telegram?

The FBI says they can't get message content, and only IP and phone number for convicted terrorists.

https://www.malwarebytes.com/blog/news/2021/12/heres-what-da...

[ajsnigrutin]

Considering the current geopolitical situation, as someone living in the EU, it's safer for me to have my data/chats leaked to the russians than to facebook (whatsapp) or google (whatever their chat app of the day is named now). I'm pretty sure our law inforcement doesn't have a direct access to private telegram data.

[WmWsjA6B29B4nfk]

How about leaking your data to both Russians and Western LEA? Telegram is run by an UK LLC.

[lxgr]

This seems like a false dichotomy: The choice isn’t "leak my data to western or the Russian government".

End-to-end encrypted (by default and for all chats) messengers exist, but Telegram simply isn‘t one of them.

[selfhoster11]

Can you point to the Git repo for WhatsApp, or iMessage, or Facebook Messenger? I sure can't, and don't trust any claims of backdoor-free E2E messaging until I see that.

Other than Signal, Telegram is one of the very few messengers that happens to be both E2E capable in some way, open source, and sufficiently heard of that people won't give you weird looks when you suggest downloading the app.

[lxgr]

No objection to Signal, but mentioning that in the same breath as Telegram hurts my head.

Telegram is not end-to-end encrypted in any practical scenario (you can‘t use it on multiple devices, for example), their end-to-end encryption uses some ridiculous/scary homebrew cryptography ("with the power of 5 math PhDs and a bug bounty worth millions!!!"), and being open source doesn‘t help a bit if the service provider just gets everything in plaintext anyway by default.

[antisocialist]

Yes, it's got critical mass.

I haven't looked at Telegram's blockchain thing yet, but the non-blockchain version is not very private (and the same applies to Signal).

xx Messenger (https://elixxir.io/; source https://git.xx.network/elixxir/) has very solid encryption, metadata protection and decentralized gateways. But it's less polished, blockchain-based, and has few users.

People complain about the use of blockchain in messengers, but they offer no solutions on how to address app sustainability or eliminate metadata centralization, censorship, or risk of having your data handed to the government by the organization running the network. We'll see how sustainable your centralized donation-ware is.

Btw somebody mentioned "only" 1:1 encrypted chats: who does it better?

xx Messenger can do group chats but you can't add people to a chat after the group has been created.

[lxgr]

> People complain about the use of blockchain in messengers, but they offer no solutions on how to address app sustainability

What are you missing on Signal? The ability to sign up without a phone number would indeed be great, but other than that, they seem to be collecting effectively nothing.

> People complain about the use of blockchain in messengers, but they offer no solutions on how to address app sustainability

If this is about funding, just make it paid/freemium! Effectively that's the same thing as launching an own token or even blockchain, just without all the complexity of launching and sustainably managing what might easily become a pyramid or Ponzi scheme and/or a security in scope of regulations.

> Btw somebody mentioned "only" 1:1 encrypted chats: who does it better?

Signal, and everything based on it (e.g. WhatsApp), Matrix, and Threema immediately come to mind, and they all don't have this weakness:

> but you can't add people to a chat after the group has been created.

[tapoxi]

Well there you go, use Signal. Telegram only has opt-in secret chats and they only work 1:1.

I'm not willing to have all of my personal communication sitting in plaintext controlled by an unprofitable company founded by Russians and located in the UAE. Even if they're not compromised, that's an incredible target for a state actor.

[miohtama]

We can also use WeChat and TikTok and leak to the Chinese government :)

[arglebargle123]

Two things: Telegram hit that critical mass of users early on that ensures there are enough reasons to use telegram that new users sign up and stay, and the client itself is a solidly good user experience. Contrast that with something like Element or Session where there aren't many people to talk to and the client is buggy jank and you've explained why people are still using Telegram.

[TheLoafOfBread]

You are missing the concept which made Apple successful - polished and simple UI which just works. Telegram is same. And the fact that Telegram is not really secure? Most people does not care.

[philippejara]

How is that any different than facebook/whatsapp/etc? I can't comment on the encryption part but in a post NSA, which seems to have only worsened, trusting US publically traded companies is just as bad, russia isn't china, and for better or worse pavel seems to be an ideologue.

If you want really safe comms I don't know if any popular chat app would do the job, maybe signal? don't know much about it however.

[UnpossibleJim]

I like Signal, and I use it... with one other person. No one uses Signal.which is its biggest problem. Without adoption it's a useless app.

[OtomotO]

Most of my contacts use signal.

For the few that don't I have IRC, email, sms, phone calls...

Never used WhatsApp, Telegram etc

What I am saying: it depends on your individual bubble and where you come from. ;-)

[acapybara]

Have a look at Briar.

[dzonga]

i'm in the west - what's russia gonna do to me ? whereas in the west the us / uk gvt can come pounce on me anytime if i use western apps.

[patates]

- Share your information with anyone, or even sell it, without any consequences

- Accumulate data and try to use it for mass manipulation

These are from the top of my head.

[ajsnigrutin]

So, same as every other chat platform, be it facebook or google, or discord, or microsoft,...?

[7v3x3n3sem9vv]

Signal collects zero user data

[Nimitz14]

They do not sell your data.

[jesterson]

You can't be serious stating that, can you?

What makes you stating that so undoubtedly?

[fsflover]

But they do use it to manipulate you.

[hulitu]

> I’m absolutely astonished that anyone trusts Telegram for their communication

Why ? Are you russian ? Do you travel to Russia ? A lot of people also trust WhatsApp and Signal for their communications and i'm sure that no western government will ever spy on them. I'm joking.

Just be aware that encryption is not useful when your OS provider has access to your keys.

[wereallterrrist]

Youre just missing the feigned shock that will be expressed when the inevitable happens. Im no RMS fan, but man if my privacy-first, open-first approach to things hasnt borne fruit year after year after year. It seems peoole often cant be arsed to care until theyre invested and the blast radius is wider. But those stickers yall.

[CyanBird]

> what am I missing?

That the cia has got far more leverage on it than any other foreign powers

It is used fantastically by them on the current iran unrest and as a medium to pierce against Russian information spheres

Where zunzuneo failed telegram has succeeded and blossomed

[throwaway0x7E6]

it's primarily used as a platform, not a messenger

also, Telegram has no ties to Russia

[dodgerdan]

Their offices of record were empty when check by journalists. The founder is Russian, most of the engineering team is Russian. The founder visits Russia regularly. I assume their non-resident Russian engineers visit Russia too.Most of their user base is Russian. And they have an agreement with the Russian government not to be blocked if they cooperate on combatting terrorism.

[throwaway0x7E6]

>The founder is Russian

who had his billion dollar business (vk.com) stolen by the russian government, left the country and acquired cirizenship elsewhere

it's a pretty good indicator that he is not a putin's stooge

>most of the engineering team is Russian. The founder visits Russia regularly. I assume their non-resident Russian engineers visit Russia too.Most of their user base is Russian.

is Microsoft an Indian company? the CEO is Indian, half the engineers are Indian, yada yada yada

>And they have an agreement with the Russian government not to be blocked if they cooperate on combatting terrorism.

I got the impression that it was just a way out for the russian government to give up on trying to block it, after they have repeatedly failed to do so

[ptnxlo]

"Telegram has no ties to Russia", this sounds like a statement. How sure are you of this?

[tail_exchange]

Seems reasonable considering that the Russian government tried repeatedly to shut them down and the founder fled the country and got citizenship elsewhere. How sure are you thay they do have ties with the Russian government?

[cpach]

You’re not missing anything.

[lzaaz]

It's not about trust, it's about having good clients and features, and they win hands down there.