Hacker News new | past | comments | ask | show | jobs | submit login

>Even in normal groups the default is that any user can add someone so the new user would need to get the decryption key on invite.

Signal has group invite links.

>Then you have bots that need to be able to read messages so they need the key too.

Signal has bots.

>Then you have cloud search

What you have is search, and Signal has search too, for the local message log. Telegram's log search lacks partial and wildcard searches. It's extremely inferior. Also, Telegram's cloud search gets extremely slow if you try to find anything older than few months.

>You may not like it but its clear and easy to understand.

It doesn't explain why they can't implement E2EE for normal group chats from technical PoV. Neither does Durov's blog post.

> But what user care about is how fast it is

What's the difference? Give me numbers

>how much data it uses

What's the difference?

>how much it drains the battery

What's the difference?

How about some nice facts and sources?

I think it's cute you try to label every secure feature an anti-feature, without understanding security is the fundamental attribute of every feature. You wouldn't use a feature that leaked the content to your worst enemy, why would you upload it to server that when hacked, allows your worst enemy to read it?

>I use telegram almost exclusively for public stuff or semi-public stuff.

Sure, if you personally have nothing to hide, you're welcome to use Palringo (that AFAIK still pushes everything over HTTP) for all I care. Just don't enforce your privileged threat model to anyone else.

>Its absurd and nonsensical

You're in a conversation about security of Telegram. If you don't give a shit about security, go, enjoy your life. Why did you bother come here to brag about your privileged life that doesn't have to be concerned with security?

> It would be like making twitter completely e2ee

That's bullshit. Twitter doesn't e.g. have groups that would enjoy expectation of privacy. Twitter is also not a messaging app, it's a social media, moreover, it's a micro-blogging site. It's content is intended to be public. Sure, the direct messages should probably use opportunistic E2EE, but its not exactly advocating itself as "heavily encrypted", it doesn't IMO have to be.

>You have the option for e2ee one-on-one chats if you actually need it.

No I want E2EE for my group of 10 close friends. I don't want E2EE for 2000 member super groups. And the problem literally is, I don't have the option for E2EE 1:1 chats, they're N O T available for Linux desktop I use. We don't actually have the option. What Telegram has, is a sad excuse of E2EE 1:1 chats on limited platforms, which only functions in online debates. Telegram does NOT have E2EE in practice. If it had, I'd be having my chats on Telegram instead of Signal, and wouldn't have to raise awareness on the issue.




You ignore everything I posted and just list stuff Not even gonna read it all Have a nice day and keep using whatever you want (signal obviously)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: