Sadly, it was probably too technical for most potential users to be swayed much by it.
We need focused talking points, e.g. the fact that the NSA and other governments vacuum up all your data, and that TextSecure represents the first step toward a future in which it's very difficult for governments to do that. Whereas with Telegram, it's just as easy for them to access your conversations as it is for them to bypass SSL. Governments can and will do so. That's what users are concerned about; that's what they care about. Telegram has no defense against that argument due to their protocol's inherent vulnerability to this form of attack. Therefore it's the single most important point for to stress to any potential user.
Yet it's getting lost in the noise. Actually, I haven't seen it mentioned very much at all. Someone should do a writeup calling attention to it.
I am selling fire-proof safes. These are designed to protect your documents and valuables from thieves and from fire and other events.
The normal way people set up tests is to put some documents and valuables in a box and actually try to break it (MythBusters style, bringing out cool machinery and trying different ways). For fire resistance, there is a rating system (https://en.wikipedia.org/wiki/Fire-resistance_rating) and a standard way to test.
The Telegram proposition is: we are going to place the safe in Fort Knox. If you can't break the safe that is in Fort Knox, then clearly our safe is secure.
The Article rebuttal: to break the safe, you have to break into Fort Knox. And for all intents and purposes that's not going to happen. You could have put a cardboard box and no one could tell the difference because of how you structured the test.
an article that succinctly conveys to potential users why Telegram is snakeoil and why TextSecure is the real deal
There is no way to convey this with better rhetoric because the proof is in the technical detail, the party that is wrong can just ramp theirs rhetoric up too. If you don't dig into that detail, it just becomes a he said/she said argument that no observers can judge on merit. Those discussion relies on the participants to be knowledgeable, and politely acknowledge when they're out of their depth technically or just plain wrong. But there is nothing to enforce that, see any Hacker News discussion about something that isn't web development or devops.
I used a simple substitution cipher. Please indicate, without guessing every combination, which one is correct. For convenience, the letters z,c,o,m are not substituted.
We need focused talking points, e.g. the fact that the NSA and other governments vacuum up all your data, and that TextSecure represents the first step toward a future in which it's very difficult for governments to do that. Whereas with Telegram, it's just as easy for them to access your conversations as it is for them to bypass SSL. Governments can and will do so. That's what users are concerned about; that's what they care about. Telegram has no defense against that argument due to their protocol's inherent vulnerability to this form of attack. Therefore it's the single most important point for to stress to any potential user.
Yet it's getting lost in the noise. Actually, I haven't seen it mentioned very much at all. Someone should do a writeup calling attention to it.