Telegram has had all of these features for a while… too bad it isn't as secure as signal or it'd be perfect, since it's also written in a real GUI toolkit and present in distribution repositories.
I do wonder how telegram and signal are planning to finance it long term. Telegram is adding absurd paid features like exclusive animations, which won't earn nearly enough to cover the costs.
I wonder where signal is about keeping the servers up, since they hate federation so much.
Telegram and Signal solves very different types of privacy issues.
Telegram is good, as you mention, to be relatively private in groups/chats/channels without a need to expose neither your phone nor even a nickname (unless you live in autocratic countries — will come to this later).
But it comes with costs. First, their p2p communication is not e2e encrypted by default. Not to say that all comments/group chats are not encrypted too, unlike let’s say WA.
Second, Telegram API. It gives too much information. You can do a lot with it: read history, track changes of usernames, etc. For example, it is quite easy to obtain an internal user ID and there are black market services and databases where they promise to connect that ID with phone number if that account ever had privacy settings switched off in the past.
Claimed that they kind of scrape all accounts and pair ID for those where privacy settings set poorly. Even if you change it later — your internal ID and that scrape will state forever.
Third, Telegram was funded by Russian government since Durov had issues with SEC. He raised money from different Russian state-owned banks like VTB, issued bonds which are traded in Saint-Petersburg stock exchange, and even take some money directly from Russian government though a Qatar proxy-company. Not to say, that there are cases when TG was involved in criminal charges against people (the most famous one is story with Ryanair plane being forced to land in Minsk to arrest Lukashenko’s critique) and it was never directly addressed and explained by company how exactly those people was caught and how company protect against “SIM card replacement” cases (Signal at least inform me everytime my peer logged to new device).
Selecting between Signal with AFAIK no known cases of charges in dictatorship countries like Russia, funded by non-profitable charity, and TG without default e2e encryption, public API and Russian-state funding, is quite obvious for me.
More to this “lucky coincidence” it was unbanned exactly when Durov failed in trouble with SEC and raised Russian-state money to solve his problems. Around same time almost all official Russian institutions open TG accounts and Russian Parliament (if we can call that silly thing like this) representatives was saying like “we solved all problems with them”.
When war started, and Russia banned a lot of services like FB, they created list of communication platforms they have questions about loyalty and cooperation with Russian government. TG was not on that list and through the whole war the only issue was about Telegraph — supplementary platform to publish long notes. AFAIK there was 0 questions or criticisms to TG in those 2 years.
I didn't know a lot of this. I thought Telegram was mostly funded through Durov's Bitcoin and VK money? It feels strange that he'd be so "in bed" with the Russian govt when the whole reason he left was because of his staunch opposition to taking down Navalny's VK page.
But I haven't done extensive reading on this.
Durov was indeed an opposition to Russian govt for some time and TG was banned in Russia for some time.
But then “SEC-incident” happened. He and his brother wanted to build TON and fund it by kind of ICO (without naming it ICO). SEC decides enough is enough and blocked launch of TON with charging Durov for selling unregistered securities.
At the end, issue was settled, Durov returned all money and settle the deal with SEC, but it shrinks his finance by a lot and he ran out of money for TG.
Then he was seen in Russia and issued bonds for $1 bln. According to Russian financial press [1], bonds were underwritten by Russian banks closely affiliated with government or directly stated-owned (all of them are in sanctions list now), and even some money was invested by Russian Fund of Direct Investments [2]. Last summer he again issued bonds for TG for $270 mln.
You can buy TG bonds at SPB stock exchange where they were listed 2 weeks after the issuing [3].
Surprisingly (repeating my comment below), around same time, Russian govt withdrew all their claims to Telegram and started to use as the official communication channel.
Not to say that other “transformations” happened like Duriv publicly denounce US declaring it is a “police state” [4]
Durov personally blocked Navalny channels in Telegram during 2021 elections - https://www.rferl.org/a/telegram-navalny-smart-voting/314662... even though "technically" as a foreign legal entity they had no obligation to follow orders of Russian censorship agencies. Also, if you look up the results of court decisions in Russia, Telegram leads by a significant margin among other messengers. Yes, of course, it is the most popular messenger in Russia, but it is designed from the ground up to tie and control the circle of communication to specific people as precisely as possible.
Dictatorship exists in varous forms. Russia has democracy though in bad shape. There various flavours of democracy. But what about total dictatorship in China has no opposition and many countries with theocratic monarchy.
It's really easy to tell the difference between a democracy and a fake democracy. Democracies are messy, people never agree. Anywhere that get's consistent landslides for one person or party is not a democracy.
Take for example France vs Russia. In the 2022 election, Macron managed to get just ~30% of the voters that wanted him as President. In the second round where only two options remained, only 58%.
Without any serious opposition (with the murder of Boris Nemtsov and jailing/deregistration of Alexei Navalny), the 2018 was again a landslide for Putin with 76.69% of the vote.
There are of course other easy ways to tell, but this serves as a pretty easy heuristic.
This is, of course, a gross simplification, of everything that makes up a democracy. For example, the US is at best a flawed democracy because of all the lobbying, money and gerrymandering (and things like the Electoral College).
Disclaimer: Not American, I'm a Kiwi, so outsiders view of US politics.
Bullshit. Russia has no democracy, even in the minds of its citizens, not to say in the government. It never had and it may never have democracy. At least, until Russia exists in its current shape of form.
My bet is that they have a chance for democracy only when Russia becomes a set of little independent states. As Russia in a nutshell, is just a Muscovy that occupied other sovereign states. It was exactly like they’re trying it with Ukraine currently, again. Again, as the previous one was in 1918, when Russia ‘incorporated’ other states, what we know as ussr.
Don’t worry, telegram is now gatekeeping certain privacy settings behind the premium subscription like it’s 2003.
They also make it difficult to hide your pseudo identity from your phone contacts. I’ve had all the “discover contacts” settings turned off, and simply reinstalling the app caused people to be given my username without my consent. Settings somehow magically switched themselves back on and I couldn’t turn them off until after the damage was done.
There was no confirmation prompt. Pretty sure this happened to me more than once.
i've been using Telegram on and off since 2015 or so, and i've never shared my contacts. never! re-installing Telegram has never changed that setting.
The real problem with cellphones is that a lot of privacy-threatening issues are literally one fat finger away. And clearly, that's a feature, not a bug. That's why I prefer to work and message on my laptop anyway.
but again, Telegram has been, in many practical ways, much more privacy-oriented than all the other messengers, exactly because you don't have to share your phone number to participate in groups and chats.
For example, now you can’t restrict who can send you a message unless you have a premium. Also they added a “feature” that premium users can bypass non-premium users privacy setting “last seen and online” and TG will tell that info regardless of your choice unless you are premium too.
You're significantly misunderstanding the changes.
> now you can’t restrict who can send you a message unless you have a premium.
And before that you just weren't able to restrict that at all, there was no such feature. They didn't remove this feature for free users - it never existed. They just added it right now only for paid users.
> premium users can bypass non-premium users privacy setting “last seen and online”
That is absolutely not what the feature is. If you hide YOUR OWN last seen time, you won't be able to see last seen time of other users, even when they have it public. Now, premium users will be able to see public last seen times of other people if they hide their own. But they obviously still can't see last seen time of people who set it to private, that would've been very dumb.
Thanks for the clarification on last seen, I certainly misread it. About messages: hm, I was sure it existed before but maybe again my brain just lags.
As someone who for some time created and moderated fairly popular chat (200+ people) for anti-war Russians, I have very long and complicated history of relationship with this service and have a lot of different grey-zone stories where it is hard to understand whether it is a mistake from users and whether it is a leak from the service.
Hence I have a little low expectation and overreact on their recent changes
I have three Telegram channels with a few hundred subscribers each, and I also use the service daily, as I'm Russian as well.
I generally agree with you that Durov makes a lot of incredibly stupid decisions. I think pretty much everyone in the "Telegram community" (eg. channel administrators, bot/client developers, etc.) would agree that the changes Telegram is introducing are often bad.
The issue, though, is that there isn't any alternative right now - Telegram is the best messenger out there in terms of general usage. So while I do hate what they're doing sometimes, I still use the product and even pay for Telegram Premium. It's bad enough to be mildly annoying, but not bar enough to actually make people leave the platform.
