Hacker News new | past | comments | ask | show | jobs | submit login

Telegram has a poor security record, with homegrown encryption algorithms and no end to end encryption by default.



While I am wary of "build-your-own-crypto", saying it has a poor security record is, to my knowledge so far, incorrect. I have yet to see satisfactory cryptanalysis that shows a weakness (theoretical or real) in the protocol. If anything, it seems to withstand scrutiny so far. Even the dedicated security.se.com question[0] seems like it wraps itself in tautologies.

Until then, throwing the "homegrown encryption" argument to argue for Telegram's weakness is hand-waving and a straw man.

Telegram's security is sufficient for the threat model I have to face against now and in the future.

[0]: https://security.stackexchange.com/questions/49782/is-telegr...


Well, to me the whole thing is about a couple of things:

When Telegram first launched, people were reading their crypto whitepaper and going "Whoa, this is weird. You should probably not be doing it like this", and the reply was "Well, our 6 world champion coders (did you win a coding world championship?) think it is nice. Deal with it".

They then launched a bullshit crypto challenge (which would have been secure even using crypto primitives we _know_ are insecure). People told them that wasn't how it was done. They replied something cocky about world champion coders.

A couple of months later, someone found an gaping hole where the server could MITM every newly started secret chat (which their hack for forward secrecy a couple of years later would have made possible for every 100 messages).

I think their attitude towards encrypted messaging hasn't left puberty yet, and I recommend against it for everyone looking for a secure messenger. For anyone looking for a more convenient whatsapp without caring much for privacy by default, I don't mind recommending Telegram.

Regarding your future threat model: I certainly can't say whether having a copy of a significant chunk of my private communication on a server in Russia is a future threat to me. On the other hand, I don't use any social media, and have proper data retention policies on most of my online communications.


>having a copy of a significant chunk of my private communication on a server in Russia

To be fair, Telegram doesn't have servers in Russia.


FWIW, four years ago, the HN zeitgeist considered the cryptography blunders made by Telegram, when conbined with their hubris over how their protocol was clearly perfect, a death knell for the company from which they would never recover.

https://news.ycombinator.com/item?id=6948742


Indeed, I've been attacked and modded to oblivion on here for mentioning that I use Telegram, and the scope wasn't even security related, just an alternative to email for sending non-sensitive photos.

I've found Telegram to be more than good enough for day to day communications where I would previously have used email or SMS/MMS.


So is Signal and at least that is secure.


And once again, if I need that kind of security I'll seek it out. Telegram is more secure than email and SMS, and more convenient for my use case.


Signal is not feature rich and harder to get people to use. It also lacks the desktop/laptop integration.


Signal has desktop apps now https://signal.org/download/


How do they compare to the telegram desktop client? Are they electron apps?


Telegram is exactly as secure as email. SSL where third party email servers can see your traffic.


Signal requires to provide a phone number (read: disclose your identity to US Government) to use it.


I'm not a US citizen. And there is such a thing as prepaid phones, at least where I'm living.


Signal is missing too many convenient features though, e.g. editing messages.


Why should one be able to edit a message after it is sent in a text-chat app?


Because one is human and one mistypes...

I'm normally on the Signal side of this argument, Telegram is trash and should not be used, but basic features like message editing are legitimate requests. I use Signal heavily and a number of times a day at least I or someone I'm chatting with corrects a previous poorly phrased or incorrectly typed messages. Because Signal has no mechanism for that, it usually involves retyping most of the message or the relevant word and adding an asterisk. I believe if Signal had built-in message editing support it would be used far more than I currently see corrections.

To be clear, I would expect Signal to allow me to see previous versions of a message and clearly indicate that it's been changed, but message editing is a valid feature that Signal should absolutely implement.


I've been retyping the offending word and adding * since I started using chat programs 20 years ago, and in every program since...I would think allowing messages to be edited after the fact would allow more problems than solving simple grammar or spelling mistakes most people can think around anyways.


