[AdrenalinMd]

The argument regarding "source code" is misleading and not entirely relevant. It's worth noting that Telegram's backend is also closed source, yet its supporters often overlook this fact.

Decompiling and inspecting mobile apps is relatively simple, so if there were any issues with the WhatsApp client, they would likely have been uncovered already.

As for Telegram, its messages are stored in plain text on their servers, and it doesn't offer default end-to-end encryption. This means that if Russian secret services were to gain access to Telegram's backend, they could easily read all the messages.

Therefore, when using Telegram, it's important to be aware that its administrators have the ability to read all of your messages.

[NayamAmarshe]

> It's worth noting that Telegram's backend is also closed source, yet its supporters often overlook this fact.

Backend is never verifiable. It's a moot point. Signal's backend is open source yet they always release the sources late. Their servers were running entirely different code for a year and they even injected some cryptocurrency related features which weren't reflected in the source code.

Backend is always unverifiable, open source or not.

> Decompiling and inspecting mobile apps is relatively simple

Not so much when WhatsApp obfuscates binaries on purpose.

On top of that, the T&C clearly forbid you from doing it.

> As for Telegram, its messages are stored in plain text on their servers

Absolutely false. Telegram's cloud encryption algorithm has already been audited by independent researchers.

Calling symmetric encryption as "plain text", is disingenuous.

> This means that if Russian secret services were to gain access to Telegram's backend, they could easily read all the messages.

I guess Russia's telegram ban doesn't matter then? Nor Durov's fight with the Russian government. He actually moved to another country to stop the Russian government from having access to the servers.

It's totally fine to understand your security context and the security your messaging medium provides but it's not good to misrepresent facts and use terms that mislead people.

[AdrenalinMd]

My point is precisely this: With robust end-to-end encryption in place, there's no need to rely on the trustworthiness of the backend. Unfortunately, Telegram lacks this feature, making it untrustworthy.

Even with Telegram's encryption, messages can be compromised through a straightforward SIM swap. This means that their encryption is essentially irrelevant since messages can be read without needing an encryption key from the client.

I recommend checking out Moxie Marlinspike's Twitter thread on this topic for further insight. You can find the link I previously shared in another thread.

[NayamAmarshe]

> With robust end-to-end encryption in place, there's no need to rely on the trustworthiness of the backend

Actually there is. The backend transferring information is the sole point of failure. While the message content might be secure, nothing other than that ever is. In fact, an E2EE app could send unencrypted messages in the payload or the private keys and you still wouldn't be able to do anything about it.

This is why I question WhatsApp's effectiveness in the first place.

> Even with Telegram's encryption, messages can be compromised through a straightforward SIM swap

2FA - Cloud Passwords have existed for a long time. Most people fail to mention it when mentioning SIM swap, which is a physical device security issue, a responsibility of the user.

> I recommend checking out Moxie Marlinspike's Twitter thread on this topic for further insight.

I'm sorry but I consider that misinformation at worst and propaganda at best.

He thinks that any encryption that's not his, is 'plain-text'. On top of that, he's very much the reason why Signal was never released on F-Droid. He's got some weird biases against other tech that he can go to any lengths to defend it.

Not only are his Twitter threads loaded with bias but the language he chooses to use, I'd consider that plain misinformation. He does not have any authority to claim things he can't prove.