People are consistently surprised that Telegram is not encrypted by default in any setting. You have to create a device-to-device-specific encrypted chat with your counter-party. It's not a reasonable security model, vastly outclassed by (the still quite flawed) Signal.
Ultimately, we need encrypted-by-default messaging based on public/private key pairs (obscured from the uninterested user, of course).
Nobody I know gives a shit that it's not E2E encrypted. It's a kick ass instant messenger, that's all that matters to most people. Vastly superior to Signal and others in almost every way.
There are like 1000 features in telegram that just don’t work properly for e2e chats as well. When I use e2e messengers they cut so many features for security. Matrix doesn’t show link previews when e2e is on for example.
Sure, but it’s for some reason framed as a WhatsApp competitor even in countries where Facebook Messenger is relatively popular, which seems silly to me. It appears to fill a similar feature niche as Facebook Messenger, not WhatsApp, even if these two categories can be somewhat conflated for most uses.
If your friends don’t care but you do, educate them. The good old “I’ve got nothing to hide” is de-facto a synonym of self-censorship or recklessness due to lack of awareness.
I said it many times and I'll say it again: this can't possibly work in the real world, period. People are notoriously terrible with passwords already. So terrible in fact that VKontakte (I worked there, both with Pavel and after he was ousted) had, and still has, a department dedicated to account recovery. And those are passwords, short strings that you can actually remember. You can't possibly expect an average person to keep their private key (a file you can't store in your head) absolutely secret and never lose it at the same time.
In my world, the ability to recover your account if you lose everything is a hard requirement for any product that is meant to reach mass adoption.
The ability to revoke access is also a hard requirement. People share their credentials — it's a fact of life. In the usual setup, you can change your password and terminate sessions. But if your private key is your identity, you can't do shit to prevent someone who has gained access to it from impersonating you for the rest of eternity.
>In my world, the ability to recover your account if you lose everything is a hard requirement for any product that is meant to reach mass adoption.
I don't think it matters as much for messenger attached to your phone number. Even if you lose all your conversations you still can be reached by the same identificator and most of your contracts are stored in phonebook anyway.
(outside of certain self-referential bubbles - like this site) no one cares anything about encryption, if in public chats I am anonymous and untraceable (example: no one can know my phone number and there are granular privacy settings) this is enough for 98% of people out here
"yes, encryption is useful if I want to send nudes to my partner or if I want to buy drugs but not while I'm asking mom for the sufflè recipe or I'm organizing a dinner with friends" this is what people think, and they are not completely wrong
"Normal" people are slowly but surely starting to care about encryption. They hear about it from people participating in self-referential bubbles like HN and then they start wondering. This is my experience.
I see telegram being used by local sport clubs as an alternative to messenger, primarily it seems for the reason that it doesn't require a facebook account. Most online gaming groups I know use discord, while programmer projects tend to use slack. A few gaming groups continue to use teamspeak.
I don't know however any groups that use signal as a replacement for any of the above, so do people have experience in migrating groups from those platform to signal?
Both Threema and Signal are the way to go with chat apps, the only advantage Telegram offers are vast groups for specific purposes. Here in Berlin, I'm getting cheap produce through telegram, get alerted to public transport controls (I do have a ticket, but sometimes friends do not), and sell/buy stuff I don't need.
TBH I would consider Matrix the way to go regarding chat. It allows app and vendor independent communication and combines e2ee with Synchronisation across arbitrary many devices (something that many people like from Telegram).
These days, Threema and Signal don't support the Matrix Protocol.
Funnily enough given the title, those same things have even bigger groups on Facebook than telegram in Berlin even accounting for how popular it is here.
If I'll ever need an app to pass around Pentagon secrets, I'll surely use Signal or something better. But if I need an app to chat with my friends and discuss what's going on without being banned and having the daily dose of Mandatory Truth injected, then Telegram works just fine so far.
The "sad thing" is that Whatsapp is 10x-50x more popular in my country and its quite hard to integrate (APIs, bots) compared to Telegram, at least for "small business".
I wonder if Telegram would also be more closed if it was #1...
Telegram doesn't support bots and most other advanced features for E2EE conversations either. It seems at least as valid (IMO) to speculate that WhatsApp's lack of API/bot support is due to an additional technical hurdle than its dominant market status.
Telegram is really weird and sketchy; the rants Durov posts on his channel against WhatsApp usually make no sense; and their claims of security are dubious. And TON was a disaster.
