The reason is that. You have to choose between something you can use from whatever device you want, that you can simply log in into a web interface on whatever computer, or end2end encryption.
Telegram made a choice of usability, you are able to use Telegram from whatever device, mobile app, desktop app, web app, smartwatch app, command line client, third party clients, without any problem, notifications arrive on every device, you can start a conversation on one device and continue it on another, they are synchronized in real time.
It's in theory less secure? Yes, since whoever has access to Telegram servers can in theory read your messages. Is it in practice a problem? No, it's not. Telegram doesn't, as far as we know, give access to government or other third parties to the data of the users. WhatsApp does for example, not for the message content but for the metadata (that they can read). What is more secure, in the real world and not in theory?
Signal is more secure, yes, but it's more inconvenient that both Telegram and WhatsApp. I prefer a convenient and slightly less secure messaging service than a super secure one (in theory) but inconvenient to use.
>You have to choose between something you can use from whatever device you want
You're being disingenuous. End-to-end encrypting every 1:1 chat by default, as well as end-to-end encrypting <1000 member groups have already been shown to be possible by Signal, WhatsApp, Wire, Element etc.
Telegram is saying "fuck security" to gain competitive edge with message latency. They have no idea how dangerous game that is.
>Telegram made a choice of usability
Insecure features are not usable features because security is the fundamental attribute of EVERY feature. Telegram has footguns, nothing more.
>"Is it in practice a problem? No, it's not"
And what credentials do you have to make such assertions?
>Telegram doesn't, as far as we know, give access to government or other third parties to the data of the users.
Considering the fact Telegram lacks the know-how to implement secure protocols (see OPs article) what chance is there they can defend against EVERY zero day exploit against their server infrastructure? Telegram most likely would never even know they were hacked. And the intelligence agencies that have owned their systems aren't bragging. And even IF Telegram would detect such attacks, would they disclose it, when they know they lack the know-how to prevent the next exploit, i.e. the know-how on how to deploy E2EE for everything.
>Signal is more secure, yes, but it's more inconvenient that both Telegram and WhatsApp.
You can't be serious. Let's take the most basic possible convenience feature. I chat with my buddy over E2EE 1:1 chat while riding the bus to work. At work, I sit down in front of my computer, and want to continue the conversation using keyboard. Signal allows me to do that with zero hassle, Telegram forces me to drop end-to-end encryption.
Telegram's convenience is an outright joke. The moment you want flexibility without losing security, it's garbage. We can thus argue Telegram strongly incentivizes insecure use (come on, just let us see your messages), because nobody, is going to unlock their phone hundreds of times a day to reply to the chats.
> You're being disingenuous. End-to-end encrypting every 1:1 chat by default, as well as end-to-end encrypting <1000 member groups have already been shown to be possible by Signal, WhatsApp, Wire, Element etc.
All these applications doesn't sync seamlessly from multiple devices. WhatsApp doesn't work if the phone is offline, Signal does but the solution works only for desktop clients, i.e. I can't have two mobile clients (I have two mobile phones, one Android and one iOS, that can access the same Telegram account, a tablet and a smartwatch). I have the Telegram client on all the computer that I have, it's the first thing I install just because I use it to share data between computers (it's practical to send a file or a link to the "Saved Messages" to transfer it between devices).
> Insecure features are not usable features because security is the fundamental attribute of EVERY feature. Telegram has footguns, nothing more.
Telegram is secure enough for most users. We have much private conversations in emails and it's mostly still a plain text protocols, with a lot of server that doesn't even support SSL with these days. So I guess that Telegram is secure enough to use it to organize a beer with my friends, if the email is secure enough to get my bank access codes, or get my medical reports, or other sort of private conversations...
> And what credentials do you have to make such assertions?
Because it is. Most conversations of normal people doesn't contain that much concerning information, and they are mostly full of useless stuff. Probably the most interesting thing that one attacker will find are some nudes that are sent... and in Telegram you have the secret chats for that anyway.
> Considering the fact Telegram lacks the know-how to implement secure protocols (see OPs article) what chance is there they can defend against EVERY zero day exploit against their server infrastructure? Telegram most likely would never even know they were hacked. And the intelligence agencies that have owned their systems aren't bragging. And even IF Telegram would detect such attacks, would they disclose it, when they know they lack the know-how to prevent the next exploit, i.e. the know-how on how to deploy E2EE for everything.
Do you think someone would even bother to break Telegram encryption if he wants to access your data? https://xkcd.com/538/
Authorities routinely access WhatsApp messages even if they are encrypted. How? Give me the phone and give me the password. But most of the time is the birth date of the user, or 123456, 0000000, or some other stupid code like that. You don't want to give me the password? You get in trouble. And we will probably extract the data anyway exploiting the operating system that probably it's an outdated Android version anyway...