I'd imagine I would have thought the same thing before I actively used a messaging tool that supports message editing (I use Slack for work)

Further, the goal of Signal is not to work well for people who are accustomed to the various quirks of text-based communications that have existed since forever, but to provide a secure, modern communication client that normies don't find difficult to use. Message editing has become a standard feature of any usable modern messaging client.


I don't think I ever used a message service that allows you to edit messages.


I thought so, too. But after using Telegram for 3 years as my main messenger: No, it really is very convenient.


Because people make (sometimes embarrassing) mistakes all the time. These circumstances can be saved if recipient hasn't read the message, and if they already have, can have a face-saving effect.


Embrace the mistakes and have a laugh!


And a desktop app that isn't Electron trash.


"I have yet to see satisfactory cryptanalysis that shows a weakness (theoretical or real) in the protocol":

https://eprint.iacr.org/2015/1177.pdf


Very few people use Telegram because of its security. Literally nobody of my contacts even uses the secret chat feature. They didn’t care when WhatsApp introduced e2e either.

People(IME at least) use Telegram(or WhatsApp) because it’s a nice to use app, both mobile and desktop.


Yes, the best thing about Telegram is that it doesn’t treat the desktop as an afterthought. Its desktop clients are first class true native apps, not be usual hot mess of half baked web/electron things that are offered to desktop users these days.


You're just repeating something that you read on HN. Entirely false.


Not entirely false, no. It does not have end-to-end encryption by default, and not at all for group chats, and the cryptography is a bigger unknown than with others.


> It does not have end-to-end encryption by default

That doesn't mean it "has a poor security record" (implying that the security is broken), it means it is not as secure as other options.

> not at all for group chats

May not be a requirement for group chats

> the cryptography is a bigger unknown than with others

Unknown does not mean bad, it means unknown. Almost definitely worse than Signal, but almost definitely better than Facebook Messenger.

To say Telegram is less secure than e.g. Signal is true. To say it "has a poor security record" is disingenuous and misleading. Once Telegram has had several security breaches, then that would be a fair phrase. Until then, there are levels of security for given threat models, and Telegram's is not as secure as others', by design.


Quoting Moxie: THere's nothing to be broken because there's no end-to-end encryption to begin with. Do you think nation state hackers publish their finding about the trove of private messages telegram's vast server complex holds indefinitely? hahahahaha


False? Is it? I've yet to see a satisfactory answer to the criticisms that were posed about the security of Telegram.


Are they allowing you to have accounts that don't depend on your phone number yet? I think last I checked you could only login with your phone number, which I consider extremely insecure, especially against a nation state agent (you'd think the Telegram team would care more about that, considering where they come from - and in fact, I believe there were some reports of Russian government hacking people like this with the help of national carriers, too).


> (you'd think the Telegram team would care more about that, considering where they come from)

That assumes the Telegram team aren't part of the nation state apparatus, surely.


Do you have any reason to assume they are? Of course, other than the fact that the founder is _RUSSIAN_ gasp


I don't assume they are. But equally I don't automatically assume they aren't, either.


You're just evading my point. Implicitely or explicitely you must have a _working_ hypothesis. When you make decisions, you must assume one or the other.


There is an optional two-factor login (phone+password).


Can you mention something more specific, than suspicion to "homegrown encryption algorithms" that is just a yet another combination of DH-RSA-AES ?



And by the way, "no end to end encryption by default" -- is intentional tradeoff for cross-device message history sharing by default, which is not possible in case of e2e, without key transferring


I use a messaging service called Wire that does E2E, cross device messaging history by default (up to 6 devices), using very friendly, familiar UX - you only need to sign in on your device.

It might have been an intentional tradeoff when Telegram came out, but it's not any more. It's not a great defense for the fact that you chat history exists in plain text on Telegram servers.


Well for me, I prefer the way telegram has decided to handle end to end encryption. Let's face it - me and my friends have no use for it, and never will. Our threat model just doesn't really care about actors like the NSA hacking us. If they wanted there's tons of other ways to get our information any (like Google or Facebook accounts). But not being encrypted gives us features not possible otherwise, like url prefetching from the server or (when telegram was released, I guess it can be done now) accessing the chat from as many devices as you want. Yes, there is a tradeoff, but really I don't think most users are worried, nor should they be.


