Hacker News new | past | comments | ask | show | jobs | submit login

Most of Telegram's advantages come from it not being end to end encrypted by default. They've proven that simply claiming to be the most secure app is better for most users than actually being the most secure. Because true security comes with drawbacks, and users don't like drawbacks.



Most of Telegram's advantages come from:

* anonymous accounts. You need a phone number to set up an account, but you don't need to share your phone to talk to people on it

* network effects. The sticker game is great on Telegram because there are so many people on it making stickers.

* the secure chat *option*. It has an option of being secure and so therefore people think it's secure and when they find out it's not secure all the time, they're still happy that it has the option of being secure.


A good app offers options. While most HN folk don't like Telegram's default, it at least gives you somewhat of a choice (and the user can force the E2E option even if the other party doesn't like it)(though they do not give the option to make all chats by default E2e, which is indeed a dark pattern). The other apps just shove possibly backdoored E2E down people's throats with no choice at all.


>The other apps just shove possibly backdoored E2E down people's throats with no choice at all.

You can check e.g. Signal is not backdoored by reading the source code. You can find it here https://github.com/signalapp/

You can vefify the client you downloaded from Play Store hasn't been tampered with. Instructions for that are here: https://github.com/signalapp/Signal-Android/tree/master/repr...

Your post is slightly ironic, considering Telegram doesn't give you any choice on using E2EE for groups or any chats for that matter, on majority of desktop clients. Know this: when you're not using end-to-end encryption, i.e. when you're using Telegram cloud chats, those chats are by definition as private as a backdoored E2EE chat would be. So one could argue they are front-doored by design.


Signal just spent a year being closed source.


This is an incorrect take. It's true that Signal's server code had not been updated for many months, but that doesn't have an effect on security as messages are end-to-end encrypted locally on the clients/apps. The client/app code had been consistently updated during this period.

Signal responded to the server code being outdated as well: https://github.com/signalapp/Signal-Android/issues/11101#iss...


But Signal won't allow federation and is hostile to independent client development.

Also, what about the server source code?


Signal choosing not to federate isn't in the scope of this thread. IMO not federating is a guarantee of client quality. The last time I had a look at Matrix E2EE implementations, only Riot was barely usable. There was a ton of clients that didn't support it, didn't intend to, didn't have the confidence to go about implementing etc.

>Also, what about the server source code?

https://github.com/signalapp/Signal-Server There you go, last commit two days ago.


It's not a quality guarantee for clients in practice since you can't control Client Side with open source

Regarding Riot, which is called Element by now, you may want to update your knowledge


Yeah I'm familiar with Riot being called Element now, and you don't need to look further than this chat for me to state that.

"It's not a quality guarantee for clients in practice since you can't control Client Side with open source"

What? Open source native client with reproducible builds is literally the gold standard of individual control over software, it's even GPL licenced.


> IMO not federating is a guarantee of client quality.

That's not how it worked out for email long-term; why should IM be any different?


I know Telegram’s default is to give all the data to the server. But being honest about this makes them able to provide significant UX benefits. Backdoored E2E gives a false sense of security, and, backdoored or not, E2E’s UX sucks. (Also note that the backdoor/malware could be on any level of the stack; From WhatsApp’s plaintext backups, to NSO’s zero days.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: