Its default settings are nothing to be desired from a messenger app.
And for the paltry $200k they are offering for breaking it I'd bet you could find a magnitude more with little effort on the grey markets.
But no, absolutely no proof the underlying crypto has been broken. It doesn't need to be when government requests for data stored on their servers does more than enough.
Meanwhile, whatsapp still not blocked in Russia and there is no good explanation for that besides:
So far, Roskomnadzor has "no urgent request" to include Viber and WhatsApp messengers in the register of organizers and distributors of information. According to Interfax, this was stated by the head of the Department, Alexander Zharov. He was asked when these companies will be included in the register.
"We had a stormy substantive dialogue with the telegram messenger," the official recalled. "We are consulting with all other companies on this topic until there is an urgent request to include them in the register."
Maybe gn. Zharov uses whatsapp for chatting with his family and they didn’t like the appearance of mail.ru’s tamtam.chat.
If you know some basic things about Russian government, this can easily be explained by the fact that policy makers are very inefficient, incompetent in technical matters and more often than not decisions are very poorly researched. Just look at the fact that Telegram still works everywhere or the way that even the supposedly most secret russian organization (the secret military police GRU) have handled the poisoning of Sergei and Yulia Skripal, and subsequent outage of the agent that did it... It seems that russian governemnt or police still have a hard time understanding even the basics of what the internet is and how the information can be shared or found or leaked in our age. So banning of Telegram vs not banning of Whatsapp really does not say a lot.
On the other hand it could also be done on purpose in both cases you mention. Deliberately showing incompetence of your digital capabilities is a very efficient way of counter intelligence. The Skripal case was and is a very effective way for the Kremlin to spread fear. Vladimir Putin was most important person of the year for 5 years at Fortune while controlling a GDP of Italy. Vladimir Putin is maximizing the resources he has in a very good way irrespectively what one thinks about his actions and consequences specifically. As long as most people think incompetence every investment he makes will have a significant better outcome.
Well that is certainly a valid theory. Although I have a hard time believing that you have lived any long time in Russia recently or followed closely on the developments, because most people that do would not entertain that theory for more than a minute because it's quite clear that the level of incompetency and corruption in the government is insane. Putin sure has a lot of power, but it does not come from technical prowess or IT/infosec departments, it comes from sheer corruption and what is basically a military dictatorship structure of the country, where he is the one that has and is appointing most "friends" in/to the right places.
AFAIK, Telegram's private conversations are encrypted with private keys stored on device _only_ (not on the server). At least it's what they claim. If true, government requests for data stored on servers are probably not enough.
The secret chats are indeed end to end encrypted, but they have some important exclusions and limitations:
* Group chats can only use the default encryption, not end to end encryption.
* The end to end encrypted chats are tied to a single device, and there's no sync across devices (in contrast, all chats on Wire are end to end encrypted and sync across devices within a limited time period).
The default use cases of almost all users has the chat messages stored in plain text on the Telegram servers. This is one of the reasons search (done on the server side) is quite fast on Telegram.
P.S.: Despite these limitations, I prefer Telegram for its superior UX and for not having metadata shared with Facebook. My wish is that someday Telegram makes E2E the default everywhere.
And for the paltry $200k they are offering for breaking it I'd bet you could find a magnitude more with little effort on the grey markets.
But no, absolutely no proof the underlying crypto has been broken. It doesn't need to be when government requests for data stored on their servers does more than enough.