Speak for yourself. I care about privacy, and I couldn't give a shit about something so minor as link prefetching. I suspect I'm far from alone.


While I do find such features convenient, more importantly to me they draw people to a more secure and privacy conscious messaging platform than the ultra-popular alternatives all the while allowing to upgrade to E2E† on demand. Signal completely fails in that regard, as the number of contacts (actual or potential) on it is precisely zero for me.


Anon1096 clearly stated that he was speaking for himself (or herself) but I agree with him: I want privacy but I don't necessarily need complete secrecy. This isn't a zero sum game: Telegram and Signal can coexist and serve different needs.


"I really don't think most users are worried" is the stark OPPOSITE of speaking for yourself.


And you're very welcome to use something that fits your threat model.


I really don't understand the "hate" for Telegram on HN. I understand that its not (allegedly) as secure as signal for example, but like you said, state actors etc have other ways of getting that info (see xkcd [1]).

I personally use Telegram when talking to my wife because it lets me have a client on every platform i use and the messages follow me. I could do that with some of the other platforms as well, but im already on this platform, the wife is on the platform, and some other family members as well. Now would it be better if it was "more" secure? Of course it could, I mean, we could all be communicating with PGP as well, but most people don't because its a pain to use. So to me personally, Telegram is a useful middle ground between great security and usability.

As a added bonus, using the bot framework that Telegram offers, i have started creating a home automation bot. The framework is really fun and easy to use.

[1] https://xkcd.com/538/


> So to me personally, Telegram is a useful middle ground between great security and usability.

Same. I tried Signal a couple of years ago but the iOS app was prone to crashing, corrupting messages, and just plain losing words. Not really what you want.

> The framework is really fun and easy to use.

Yeah, I've done a couple of bots for it and it's pretty handy.


Telegram for me is the right trade off between security and convenience.


> the fact that you chat history exists in plain text on Telegram servers.

Source? https://telegram.org/blog/sessions-and-2-step-verification says:

"It allows you to set up a password that will be required every time you log into your account from a new device – in addition to the code you get in the SMS.

Be careful though: if you forget this password, you won't be able to access your messages from other devices."

This sounds to me that the chat history is encrypted with the password which doesn't leave my devices and therefore I'm not able to recover the history if I lose it. Since all clients are open-source, it should be possible to verify this.

edit: Okay the option for a recovery email could mean that they still have the password (or a key derived of it) on their servers - so basically plain-text.


Ok. Lets see

https://medium.com/@wireapp/making-your-conversations-secure... does not state any information on key management solution: how encryption key is transferred to another device.

But it has links to https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm which has nothing about cross device key sharing and https://wire.com/resource/Wire%20Security%20Whitepaper/downl.... I've read it through and found nothing on cross-device key sharing as well. Can you point me to the right part?


I'm flattered you assume I have this knowledge, but I don't. I would presume the key is derived from your sign-in information, but I honestly don't know.

What I do know is that you don't have access to messages that happened before you first signed in to the device you're using. My message history is complete on the phone I created my Wire account on, but I installed it on a laptop a few days later and as such is missing those first days. Messages get delivered to all your active devices without problem though.

The source code for all their different client varieties (iOS, Android, Web/Electron) and server software can be found here if you're interested [0].

[0]: https://github.com/wireapp


> cross-device message history sharing by default, which is not possible in case of e2e, without key transferring

iMessage does that† (is that what you mean by "key transferring"?). I wish it could display the device key fingerprints somewhere, allow for key pinning, as well as offline key exchange between parties though††.

† in fact history is not centrally shared: messages are encrypted and published once per receiving device by the sender.

†† And be cross-platform. But the optimist in me says it's to control the security experience while the cynical in me says it's about network effects (although mitigated by SMS integration) for commercial reasons.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: