It also would have had much worse usability in the most common case: when government agencies aren't a real risk factor, but you want conversations synced between different apps.
Seriously, disregarding trade-off between security and usability is exactly how we ended up with very secure, 20-digit passwords, containing every possible unicode symbol, updated every Monday, written on post-it notes hanging on the wall.
Wire drains the battery of your phone so hard it's unusable in practice. There has been a bug report about this open since May 2017, with a note that "we're working on it". It hasn't been solved so far.
The last time i tried Wire its UX was about as stable as what a 12 year old would cobble together with old ducktape and string. Constantly exhibiting glitches and bugs and lacking even the most basic UI amenities as well as being a heavyweight browser app.
Does Wire have a light-weight and solid desktop client yet?
Wire is awesome. Keybase is like Wire, but for teams...it's amazing. Encrypted file system for personal, public, and individual teams, chat, git repos...oh boy!
I agree with /u/na85. If you're worried about law enforcement or corporations sniffing keys out of your devices RAM, you have other things to worry about besides "what app should I use for communication"?
If you're seriously worried about communicating without trusting your phone, then you either need to find communication devices you do trust, or else look into verifiable TRNGs [0], dumb serial printers that can be directly attached to RNGs [1], and either manual encryption/decryption algorithms [2] or one-time pads.
I simply want real privacy, not an illusion of one. It's pointless to use any half-baked privacy approach when your device is compromised by design; who knows if the current mainstream becomes dissent in 20 years and people will be hanged because of their old communication logs? Thanks but no thanks.
Please elaborate. I heard this "usability and chat history" stuff many times already, but I never understood it: it honestly sounds just like marketing bullshit. WhatsApp uses e2e and is quite usable as long as I'm concerned. If only group chats with more than 10 people (hell, I'm ok with 3, even 2, if that's necessary) would be non-encrypted by default — I would be fine with that.
WhatsApp requires your phone (and it must be a phone) to be on and connected to WiFi, using battery, to use their desktop "app". This is terrible usability.
WhatsApp doesn't have a native (or near native Qt app as Telegram does) on anything but phones. No tablets, no desktop OS. This is bad usability.
If I sign in to a new device on Telegram (and it can be nearly any device), I can instantly have my entire message history available. This is what they mean by chat history.
I no longer actively use Telegram, but only because no one else I know could be convinced to use it over Messenger. Messenger solves some of these problems but not all.
Ok, fair enough, WhatsApp is trash. But you didn't convince me on the matter of chat history and e2e.
First off, as long as I have any device with chat history online — it is possible for my new device to inherit it as well. It's fine even if I have to confirm manually that session keys are equal or whatever.
Second, note that history can be stored on Telegram servers in encrypted form, I only need to have some secret key that is never sent to Telegram. This way "backing up the history" wouldn't be any different from "sending a message". And being responsible for taking care of my security keys is entirely reasonable.
Third, remember that primary Telegram credential is your phone number — something I abhor, but as long as this is true, I do need to have my phone to log-in on a new device anyway. By the way, I never tried to see if it actually works, but I would rather not being able to access my history after losing my device at all, rather than accepting that anyone who will get in possession of my phone number will be able to read all my chats. "My phone number" is not "me", for fuck's sake. (Yes, I know about 2-step auth, but we are talking about defaults here.)
And, honestly, I guess I would be fine with anything more or less usable, all I really have to know is that "normal people" do use WhatsApp and do find its usability ok. This means they would accept secure chats by default in Telegram as well. How long is it since you lost all your devices that can host Telegram at the same time, anyway? It is rarely the case that anyone's I know devices are all off at the same time, let alone lost.
matrix/riot.im has e2e encryption and chat history stored on home server (which you can host yourself). It also doesn't require phone numbers, plain usernames are possible
WhatsApp requires your phone (and it must be a phone) to be on and connected to WiFi, using battery, to use their desktop "app". This is terrible usability.
I can understand it'd be very annoying when you're affected -- eg having to work in an area with ethernet, but without wifi/3G, or when you need a fallback when the phone is out of battery. For the most part, it's a non-issue for me.
Signal uses the same basic protocol and doesn't require the phone to be online all the time.
Chances are the WhatsApp implementation chose a trade off that minimized confusion for less sophisticated users (within the constraints of maintaining confidentiality). That tends to be a good idea when you've got a billion users.
If I sign in to a new device on Telegram ..., I can instantly have my entire message history available
> That tends to be a good idea when you've got a billion users.
Telegram has a lot of users as well. It's a design choice for sure, but I disagree with it and it doesn't work for me personally. Their lack of support for anything but phones is my primary concern though - I could maybe stomach the requirement for my primary device to be online, but simply not making at least an iPad and preferably a macOS app is a no go for me.
> Including "secret chats"?
No, Telegram secret chats are device to device and can't be backed up or transferred. This is also why I rarely used them.
Not 100% relevant to the article, but if anyone hasn't already given it a try - Signal is a great cross-platform messaging service. I don't understand why more people aren't using it
Similar to another discussion I'm on in this same thread, Signal is simply non viable for my use case at this time. I have the app on my iPhone but I have no conversations in it. For background, my primary IM service is Facebook Messenger, followed by Telegram for some chats, followed by Discord for larger groups around games.
Signal doesn't have a native (or even near-native) desktop app for macOS and Windows nor does it support my iPad. For an app I rely on as much as my messaging software it must be available and high quality on every platform I commonly use. Signal's desktop app is poor compared to the extremely polished Telegram macOS app and the nearly as well made Telegram Windows/Linux/macOS app. Admittedly Messenger doesn't have a very good Windows app but in my opinion it is still better than Signal's, while it completely lacks a macOS app which is a bummer.
The Signal iOS app has no way for me to back up my messages, and I understand they are not backed up on Signal's servers. This means if I lose my phone I will lose all my messages. On IM services such as Facebook Messenger and Telegram this is a non-issue for non-E2E chats. I realize this is considered a feature for many, but for me it is a strong anti-feature.
And finally yet most importantly - practically no one I know uses Signal. Even the 5 or 6 contacts it found haven't even set profile photos nor did they reply to a test message I sent - it's likely they've uninstalled it from their phone. Everyone I routinely interact with save maybe two people are on Facebook Messenger or at least visit Facebook.com eventually.
If you do ever find a great chat app, let me know as it sounds like our considerations are similar.
I have a few people I chat with that I'd prefer the conversations not be generally available. There's little friction to installing whatever apps we need to get that done.
We want confidentiality, but not inability to do what we want with our own data - as you say, the inability to sync or backup messages is a strong anti-feature. I'm regularly screwing around with software on my phone and don't want to lose all my messages every time I screw around a little too far.
It's okay to tie accounts to phone numbers, but the app shouldn't require (or be an asshole about not allowing) access to things like phone books, SMS, etc. (This is what initially turned me off of Signal.)
Security issues and all, my figuring with Telegram is that at least if anyone it's the Russian government collecting information on me this time instead of the US, China, Google, etc. I'm uninteresting enough that simply spreading it around a little should help in avoiding anyone learning too much about me.
I just convinced my political discussion Whatsapp group to move to Signal. The client is not as polished, but works well, and we feel more comfortable sharing political opinions. I'd say it was worth the hassle.
My friends used to use Signal, but we were put off by needing real phone numbers, as well as some persistent errors in the app (communication-breaking ones).
Personally, I'm rather unhappy that Signal isn't federated, and they don't allow third-party apps to use their server.
Finally, the Signal app isn't compatible with my phone. Conversations (XMPP+OMEMO) and older versions of Riot.im (MAtrix) are available to me.
Signal is outstanding. I've convinced a few dozen friends and coworkers to migrate over, I'm a member of several group chats, and everything works great. There were a few issues last year with group chats and keys breaking pretty badly, but everything's been a lot more polished (and idiot-resistant) since the last major overhaul a few months ago.
Signal is awesome. If know several people who work for a very large company that has their own chat/message system that actually use Signal instead — specifically for security reasons.
It is makes me smile. I never heard any news that Signal has been done anything or it were used by anybody. But in every Telegram article there is 100% chance that somebody will come with advertisement about Signal.
This highlights the problem. Why should they have any keys? It should be end to end encryption, where users have the keys. Otherwise it's already insecure and no one should be using it. Government demanding something is just a symptom.
This has been the chief complaint about Telegram, and the entire reason I've never even tried using it. As long as you're trusting the corp with your keys, you're just as secure as any other site that provides chat over HTTPS.
Telegram has publicly stated that they refuse to hand over their keys (though whether or not they will, time will tell). This is in contrast to FB, Google, and Twitter who have not released a statement about whether or not they will comply: http://www.zdnet.com/article/facebook-twitter-google-censors...
Remember in 2013 when Lavabit said their email was so secure that even their sysadmins can't read it? And then, after the secret US government subpoena was made public it turned out that Lavabit's claim of "can't" was more like "won't".
Better to not have to trust the intentions (or ability to resist torture, etc) of Telegram, Pavel Durov, et al. Better to have end-to-end encryption by default, like in Signal.
