
Should we stop using Telegram? - thetanuj
http://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415
======
lucb1e
1\. "Telegram has a wide range of security issues." Yet people can only ever
name one thing: end to end encryption turned off, by default (it's available).
That's all people can ever come up with.

2\. It mentions the FBI being for encryption, while they are obviously happier
when they can tap people (see FBI vs. Apple, and a dozen other cases). Then it
quotes something, which (on first glance) makes it sound like it's being said
by the FBI.

3\. "Telegram has delivered everything the government wants." Except non-
compliance with any government requests, and not being a legal entity in
privacy-invasive countries. "The government" you refer to is probably the USA
federal government, which can make no claims on Telegram's chats or even
metadata.

4\. "There is no reason not to encrypt your messages by default." Besides that
group chats with 5000 people in it are hard to encrypt (that makes for a very
good reason, Whatsapp just does not support this to begin with), the reason is
efficient device synchronization. I agree that it should be turned on for all
small scale chats, but if we are being fair, it took Whatsapp 6 years to
implement _any_ sort of encryption.

5\. "making flawed product choices like non-encrypted chatting" The market
leader sent messages unencrypted over the wire for years, then did not offer
end to end encryption as an option, and now two minutes after they implemented
it, competing products are suddenly the devil? Despite making none of those
mistakes and only not turning it on by default? I agree it's a serious issue,
but you are blowing it _way_ out of proportion.

6\. "I've seen no proper proof of its security." I am familiar with the
professor's work and it's usually top notch, and while I can see where he is
coming from, it's wrong to claim there is no proof of its security. Various
experts have looked at it, yet none have actually broken the algorithm. People
usually do this just for fun, but Telegram added a bounty of $200 000. Someone
has yet to win that prize. I don't see Whatsapp or Signal doing that. And as
for "proof" that it's secure, almost nothing has proof of being secure. HTTPS
uses RSA, DH and, more recently, ECC, none of which have mathematical proofs
of being secure. RSA relies on that we have no known way of factoring large
primes, but nobody knows whether an efficient algorithm exists or not. We have
no proof either way. That MTProto is not proven to be secure is no surprise;
neither has the Signal protocol been proven to be secure.

7\. "[Telegram rolled their own encryption,] which is widely considered to be
a fatal flaw" In general it's not recommended to do this, but they used
existing building blocks (SHA1, AES, DH) to form a new protocol that has stood
the test of time so far. The Signal protocol is less old than that and has no
bounty for breaking it either. I feel like it's libel to claim it's insecure
just because they invented something themselves. I mean, so did
Signal/Whatsapp, or it wouldn't be called "the Signal Protocol".

8\. "Woodward criticized Telegram for their lack of transparency" Lack of
transparency? Telegram?! If anyone is opaque it's Whatsapp with their closed-
source clients. They say they implemented the Signal Protocol, but it's in a
sealed envelope. They say we just have to "trust them". If I have trust issues
with anyone, it's a subsidiary of Facebook, not Telegram with a published
protocol. This claim is a complete fabrication.

9\. "This is computer security 101. There’s no reason to roll your own when
something perfectly good already exists that has been audited extensively." I
am sorry mister Woodward but at the time Telegram came out with MTProto, there
was no such thing as the Signal Protocol. And besides, cryptographic diversity
is also something we generally want as a community (Keccak was chosen because
it's very different from SHA2; ECC is promoted because it's very different
from RSA).

10\. "Earlier this year a security researcher discovered that an attacker
could figure out when a user was online and offline" that has been a feature
(and weakness) of chat clients since they first came out. Yes of course I can
see when someone is online or offline, because the application frickin' tells
me so. As if Whatsapp does not tell you this. The screenshot shown is from an
existing client that anyone can download and use, it's even officially
promoted by Telegram themselves. This is not some freaky hacker tool, like you
would have to use with Whatsapp and their own little darknet with their closed
source protocol.

~~~
lambdadmitry
>That's all people can ever come up with.

This isn't true. [1] highlights handful of crypto problems in Telegram
(besides it's being being opaque af).

>non-compliance with any government requests

How can you now?

>not being a legal entity in privacy-invasive countries

I've actually LOLed at this point. Telegram is developed in Saint-Petersburg,
Russia; are you really sure that it's not a "privacy-invasive country"?

>which can make no claims on Telegram's chats or even metadata

The problem with Telegram is that passive snooping is enough to get that
metadata. Given that Telegram servers are mostly outside of the US, it's a
fair game for NSA to listen for Telegram metadata.

>the reason is efficient device synchronization

Already done in Signal.

>you are blowing it way out of proportion

"The market leader" didn't claim that it's all "secure" and "encrypted".

>none have actually broken the algorithm

See [1]. It was broken many times.

>Telegram added a bounty of $200 000

…under totally ridiculous and unrealistic restrictions. See comments here [2]
for some context.

>neither has the Signal protocol been proven to be secure

It was to the large extent [3].

>they used existing building blocks (SHA1, AES, DH) to form a new protocol

If anything, recent security breaks shown us that it is very, very easy to
combine secure building blocks in unsecure manner. Which is exactly what was
done in Telegram case.

>that has stood the test of time so far

It hasn't [1].

>If anyone is opaque it's Whatsapp with their closed-source clients

A: Telegram is opaque and you can't trust it

B: Whatsapp is even more opaque!!!

Can you see how B can't be a counterargument to A?

>at the time Telegram came out with MTProto, there was no such thing as the
Signal Protocol

There was, it was called "Axolotl ratchet protocol" [4]

It seems that your most basic assumption for this comment are wrong. Please
reconsider your worldview re: Telegram.

[1]: [http://cs.au.dk/~jakjak/master-
thesis.pdf](http://cs.au.dk/~jakjak/master-thesis.pdf)

[2]:
[https://news.ycombinator.com/item?id=6931457](https://news.ycombinator.com/item?id=6931457)

[3]:
[https://eprint.iacr.org/2014/904.pdf](https://eprint.iacr.org/2014/904.pdf)

[4]: [https://www.whispersystems.org/blog/advanced-
ratcheting/](https://www.whispersystems.org/blog/advanced-ratcheting/)

------
nikolay
This is a paid (by the Government) article...

