Except when they want to chat with more than one person at once. Telegram does not have any support for encrypted group conversations.
Otherwise a good read. Telegram is not a bad app, but it does not suit my threat model. I'm willing to forgo cloud backups and some usability to have default encryption for all my conversations, which I think is something Signal provides. None of these apps are perfect, it comes down to what combination of trade-offs works best for you.
> I'm willing to forgo cloud backups and some usability to have default encryption for all my conversations, which I think is something Signal provides.
Indeed, it does.
> None of these apps are perfect, it comes down to what combination of trade-offs works best for you.
That is exactly the take-home message :)
Anyway, I mentioned that Telegram does not support e2ee for group chats here:
> WhatsApp nowadays has end-to-end encryption enabled by default for all chats, while Telegram has not enabled it by default and does not support it on group chats.
Note however that group chats are even more difficult to handle securely, because in theory you are supposed to verify the identity of every participant.
That said, I liked this article a lot since it puts things in a manner that focuses on how to approach these comparisons and backs them up with relevant information. Elsewhere, there’s too much of appeal to authority that ignore other points (mainly nuances that are important).
I completely agree with this part:
> A big chunk of the criticism of Telegram amounts to defamation, lies and arguments from authority. Unfortunately this is not an opinion, but a verifiable fact. Even more unfortunate is the fact that many of these come from respected figures of the computer security community.
A few corrections and additions are required in the article:
* The part about Signal not having a standalone desktop client is not true. This was already pointed out in another comment here. Signal has had this for a few years now.
* “This is more subjective than an exact since.” — there’s a typo here for “science”.
* I didn’t see mention of metadata collection by WhatsApp. That’s as important as the content of messages.
The author claims that this is "defamation" because Telegram uses FDE or a similar solution.
With the deliberate misunderstandings apparent in this article I don't see why it would be inappropriate to call the author out for being a Telegram shill.
>Here Moxie is pretending the discussion was about having plaintext access, which obviously Telegram has for non-secret chats, instead of plaintext storage, which is what Ptacek was talking about
The whole idea of "plaintext storage" is something that the author came up with themselves, tptacek claimed that Telegram "stores the PLAINTEXT of EVERY MESSAGE". These mean entirely different things. Plaintexts are still stored even if they are encrypted on disk with keys controlled by Telegram.
You even discuss this issue in the "History of Telegram vulnerabilities", but don't bother to mention the fact that this was almost certainly a deliberate backdoor.
You also seem to suggest that DUAL_EC_DRBG was promoted as a best practice by the crypto-community, what an utterly bizarre claim.
Of course, the mental gymnastics in the "Defamation" section make it clear that this was never intended to be a honest analysis.
Can govt or a company mass harvest chats to classify users into buckets? and use this data to manipulate people. We have seen this happen with Cambridge Analytica. Think of military having a list of all pro-democracy people before staging the coup.
In my opinion this is partially addresses in the threat modelling section, where I mention the need to trust "The companies running the servers needed by the app to work".
Anyway I believe the threat you mention is a very difficult one to defend against, because probably even metadata alone is sufficient to construct a graph of relations. So, I maybe wrong, but if you do not want to trust any company at all, then even Signal may not be enough for you in this scenario. Regarding the choice of WhatsApp vs Telegram for this scenario, you simply have to decide if you trust more Facebook (which we already know supplies this kind of mass data to the US government) or the Telegram team. Or you can trust neither.
My opinion on Signal is it should definitely be preferred if one cares about security more than usability. I really cannot wait for it to have a "standalone" client (that is, that does not require the phone to be online as well).
There are other messaging apps, like Element (and the now defunct Keybase) which try to solve the same problems. So, I decided to keep that discussion for another future article (maybe).
Signal does not require the phone to be online as well. Source: just switched my phone off and still able to send and receive messages on the desktop app. WhatsApp, however, still very much requires the phone to be online for its web/desktop clients to work.
That said, Signal is still not a "standalone" app on desktop because it needs me to have installed and set up the app on my phone to link it to desktop. After this though, they are very much independent clients.
What happened to me is that I lost my phone, so I did not have an Android device to re-install Signal. I later managed to get back the SIM card and I assumed that I could use the Desktop client, but if I remember correctly it did not work. However, I will check again all of this
Cryptography is a very complex field, Telegram has made many bizarre design decisions which make it difficult to trust them despite the fact that their encryption has not been publicly broken recently.