The key in the article is a TLS key, not the keys that actually guarded the email contents. Lavabit shutdown after disclosing the TLS key.
They couldn’t give up the actual storage keys because they weren’t stored. The courts wanted Lavabit to implement a mechanism to capture the keys during use, which they didn’t do.
Signal is more secure in general due to end-to-end encryption but user experience is bad. I would use Signal when I really have something to fear very seriously, in this case personal security more important than usability.
Telegram is much better made UX-wise. It's a more decent product for average user. It's a Facebook Messenger alternative which is secure enough and doesn't sell your data to anyone.
If you are not security expert or journalist and black helicopters are not chaising you, you don't need Signal, Telegram is much better messenger with great clients on different platforms.
I don't see what's bad about signal UX honestly. I have a few private 1on1 conversations in it and it feels like any other text messaging client. However, the only place I use it is on my Android phone, and there may be features others are missing that just never interested me personally.
build trust. if you don't take a stand you can lose people's trust. if you end up doing the opposite of what you say it's even worse and you are clearly a liar. perceptions of trust and honesty are built through words and actions.
you are looking at 'trust' from a very technical perspective. and you are right there, but not everyone understands cryptography to talk about trust just from that perspective, that's just a small part, and a statement from Telegram surely takes into account a much broader audience. that's all I was trying to express, that we can't analyze the statement from that angle alone.
There has never been such a thing as end to end encryption on a cell phone. Carrier "debugging" tools such as CarierIQ hook at a lower level and can intercept and log everything that any application can see. CarrierIQ was acquired by AT&T and doesn't even officially have a name any more. They would tell you it only runs if the phone is in debug mode, but the dial home to the carrier can enable it via a simple header.
Perhaps the difference here is that Russia does not have access to this data?
This distorts the usual meaning of end-to-end encryption, which is that data over the wire is encrypted and can't be MITMed, even by the "service provider" (Telegram in this case).
You are bringing up a good but different point, which is that the application environment on a mobile device may not be protecting you from certain privacy violations. I'm no fan of Telegram, but that's not really within their control.
Put another way, if unbeknownst to Telegram someone had installed a keylogger on my device, would you consider that to be broken end-to-end encryption?
Look, I understand what you are talking about, but I think this logic is really misguided. Let's just take a step back and face it as it is: I don't care if an app has "bad encryption", is made by "KGB agents" or there is a keylogger installed by Obama and his friends — all I care is someone is reading my messages that are not supposed to be read by him. Now, this can happen for infinite variety of reasons, including Obama personally taking my friends phone from his hands. We cannot make anything "really secure", ever, all we can do is make security breach less probable and harder to achieve for a projected adversary. And this matters.
If my conversations are not e2e encrypted this makes the probability of someone reading my messages really high, and makes it reasonably easy for a state-level actor to do so even without targeting me specifically. This makes Telegram not secure, end of discussion.
If my messenger uses unbreakable e2e encryption w/o back doors, but also somehow requires running it on a device, that is known to have some kind backdoor that sends all my conversations to the 3rd party in some other way — it is not secure as well.
Now, I don't know if allegations of everything happening on my phone being monitored by MNO are true. But if they are, this means every messenger that requires you to have a phone number is not secure. And I mean "roughly equally insecure", because the probability of a breach is high, and not a philosophical "nothing is really secure" here.
All WhatsApp, Telegram, Signal and Viber (something I forgot?), REQUIRE you to have a phone number and use the messenger on a phone. There's no choice. So if OPs implication is any true, it makes him really on point with his remark, and makes all the messengers in question about equally (totally) insecure.
Could you please provide some home-reading material on the topic? I understand that the notion of "secure messenger" linked to your phone number and running on a phone is laughable, but it's the first time I hear accusations that my mobile operator can retrieve basically any info from my phone, like actually right now, without breaking a sweat.
Does it apply to all mobile operators or only to american ones?
There used to be a really good walk through and demo of the software on youtube, but it was pulled down. Perhaps someone has uploaded it again. I will see if I can find it.
IIRC, these debugging tools exist on all carriers and each have their own custom implementations.
I don't understand how Android phones in the US can be backdoor-free considering it's the carriers that provide the final update to devices and they are the ones to sign it. Would the OEMs know if the carriers included a backdoor in there on NSA's behalf? Probably not.
