On this subject, I like to quote Pavel Durov, the founder of Telegram:
"Since the creation of WhatsApp, there's hardly been a moment in which it was secure: every few months researchers uncover a new security issue in the app. I wrote about this in detail 2 years ago (read here if you missed it). Nothing has changed since then.
It would be hard to believe that the technical team of WhatsApp is so consistently incompetent. Telegram, a far more sophisticated app, has never had security issues of such severity."
I strongly dislike this perspective and find it naive. It is similar to saying Mac is more secure than Windows. WhatsApp is a huge target compared to Telegram.
I guarantee you if we all switched to Telegram nothing would change, and I would bet money these exploits boil down to open source libraries which are commonly used in these apps.
It does not pay to be high browed with security. Even Chrome, with all its investment into security, gets pwned on a regular basis.
I wonder if someone more informed could help me understand Telegram's business model, as I don't think I could rightly describe the startup and product in a way that wouldn't sound like I was casting aspersions.
Why would anyone use Telegram over something end to end encrypted, like Signal, Matrix, WhatsApp, Facebook Messenger, etc.?
I’ve tried all of the apps you listed and they all have significantly less polished UX, except perhaps for Messenger. In an alternative universe, I could very well be using Messenger.
My personal assessment is that if you have to communicate something that must not ever leak out, you shouldn’t use a chat app at all, period — because in many many cases my interlocutor is less careful than I am (or their degree of carefulness is unknown). You can use an E2E video app but not a chat app. Telegram’s video is E2E.
If my entire Telegram history leaks out, I estimate that I’ll be in a bit of trouble, but not significant trouble.
Of course, I might be wrong. In fact, while writing this comment I realized that the risk is probably somewhat bigger than I think it is, and in an ideal world using E2E would be advisable.
However, this isn’t “why you should use Telegram” but rather “why do you use Telegram”, so this is why I use it — significantly better UX, partly network effect, and partly that leaking my entire history is not even in the top 100 worries I have in life.
It has features that regular users really, really like. Not having to associate the account with a phone number, scheduled messages, groups/channels with thousands of users, the ability to program bots, silent messages, editable messages, ...
Some people care more about these than security or privacy. It's that simple.
As for monetization, I believe they have premium stickers and such.
I think the irony is that so many attack Signal for pursuing more features. While they aren't features I personally care about I do recognize that I can't have secure communications with people that are unwilling to use secure means of messaging. While I want anonymous identities (not actually usernames akin to what we have here) I do think the social graph is far more important. Not that you can't work on both at the same time (though Telegram and WA have significantly more developers)
Hey, I'd love to hear that one. Moxie has been around for a long time. If somebody has rationalizations for everything he released broken and talked about in context of being part of Mossad that should be a fun read.
«The Russian government hates him too.»
Telegram is one of few popular messengers that are NOT blocked/prohibited in Russia. So government and Durov have some agreement.
Russia’s main security agency, the FSB (a successor to the KGB) has branded Telegram the messenger of choice for “international terrorist organizations in Russia.”
The government’s first attempts to ban it, a year ago, resulted in entire sections of the web, online stores, services—even the Kremlin museum’s ticket sales—being inadvertently blocked. But the messaging app has adopted a clever system of changing IP addresses that currently outsmarts the government ban.
Meanwhile, users have continued to access Telegram through VPNs, or virtual private networks, which have become increasingly popular.
It is difficult or impossible to block Telegram in Russia.
> Russia’s main security agency, the FSB (a successor to the KGB) has branded Telegram the messenger of choice for “international terrorist organizations in Russia.”
Telegram implements video calling using bunch of sketchy C code same as WhatsApp and Signal. There's no reason to think it's less vulnerable these sort of bugs.
Sqlite has had multiple CVEs featuring use-after-free, heap overflows, usage of null pointers, use of uninitialized memory, and array bounds overflows. [1]
Coming from an app with a quarter of the users (so to say it's been less of a subject of investigation as such). "Far more sophisticated" also? What does that mean?
If Whatsapp has voluntarily been adding these issues, or has been targeted somehow, I would love to dig into research related to that. I'll check out the details regarding this attack in some hours.
This perspective seems extreme given the current evidence though. Switch to something like Matrix for sure though u.u
Edit: I'm not a proponent for whatsapp. I just understand telegram also isn't the best, and has a good incentive to shit on whatsapp
> It would be hard to believe that the technical team of WhatsApp is so consistently incompetent. Telegram, a far more sophisticated app, has never had security issues of such severity.
This says a lot more about the technical competence of Pavel Durov than it does of the WhatsApp team.
There are several good reasons why WhatsApp bugs sell for 1.5 million dollars, and Telegram bugs sell for only $500k. It mostly comes down to supply and demand.
"Since the creation of WhatsApp, there's hardly been a moment in which it was secure: every few months researchers uncover a new security issue in the app. I wrote about this in detail 2 years ago (read here if you missed it). Nothing has changed since then.
It would be hard to believe that the technical team of WhatsApp is so consistently incompetent. Telegram, a far more sophisticated app, has never had security issues of such severity."