zlacker

[parent] [thread] 7 comments
1. goneho+(OP)[view] [source] 2020-06-05 05:31:56
Is Telegram at all trustworthy?

I feel like I’ve repeatedly seen on HN that they’re not a good choice for secure messaging (though I don’t remember the specifics around it).

Signal and Matrix are the two options I’ve settled on.

[Edit]: Looks like the main issues with Telegram are that it doesn't use end to end encryption by default and that they rolled their own encryption protocol that's likely not secure. They also used to leak a ton of metadata, but from searching around it looks like they may have made improvements. Either way seems like something to avoid when there are obviously better alternatives.

replies(3): >>est31+r >>input_+31 >>AnonC+Q3
2. est31+r[view] [source] 2020-06-05 05:36:56
>>goneho+(OP)
Telegram is not E2E per default. They claim to not turn over data to authorities but I doubt that claim. Signal on the other hand is fully end to end encrypted.
3. input_+31[view] [source] 2020-06-05 05:44:47
>>goneho+(OP)
Telegram only end-to-end encrypts "secret messages", which I assume are rarely used.
replies(1): >>antice+aI
4. AnonC+Q3[view] [source] 2020-06-05 06:21:44
>>goneho+(OP)
Telegram's homegrown crypto has been dismissed by many people (including experts). But it offers privacy features that some other messengers do not. Is Signal trustworthy considering that it exposes your phone number to everyone else in groups? With Telegram it's possible to communicate with anyone without revealing your phone number or profile picture or anything else.
replies(2): >>goneho+t4 >>sorenj+Di
◧◩
5. goneho+t4[view] [source] [discussion] 2020-06-05 06:30:13
>>AnonC+Q3
The phone number issue is pretty overblown since it's a clear and intentional tradeoff that allows signal to retain very little metadata (leveraging local phone contacts instead of sending your social graph to their servers like everyone else). Moxie Marlinspike is the founder/co-author of the protocol and Brian Acton put in massive funding after the FB/Whatsapp fallout - not sure you can get better than that?

They're also making moves to make the phone number requirement unnecessary. What privacy features does Telegram have? It sounds like they don't even have encryption on by default and people have also dismissed their security? Why would anyone use them?

◧◩
6. sorenj+Di[view] [source] [discussion] 2020-06-05 09:16:26
>>AnonC+Q3
> Telegram's homegrown crypto has been dismissed by many people (including experts).

Only the expert's opinions are of any value IMO, and I've never seen anyone showing an attack on Telegram's encryption. Telegram themselves seem to claim that it's never broken. I often see vague criticism over the fact that they use their own protocol, but never anything more detailed than that.

https://core.telegram.org/techfaq#q-i-39m-a-security-expert-...

replies(1): >>AnonC+8x
◧◩◪
7. AnonC+8x[view] [source] [discussion] 2020-06-05 11:48:01
>>sorenj+Di
GP here. I agree. I believe there’s a stigma against Telegram. There was one security issue with the MProto version 1 several years ago, which was reported (given a bounty too, IIRC) and fixed. I don’t recall any other issue being reported after that.
◧◩
8. antice+aI[view] [source] [discussion] 2020-06-05 13:14:25
>>input_+31
Telegram secret chats allow self-destruct timers and remote retraction of messages.
[go to top]