Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I wonder what the author’s other reservations about Telegram are? Hand rolled crypto is definitely a massive reason to be suspicious, but are there other issues the author is alluding to?


Telegram is not serious about security & privacy at all, for example:

1. It does not support end-to-end-encrypted (E2EE) group chat at all.

2. It does not enable E2EE chat by default.

3. "Secret Chat" (the only E2EE encrypted chat) experience is deliberated nerfed, it's not available on PC / Web and can only be initiated with a buried-in-dot-menu option in phone ap.

4. It had multiple weird 0-click attack surface in the past. [0]

In addition, Telegram always prefers usability over privacy, it does not do tradeoff, more like 100% usability 0% privacy. Users like this, but I don't know what to think about it.

[0] Signal isn't any better on this though, they refused to add an option to disable their video/audio call stack for those who don't use it to do attack-surface reduction.


This isn't terribly specific but its an encrypted chat app from an authoritarian country that in practice is accepted and used by the government. It has further managed to survive an increasingly tight enviornment for censorship and free expression that is distinctly worse than when the app launched.


Almost all chats on telegram are in fact unencrypted.

The only chats that use their e2ee protocol are the ones that use the secret chat functionality which almost no one uses.


And is also often recommended for use by phishers and scammers.

The whole fucking thing should die in a fire.


FWIW Telegram's APIs are nice and I use it to send alerts from various systems to myself for some hobby projects.

Discord has that whole thing with "servers" (should really be called communities) and I found it a little complicated for that use case.


> communities

Discord itself calls them "guilds" internally. :)


Every online service has its fair share of malicious actors though, that isn't limited to Telegram. Whatsapp is used for a big chunk of phishing and scams in the Netherlands for example.


> The whole fucking thing should die in a fire.

Well, not everything. I dream of a world where Signal forks the UI layer from Telegram and then just does their thing.

(Who knows, the chat input might just finally focus when I tab back to the fucking window if they do that.)


Give me Telegram over Discord any day


It’s not zero sum. You can easily use both. And I Rubin is reasonable to say that you miss out on some community if you are exclusive to one platform.


> The whole fucking thing should die in a fire.

I was responding to this. But in most cases people will end up using the things that their communities use. I don't care much for reddit yet I am on reddit almost every day


There are a few mentioned in the footnotes.


[flagged]


The reasoning seems a bit loose.

Maybe they are being targeted, and are yet undetected.

Maybe Russians have otherwise successfully found vulns jn Telegram enough (or other vectors) that it doesn't require high effort targeting for now.

Maybe the company's founders/employees are not considered that powerful in Russia's eyes.


Targeted as in novichok. Russia does not go lightly on their citizens who don't bend to their will.


At least if you are in the West and you use Russian VPN (or other similar services) to do something shady:

you are practically guaranteed that the service owners won't be compelled to assist the authorities.

Now with Telegram you have both risks:

- they can get pressure from Russia through family.

- they can get pressure from the West through the law / court.


I wonder what your thoughts on TikTok are.


We are from Singapore, Sir.

https://www.youtube.com/watch?v=5W-ufw5Z7ac




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: