[AdrenalinMd]

>WhatsApp backs up your encryption key to Google Drive by default, meaning it's far from end-to-end encryption.

This is a lie[1]. If you don't enable backups yourself, you loose your messages. You can enable E2E encryption for your backups.

WhatsApp is vastly superior to Telegram in terms of E2E encryption. Telegram can read users messages on their servers and they are not even trying to tell their users to enable E2E.

[1] https://www.tomsguide.com/news/whatsapp-encrypted-backups

[0xy]

The Google Drive option is the default on the numerous nag screens, therefore it is default behavior.

Regardless, chances are your contacts have enabled the Google backdoor if you haven't.

>WhatsApp is vastly superior to Telegram in terms of E2E encryption

That's why CVE-2020-1910 enabled attackers to steal your entire message history with a single image message. Has Telegram had similar catastrophic E2E exploits? Nope.

>Telegram can read users messages on their servers

Google has your WhatsApp "E2E" private key by default -- meaning it is NOT end-to-end encrypted. Telegram's E2E Secret Chats have no such backdoor.

[NayamAmarshe]

> WhatsApp is vastly superior to Telegram in terms of E2E encryption.

I must reiterate that this is a baseless claim because no one can see WhatsApp's source code and going by the track record of Facebook as a company, I'd rather choose to reject this statement than accept it as a possibility.

[AdrenalinMd]

The argument regarding "source code" is misleading and not entirely relevant. It's worth noting that Telegram's backend is also closed source, yet its supporters often overlook this fact.

Decompiling and inspecting mobile apps is relatively simple, so if there were any issues with the WhatsApp client, they would likely have been uncovered already.

As for Telegram, its messages are stored in plain text on their servers, and it doesn't offer default end-to-end encryption. This means that if Russian secret services were to gain access to Telegram's backend, they could easily read all the messages.

Therefore, when using Telegram, it's important to be aware that its administrators have the ability to read all of your messages.

[NayamAmarshe]

> It's worth noting that Telegram's backend is also closed source, yet its supporters often overlook this fact.

Backend is never verifiable. It's a moot point. Signal's backend is open source yet they always release the sources late. Their servers were running entirely different code for a year and they even injected some cryptocurrency related features which weren't reflected in the source code.

Backend is always unverifiable, open source or not.

> Decompiling and inspecting mobile apps is relatively simple

Not so much when WhatsApp obfuscates binaries on purpose.

On top of that, the T&C clearly forbid you from doing it.

> As for Telegram, its messages are stored in plain text on their servers

Absolutely false. Telegram's cloud encryption algorithm has already been audited by independent researchers.

Calling symmetric encryption as "plain text", is disingenuous.

> This means that if Russian secret services were to gain access to Telegram's backend, they could easily read all the messages.

I guess Russia's telegram ban doesn't matter then? Nor Durov's fight with the Russian government. He actually moved to another country to stop the Russian government from having access to the servers.

It's totally fine to understand your security context and the security your messaging medium provides but it's not good to misrepresent facts and use terms that mislead people.

[AdrenalinMd]

My point is precisely this: With robust end-to-end encryption in place, there's no need to rely on the trustworthiness of the backend. Unfortunately, Telegram lacks this feature, making it untrustworthy.

Even with Telegram's encryption, messages can be compromised through a straightforward SIM swap. This means that their encryption is essentially irrelevant since messages can be read without needing an encryption key from the client.

I recommend checking out Moxie Marlinspike's Twitter thread on this topic for further insight. You can find the link I previously shared in another thread.

[NayamAmarshe]

> With robust end-to-end encryption in place, there's no need to rely on the trustworthiness of the backend

Actually there is. The backend transferring information is the sole point of failure. While the message content might be secure, nothing other than that ever is. In fact, an E2EE app could send unencrypted messages in the payload or the private keys and you still wouldn't be able to do anything about it.

This is why I question WhatsApp's effectiveness in the first place.

> Even with Telegram's encryption, messages can be compromised through a straightforward SIM swap

2FA - Cloud Passwords have existed for a long time. Most people fail to mention it when mentioning SIM swap, which is a physical device security issue, a responsibility of the user.

> I recommend checking out Moxie Marlinspike's Twitter thread on this topic for further insight.

I'm sorry but I consider that misinformation at worst and propaganda at best.

He thinks that any encryption that's not his, is 'plain-text'. On top of that, he's very much the reason why Signal was never released on F-Droid. He's got some weird biases against other tech that he can go to any lengths to defend it.

Not only are his Twitter threads loaded with bias but the language he chooses to use, I'd consider that plain misinformation. He does not have any authority to claim things he can't prove.