The world seems to be shocked by the news that WhatsApp turned any phone into spyware. Everything on your phone – including photos, emails and texts – could be accessed by attackers just because you had WhatsApp installed [1].
This news didn’t surprise me, though. Last year WhatsApp had to admit they had a very similar issue – a single video call via WhatsApp was all a hacker needed to get access to all of your phone’s data [2].
Every time WhatsApp has to fix a critical vulnerability in their app, a new…
This is an article written by telegram’s founder and CEO Pavel Durov in 2019 on “Why whatsapp will never be secure”. Your thoughts?
No. Whatsapp’s metadata is not encrypted and can be used by its parent company, also backups are not secure. While telegram’s is opt in (yeah that sucks and here’s there excuse for that https://tsf.telegram.org/manuals/e2ee-simple), they are as secure as signal’s (if not more).
I’m not saying that WhatsApp is the good guy here, Meta sucks but compared to Telegram I rather trust them if I have to.
And the unencrypted backups are only problematic when you use the automatic Google Drive upload.
Telegram is a shell company and only offers mediocre, opt-in encryption. The thing I like most about them is their support for 3rd party clients.
I have to use their service for some contacts same as with WhatsApp but I would prefer more secure and privacy friendly alternatives.
You obviously haven’t seen the charts of the metadata that WhatsApp collects. And we know how anti-consuner, adversarial and anti-privacy Facebook is overall with their tracking pixels, ghost profiles, etc.
Telegram at least doesn’t have the FB dataset. FB knows about me, though I’ve never once in my life been on their website or used anything related to them. Not once. The first I heard of FB I saw immediately the privacy problem with them, and made sure to never have anything to do with them. But they know about me from other peoe posting pics and such, which they then correlate with sites I’ve been on that have tracking pixels. WhatsApp ads a metric shitton of metadata to that pile, with date, time, location, duration of conversations, businesses you’re near at the time, their operating hours, etc, etc. They have a massive, constantly growing dataset, which they can easily correlate elements.
WhatsApp may be encrypted, but I trust Zuck so little that I wouldn’t doubt they capture keystrokes in app before the message is sent. They have the capability as was shown in a recent research article (though no evidence of it happening).
Id rather not use Telegram, but it’s far lesser of the two evils. I’m trying to get folks to other apps. Signal doesn’t sell, SimpleX isn’t quite ready, I think Wire has the same stored encryption key issue, though I may be mistaken (I’m not fully clear how it’s managed).
They tell whatever they want until their claims can be validated with the source code. If we take it for granted that they use an original, unmodified version of the signal protocol programming libraries, there are still multiple questions:
how often do they update the version they use
what are they doing with the messages after local decryption (receiving), and before encryption (sending)
how are they storing the secret keys used for encryption, and what exactly are they doing with it in the code
Any of these questions could reveal problems that would invalidate any security that is added by using the signal protocol. Like if they use an outdated version of the programming library that has a known vulnerability, if they analyze the messages in their plain data form, or on the UI, or the keypresses as you type them, or if they are mishandling your encryption keys by sending them or a part of them to wherever
WhatsApp’s e2e encryption is based on the Signal protocol and active by default. Telegram’s is opt-in. So much for Telegram’s superior privacy…
No. Whatsapp’s metadata is not encrypted and can be used by its parent company, also backups are not secure. While telegram’s is opt in (yeah that sucks and here’s there excuse for that https://tsf.telegram.org/manuals/e2ee-simple), they are as secure as signal’s (if not more).
Incorrect. They are trivially breakable as it is unauthenticated DH which is as good as no encryption at all.
0 data breaches till date.
I’m not saying that WhatsApp is the good guy here, Meta sucks but compared to Telegram I rather trust them if I have to.
And the unencrypted backups are only problematic when you use the automatic Google Drive upload.
WHY?
Telegram is a shell company and only offers mediocre, opt-in encryption. The thing I like most about them is their support for 3rd party clients.
I have to use their service for some contacts same as with WhatsApp but I would prefer more secure and privacy friendly alternatives.
You obviously haven’t seen the charts of the metadata that WhatsApp collects. And we know how anti-consuner, adversarial and anti-privacy Facebook is overall with their tracking pixels, ghost profiles, etc.
Telegram at least doesn’t have the FB dataset. FB knows about me, though I’ve never once in my life been on their website or used anything related to them. Not once. The first I heard of FB I saw immediately the privacy problem with them, and made sure to never have anything to do with them. But they know about me from other peoe posting pics and such, which they then correlate with sites I’ve been on that have tracking pixels. WhatsApp ads a metric shitton of metadata to that pile, with date, time, location, duration of conversations, businesses you’re near at the time, their operating hours, etc, etc. They have a massive, constantly growing dataset, which they can easily correlate elements.
WhatsApp may be encrypted, but I trust Zuck so little that I wouldn’t doubt they capture keystrokes in app before the message is sent. They have the capability as was shown in a recent research article (though no evidence of it happening).
Id rather not use Telegram, but it’s far lesser of the two evils. I’m trying to get folks to other apps. Signal doesn’t sell, SimpleX isn’t quite ready, I think Wire has the same stored encryption key issue, though I may be mistaken (I’m not fully clear how it’s managed).
They tell whatever they want until their claims can be validated with the source code. If we take it for granted that they use an original, unmodified version of the signal protocol programming libraries, there are still multiple questions:
Any of these questions could reveal problems that would invalidate any security that is added by using the signal protocol. Like if they use an outdated version of the programming library that has a known vulnerability, if they analyze the messages in their plain data form, or on the UI, or the keypresses as you type them, or if they are mishandling your encryption keys by sending them or a part of them to wherever