On the other hand. If I did any social organizing today, I would definitely use Telegram. Signal is fine, but nobody is using it and the UX is just worse. I don't trust Facebook to randomly not shut everything down because some outsourced content moderator in New Delhi had a bad sleep.
Durov might be sketchy and weird libertarian, but damn, his developers can deliver good and working product really fast. (And from what I understand, it's a really small team.) Credit where it's due.
I still think Telegram will plainly run out of money in a few years (you can use it to host unlimited amount of data and share it with unlimited number of people!! that is not sustainable), but well, I will use them before they do.
Telegram is ridiculously smooth, runs on everything, doesn’t treat any platform as an afterthought (despite having the electron thing, Signal is still very mobile oriented), and isn’t Facebook. It’s about as good as you’re going to get without making big sacrifices somewhere.
Yeah, it’s ridiculously well made. I’m not disputing that. The protocol is weird but they built a great app on top of that.
They just cannot be sustainable long term. There is literally no restriction size-wise on data you can save on their servers. For free. And they have basically no income. They have some new ad program with basically no tracking (which is good for users, sure, but nobody will pay that much for that). They get 0 commissions from payment (and I never heard anyone using their payment thing). TON went nowhere.
I took a look, but apparently you can't use the web app unless you already have an account, and you can only create an account in a mobile app. Is this an afterthought?
I take issue with your description of Telegram as "really weird and sketchy". You don't give any evidence other than Durov's personal opinions. And he's certainly entitled to them, given all the weird, often totally illogical beliefs everyone else in the world holds.
You toss out another statement in "TON was a disaster" without explanation. If you're going to make really big statements like this, please go into detail otherwise you're just shooting from the hip.
TON was a disaster because the SEC got involved. TON, as a technical solution to decentralizing Telegram, was a great idea and I'm sad Telegram was forced into a position of paying for all that infrastructure another way, with ads (opt-in, non-tracking, and only in one-to-many channels but still, ads).
> his developers can deliver good and working product really fast. (And from what I understand, it's a really small team.)
People keep insisting that electron is chosen for productivity yet telegram delivers more features with more efficiency in C++/QtWidgets (for the desktop) with a smaller team than so many electron stuff
You get efficiency basically for free with C++/Qt, unlike all of the Electron trash that gets pushed out. It's such a selfish way of thinking - "I don't care if my users can use efficient software, I just care about shoehorning Javascript into everything I touch!"
>his developers can deliver good and working product really fast. (And from what I understand, it's a really small team.)
Fun fact, their Android code [0] (haven't seen iOS) is unmaintainable mess and on the surface just looks like a complete disaster. I find it baffling how Telegram Android not only hasn't fallen to bits requiring a full rewrite, but has continued to deliver brilliant UX and features.
> Telegram is really weird and sketchy; the rants Durov posts on his channel against WhatsApp usually make no sense; and their claims of security are dubious. And TON was a disaster.
Oh yes, definitely. Whenever I read them it feels strange, understanding the technical context of Telegram. He never mentions that WhatsApp is actually end-to-end encrypted. He does continue to talk about 'encryption', though. It's very very misleading. It just seems to be bashing WhatsApp without talking about Telegram's shortcomings too. He obviously isn't going to be non-partisan but it would be nice if he would be a little more honest.
The funniest thing is that Telegram's group management tools blow anything FB has out of the water by a nautical mile.
If you only need the one channel and you need to manage a 100+ people, Telegram is by far the best tool. For "communities" Discord is a bit better, since you can split stuff to multiple channels. Anyone with basic knowledge of the internet can also install bots on both to manage dozens of different things.
Signal on the other hand is SUPER SECURE (although you will be giving your phone number to everyone), but no bots and no real ways to manage hundreds of possibly unruly people on a single channel.
> I still think Telegram will plainly run out of money in a few years (you can use it to host unlimited amount of data and share it with unlimited number of people!! that is not sustainable), but well, I will use them before they do.
> I still think Telegram will plainly run out of money in a few years (you can use it to host unlimited amount of data and share it with unlimited number of people!! that is not sustainable), but well, I will use them before they do.
And then they will start selling all the personal data they gathered in all these years. They have all the data, except for the tiny amount that passed through secret chats (but they also have the metadata for these, tied to accounts and all the non-secret stuff).
The kind of data Signal can't sell even if Moxie turns evil, simply because Signal does not have it.
> On the other hand. If I did any social organizing today, I would definitely use Telegram. Signal is fine, but nobody is using it and the UX is just worse. I don't trust Facebook to randomly not shut everything down because some outsourced content moderator in New Delhi had a bad sleep.
