> You're being disingenuous. End-to-end encrypting every 1:1 chat by default, as well as end-to-end encrypting <1000 member groups have already been shown to be possible by Signal, WhatsApp, Wire, Element etc.
All these applications doesn't sync seamlessly from multiple devices. WhatsApp doesn't work if the phone is offline, Signal does but the solution works only for desktop clients, i.e. I can't have two mobile clients (I have two mobile phones, one Android and one iOS, that can access the same Telegram account, a tablet and a smartwatch). I have the Telegram client on all the computer that I have, it's the first thing I install just because I use it to share data between computers (it's practical to send a file or a link to the "Saved Messages" to transfer it between devices).
> Insecure features are not usable features because security is the fundamental attribute of EVERY feature. Telegram has footguns, nothing more.
Telegram is secure enough for most users. We have much private conversations in emails and it's mostly still a plain text protocols, with a lot of server that doesn't even support SSL with these days. So I guess that Telegram is secure enough to use it to organize a beer with my friends, if the email is secure enough to get my bank access codes, or get my medical reports, or other sort of private conversations...
> And what credentials do you have to make such assertions?
Because it is. Most conversations of normal people doesn't contain that much concerning information, and they are mostly full of useless stuff. Probably the most interesting thing that one attacker will find are some nudes that are sent... and in Telegram you have the secret chats for that anyway.
> Considering the fact Telegram lacks the know-how to implement secure protocols (see OPs article) what chance is there they can defend against EVERY zero day exploit against their server infrastructure? Telegram most likely would never even know they were hacked. And the intelligence agencies that have owned their systems aren't bragging. And even IF Telegram would detect such attacks, would they disclose it, when they know they lack the know-how to prevent the next exploit, i.e. the know-how on how to deploy E2EE for everything.
Do you think someone would even bother to break Telegram encryption if he wants to access your data? https://xkcd.com/538/
Authorities routinely access WhatsApp messages even if they are encrypted. How? Give me the phone and give me the password. But most of the time is the birth date of the user, or 123456, 0000000, or some other stupid code like that. You don't want to give me the password? You get in trouble. And we will probably extract the data anyway exploiting the operating system that probably it's an outdated Android version anyway...
The European union, where I live, is passing a law that will impose to chat applications, and WhatsApp already declared that it supports the initiative, to implement a way to check for every message that is sent for child pornography (of course is just an excuse, then since they have the system in place, let's just use also for terrorism, and then for piracy, why not). How whey implement that, that is encrypted? Well of course just implement the check in the client, before encrypting the message! And if you find some suspicious content, of course send it in clear to the authorities to be analyzed. You said what about privacy?!?
I'm pretty sure that Telegram will never implement something like that. And if it does, the Telegram client is open source, someone can fork a client removing that part, and one could install it on their phone. With WhatsApp is impossible, and even if Signal client is open source Signal is agains third party clients anyway (good example of open source!).
> You can't be serious. Let's take the most basic possible convenience feature. I chat with my buddy over E2EE 1:1 chat while riding the bus to work. At work, I sit down in front of my computer, and want to continue the conversation using keyboard. Signal allows me to do that with zero hassle, Telegram forces me to drop end-to-end encryption.
What if I can't install the software because I don't have administrative rights? I guess I can't continue the conversation. What about old messages, arrived before I log in? I guess they are lost.
>I have two mobile phones, one Android and one iOS
Cool edge case. You can have two phone numbers too you know.
> I use it to share data between computers
You can always tell a shill when they try to advertise the product's features every chance they get. Nobody in real life needs to go around telling how convenient something is.
All these applications doesn't sync seamlessly from multiple devices. WhatsApp doesn't work if the phone is offline, Signal does but the solution works only for desktop clients, i.e. I can't have two mobile clients (I have two mobile phones, one Android and one iOS, that can access the same Telegram account, a tablet and a smartwatch). I have the Telegram client on all the computer that I have, it's the first thing I install just because I use it to share data between computers (it's practical to send a file or a link to the "Saved Messages" to transfer it between devices).
> Insecure features are not usable features because security is the fundamental attribute of EVERY feature. Telegram has footguns, nothing more.
Telegram is secure enough for most users. We have much private conversations in emails and it's mostly still a plain text protocols, with a lot of server that doesn't even support SSL with these days. So I guess that Telegram is secure enough to use it to organize a beer with my friends, if the email is secure enough to get my bank access codes, or get my medical reports, or other sort of private conversations...
> And what credentials do you have to make such assertions?
Because it is. Most conversations of normal people doesn't contain that much concerning information, and they are mostly full of useless stuff. Probably the most interesting thing that one attacker will find are some nudes that are sent... and in Telegram you have the secret chats for that anyway.
> Considering the fact Telegram lacks the know-how to implement secure protocols (see OPs article) what chance is there they can defend against EVERY zero day exploit against their server infrastructure? Telegram most likely would never even know they were hacked. And the intelligence agencies that have owned their systems aren't bragging. And even IF Telegram would detect such attacks, would they disclose it, when they know they lack the know-how to prevent the next exploit, i.e. the know-how on how to deploy E2EE for everything.
Do you think someone would even bother to break Telegram encryption if he wants to access your data? https://xkcd.com/538/
Authorities routinely access WhatsApp messages even if they are encrypted. How? Give me the phone and give me the password. But most of the time is the birth date of the user, or 123456, 0000000, or some other stupid code like that. You don't want to give me the password? You get in trouble. And we will probably extract the data anyway exploiting the operating system that probably it's an outdated Android version anyway...
The European union, where I live, is passing a law that will impose to chat applications, and WhatsApp already declared that it supports the initiative, to implement a way to check for every message that is sent for child pornography (of course is just an excuse, then since they have the system in place, let's just use also for terrorism, and then for piracy, why not). How whey implement that, that is encrypted? Well of course just implement the check in the client, before encrypting the message! And if you find some suspicious content, of course send it in clear to the authorities to be analyzed. You said what about privacy?!?
I'm pretty sure that Telegram will never implement something like that. And if it does, the Telegram client is open source, someone can fork a client removing that part, and one could install it on their phone. With WhatsApp is impossible, and even if Signal client is open source Signal is agains third party clients anyway (good example of open source!).
> You can't be serious. Let's take the most basic possible convenience feature. I chat with my buddy over E2EE 1:1 chat while riding the bus to work. At work, I sit down in front of my computer, and want to continue the conversation using keyboard. Signal allows me to do that with zero hassle, Telegram forces me to drop end-to-end encryption.
What if I can't install the software because I don't have administrative rights? I guess I can't continue the conversation. What about old messages, arrived before I log in? I guess they are lost.