"100% private" claims always make me incredibly suspicious since it is impossible to achieve that. Security is a matter of threat modeling against an expected adversary and nothing protects against a serious interest from a state level actor.
This is why I don't really care that Telegram doesn't do E2EE by default. Most of my chats aren't that interesting and in my threat model it's good enough.
I don't disagree. It's just another messenger. Just a 'check it out' - I stick with the simple things. No need for 324823494234 different things that try to solve the same problems, and never do. The telegram jpg/file exploits recently with the inline imaging just go to show security is theater until the next CVE
This is why I don't really care that Telegram doesn't do E2EE by default. Most of my chats aren't that interesting and in my threat model it's good enough.