Many in the crypto and privacy community mistakenly trust Telegram because it’s “end to end encrypted”, but there are huge issues including not hiding the metadata, censorship, centralization, and phone numbers.
Send this video to your friend that asks why you won’t join:
https://video.simplifiedprivacy.com/why-telegram-sucks/
- Janis ( @Janis@feddit.de ) 88•1 year ago
nobody “trusts” telegram. but at least it s not whatsapp.
- Dark Arc ( @Dark_Arc@social.packetloss.gg ) English31•1 year ago
Wow, not to pick on the narrator, but this comes off like the worst small town used car dealership TV advertisement I’ve ever seen.
Here’s a real rundown I’ve put together over the years:
Pavel Durov’s argument is that there should be a high functioning UI/UX experience for “non-secure” communication, and when you need it there’s something much closer to Signal’s very secure client-to-client encryption.
Arguably Telegram secret chats are even “close enough” to cloud chats an adversary might not notice you’re doing the “super secret things” (making it harder to identify what to target).
MTProto Cloud: https://core.telegram.org/file/811140746/2/CzMyJPVnPo8.81605/c2310d6ede1a5e220f
MTProto Secret (Wrapped in MTProto Cloud): https://core.telegram.org/file/811140633/4/hHw6Zy2DPyQ.109500/cabc10049a7190694f
They also provide verified builds even on iOS (though it’s a bit of a hack, not “really” quite the same thing).
The only things that can really be said about Telegram’s secret chat crypto are that:
- It’s not “the default”
- It’s their own crypto (i.e., they broke “rule #1” and “rolled their own”)
Ultimately though, it’s been just shy of 10 years since Telegram entered the scene, and nobody has actually broken Telegram crypto in any meaningful way – AFAIK, to this day. Still, there are hypothetical holes in the crypto when scrutinized vs something like signal. So, is it as good as Signal or Threema? Eh, probably not, is it good enough for the average person that isn’t target by a nation state? I’d say probably.
- library_napper ( @library_napper@monyet.cc ) 1•1 year ago
I think you missed the most important part: all accounts are tied to a phone number
- Dark Arc ( @Dark_Arc@social.packetloss.gg ) English5•1 year ago
Except that’s not even true… https://www.livemint.com/technology/apps/telegram-brings-new-update-no-phone-number-needed-for-sign-up-more-features-11670403019183.html
And for most people, it doesn’t matter. It really doesn’t. I’m not even going to argue about that. I personally couldn’t care less about instant messaging with anonymity; anonymity and private are completely separate concerns.
- library_napper ( @library_napper@monyet.cc ) 3•1 year ago
I dont know what happened, but unfortunately that article is misinformation.
I was excited to sign up for telegram without a phone number, but the very first thing it asks you when you open the app is to enter your phone number. It won’t let you proceed without it.
- Dark Arc ( @Dark_Arc@social.packetloss.gg ) English1•1 year ago
It’s not misinformation, but it’s also not free. You have to “get a fake number” of sorts from the Fragment blockchain.
I don’t know much about those specifics because I live in the US, and fragment doesn’t work here (due to conflicting views with the FEC). In theory, a VPN might let you do what you want even if you are in the US.
- Roane :verified_twtr: ( @roanescence@mstdn.social ) 0•1 year ago
@library_napper @Dark_Arc Maybe wait a few days.
- library_napper ( @library_napper@monyet.cc ) 2•1 year ago
That article was written in Dec 2022. either something was lost in translation or Telegram ditched the idea.
As stated before, you cannot use telegram without a phone number, which is a threat to security, anonymity, and privacy.
- h3ndrik ( @h3ndrik@feddit.de ) 28•1 year ago
Isn’t metadata leakage a problem that this messenger shares with nearly every other (popular) messenger out there?
In case you actually want some useful info on that topic: https://www.messenger-matrix.de/
- jet ( @jet@hackertalks.com ) English7•1 year ago
Nice comparison site! I’ve always referenced the below site. But I’m glad to have another thank you
- Dark Arc ( @Dark_Arc@social.packetloss.gg ) English3•1 year ago
That’s a cool website!
- regalia ( @regalia@literature.cafe ) 19•1 year ago
Stop posting videos and post well written articles.
SimplifiedPrivacy.com Many articles
- ArxCyberwolf ( @Snowpix@lemmy.ca ) 8•1 year ago
There’s ways of actually linking sites and articles. Don’t make everyone have to do the work of finding the relevant articles.
What are you complaining about? that the website exists?
- ArxCyberwolf ( @Snowpix@lemmy.ca ) 1•1 year ago
That’s not remotely what I said. If you are going to tell people to read multiple articles, you should link to them directly.
I see, ok
- Microw ( @Microw@lemm.ee ) 11•1 year ago
The only thing Telegram has going for itself is that it’s Non-Meta and Non-Western.