Edit: just as I was writing this, Telegram introduced a new feature. I'm not sure if I love it or hate it to be honest, it's a smart way for them to save money, but it is pretty weird: https://t.me/tginfo/3942
If you consider Telegram as a product to be a logical continuation of the VK message system, then all of these "features" existed.
Restricting of incoming messages existed (cloned from Facebook as usual).
Restricting of "last seen and online" existed in third-party clients. Later on VK started to actively destroy this functionality, by moving manual "is online" management from designated API into all data-fetching APIs.
Not to mention that VK and Telegram are now actively fighting with third-party clients. In which world they would not fight Ninjagram/AyuGram/Plus Messenger/other forks, which allow to add multiple accounts, hide online/reading (to some extent), show message editing history and so on?
> And before that you just weren't able to restrict that at all
This is a really basic security feature though that every single platform should support. If Telegram didn't support messaging restrictions before, that doesn't mean they're not currently gating a basic privacy/safety feature behind a paywall. It just means they should be embarrassed that they used to be doing something even worse, ie not even offering a basic privacy/safety feature at all.
Correct that this would not technically count as removing a feature, but I feel like that's possibly a distinction without a difference. I'm not coming out of reading this explanation feeling more charitable about Telegram's security or willingness to gate off security features. It's a bad look for a company to put basic blocklists behind a paywall, that is not a company I trust not to start degrading security for free users.
How is message restriction a "basic privacy/safety" feature? It's at most a basic "anti-annoyance" feature, I'm not sure what security you gain from preventing everyone from messaging you. The ability to block users was always there and it still there for free.
> It's at most a basic "anti-annoyance" feature, I'm not sure what security you gain from preventing everyone from messaging you.
This could be a long conversation. The short version is there are plenty of articles online by marginalized groups talking about the consequences of having no ability to block arbitrary groups from harassing them online. If someone is calling that "just an annoyance" they've likely never been the target of an extended public harassment campaign.
A slightly longer answer is that the consequences to privacy and security are in a practical sense -- in the sense that someone coming into my house is a violation of my security and privacy. Privacy is not just about hiding information, it's also about why we hide information. It's about the ability to be private; to not be forced to constantly listen to a bunch of people shout at you. Similarly, security exists for a reason, we have security in our homes in the sense that people can't just walk into them and start yelling at us and harassing us. And DMs should be thought of as analogous.
Your DMs are not secure if you have no way to turn them off or restrict them.
> The ability to block users was always there and it still there for free.
If you recognize that is important to privacy and security to be able to block individual users, it's not too hard to recognize that the requirement to individually block users leaves a huge gaping hole in security for a network that supports open registrations.
I use disposable email addresses rather than just blocking individual spammers in my email client. The reason is because there are a near-infinite number of spammers and blocking them one-by-one is ineffective. Being able to turn off a leaked email address is much more valuable to me. It's something that actually cuts down on spam.
And the same is true on social media -- being able to go private and turn off messages or restrict messages to certain subgroups is critically important for people who are stuck in the middle of public harassment campaigns.
----
Regardless, the lack of a feature that is pretty much standardized across most other platforms, and that is pretty widely recognized as a safety feature -- it doesn't make me feel better about Telegram's willingness to gate these kinds of features behind paywalls.
You're saying that the ability to block users is free, but there is no bright line between blocking users and setting general messaging restrictions. That is the same category of safety feature. There's no reason to believe that Telegram wouldn't make blocking users into a paid feature in the future, especially since it has demonstrated that blocking/moderation/lockdown features are something it is willing to monetize.
I don't get why people who are so paranoid about someone associating their Telegram handle with their phone number simply don't go and grab a burner SIM at Tesco.
I mean I'm all down with the idea of tech companies respecting our privacy. But here we are, complaining that corporations that are at least trying (and that are operating at a loss since their conception for our convenience) aren't giving us "Snowden hiding in Russia" level of security out of the box, for free, just because we deserve it. All while we could easily implement it ourselves for like $8 and with no online trace whatsoever.
It's like, Tails Linux exists, but FUCK GOOGLE for forcing me to Ctrl+Shift+Delete in Chrome if I want to erase a cookie. I'm so significant and certainly not a criminal, why do they hate me so much??
