[nostalgk]

I once visited Moscow for a AI coding jam sponsored by the Russian state, and while I was there, there was a Telegram group for all of the students to use to communicate during the jam. This Telegram channel was set up by the state officials.

A small section of Russian students were floored, and responded that they thought Telegram was banned in the country at the time (circa 2017-2018). The state officials laughed and responded that it wasn't any concern because they could read everything in any chat they wanted.

I've avoided the app ever since. I can't say how, why, or when the app became compromised, but anecdotally, I was told that it was and that it was no longer a concern in Russia.

Maybe it was some dry joke, maybe those students were woefully misinformed, who knows. But it certainly broke any confidence I had in the security of any existing messaging app.

I personally use Signal, but that's mostly just because I have personal friends who use it and it's convenient to use on my PC.

Edit: Kinda funny, I only just logged into this site again, and some of my last previous comments were about the same thing.

[Zamicol]

Signal's larger problem is the lack of a web client.

Telegram (like everyone else) has a great, responsive web client.

What's even more frustrating is that Signals desktop app is just an electron app, meaning it's generally designed for the browser.

[siva7]

Signals problem is they are too extreme on the security aspect neglecting everything else but a messaging app is much more than one feature to be considered a serious alternative for the masses. It hasn't even solved backup of your chats as a basic feature because it's not important to their developers but a non-negotiable feature for the majority of chat app users.

[shric]

Strange, I've been using Signal for years and its backup feature works just fine:

1. Enable backups. 2. Point it at a folder on your phone which gets synchronized somewhere 3. Note the 30 digit passphrase in your password manager.

https://support.signal.org/hc/en-us/articles/360007059752-Ba...

Have had no issue restoring to replacement phones.

[siva7]

That may be true for Android devices but not for Mac and iphone. I checked a week ago when i wanted to give signal another chance after years but it's utter lack of a convenient backup and restore functionality drove me once again away. This means if you loose or damage your phone or macbook all chat history is forever lost. That may be convenient if you're the ceo of amazon but not for normal people.

[honestjohn]

The worst thing for me was that app versions expire pretty frequently with no warning, then you just stop getting notifications. Which is extra annoying cause I'm only on it for some bar trivia group that totally doesn't need e2ee (or even e).

Also, Facebook Messenger recently added e2ee, which made it glitchier, fussier, and not really any more secure given that the key is a short numeric code.

[aaomidi]

Yep this is a huge issue on iOS.

Here’s a couple of solutions, Signal:

1. Generate a long paper key that can be stored in a password manager. Use iCloud to store an encrypted backup.

2. iCloud now has optional e2ee. Let me just say my threat model trusts that e2ee and use iCloud directly.

[hex-m]

Web-apps in the browser can't be used for encryption because in that model the server is always trusted to send whatever code it wants. That defeats the point of end-to-end encryption. That's why Mailvelope is a browser add-on and webmail clients don't just embed openPGP.js. This way they can create releases of the crypto-code and distribute them over trustworthy channels.

If Isolated Web Apps (IWAs) take off, it may become an option.

[roninorder]

The fact that Telegram is home to thousands of military bloggers discussing the war in Ukraine without getting blocked is a clear signal that the platform is completely compromised and controlled by the Russian state. There is a 0% chance they would allow a free flow of information of this type.

[archargelod]

Telegram is also home for many oppositioners of Russian State and Putin, Russian Liberals and LGBT communities. Why would government-controlled platform ever allow it?

[roninorder]

1. Controlled opposition

2. They can dox and eliminate any real threat if they can monitor the most popular communication tool

According to many sources, Telegram is a vital communication tool of the Russian military in the war with Ukraine. If that's true, then there can be only two primary interpretations: 1. Russian gov is astoundingly incompetent 2. They are able to monitor Telegram

[archargelod]

Your theory is interesting, but the most popular social network in Russia is Vkontakte, not Telegram. It is indeed controlled by the government and any "illegal" liberal channels are banned on sight.

> If that's true, then there can be only two primary interpretations

There is a third possible explanation:

3. This particular war is full of misinformation and lies from both sides. Telegram can be used as a tool to spread your disinfo, masking it as truth.

I really doubt that russian military uses Telegram to coordinate anything, and if they do - it could be rare cases where soldiers haven't gone through any special training. But I can see how Telegram can be used to share other non-vital data. If it's true, then surely it's not incentive from above, but initiative from below.

You should keep in mind that it's not professional specialists on the battlefield, but mostly people who've been regular citizens just a few years ago.

[roninorder]

As far as I know VK is not nearly as popular as Telegram specifically as a communication tool, aka a messaging app. WhatsApp and Telegram being by far the most popular options in Russia.

> Telegram can be used as a tool to spread your disinfo, masking it as truth.

So can TV, newspapers, local websites, etc etc. And yet we know what happened to all Russian media that tried to spread messages contradicting the official position. I don't believe Russian gov (or Soviet for that matter) is confident enough to allow dissenting opinions to be spread on such a massive scale without a high degree of influence and/or monitoring.

I know usually the burden of proof is on the side of the conspiracists, but in this case I am not taking any chances. If it's a Russian company that is widely used by the Russian ideological state apparatus, I have zero trust in whatever their encryption promises are.

[realusername]

> I've avoided the app ever since. I can't say how, why, or when the app became compromised, but anecdotally, I was told that it was and that it was no longer a concern in Russia.

The Russian state stopped blocking Telegram after the state investments in the platform, that tells you everything you need to know about its security and the deals they must have made with the Kremlin.

If something isn't blocked in Russia right now, it's because they have access to it.

[oskarkk]

> If something isn't blocked in Russia right now, it's because they have access to it.

So WhatsApp is also controlled by Russia?

[Gys]

For a while now I just assume anything that is used/allowed in Russia and/or China is only because those states have access to the contents. They are advanced and powerful enough to ban and create alternatives. So Russia probably can access whatsapp messages. Meaning that any three letter agency can do that as well.

[diggan]

> The Russian state stopped blocking Telegram after the state investments in the platform,

Where are you getting this from? Russia has seen Telegram as an enemy since day 0, and probably had to lift their block because it didn't work at any point, Telegram was available in the country the entire time.

Have these "state investments" been reported on by some reputable organizations?

[throwaway74354]

https://www.forbes.ru/newsroom/biznes/424315-rfpi-investirov...

https://www.bbc.com/russian/news-56501991

[diggan]

So RDIF says they've invested in Telegram, Telegram says they were approached but said no. Is there any 3rd party sources for this that can confirm either side?

[roninorder]

They blocked Signal but can't do anything to their biggest enemy Telegram?

[honestjohn]

Telegram's e2ee mode is only usable for 1:1 chats, so I wouldn't be surprised if some government(s) could gain access to any group chat they want.