Anyone who has a closer look at Telegram’s reputation knows that their privacy claims are dubious. If you want end to end encryption, even WhatsApp is better. But these things depend on your individual threat model.
- N-E-N ( @NENathaniel@lemmy.ca ) 2•1 year ago
Telegram can be E2E, no reason to switch to Meta’s app for it
- partizan ( @partizan@lemm.ee ) 9•1 year ago
Thats why Element(Matrix) is the way. Ideally selfhosted+federated, but even the default matrix.org is much better than most other chat apps.
- ReversalHatchery ( @ReversalHatchery@beehaw.org ) 4•1 year ago
It may be once sliding sync and proper key handling of room history for new members get implemented.
Right now sync is very slow, the apps are heavy weight too (as I know at least partly because of how sync works today), and if a new member joins an encrypted room, they will not see the history even if you set it that way, because the clients that know the keys won’t send to theirs.
- EngineerGaming ( @EngineerGaming@feddit.nl ) 3•1 year ago
Why Matrix and not XMPP? XMPP is also flawed, but much less bloated, easier to selfhost and doesn’t have so many people being on central instance like matrix.org (there are other arguments as well).
- regalia ( @regalia@literature.cafe ) 2•1 year ago
Because there’s not a single good app for XMPP and nobody uses it.
Their bleeding edge app is Conversations which costs money (already unviable), and the app looks like it’s designed in 2012.
- EngineerGaming ( @EngineerGaming@feddit.nl ) 1•1 year ago
It does NOT cost money on F-Droid. You don’t even need to install the market itself, you can get the app from F-Droid’s website (though then you’d have to check for updates yourself). For me, it was a chance to get mom to F-droid.
- ReversalHatchery ( @ReversalHatchery@beehaw.org ) English8•1 year ago
Who thinks in the privacy community that Telegram is end to end encrypted? They were largely mislead. That’s an option, that even prevents sync of the chat between your devices.
The thing is, Telegram has some shady things, but until Matrix becomes usable this is one of the very few usable options. And until then, use Telegram FOSS from F-droid.
- elouboub ( @elouboub@kbin.social ) 2•1 year ago
How is matrix not usable?
- ReversalHatchery ( @ReversalHatchery@beehaw.org ) 3•1 year ago
- Huge resource usage by clients
- Huge sync times (not just first time, but also if the client was offline for a few weeks)
- New room members in encrypted rooms can’t read old messages even if you have set it up that way
Fortunately they are working on all of these, and as I just found out recently, they also have an alpha version app now that makes use of the new efficient sync, which I expect to fix 2 of the above (the resource usage is partly because of how sync works now)
- ninpnin ( @ninpnin@sopuli.xyz ) 6•1 year ago
You use telegram for privacy
I use it for its UX
We are not the same
- N-E-N ( @NENathaniel@lemmy.ca ) 5•1 year ago
Everyone here is a c/privacy die hard
Telegram’s UX is basically the best on every platform it’s on. Plus large uncompressed file supports
- elouboub ( @elouboub@kbin.social ) 2•1 year ago
Same argument for fruit based products.
- elouboub ( @elouboub@kbin.social ) 5•1 year ago
Why isn’t this video uploaded to peertube instead of some dude’s personal bog?
- Possibly linux ( @possiblylinux127@lemmy.zip ) English8•1 year ago
Because its just that. All it is a personal blog. It is not a valid source
- Gamey ( @gamey@feddit.rocks ) 3•1 year ago
I try to explain that to people all the time, they only use E2E for so called secret chats and comply with every country as soon as a ban is on the table, there are even reports about a case in Dheli where they did so for Audiobook piracy!
- DeaDSouL ( @DeaDSouL@lemmy.ml ) 2•1 year ago
Indeed it is. Use Threema 😉
- GreenMario ( @GreenMario@lemm.ee ) 2•1 year ago
Made.by Russia automatically makes it “sus”.
- Dark Arc ( @Dark_Arc@social.packetloss.gg ) English16•1 year ago
It’s… Not made by Russia, it’s made by a former Russian (that no longer has a citizenship there) with Ukrainian roots and a French and UAE dual citizenship.
Remember folks, Albert Einstein was German born but he sure as heck wasn’t a Nazi.
- GreenMario ( @GreenMario@lemm.ee ) 2•1 year ago
Fair enough.
- GadgeteerZA ( @danie10@lemmy.ml ) English1•1 year ago
I think it is quite well known that only Telegram Secret Chats are true E2EE. That said, Telegram is still not in the business of selling metadata actively like Whatsapp/Facebook/Meta are. As far as plain features go, Telegram is streets ahead of Whatsapp. But if I needed real “secret chat” I’d probably use Threema, SimpleX, Nostr, Jami, etc where I’m not tied to my mobile phone number or e-mail address.