The European union, where I live, is passing a law that will impose to chat applications, and WhatsApp already declared that it supports the initiative, to implement a way to check for every message that is sent for child pornography (of course is just an excuse, then since they have the system in place, let's just use also for terrorism, and then for piracy, why not). How whey implement that, that is encrypted? Well of course just implement the check in the client, before encrypting the message! And if you find some suspicious content, of course send it in clear to the authorities to be analyzed. You said what about privacy?!?
I'm pretty sure that Telegram will never implement something like that. And if it does, the Telegram client is open source, someone can fork a client removing that part, and one could install it on their phone. With WhatsApp is impossible, and even if Signal client is open source Signal is agains third party clients anyway (good example of open source!).
> You can't be serious. Let's take the most basic possible convenience feature. I chat with my buddy over E2EE 1:1 chat while riding the bus to work. At work, I sit down in front of my computer, and want to continue the conversation using keyboard. Signal allows me to do that with zero hassle, Telegram forces me to drop end-to-end encryption.
What if I can't install the software because I don't have administrative rights? I guess I can't continue the conversation. What about old messages, arrived before I log in? I guess they are lost.
>I have two mobile phones, one Android and one iOS
Cool edge case. You can have two phone numbers too you know.
> I use it to share data between computers
You can always tell a shill when they try to advertise the product's features every chance they get. Nobody in real life needs to go around telling how convenient something is.
> Telegram doesn't, as far as we know, give access to government or other third parties to the data of the users.
Approximately every country (probably every, but haven't researched them all) has various court order types to go get this information and force secrecy on whoever is involved. Thus any information which is available to a company is equally available in secret via court orders. Nothing they can do to prevent it or tell you.
>You have to choose between something you can use from whatever device you want, that you can simply log in into a web interface on whatever computer, or end2end encryption.
>Telegram made a choice of usability
Bullshit. Plenty of services have e2ee and cross-device usage. All you need for multi-platform e2ee is to sync an encryption key across devices. Either through a "trusted" party (like iMessage) or by literally syncing the key locally (Signal). You can even have one device act as the message store so you don't even keep store the encrypted messages in the cloud.
Telegram did not choose usability, they chose the opposite.
iMessage doesn't share private keys between devices. Each device has its own secret key, and when you send a message to a person with multiple devices, you encrypt multiple copies, one for each (source: https://support.apple.com/guide/security/how-imessage-sends-...)
An issue here is that the software doesn't show the user the list of keys used to encrypt a given message. If an attacker can inject their own keys into the identity service records for a given user, they would then receive a copy of all messages sent to that user.
It's true iMessage is not safe from such attacks, but you don't have to look further than Signal to see it's possible to create multi-device E2EE with seamless sync.
iMessage and its bad design can only serve the function of red herring here, let's leave it out from the discussion.
If you can have encrypted group chats, then clearly you must be able to join and synchronize an encrypted conversation with more than one device. Encrypted group chats exist in Signal and other applications, so clearly this is possible.
(There are other mechanisms (to have encrypted group chats) than just pretending each device is a separate chat member, but I thought this was an intuitive way to understand how that could securely work.)
Regarding giving metadata to governments: I want that. If someone commits a crime, then sure the government should be able to request the data on this person (it might exonerate them or implicate them, though of course it's only ever supportive and never a sole reason to convict). The governments that most people here chose are not evil. Dragnet surveillance is not good, but individual data requests for individual persons after a judge approved it? That makes sense to me, at least from the perspective of the Netherlands. If Telegram doesn't comply with these requests (and that's a big if, because I heard otherwise), it would be a reason why democratic country might rightfully ban Telegram.
But anyway that's perhaps a more political discussion rather than technical. Telegram has the data, just like every other centralized platform either collects or can be forced to collect it.
The reason is that. You have to choose between something you can use from whatever device you want, that you can simply log in into a web interface on whatever computer, or end2end encryption.
Telegram made a choice of usability, you are able to use Telegram from whatever device, mobile app, desktop app, web app, smartwatch app, command line client, third party clients, without any problem, notifications arrive on every device, you can start a conversation on one device and continue it on another, they are synchronized in real time.
It's in theory less secure? Yes, since whoever has access to Telegram servers can in theory read your messages. Is it in practice a problem? No, it's not. Telegram doesn't, as far as we know, give access to government or other third parties to the data of the users. WhatsApp does for example, not for the message content but for the metadata (that they can read). What is more secure, in the real world and not in theory?
Signal is more secure, yes, but it's more inconvenient that both Telegram and WhatsApp. I prefer a convenient and slightly less secure messaging service than a super secure one (in theory) but inconvenient to use.