
Secure messaging app Telegram now offers its own anonymous blogging platform - gk1
https://techcrunch.com/2016/11/22/telegram-telegraph/
======
sergiolp
Telegram-FOSS (the FOSS friendly fork you can find on F-Droid, not the
official app on Play Store) maintainer here. Telegram is NOT a "secure
messaging app".

~~~
vk23
Quote from the Telegram-FOSS Github Page: "Telegram is a messaging app with a
focus on speed and security..."

~~~
sergiolp
That comes from upstream's README.md. I've never payed any attention to it,
but now that you've pointed it out, I'm seriously considering changing that
paragraph, or adding a note/disclaimer somewhere.

After all these years and promises, server's code is still closed, federation
is nowhere to be found, their update/commit policy for the official Android
app is a joke [1] (they even closed its issue tracker), and I'm really tired
of their "trust us, we're not evil" policy [2].

If you haven't switched to Matrix/Riot, do it right away.

[1]
[https://github.com/DrKLO/Telegram/commits/master](https://github.com/DrKLO/Telegram/commits/master)

[2] [https://telegram.org/faq#q-who-are-the-people-behind-
telegra...](https://telegram.org/faq#q-who-are-the-people-behind-telegram)

~~~
CiPHPerCoder
As one of the resident cryptography nerds: Matrix/Riot seems to be in every
way better than Telegram. I still need to review it before I can wholesale
recommend it, but it was audited by NCC Group previously.

~~~
ohstopitu
I don't seem to understand Matrix/Riot.

It appears to be like IRC, but also integrates with Gitter, and IRC and has a
identity federator called vector.im.

~~~
ianburrell
Matrix is a federated chat protocol. It is like IRC or XMPP but synchronizes
history and uses HTTP-based protocol. There are bridges to IRC, XMPP, and
Gitter.

Riot is a client. It used to be named Vector.im.

------
baobrain
I use telegram on a day to day basis, but calling it "secure" is quite a bit
of a stretch. But it is quite possibly the best app I have used in regards to
user expetience.

But until signal actually produced a usable (to the average person) app,
people will continue to use telegram and other insecure chat platforms.

~~~
3poundkilograms
Unfortunately, some Telegram usability comes from a reduction in security.
Things like seamlessly going, with full chat-history, between multiple devices
is a bit tricky when your protocol only permits one person to receive a
message once, rather than storing the messages unencrypted on the server like
Telegram does.

One "secure" approach would be that of the older Skype clients, where chat
history synced between the logged in clients of a user. However, that was a
horrible user experience, made worse by bad notification management.

So while Signal can get better, you will probably always have to decide
between usability and security, which is most likely the very reason that
"normal" people always end up with the less secure solution, which in turn
renders the secure solution even less usable with its smaller userbase.

~~~
andai
How does userbase affect usability?

Also, I tried Wire recently, which has e2e and all your messages on all your
devices. I tnink sent messages duplicated, encrypted with each of your devices
keys. So when you add a device it can't read previous messages.

~~~
3poundkilograms
An instant messaging platform needs a network of users. I am more likely to
use a platform that allows me to talk to all of my contacts, than to use
multiple platforms that only allows me to talk to a few each. If I have
multiple, I am also only likely to add the new platform if there is at least a
handful of people I know there. Likewise, the more users that are on the
platform, the more likely that new users will be attracted.

I am on Telegram primarily because it's the best I can come up with that my
friends use, and moving my friends is an unlikely task as they have _their_
friends on Telegram as well. You need to move or duplicate users from existing
platforms to get a userbase, but you need a userbase to attract users from
existing platforms.

I have been looking at Wire. They're using the signal protocol, but in a more
closed model IIRC. I didn't know that they had a solution to this problem,
though, and always just through of them as basic Signal clone. I guess I'll
have to have a look. :)

------
krenoten
It's dangerous and irresponsible to build services advertised as such to those
you cannot provide the claimed protections to. When we build infrastructure
with rotten foundations, people can die.

------
Nekit1234007

      > Secure messaging app Telegram […]
      > Telegram, the security-focused messaging app […]
    

Stopped reading right there. I donʼt even know where to start dismantling this
nonsense.

~~~
literallycancer
But they have stickers and a gif bot, so normies are going to use that over
Signal. And no issues with synchronization between devices (since it's just
plaintext xD xD). Seriously.. "secure messaging app" doesn't even have secret
chats in the official desktop client.

~~~
thecatspaw
not sure what you mean, I use the official app on OSX and it has the secret
chat option. click on a contact, it shows you all the infos including "start
secret chat"

~~~
mocko
If 'secure' is not the default, how can Telegram claim to be security-focused?

