Were you in the academia, you'd know Telegram should've hired a cryptographer when they started, almost a decade ago. They have never done that, because to them pride is more important than doing things right. You, an academic, spending your Sunday defending some random messaging app company online a, and doing it for free, is almost as stupid as the parent company's decisions to favor grass-roots damage control over secure-by-default design.
You seem to have a chip on your shoulder regarding telegram. I’ve seen your comments up and down this thread and they do not merit rebuttal because they’re so dearly held opinions.
But let me be clear: all cryptography is “untested” or “unused” at some point. There’s nothing inherently wrong with making a new cryptographic method.
Criticisms I would agree with are:
1) Advertising as a secure messenger (or: the most secure) as it is stupid to say “most” and the security is untested.
2) bug bounties on the protocol as a marketing method to show that it’s not broken.
3) being of russian origin (which, obviously they can’t control, but if this was a US company doing this it wouldn’t have gotten so much negative press).
—-
What we might forget, especially as telegram marketing is so slick and the art so good: building things is hard, we might not always make the right move- it’s fair to criticise but I doubt any of us would do markedly better, we’d just make different trade offs; and some other forum for “accessibility design” would be lambasting us for making our own keyboard or something.
>You seem to have a chip on your shoulder regarding telegram.
You need to understand I don't see messaging apps as living things. I see muscles, bones, nerves and veins. I have no grudge toward any app. That would be silly. My problem is with dangerous implementation of cryptography in general. It's completely agnostic of vendor. I've criticized a myriad of apps in my lifetime from Palringo to Foocrypt to DataGateKeeper to Telegram to TimeAI (lol): bullshit crypto has many forms. I've even criticized apps I now find more or less good, such as Threema and Element (during Riot times).
> all cryptography is “untested” or “unused” at some point
That's not the problem. Telegram's cloud encryption doesn't become "tested" at some point. It's fundamentally broken because by definition the decryption key is with Telegram (the service provider), and NOT your peer.
"Advertising as a secure messenger (or: the most secure) as it is stupid to say “most” and the security is untested."
Yeah I tend to agree. If you want to take a look at how far security design in secure messaging rabbit hole goes, my research might be of interest https://github.com/maqp/tfc
>being of russian origin
No please don't take my comments to infer anything from something being of Russian origin. There isn't "Russians are bad" aspect to my criticism. There is Durov's military training, there is connections to government from VKontakte days, and there is technical deficiencies that are indistinguishable from state sponsored honeypots. I'm not as interested in WHO Durov might give keys to access the servers. I'm interested in the issue of why its dangerous it can happen in the first place: lack of ubiquitous E2EE.
>telegram marketing is so slick
Exactly, they have fantastic social media team that's expert at handling criticism with snide remarks, memes, pop culture references. They really get people. And I find that terrifying. The platform's an orgy of fun, and all I see is by looking at the veins and bones, is another Facebook. Hundreds of millions of people living 90% of their social life through an app they think stands for them, without understanding they're feeding another monster.
Durov should know better what is ethical to build, but he doesn't care. Even if he didn't collect data for the purpose of using it against people, it's his responsibility to know he's not all-powerful, his servers are not hack-proof, and the data that sits there is a tremendous liablity.
Moxie might not be able to pull off the UX, but at least his heart is in the right place, and he's come the closest wrt design that's secure by default. But the most astonishing thing was the v2 group design, that required pushing the boundaries of cryptography as a field. That was incredible achievement. It seems all we can hope now is Signal's features will one day match large enough portion of Telegram's footguns. Lack of usernames, markdown mode, and replying with stickers are the main gripes for me ATM. Or perhaps Threema, Wire, or Element will catch and surpass Signal. Time will tell.