If FSB really wants access - and sooner or later they will, as Telegram keeps growing... As long as Telegram founders still have family inside Russia, they are vulnerable
You see Russia is in a unique position. They want to fight dissent online, they have a very competitive ISP market with lots and lots of ISPs that are hard to control, they have a lot of foreign companies taking a huge share of internet usage, they alienated IT professionals and don't really have smart loyal people who can help them figure these things out. So they seek guidance in China and follow Chinese ideas to monitor and filter online communications. Meaning that they are trying to figure out how to pressure foreign companies like Telegram to cooperate, how to pressure ISPs to cooperate, how to block access to the services foreign companies provide, given how many different ISPs there are. So at this point it's more like a process, not an actual end goal of getting access to this one particular platform. And family is definitely not the line they would want to cross, as it would undermine the whole process if the word gets out.
> Russian ops can't even poison an expat without severe consequences
Only because of the public backlash against the local government last time they were known to have poisoned someone in the same country without consequences.
> kidnapping or murdering people outside of Russia would be an act of war
You've got to be kidding. The recent chemical weapon attack was done for the shock value, because they literally do not give AF about the consequences. It's Putin flexing on the world stage.
So's everywhere else. If you're gonna be sending the info to some government, why not spread it around a little so everyone only has part of the picture?
Where you get that from? Wikipedia page about DigitalOcean mentions it's an American company from New York City. What makes you say it's owned and created by Russia (which I think you mean the Russian Government)?
My understanding is that law requires backdoor access [111], you cannot just shrug it off as "we are end-to-end" encrypted. You must have a backdoor or not allowed to operate in Russia.
You can maybe verify that the app doesn't currently send messages anywhere, but what if there's a way for Facebook to send a request to WhatsApp for a dump of all messages within a date range?
They are supposed to do that or they are cooperating? How does it work? The local binary uploads encryption keys? The server tells the client to disable e2e?
There are public reports[1] that they are refusing to comply with similar requests eg in the UK.
For a long time e2e was optional in the messengers, not sure when the transition happened exactly. Jurisdiction user databases with contact lists, location data and like are accessible either way.
Telegram as usually refuses to give encryption keys to anyone.
While there seems to be a lot to say about Telegram crypto at least their priorities seems to be aligned with mine unlike WhatsApp that is owned by Facebook.
Skipping discussion about "actual security": vendor lock-in & network effects. None of my peers uses Signal for everyday communication. Quite a few use Telegram, +Telegram channels & conferences, bots, and, well, honestly, it's really quite nice app to use. So, yeah. It's sad.
True. Then again, Telegram really has no encryption at all, since no one uses the secret chats. So he probably meant something like "why not use an app that actually tries to do what it claims to?".
That's why I chose to skip discussion about "actual security" in favor of answering the actual question somebody asked. I agree with your point completely.
I've nothing bad to say about Signal. If it supports all the same features I guess that would be a better choice as their crypto seems to be thoroughly verified. (Disclaimer: I am not a cryptographer.)
Telegram just happen to be what my friends and family standardized on after WhatsApp failed on their stated mission.
Yeah, but when I deny most of those permissions to Telegram it continues to operate exactly as I'd expect (e.g., denying contacts means I need to manually enter anyone I want to contact; when I deny SMS permission I need to manually retype the code I receive in Telegram).
Signal just became broken/a pain in the ass. It's been a while, I just know I couldn't actually get to a point where I could send someone a message without granting it unnecessary permissions so I gave up and uninstalled it.
I can't speak for others, but I use it because I wanted a WhatsApp alternative after they were bought by Facebook. At the time I don't think signal was available yet. Now there's a critical mass of family and friends using telegram and it's a lot harder to move to something else. Besides, your average end user probably doesn't care about FSB spying on them because they have "nothing to hide"
WhatsApp is NOT any different. They may have Signal's encryption algo, but they still store effectively unencrypted messages in their servers. Because that is the only way to sync between devices when adding a new device. And also the only way for FB to data mine.
If you are in private chat mode, this works well, because all devices have an encryption key.
But if you are doing regular messages between people, those messages are certainly readable by the server and because adding a new device decrypts all previous messages, the server has decryption knowledge.
Note: At each point in their sesame algorithm the user has a non-empty set of devices. So if you want to sync another device acts as a p2p syncer.
What happens when you remove your last device and add another new one. Hence why whatsapp has a non-privacy mode. Or am I misunderstanding?
WhatsApp has no private chat mode. Every message is e2e encrypted.
If you switch devices, other clients will use the old keys until they have received the new one (and then they will silently re-encrypt and resend undelivered messages, something WhatsApp was heavily criticized for).
This is not the only way to sync encrypted messages between devices with different keys. Matrix and XMPP+MAM+OMEMO both allow for message synchronization between devices, while having different keys on each device.
