There's been a lot of controversy over the Telegram encryption protocol. Any cryptographer that looks at it cringes, but Telegram has deep pockets and has done a decent job building hype.
Beyond doubts with the protocol itself, I think the more important consideration is that most people never use it. Telegram is not encrypted by default. Users have to create a special "secret chat" with contacts that is ephemeral, and some Telegram clients don't even support that mode. Last I checked, there was no way to have group "secret chats" in any client at all.
The result is a situation where many users seem to think that Telegram is somehow secure by default, when it definitely isn't. Telegram even stores plaintext copies of everyone's entire message history on the server for multi-device sync.
I think what Telegram is doing right now is dangerous, and potentially another Lavabit in the making. I'd like to see them incorporate a modern end to end encryption protocol, and enable it by default.
To be transparent, I work on TextSecure and am involved with the WhatsApp end-to-end encryption project.
The communication with the server is encrypted, if you use the official apps. If you use secret chat they are not stored as plain text on the servers and you can make them auto destroy. Also you can delete your chat history. But it is better than WhatsApp because it is not part of governmental control.
Totally bogus. TextSecure-enabled WhatsApp is end-to-end encrypted using a widely-respected cryptographic messaging scheme. Telegram isn't. The point of serious end-to-end encryption is that it doesn't matter who runs the servers.
TextSecure-enabled WhatsApp beats Telegram on a pure engineering level; we don't even need to reach politics to prefer it.
Whatsapp right now hides all of the encryption from the user, doesnt have a way to do key verification, so its trivial for the whatsapp server to do a Mitm on your conversations.
I know they are working on that and I fully expect whatsapp to be the best messenger out after they are finished.
But right now, by an objective measure, it would seem like telegram is more secure
I would be interested in finding out whether there's a cryptography engineer anywhere out there who would say "Telegram is more secure than WhatsApp+Textsecure is today".
The thing is however that any cryptosystem can be trivially compromised by making its PRNG predictable.
This cannot be caught by observing the network traffic and it is really hard to catch by reversing or tracing the binary. Especially if the compromise is not an outright srand(0), but an algorithmic weakness. Then, even if it is found, then it's virtually impossible to determine whether it was benign or deliberate. Now further consider the implications if an app uses a 3rd party PRNG such as those supplied by the operating system or the hardware or if it gets its PRNG seed data from an inherently untrusted sources (such as the OS).
I mean ... the source code being open is obviously irrelevant to the security of a pre-built binary and the adherence to the open specs is not much of an assurance either, because of the PRNG angle. In practical terms it really means that you have to have trust in a product vendor. Period. Because there is always a way for them to screw you over and to get away with it.
Weaknesses in random number generation are arguably easier to spot in instrumented binaries and dynamic analysis than they are with static analysis. Auditing an RNG from source involves enough mental modeling to trace random numbers and track the state of whatever generator provided them.
Telegram bashing aside, this is very wrong. It is always better to have the source code to inspect the entire package. Without the source code, there is no way to fully verify the security of a solution. For Telegram and WhatsApp, the clients and server code should be released if you want to make sure.
People can give you whatever source code they want. That doesn't meant it's the same as what's running in production. While this is tin-foil-hat paranoia, when it comes to encryption software in this post-snowden world it is definitely more reliable to reverse-engineer the binary & network traffic than to just believe the provided source-code to encryption in a popular social app. Or compile the app from source that has been verified by trusted people. Definitely not believing that a binary blob running on your hardware is the same as the provided source.
That said, it's also good to ask for source code so later on when reverse-engineering shows something different you've now caught the offending party in a lie; which is something good to have on record to refer to later on.
> Without the source code, there is no way to fully verify the security of a solution.
So you are telling me if you had the source code you would not be able to verify the code and also use the code to fully verify the expected behavior of the binary?
this is very wrong: No, it is quite correct. It is slightly more convenient to have the source code, But then again, it can be misleading, as you don't know if that source code is actually corresponding to the binary that is actually executing.
Open sourcing/Making available for inspection the source code of an application is not enough if the herd just uses the pre built binaries instead of compiling it themselves. Perhaps we can someday have free and open source software with reproducible builds[0]?
It is not all that. Lets say you are planning the next protests with your friends over WhatsApp using TextSecure. The security agencies cannot view your message content but they can view whom you are talking with with a warrant which will show you that you are a terrorist. Now try to explain why you encrypt your messages if you are not a terrotist. Oh, you are polititian with wife and texting secretly to this woman... Explain it to the public.
> Now try to explain why you encrypt your messages
Because the widely used chat app I happen to be using does that for all communications without any special direction from me. I didn't even know they were encrypted, it just happened!
Isn't that a pretty dangerous assertion in itself? It's a private company running private servers that you have no control over and no ability to tell whether or not an external entity has accessed your data.
Not in my case. Neither Turkey nor Bulgaria has control over Telegram. Howaver these countries have good relatoins with Microsoft, you know we buy Windows you give user information stuff. That may happened to me in the past or not I don't want to mentoin it here but I have 0 tolerance to companies somehow related with Microsft like Facebook, WhatsApp, Skype etc.
Both, really - there's not really anything the Government can do that a large enough company or collection of companies can't - but the point is that you have no proof that this company is not either wilfully collaborating with or being forced to collaborate with the Government.
So Turkey or Bulgaria will ask for data, Twlegram will give it, and these governments will say to shut up or we will fly to arrest you in whatever country you live and kick you into jail and we will get your money out of the banks, doesn't matter in what country it is. Seems possible like if you give a million dollar. Not impossible, as far as you give such money. But the countries I have mentioned are not that rich.
Also if you look at the forums about justice and advocates etc you can see that Microsoft provides user data but not Google or Facebook (except very big and obvious crimes). But Microsoft, oh it is like your best enemy. So my point is that you will hear it (except spying) if it is a legal request.
...where's the encryption on message histories? There is none. If the data is encrypted server-side, it's with keys that live on the servers. In other words, the encryption provides no value and the servers are "trusted." The point of end to end encryption is not to have to trust servers.
As stated in the FAQ normal chats are NOT end to end encrypted. Of course the server has to store the messages in plain text to make cloud sync work (without requiring a password).
Yes, to the/a guy who is developing a security application which works only with Android. But can you tell me how can you communicate over TextSecure when your friends are using iOS. Also how can you be so sure about your privacy when TextSecure is located/developed at the USA?http://en.m.wikipedia.org/wiki/Open_WhisperSystems
I'm assuming he's either a kid or struggling with mental illness (or both?). I used to assume that people with those posting habits were always trolls, but I've been wrong in the past and felt bad about it. :( If nothing else, assuming that they're people with problems and moving along works as a strategy for not feeding actual trolls.
Beyond doubts with the protocol itself, I think the more important consideration is that most people never use it. Telegram is not encrypted by default. Users have to create a special "secret chat" with contacts that is ephemeral, and some Telegram clients don't even support that mode. Last I checked, there was no way to have group "secret chats" in any client at all.
The result is a situation where many users seem to think that Telegram is somehow secure by default, when it definitely isn't. Telegram even stores plaintext copies of everyone's entire message history on the server for multi-device sync.
I think what Telegram is doing right now is dangerous, and potentially another Lavabit in the making. I'd like to see them incorporate a modern end to end encryption protocol, and enable it by default.
To be transparent, I work on TextSecure and am involved with the WhatsApp end-to-end encryption project.