~~~
drdaeman
Anyone could claim absolutely anything, and the bigger the player the more
likely it would be without any negative consequences (and with positive ones
until the discovery - and sometimes even after), even if it's discovered to be
an outright, blatant lie. Not like Telegram is unique or exceptional in this
regard.

------
draugadrotten
Telegram, is that the app created in Russia, where the gov demands a backdoor
in the chat app?

[http://www.businessinsider.com/russia-anti-encryption-
telegr...](http://www.businessinsider.com/russia-anti-encryption-
telegram-2016-6?r=US&IR=T&IR=T)

[http://www.ibtimes.co.uk/russia-demands-backdoor-spy-
users-w...](http://www.ibtimes.co.uk/russia-demands-backdoor-spy-users-
whatsapp-viber-telegram-messaging-apps-1566726)

~~~
dchest
Telegram has flaws, but please stop this "Russian backdoors" FUD. They even
have this in the FAQ:

"While the Durov brothers were born in Russia, as were some of the key
developers, Telegram is not connected to Russia – legally or physically.
Telegram's HQ is in Berlin."

[https://telegram.org/faq#q-who-are-the-people-behind-
telegra...](https://telegram.org/faq#q-who-are-the-people-behind-telegram)

Also,

"Since being dismissed as CEO of VK in 2014,[7] the Durov brothers have
traveled the world in self-imposed exile[8] as citizens of Saint Kitts and
Nevis.

[...]

Durov is a self-described libertarian and vegetarian.[27] In 2012, he
published manifestos described by commentators as "anarcho-capitalist"
detailing his ideas on improving Russia[28]"

[https://en.wikipedia.org/wiki/Pavel_Durov](https://en.wikipedia.org/wiki/Pavel_Durov)

~~~
lambdadmitry
> Since being dismissed as CEO of VK in 2014,[7] the Durov brothers have
> traveled the world in self-imposed exile[8] as citizens of Saint Kitts and
> Nevis.

It's b/s. Durov regularly visits Saint-Petersburg's office where Telegram is
built. Source: VK employees, own eyes, [0] (in Russian).

[0]: [http://uip.me/2016/04/dark-side-of-the-
telegram/](http://uip.me/2016/04/dark-side-of-the-telegram/)

------
wildchild
Telegram has nothing to do with anonymity and privacy, they are using phone
numbers for registration.

~~~
eganist
I'm not disagreeing with your argument, but I might disagree with the
premise... Signal works the same way.

------
mocko
...but still not auditable crypto. Questionable priorities there.

~~~
drdaeman
It is auditable, but probably no one capable is going to spend time on this.
As I get it, it's like developing software for really ancient computer
platforms - possible, but no point in doing so, and there are probably better
things to do in one's spare time (unless they're really into this kind of
stuff, of course).

~~~
mocko
Are you sure? According to Wikipedia[1] "its server-side code is closed-
sourced and proprietary".

[1]
[https://en.m.wikipedia.org/wiki/Telegram_(software)](https://en.m.wikipedia.org/wiki/Telegram_\(software\))

------
niftich
Previously: [1][2]

Telegraph appears to be a minimalist anonymous blogging platform, with images
and markdown support. It's link of a blank canvas -- pun intended. It's like
anonymous gists where the post becomes uneditable once you clear your cookies.
It may turn out to be the next great thing, or may turn into an abusive
slugfest of scum and spam.

Other than it being an experiment, it's clear to me that Telegram is actively
looking at ways of increasing time that users spend in its app -- much like
every other chat messenger has done in recent years, with bots, in-app
browsers, stickers, and integrations. The way to cultivate a walled garden
people actually like is to have it be a pleasant and varied garden; this seems
to be the way of the game, and it's amusing to see Facebook (through its four
platforms), Snapchat, Google (through its 3+ platforms), Kik, Viber, LINE,
WeChat, Microsoft, and even Apple and Slack get a piece of this pie.

[1]
[https://news.ycombinator.com/item?id=13017592](https://news.ycombinator.com/item?id=13017592)
[2]
[https://news.ycombinator.com/item?id=13017604](https://news.ycombinator.com/item?id=13017604)

------
offa
Neat! I use Telegram on a daily basis, so this seems interesting.

------
andai
ITT: everyone talking about Telegram instead of Telegraph.

------
CiPHPerCoder
Telegram is not a secure messaging app.

If anything, Telegram is a modern replacement for newsgroups.

------
maurusus
How can anyone call "Telegram" secure? Those days are over. It's the least
secure messaging app of them all now. Even WhatsApp is more secure than
Telegram (let alone Threema).

