Transport encryption does not make it private. Optional e2ee is as good as no e2ee. And they rolled their own crypto... For some reason my non-technical friends still would be very surprised to learn that Whatsapp is more private than Telegram.
I don't think you understand how Telegram encrypts its chats. MTProto is also used to encrypt Cloud Chats at rest. It's not just transport. Cloud Chats are not e2ee because the keys are held by Telegram.
Moxie also "rolled his own crypto". "Rolling your own crypto" is typically used disparagingly by those who claim moral or intellectual superiority over the competition. The Signal Protocol was rolled by someone, yes? The version of MTProto that had vulnerabilities discovered was deprecated many years ago.
This is where the privacy promise falls apart. From a user's perspective on-disk encryption makes no difference, because there is no real enhancement of privacy for them. If a third party holds the key, they hold the key. If you put something into the hotel safe, the hotel could still steal it from you. As far as I can tell, most TG users are not aware or do not care, but for those who are not aware, but actually do care, this should be made much more clear.
> Moxie also "rolled his own crypto"
Besides Moxie being a bit dubious himself, the more interesting question is: was there something that was already verified by many people that could have been used instead?
I’m interested to know about what makes Moxie a bit dubious, can you share more information? I have to say I’m slightly fascinated by the character, but it’s true it doesn’t tell anything about why I should trust him.
I am not even against crypto integration, but I found the choice of MobileCoin odd. Instead of integrating an existing privacy coin or working with the community, he decided to integrate MOB and to be one of their "advisors":
I think you are being far too uncharitable and you've simply gotten the facts wrong a number of times, which I've needed to correct you on.
Use another messenger if you like but e2ee encryption is not some moral imperative that must be done. There are always trade-offs. I appreciate Telegram for the purposes I use it for. If I want e2ee, I turn on a Secret Chat.
I just think that Telegram tries to position itself as some kind of subversive and secure messenger (successfully so), which it isn't and I find that dubious. I can see that many people prefer it for its user experience, which is fair, but people should not be lured by a false sense of security.
> e2ee encryption is not some moral imperative that must be done.
It is not a moral imperative, but a protection against many evils, that most people probably would benefit from if used consistently. I've got low tolerance for trying to artificially limit e2ee though.
Rolling your own crypto is bad, unless you’re an authority on crypto. Moxy certainly is. Also, Signal Protocol isn’t an encryption algorithm. As far as I know, it still uses AES and Curve25519 for the actual encryption.
Most people think of “private” as between the conversation parties, not everyone in the conversation, the company, and any government with leverage on them.
Encryption at rest prevents from some intrusion attacks but does absolutely nothing against a warrant if the government has leverage.
Pavel Durov seems to be proud of never having disclosed user data to authorities and mentions it every time he disses another messenger. Guess he can't do that anymore now.
(Just to clarify: I like Telegram. I just don't like Durov very much and the way he positions Telegram as the superior messenger in every way, even though it obviously isn't when it comes to encryption in particular.)
It is not the first case for Telegram. So, Durov will continue with his show... they claim that Telegram is e2e encrypted, but don't mention that needs to be activated per chat
I'm a little bit sad because I'm sure if they invested some effort into it, they could make all chats e2e encrypted while still allowing sync with their server. They "just" need to figure out a way to safely exchange the private key between devices. I know it's not completely trivial, but if anyone could create a good user experience for this, it's certainly Telegram.
I'm really late with the reply and it doesn't really matter anyway, but how Signal is doing it is not what I would like to see. It would be less of an issue if you can backup and restore your Signal chats, but as of right now, it's impossible (at least on Apple devices). I use Signal because lots of my friends prefer it, but I don't like that losing my phone would mean losing my complete chat history of all my chats. Maybe I'm not their target audience, but I think Signal is already mainstream enough that chat backups and restores should be a thing.
What I was expecting from Telegram (although it doesn't look like they plan to do this) is synced, E2E encrypted cloud chats. So any new device I add has access to all the previous message history, and is independent of all other devices.
But a court can easily get UNENCRYPTED message while in at-rest stage directly from the hard drive on their server.
Don't worry, you're safe from hackers, deep state, and foreign nation-state from eavesdropping on ya over the net through their awesomely robust and intensely-touted advertised EE2E capability.
> Private
> Telegram messages are heavily encrypted and can self-destruct.