From 1: "We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack."
The second paper is a huge wall of text that boils down to "the protocol is too hard to analyze and doesn't use what I have declared as crypto best practices, therefore I declare that it is insecure."
There isn't, in either of these, any actual attacks showing any actual problems with the protocol. I'm really sick of people jumping down the throat of anyone who tries to use Telegram by declaring it as insecure without even the first whit of evidence. "This isn't best practice" != "This is insecure and you should never use it."
I gather that there are enough experts in this sort of thing that aren't convinced that it seems fair to say it's insecure.
Ex: If someone built a bridge, but wasn't an actual engineer, I would assume the bridge was unsafe. I don't need an engineer to actually inspect the bridge before I make that assumption, and I would probably tell everyone I knew not to use that bridge.
then - like in a lot of other fields - it depends on your threat model.
If your life or anything valuable really depends on provably strong encryption: you probably shouldn't use Telegram.
My rule for WhatsApp (one of his recommendations) however is even simpler: I don't use it if I can avoid it.
You should treat Telegram the same way you treat AOL Instant Messenger. If you have friends on AOL IM, by all means use it to organize which bar you're going to meet up in tonight. But don't ever kid yourself that it's a secure messenger. Telegram is deeply unserious about security.
For all intents and purposes that is what most of us do. We share photos of smiling kids and messy homes.
But don't ever kid yourself that it's a secure messenger.
Totally fine. I already don't trust Telegrams crypto.
I'm not saying it is secure, only it works really really well and isn't owned by a known evil entity who for some reason found it worth to pay 19B just to destroy the best messenger app I knew :-)
Also remember: WhatsApp didn't have very good crypto before they changed their protocol.
Isn't owned by a known evil entity? I think jury is still out on that. https://www.instagram.com/p/-MrPWGr7aL/
I try to get people to use Signal when I can but so many people already use WhatsApp and that counts for something too.
In theory telegram is insecure because it doesn't follow the best tried standards in security even though no viable attack have been made.
In theory whatsapp is secure because the last time a third party audited the source code no gross infringements existed.
Almost every chat app is insecure next to signal but indeed the only merit of whatsapp is that it's popular in some countries.
whatsapp has a fairly impressive set of merits that check lots of points for people who actually do security work:
- uses a known and vetted protocol
- protocol was implemented with help from known and competent security professionals
- is supported by one of the most resourced and competent private security teams on the planet
- is easy to drive uptake and has impressive network effects
Its major drawback is that it shares metadata with facebook. This may or may not be a big deal to individual users, but on the balance its fairly easy to see why people recommend it.
The closed source thing is largely not a consideration that comes up when you talk with professional security folks, and is a pretty obvious red herring when you think about it.
[note: i'm not a security folk, but i have drinks with them occasionally. I don't use whatsapp or telegram and only very occasionally use signal]
>even though no viable attack have been made.
All of these references to "in theory" obscure what's actually going on here. Signal is well known to be extremely secure and the code is well-audited. Moxie is a man of integrity and says that WhatsApp is similarly safe.
That's worth a lot more than the statement that no viable attack against Telegram has been demonstrated. That's true of every system until it's not. Once you reach that point, you've already failed. If that's the best proof you can give of a system's security, you've failed as a security communicator.
So that was evidence that was ignored for ten years.
So I wouldn't risk my life on something you claim has no evidence but professional crypto breakers warn about.
I might if either of those had proper desktop clients (they don't). I spend most of my day sitting in front of a computer, so chat apps that offer only wonky web app "phone bridges" for desktop users don't make much sense for me.
The best part of iMessage and Telegram is that their desktop clients are as capable as their mobile clients, and they're real independent clients. Until WhatsApp and Signal offer that, I have little interest in them. Maybe the majority of the internet connected world conducts their communication primarily through a smartphone, but that's not me.
It's tethered to your phone, ugly, and feels a lot like an afterthought. Last I checked, it also doesn't work with the iOS version of Signal, so if you use an iPhone you don't get any desktop support at all.
In short, it needs a lot of work before it'll be usable for anybody in a similar position to myself.
Compare that to Wire, which has much more convenient multi-device support, but accomplishes that at the expense of keeping the entire active graph of communicating Wire users in plaintext in their servers on AWS.
Both Wire and WhatsApp (which have comparable security models with some marginal tradeoffs --- WhatsApp metadata is in Facebook's custody, which is not great, but Wire doesn't have Facebook's extremely competent and well-resourced security team) are reasonable choices for secure messengers.
Telegram is not.
Haven't we agreed that metadata is data?
Isn't everyone aware that Facebook has stopped charging for WhatsApp?
Has anyone presented a good reason for what their reasons for running WhatsApp for free?
Because I doubt it's because of the goodness of Zuckerbergs heart.
I.e. to spell it out: they find you metadata so valuable they are willing to spend billions (!) to get hold of them.