I don't see how Telegram is any different to say, Signal. It may have better apps, UX, features and more which that alone makes it a compelling competitor but its optional E2EE support is quite damning.
The great thing about regulations is that it stops such suspicious projects like TON dead in their tracks. After the ICO madness in 2017, unregistered ICOs have become illegal and TON fell in that category.
But who knows, maybe when the terrorists, extremists, scammers and fraudsters realise that Telegram is not E2EE by default or layman terms 'not secure', perhaps they would run to Signal and chat amongst themselves about using a private untraceable cryptocurrency like MobileCoin to fund and plan their operations. [0] [1].
>I don't see how Telegram is any different to say, Signal. It may have better apps, UX, features and more which that alone makes it a compelling competitor
You have answered your own question there. Humans naturally chose paths that they find convenient, not necessarily safest or otherwise "better" paths.
> Durov might be sketchy and weird libertarian, but damn, his developers can deliver good and working product really fast. (And from what I understand, it's a really small team.) Credit where it's due.
The UX is great. The Telegram clients are quite nice to use.
They're open-source, too. Well, 'open-source' as in they dump
a huge diff into the source tree now and again, and they never
interact with outside developers submitting Feature Requests and Issues.
Yeah, from a social network, it turned into disinformation and censorship network! About one year ago I made a post about the Bulgarian gypsies and actually pointed out the discrimination against them and offered a PC-compliant solutions to the problem and they removed my comment, the appeal didn't change their decision, and they've blocked me from posting for a week. Some words always get your comment deleted and you get blocked for at least 24 hours! Pretty much all my friends move to Telegram channels. It's not the same, but nobody enjoys being watched and censored! Well, the guy who probably makes out with his wife in VR and make this the norm so that he feels better of himself cannot get this basic truth, of course.
Readit News
Ultimately, we need encrypted-by-default messaging based on public/private key pairs (obscured from the uninterested user, of course).
I said it many times and I'll say it again: this can't possibly work in the real world, period. People are notoriously terrible with passwords already. So terrible in fact that VKontakte (I worked there, both with Pavel and after he was ousted) had, and still has, a department dedicated to account recovery. And those are passwords, short strings that you can actually remember. You can't possibly expect an average person to keep their private key (a file you can't store in your head) absolutely secret and never lose it at the same time.
In my world, the ability to recover your account if you lose everything is a hard requirement for any product that is meant to reach mass adoption.
The ability to revoke access is also a hard requirement. People share their credentials — it's a fact of life. In the usual setup, you can change your password and terminate sessions. But if your private key is your identity, you can't do shit to prevent someone who has gained access to it from impersonating you for the rest of eternity.
I don't think it matters as much for messenger attached to your phone number. Even if you lose all your conversations you still can be reached by the same identificator and most of your contracts are stored in phonebook anyway.
(outside of certain self-referential bubbles - like this site) no one cares anything about encryption, if in public chats I am anonymous and untraceable (example: no one can know my phone number and there are granular privacy settings) this is enough for 98% of people out here
"yes, encryption is useful if I want to send nudes to my partner or if I want to buy drugs but not while I'm asking mom for the sufflè recipe or I'm organizing a dinner with friends" this is what people think, and they are not completely wrong
I don't know however any groups that use signal as a replacement for any of the above, so do people have experience in migrating groups from those platform to signal?
-not being tied to a phone number
-having a desktop app which doesn't suck (sync issues, connection issues, lacking features, is basically a simple proxy for your phone, etc)
-allows me to use 3rd party apps
-having chat history synced across my apps and devices and backed up. History is immensely important
These days, Threema and Signal don't support the Matrix Protocol.
Dead Comment
I wonder if Telegram would also be more closed if it was #1...
I think it does:
https://core.telegram.org/bots
[1] https://techcrunch.com/2021/11/01/whatsapp-brings-its-busine...
[1] https://faq.whatsapp.com/general/whatsapp-business-api/getti...
Telegram is really weird and sketchy; the rants Durov posts on his channel against WhatsApp usually make no sense; and their claims of security are dubious. And TON was a disaster.
On the other hand. If I did any social organizing today, I would definitely use Telegram. Signal is fine, but nobody is using it and the UX is just worse. I don't trust Facebook to randomly not shut everything down because some outsourced content moderator in New Delhi had a bad sleep.
