[maqp]

That's the dangerous part. It's a messaging app that took in the function of a social media platform. It did so without robust security features like end-to-end encryption yet it advertised itself as heavily encrypted. Like Green stated in his blog post, users expect that to mean only recipient can read what you say, i.e. end-to-end encryption.

Telegram would be fine if it advertised itself as a public square of the internet, like Twitter does. Instead, it lures people into false sense of security for DMs and small group chats, which is what Green's post and thus this thread is ultimately about.

Free API doesn't mean anything until they fix what's broken, i.e. provide meaningful security for cases where there's reasonable expectation of it.

[est]

> a social media platform. It did so without robust security features like end-to-end encryption

Most social media platforms doesn't support e2ee.

Some chat apps do support e2ee but also requires a god damn phone number to login (yeah so does telegram), this makes "encryption" useless because authorities just ask the teleco to hand out the login SMS code.

[tapoxi]

The author of this article makes the point that social media is its key feature, but they still advertise Telegram as an encrypted messenger. So your messages to friends will be on Telegram, they're there for the social network, and they will be unencrypted because they don't support E2EE for group chats and deliberately hide the "secret chats" function.

[niutech]

> It did so without robust security features like end-to-end encryption yet it advertised itself as heavily encrypted.

Telegram has E2E encryption, but only in Secret Chats: https://telegram.org/faq#secret-chats

[maqp]

Telegram has secret chats, but only for mobile 1:1 chats.

You want secret chat for groups? Sorry, can't do. (Signal can.)

You want secret chats for desktop messages? Sorry, can't do. (Signal can.)

You want everything end-to-end encrypted by default? Sorry, can't do. (Signal. Can.)

[hn1986]

Most of its content is not E2E encrypted, especially channels.

[mikrotikker]

The free API is amazing I have so many little helper bots that help me automated my life. It's easy better easier and more feature rich than twilio or slack. I made my own stock management bot that ate a screener spreadsheet I upload in the chat and tell me if I should sell my stocks.

There is even that freqtrade bot that runs on telegram, even RSS bots. It really is amazing. So easy to use for chat ops.

I don't know what else you would use the API for.

[prmoustache]

Most "normal" people use messaging app and social medias DM interchangeably.

For instance 2 days ago my partner wanted to show me a message her friend sent, went to whatsapp and couldn't find it then realized said friend had used instagram DM for that. Most people don't care enough.

[codedokode]

> It's a messaging app that took in the function of a social media platform. It did so without robust security features like end-to-end encryption yet it advertised itself as heavily encrypted.

Do you want to say that social networks must implement E2E? Personally I think it is a good idea, but existing social networks and dating apps do not implement it so Telegram is not obliged to do it as well.

As for promises of security, everybody misleads users. Take Apple. They advertise that cloud backups are encrypted, but what they don't like to mention is that by default they store the encryption keys in the same cloud, and even if the user opts into "advanced" encryption, the contact list and calendar are still not E2E encrypted under silly excuse (see the table at [1]). If you care about privacy and security you probably should never use iCloud in the first place because it is not fully E2E encrypted. Also note, that Apple doesn't even mention E2E in user interface and instead uses misleading terms like "standard encryption".

This is not fair. Apple doesn't do E2E cloud backups by default and nobody cares, phone companies do not encrypt anything, Cloudflare has disabled Encrypted Client Hello [2], but every time someone mentions Telegram, they are blamed for not having E2E chats by default. It looks like the bar is set different for Telegram compared to other companies.

[1] https://support.apple.com/en-us/102651

[2] https://developers.cloudflare.com/ssl/edge-certificates/ech/

[NayamAmarshe]

> It looks like the bar is set different for Telegram compared to other companies.

I too find it disingenuous. Many people here support a monopoly and privacy nightmare like WhatsApp but somehow, a closed-box implementation of E2EE is automatically better than an app with a proven track record of not selling the user data.