Now I guess I wouldn't care much if it wasn't for the fact that WhatsApp used to be the fantastic. Nice, user friendly, robust and with a sane and user friendly way to generate income.
That's a fine, coherent argument. There are aspects of Scott's comment I disagree with too --- though I generally think most users are best served by WhatsApp.
If you don't want to use anything operated by Facebook, use Wire. Wire is based on Signal's double-ratchet model. It's encrypted by default. Wire's operators get much less data than Telegram's. Wire is operated out of Europe --- I don't think this matters but many people do.
The important thing is just that you not use Telegram for secure messaging. Telegram is deeply unserious about security. There are much better alternatives. If your friends want to use Telegram to decide which movie to see tonight, fine: I use Slack too, and Slack is probably only marginally more secure than Telegram. But don't use either of them for life-and-death secrets.
I readily admit that I don't trust the Telegram crypto. (And in case anyone wonders what that means: I might disagree with tptacek in a lot of things but here I agree. DO NOT use Telegram to send messages that might be dangerous if leaked.)
My point is that Telegram is good enough for what I use it for. It is probably more secure than many peoples email and unlike WhatsApp you can use it without supporting Facebook.
Again: DO NOT trust Telegram with your life. I disagree with tptacek in a number of issues but I trust him when he talks about crypto.
My original comment probably should've used a semicolon before "Use Signal or WhatsApp instead."
For most WhatsApp users, the alternative to WhatsApp for most people is unencrypted SMS, which gives metadata and the contents of the communication to anyone with modest skill and a $50 budget. I like to think WhatsApp's use of the Signal protocol makes it preferable to SMS.
Whatsapp fills that role and much better than telegram.
From the Signal Blog:
"Signal Protocol powers our own private messaging app, Signal. The protocol is designed from the ground up to make seamless end-to-end encrypted messaging possible and to make private communication simple. To amplify the impact and scope of private communication, we also collaborate with other popular messaging apps like WhatsApp, Google Allo, and now Facebook Messenger to help integrate Signal Protocol into those products."
I'd still say though that if they bought WhatsApp for 19B only to stop accepting payments and run it for free to avoid competition then maybe the should be punished for being an evil monopoly.
Until then I'll continue muy little campaign against the guys who destroyed the good, privacy-focused WhatsApp and tried to feed our data into Facebook after first lying through their teeth about not being able to do that.
Summary: WhatsApp is now owned by a big, lying and likely also evil megacorp.
Recommendation: avoid until Facebook change their ways, voluntarily or not. (No, I'm not against big companies, not against huge profits.)
: big is easy to prove, lying is easy to prove and based on the way they lie and what they did to WhatsApp I guess they are evil.
That was not theoretical at all, and very much something that could be used without detection, even if the users verified fingerprints, since it made clients create insecure keys.
The guy who found it got their maximum bounty IIRC.
Whereas the best attack on signal was somewhat sort of relay thing of very questionable usability to an attacker.
It could have been done by Telegram. No proof it was. Still sound theoretical to me. I doubt they knew it was possible.
Also: Was Telegram's source used to find the vulnability? If so, it's unfair to compare WhatsApp and Telegram like that.
Also WhatsApp doesn't bait with a bounty like Telegram does (see https://www.linkedin.com/pulse/whatsapp-security-vulnerabili... for example).
I don't know which one is worse.
There is also a pretty substantial branch of the computer security industry that thrives on security problems found in software they don't have the source code of. And good luck keeping up reviewing telegram. They release sources every 6 months. Last one was for 3.18 which had something like 170k additions and 90k deletions.
The disadvantage of Telegram is that it requires you to provide a phone number (and this is much more important than some rare cases when encryption could fail). It means you cannot stay anonymous while using it. If there is an error in Telegram server code then your phone number can be leaked.
A messenger that cares about privacy should never require a phone number and should not have history enabled by default (because your history will be used against you as an evidence). As I understand WhatsApp doesn't match these requirements.
(It's obviously not true).
The rumors you heard are both wrong and stupid.
My closest friends/family all use Telegram now because it's just better. When I want truly secure messaging, I use Signal or PGP
The stuff you can do with it is amazing. Aside from having a true desktop client not dependant on your phone, I've set it up so that I receive my favourite comics(XKCD, Dilbert) when a new one releases. I can also see and delete my mail through another bot, and I can get sport scores too.
The new instant view also opens up links immediately without loading times(Medium a few other sites only so far, but most major websites are apparently coming with the new update).
It also allows you to quickly go to any date in a chat you've had with someone else(What did you talk about on 2nd June 2015?) and it has a self chat feature which is essentially an unlimited cloud service. Since you can upload files unto 1.5 GB, you can store links, photos, text and files in your self-chat, and have it available on all your devices.
By the way, any update on how are they planning to make money? It is still true that they don't plan to make money at all?