Durov might be sketchy and weird libertarian, but damn, his developers can deliver good and working product really fast. (And from what I understand, it's a really small team.) Credit where it's due.
I still think Telegram will plainly run out of money in a few years (you can use it to host unlimited amount of data and share it with unlimited number of people!! that is not sustainable), but well, I will use them before they do.
They just cannot be sustainable long term. There is literally no restriction size-wise on data you can save on their servers. For free. And they have basically no income. They have some new ad program with basically no tracking (which is good for users, sure, but nobody will pay that much for that). They get 0 commissions from payment (and I never heard anyone using their payment thing). TON went nowhere.
If you don't need/want that it is clearly superior, but if you do...
I get that people like its UX, but if you're sacrificing security for UX then basically anything becomes fine?
You toss out another statement in "TON was a disaster" without explanation. If you're going to make really big statements like this, please go into detail otherwise you're just shooting from the hip.
TON was a disaster because the SEC got involved. TON, as a technical solution to decentralizing Telegram, was a great idea and I'm sad Telegram was forced into a position of paying for all that infrastructure another way, with ads (opt-in, non-tracking, and only in one-to-many channels but still, ads).
People keep insisting that electron is chosen for productivity yet telegram delivers more features with more efficiency in C++/QtWidgets (for the desktop) with a smaller team than so many electron stuff
Fun fact, their Android code [0] (haven't seen iOS) is unmaintainable mess and on the surface just looks like a complete disaster. I find it baffling how Telegram Android not only hasn't fallen to bits requiring a full rewrite, but has continued to deliver brilliant UX and features.
0. https://raw.githubusercontent.com/DrKLO/Telegram/master/TMes...
Oh yes, definitely. Whenever I read them it feels strange, understanding the technical context of Telegram. He never mentions that WhatsApp is actually end-to-end encrypted. He does continue to talk about 'encryption', though. It's very very misleading. It just seems to be bashing WhatsApp without talking about Telegram's shortcomings too. He obviously isn't going to be non-partisan but it would be nice if he would be a little more honest.
If you only need the one channel and you need to manage a 100+ people, Telegram is by far the best tool. For "communities" Discord is a bit better, since you can split stuff to multiple channels. Anyone with basic knowledge of the internet can also install bots on both to manage dozens of different things.
Signal on the other hand is SUPER SECURE (although you will be giving your phone number to everyone), but no bots and no real ways to manage hundreds of possibly unruly people on a single channel.
Even better than Element? In my experience it does well with hundreds of people as well. And it allows to group channels as well, or use bots
And you can use E2EE everywhere you think you want it
FYI they recently got an ad platform https://promote.telegram.org/
And then they will start selling all the personal data they gathered in all these years. They have all the data, except for the tiny amount that passed through secret chats (but they also have the metadata for these, tied to accounts and all the non-secret stuff).
The kind of data Signal can't sell even if Moxie turns evil, simply because Signal does not have it.
Deleted Comment
I don't see how Telegram is any different to say, Signal. It may have better apps, UX, features and more which that alone makes it a compelling competitor but its optional E2EE support is quite damning.
The great thing about regulations is that it stops such suspicious projects like TON dead in their tracks. After the ICO madness in 2017, unregistered ICOs have become illegal and TON fell in that category.
But who knows, maybe when the terrorists, extremists, scammers and fraudsters realise that Telegram is not E2EE by default or layman terms 'not secure', perhaps they would run to Signal and chat amongst themselves about using a private untraceable cryptocurrency like MobileCoin to fund and plan their operations. [0] [1].
[0] https://www.theverge.com/22249391/signal-app-abuse-messaging...
[1] https://foreignpolicy.com/2021/03/13/telegram-signal-apps-ri...
You have answered your own question there. Humans naturally chose paths that they find convenient, not necessarily safest or otherwise "better" paths.
The UX is great. The Telegram clients are quite nice to use. They're open-source, too. Well, 'open-source' as in they dump a huge diff into the source tree now and again, and they never interact with outside developers submitting Feature Requests and Issues.
Don't, unless it's for a BBQ or friendly partying.
[1] https://www.wired.com/story/brazil-hacker-bolsonaro-car-wash...
[2] https://www.reuters.com/article/us-iran-cyber-telegram-exclu...
[3] https://www.haaretz.com/israel-news/tech-news/.premium-exclu...
C'mon, it's not even E2E. It's as good as Facebook Messenger when it comes to security.
Deleted Comment
Deleted Comment
Telegram server side is open source?
I tried to connect it to a tor email local postfix, still wip.