Can we still trust Telegram?

Hi, friends,

A single Telegram channel has taken down Telegram’s t(.)me domain, which is used for short links. Apparently, this was done at the behest of the U.S. because the company 1VPNS refused to cooperate with the authorities.

So is Telegram playing along with the U.S.? Isn’t Telegram supposed to be a place for free speech? I’m afraid Telegram has inadvertently let its true colors show.

Did you trust them in the first place? The answer for me (and also should be for everyone else) is no, I haven’t done it and I never will.

I only trust secret chats, which still leave metadata, but no one can see my conversation.

I had a small group of interweb friends who used Telegram for a while. I don’t know that any of us really “trusted” them. We weren’t sharing anything important, and it was a transitional landing spot until I could get a private chat instance set up.

It would be so easy for them to make their app actually good for privacy (they have a lot of money) and it would benefit them (they don’t have to deny law enforcement requests) so I have no idea why they don’t do it.

It would be as easy as implementing end-to-end encryption across the entire platform. Why don’t they do it? Great question. All I care about is that I can trust that secret chats remain secret. Telegram is dedicated to sending updates with backdoors to its users, at the request of law enforcement. A user sees a supposed “update” in the app due to a new version with new features or improvements; the user taps “Download” and a new version is installed with a backdoor without the user even suspecting it. Look how close the collaboration with the authorities must be to make that happen.

To be blunt, just use WhatsApp at that point.

I’d like to know why you say that—at least Telegram is open source on the client side, whereas WhatsApp isn’t. WhatsApp simply has no encryption.

WhatsApp is much more private than Telegram because it’s end-to-end encrypted by default.

Well, you know, you go ahead and use it. Don’t make me laugh. Just by recommending a closed-source app, you’ve already lost all credibility. :joy:

I’ll work on the assumption we trust the E2EE for WhatsApp. If you absolutely don’t, then thats your decision. While I do believe FOSS > Proprietary, it doesn’t imply is or is not malicious nor insecure but rather it cannot be audited in a way FOSS can (third party public audits assist in adding trust on security boundaries).

  1. WhatsApp should be using same core library as Signal.
  2. WhatsApp encrypted groups and DMs. No awkward conversations like “sorry can’t talk in this chat must DM me”. Also prevents lazy footguns where you decide to say talk in insecure channels when you also could have a messenger that does it by default.
  3. Network effect of more people using it. If youre gonna have the candid discussions about moving to a new messaging system, just go to Signal at that point. Otherwise, coalesce towards middle grounds - WhatsApp being one of them.

I am no WhatsApp fan and loathe that I must use it. But I would loathe unencrypted group chats with Telegram more. Would rather have my metadata siphoned by Meta than plaintext convos be exposed.

Can we still trust Telegram?

Umm: I never did. So: No.

Send me the WhatsApp source code so I can review it line by line; only then might I consider using it.

What E2EE are you referring to? Surely it’s just the message itself? I don’t see WhatsApp as E2EE at all, personally.

Well, it is, so…

Metadata is still available but content is inaccessible

Read

Is it?

Is it?

Actually, the message, that’s the only thing that’s encrypted.

Hahaha :joy:

“Your conversations are end-to-end encrypted—don’t worry, trust us. Sincerely, NSO Group.”