> Advanced users, which need end-to-end encryption and are willing to trade a bit of usability for improved security guarantees, are able to do so by using secret chats
Except when they want to chat with more than one person at once. Telegram does not have any support for encrypted group conversations.
Otherwise a good read. Telegram is not a bad app, but it does not suit my threat model. I'm willing to forgo cloud backups and some usability to have default encryption for all my conversations, which I think is something Signal provides. None of these apps are perfect, it comes down to what combination of trade-offs works best for you.
> I'm willing to forgo cloud backups and some usability to have default encryption for all my conversations, which I think is something Signal provides.
Indeed, it does.
> None of these apps are perfect, it comes down to what combination of trade-offs works best for you.
That is exactly the take-home message :)
Anyway, I mentioned that Telegram does not support e2ee for group chats here:
> WhatsApp nowadays has end-to-end encryption enabled by default for all chats, while Telegram has not enabled it by default and does not support it on group chats.
Note however that group chats are even more difficult to handle securely, because in theory you are supposed to verify the identity of every participant.
I’m sure that it’s just a matter of time before someone somewhere is going to target the author of this post with snide remarks on their qualifications/ignorance and hinting at them being a Telegram shill (I’m not one of those).
That said, I liked this article a lot since it puts things in a manner that focuses on how to approach these comparisons and backs them up with relevant information. Elsewhere, there’s too much of appeal to authority that ignore other points (mainly nuances that are important).
I completely agree with this part:
> A big chunk of the criticism of Telegram amounts to defamation, lies and arguments from authority. Unfortunately this is not an opinion, but a verifiable fact. Even more unfortunate is the fact that many of these come from respected figures of the computer security community.
A few corrections and additions are required in the article:
* The part about Signal not having a standalone desktop client is not true. This was already pointed out in another comment here. Signal has had this for a few years now.
* “This is more subjective than an exact since.” — there’s a typo here for “science”.
* I didn’t see mention of metadata collection by WhatsApp. That’s as important as the content of messages.
You don't see the obvious dishonesty in how the author decided to interpret tptaceks claim about Telegram storing plaintexts of all messages?
The author claims that this is "defamation" because Telegram uses FDE or a similar solution.
With the deliberate misunderstandings apparent in this article I don't see why it would be inappropriate to call the author out for being a Telegram shill.
>Here Moxie is pretending the discussion was about having plaintext access, which obviously Telegram has for non-secret chats, instead of plaintext storage, which is what Ptacek was talking about
The whole idea of "plaintext storage" is something that the author came up with themselves, tptacek claimed that Telegram "stores the PLAINTEXT of EVERY MESSAGE". These mean entirely different things. Plaintexts are still stored even if they are encrypted on disk with keys controlled by Telegram.
Refreshing take. An actual analysis with threat modeling calling out all the fallacies of people that argue Whatsapp is better just because it uses E2EE by default.
You even discuss this issue in the "History of Telegram vulnerabilities", but don't bother to mention the fact that this was almost certainly a deliberate backdoor.
You also seem to suggest that DUAL_EC_DRBG was promoted as a best practice by the crypto-community, what an utterly bizarre claim.
Of course, the mental gymnastics in the "Defamation" section make it clear that this was never intended to be a honest analysis.
Can govt or a company mass harvest chats to classify users into buckets? and use this data to manipulate people. We have seen this happen with Cambridge Analytica. Think of military having a list of all pro-democracy people before staging the coup.
Why do you think it is ignored? Feel free to suggest a way to improve the article, if you want :)
In my opinion this is partially addresses in the threat modelling section, where I mention the need to trust "The companies running the servers needed by the app to work".
Anyway I believe the threat you mention is a very difficult one to defend against, because probably even metadata alone is sufficient to construct a graph of relations. So, I maybe wrong, but if you do not want to trust any company at all, then even Signal may not be enough for you in this scenario. Regarding the choice of WhatsApp vs Telegram for this scenario, you simply have to decide if you trust more Facebook (which we already know supplies this kind of mass data to the US government) or the Telegram team. Or you can trust neither.
That's the issue at hand. Telegram is popular in countries where their primary thread model is getting arrested, not being MITM'ed by their governments
Yeah, I thought the post was already too long to also talk about Signal!
My opinion on Signal is it should definitely be preferred if one cares about security more than usability. I really cannot wait for it to have a "standalone" client (that is, that does not require the phone to be online as well).
There are other messaging apps, like Element (and the now defunct Keybase) which try to solve the same problems. So, I decided to keep that discussion for another future article (maybe).
>(that is, that does not require the phone to be online as well).
Signal does not require the phone to be online as well. Source: just switched my phone off and still able to send and receive messages on the desktop app. WhatsApp, however, still very much requires the phone to be online for its web/desktop clients to work.
That said, Signal is still not a "standalone" app on desktop because it needs me to have installed and set up the app on my phone to link it to desktop. After this though, they are very much independent clients.
Thanks for this clarification. I guess I had a wrong assumption about Signal then!
What happened to me is that I lost my phone, so I did not have an Android device to re-install Signal. I later managed to get back the SIM card and I assumed that I could use the Desktop client, but if I remember correctly it did not work. However, I will check again all of this
No, it mentioned that Signal is more secure but less usable. They didn't seem to have any qualms with it. It seems to me the thesis here was basically comparing the tradeoffs that Telegram and WhatsApp made for usability, it seemed to imply that Signal didn't make any of these (I don't think it did).
Telegram should have a setting to choose the default (secret vs regular chat) and ask the user on installation. I understand about the backups part but a lot of users may don't care about backups. This will remove a lot of bad mouth on them and also save server resources as they don't have to save secret chats forever. I really like telegram for their cool bot-api, instant-view and channels.
Was security implementation ever proven itself for Telegram? I remember reading a lot of threads on HN a few years back about how it wasn’t considered secure/kosher. I moved on and haven’t really followed the cryptography space.
These questions are next to impossible to answer. The DUAL_EC_DRBG algorithm is widely agreed to be backdoored (even the author of this article seems to agree), but nobody has actually proven that an attack exists.
Cryptography is a very complex field, Telegram has made many bizarre design decisions which make it difficult to trust them despite the fact that their encryption has not been publicly broken recently.
Except when they want to chat with more than one person at once. Telegram does not have any support for encrypted group conversations.
Otherwise a good read. Telegram is not a bad app, but it does not suit my threat model. I'm willing to forgo cloud backups and some usability to have default encryption for all my conversations, which I think is something Signal provides. None of these apps are perfect, it comes down to what combination of trade-offs works best for you.