It's not always that simple. In many countries, like Brazil, you need a valid ID document to buy a SIM card, and the number is then and always linked to your government ID. This is the case for quite a few relatively free countries as a means to fraud prevention (not that it's particularly effective though).
Why is there such a pervasive crowd of people who chock this kind of thing up to a lost cause? From my prespective, if it can be done, we should, we must, do it. Is there something special about hiding something from a government thats qualitatively different than hiding it from any other criminal? That they can levy greater amounts of violence? Isnt that even greater justification to privacy?
I'm fully in agreement; we have policies around warrants, etc that have been long-running and should in general treat the government as a quasi-malicious actor.
However, just because the government forces something for them doesn't mean we should just give up entirely for everything - the fact that the government knows your SIM purchase doesn't mean that random users on HN should be able to find it.
> I don't get why people who are so paranoid about someone associating their Telegram handle with their phone number simply don't go and grab a burner SIM at Tesco.
I could not hate the phone number requirement more, and it's one of the main reasons why I don't use these applications.
With one exception: I have an overseas friend who only communicates through WhatsApp. For him, I did go out and get a burner phone for this purpose. But the friction level of doing that is unnecessarily high and I doubt I'd do it for anyone else.
I hadn’t used a burner in years, last year my phone broke on a trip and I just wanted to grab a phone, to get me through the week. I can say it’s not like it used to be! Can’t just grab one at the gas station and pop it in a phone. Gotta give ID, sign up for accounts, etc.
It depends of the country. You can buy a sim card at an Oxxo in Mexico like you would buy a bag of doritos. I did it precisely last year.
Having said that if you leave the country I am pretty sure that sim card and number would be deactivated after a few months if not connected. I am not sure how fast a number can be reused.
Telegram isn't a messaging service. It's a social network with a messenger UI. Quite ingenious, if you'd ask me, but a social network and a private messenger can't really be reconciled into a single product.
I think "social" in this context refers to frictionless friend finding, not stickers. Good privacy involves a certain level of friction, with PGP verification being a classic example of the UX problem space.
I kick in $5 a month because that's about what I figure self-hosting a messaging service would cost me. I don't want the hassle of self-hosting and I trust Signal more than the other remote hosted options.
I’m not who you replied to, but I agree with his sentiment about signal being superior to telegram in terms of security (or more specifically, privacy).
For me, there’s two big reasons for this:
Signal chats are E2E at all times, while Telegram is only E2E when you explicitly create a “secret chat” with whoever you’re conversing with. I don’t fault Telegram too much for this, because they still provide the option to use E2E for everything, but Signal gets brownie points in my book because they just do it by default without getting in the way of the User.
Secondly, as far as I know, Telegram uses their own in house encryption techniques as opposed to industry standards. I am not at all knowledgeable about encryption or cryptography— I only know what’s required of me in my job (basically the bare minimum), and so I don’t actually know whether this is anything of serious concern. It could very well be that Telegram’s encryption techniques are just as effective as the established norms, but I do see the general consensus trending towards “roll your own encryption = bad, use established norms = good”, which is primarily what I am basing my opinion on here.
To further detract from my own point, it actually seems like Telegram might be using “established norms” for encryption nowadays anyways [1], although I couldn’t really tell from the brief description I read on Wikipedia.
Overall, I think Telegram is perceived as being less secure than Signal primarily because of the reputation Telegram has for implementing their own in house encryption techniques, even if they don’t use those techniques anymore— their name has become associated with their known history of using ad hoc encryption.
Chats are not e2e encrypted by default, they are just encrypted in transit. However this allows chats to be synced across many devices, so it is very very convenient.
Telegram has e2e encrypted chats but only on mobile and not on desktop for some reason.
telegram is e2ee only for secret chats, all other chats & group chats are not e2ee (which means telegram can access their content at will on the servers)
Synced chats across devices is possible with e2ee, even signal has this, it's just one edge that's poorly implemented: initial sync of the chat history and afaik they haven't fixed this yet, but all messages after setting up a new device are in sync as far as i know
I do wonder how telegram and signal are planning to finance it long term. Telegram is adding absurd paid features like exclusive animations, which won't earn nearly enough to cover the costs.
I wonder where signal is about keeping the servers up, since they hate federation so much.