Here's what telegram's founder say about Whatsapp's privacy
Here's what telegram's founder say about Whatsapp's privacy
The world seems to be shocked by the news that WhatsApp turned any phone into spyware. Everything on your phone – including photos, emails and texts – could be accessed by attackers just because you had WhatsApp installed [1]. This news didn’t surprise me, though. Last year WhatsApp had to ad...
This is an article written by telegram's founder and CEO Pavel Durov in 2019 on "Why whatsapp will never be secure". Your thoughts?
Sure, fuck WhatsApp, but Telegram isn't even end-to-end encrypted most of the time. Their group chats never are, and their "secret chat" encryption for non-group chats must be explicitly enabled and hardly ever is because it disables some features. And when it is encrypted, it's with some dubious nonstandard cryptography.
It's also pseudo open source; they do publish source code once in a while but it never corresponds to the binaries that nearly everyone actually uses.
And the audacity to talk about metadata when Telegram accounts still require a phone number today (as they did five years ago when this post was written) is just... 🤯
State-sponsored exploits against WhatsApp might be more common than against Telegram, or at least we hear about them more, but it's not because the app is more vulnerable: it's because governments don't need to compromise the endpoint to read your Telegram messages: they can just add a new device to your account with an SMS and see everything.
(╯° °)╯︵ ┻━┻
Anything claiming to prioritize privacy yet asking for your phone number (Telegram, WhatsApp, Signal, ...) is a farce.
Anything claiming to prioritize privacy yet asking for your phone number (Telegram, WhatsApp, Signal, ...) is a farce.
Yeah, sure. The privacy farce signal.
I'm getting tired of this stupid hardline-take.
Shit, 2019 really was five years ago.
Telegram isn't perfect, but it is infinitely better than Whatsapp because it doesn't belong to Facebook, and also isn't from the United States. Also it can be used by normies without problem, unlike Matrix or Xmpp or what have you.
Brother, it has servers all over the world (including the US) where it hosts your data unencrypted. Telegram is nearly not inifinitely better than WhatsApp.
Sure, WhatsApp exposes you to US jurisdiction and Meta bullshit. At the same time, Telegram is very friendly with the Kremlin and associated intelligence services. So it basically comes down to whether you want to be spied on by Russian or US entities.
Source: Wired cover story
Wired story from a year ago about the FSB using Telegram to track down political activists.
And the audacity to talk about metadata when Telegram accounts still require a phone number today (as they did five years ago when this post was written) is just… 🤯
Not only that, but I believe that they actively try to prevent VoIP numbers from being used to create accounts.
I don't agree with everything but that last point of yours. Requiring your phone number only means your are not anonymous. There is no need to be anonymous to communicate privately. In fact, it can be counterproductive, since your are much more vulnerable to social engineering.
And also not secure if somebody sim swapped you, and then your privacy goes into the hands of the FSB agent who sim swapped you
Signal is great. Stop being overzealous
Bravo, bravo, bravo!!
Dude, see you on the same side of the barricades when the time comes to fight the centralized army of agent Smiths 👏👏👏
Then what is the choice?
Signal is just fine. This with the PhoneNumber is a really stupid hardliner-take.
Something can be private without being anonymous.
Simplex - requires nothing, just install. But you connect with other people by sending a code outside of SimpleX. Though they've added a directory service for groups.
XMPP
Wire (not Wiremin), though it requires an email account, which is easily addressed with a disposable email.
Signal is very secure from what I've read, despite the phone number identifier.
What a load of hipocrisy. The dude uses unauthenticated DH for his apps "secret chats", which a bored student with a laptop can MITM in seconds. Other chats use just TLS, meaning they get to read EVERYTHING.
Use Signal, people.
Permanently Deleted
Signal is based in the United States, enjoy having CIA and NSA reading all your messages.
deleted
Telegram backend is still closed-source, btw
"Here's what someone who has never created a private messenger thinks about Whatsapp's privacy."
Why would anyone care about what he has to say? 💀
Owned by Facebook, which is a giant US company.
Of fucking course it has backdoors.
I'm confused regarding why you don't consider telegram a private messenger.
It's been a while since I looked into it, and things might have changed since then, but some stuff off the top of my head:
- Messages are stored on the server, not on the device
- end-to-end encryption not enabled by default
- uses proprietary encryption, making security audits difficult
Apart from that it's somewhat politically questionable, based in Dubai (I think), with dubious financial backing and Russian developers. Because it's closed source and the encryption is proprietary, there's no way of knowing how much info it leaks.
Never has been, no default e2ee, and those exploits that leaked a ton of users locations.
Not to mention, no messenger is verifiably private unless it is fully open source.
Telegram isn't, so you must be very confused indeed
Clicking the link gives me the following warning:
The site ahead may contain harmful programs
Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).
weird, works for me in firefox with all privacy features enabled, can you please try this link: https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15
Your original link is blocked at DNS level on my 'Threat intelligence' blocklist.
And that link is blocked at DNS level by 'Toxic' and 'Stop Forum Spam' filters.
So it's blocked before the browser can even connect for me.
Great, thank you!
WhatsApp's e2e encryption is based on the Signal protocol and active by default. Telegram's is opt-in. So much for Telegram's superior privacy...
They tell whatever they want until their claims can be validated with the source code. If we take it for granted that they use an original, unmodified version of the signal protocol programming libraries, there are still multiple questions:
- how often do they update the version they use
- what are they doing with the messages after local decryption (receiving), and before encryption (sending)
- how are they storing the secret keys used for encryption, and what exactly are they doing with it in the code
Any of these questions could reveal problems that would invalidate any security that is added by using the signal protocol. Like if they use an outdated version of the programming library that has a known vulnerability, if they analyze the messages in their plain data form, or on the UI, or the keypresses as you type them, or if they are mishandling your encryption keys by sending them or a part of them to wherever
No. Whatsapp's metadata is not encrypted and can be used by its parent company, also backups are not secure. While telegram's is opt in (yeah that sucks and here's there excuse for that https://tsf.telegram.org/manuals/e2ee-simple), they are as secure as signal's (if not more).
Definitely not. Telegram's MTProto encryption protocol is garbage
The Signal protocol is far superior. Stop spreading misinformation.
Permanently Deleted
I believe Moxie helped them integrate Signal protocol into WA successfully while preserving user integrity and privacy.
However, it wouldnt be out of the realm for them to make modifications to their custom protocol that Moxie helped design, and turn it into a privacy nightmare after the fact.
Permanently Deleted
WhatsApp will be never private and secure, while Telegram will be never private. 😁
Who said telegram is secure?
No one said the opposite, while on WhatsApp they had several vulnerabilities that allowed attackers to get the user phone control.
An example: https://thehackernews.com/2021/04/new-whatsapp-bug-couldve-let-attackers.html
But there were many more vulnerabilities or "features" that WhatsApp allowed attackers or governments to get into user data. While I haven't read anything about against Telegram security.
I'm not qualified enough to argue, but I wouldn't trust Durov. He's a competitor, after all. And he has a history of questionable decisions.
Permanently Deleted
deleted
Permanently Deleted
Both WhatsApp and Telegram suck. Just like any other messenger that's either proprietary or not end to end encrypted. Signal is clearly the best choice.
Signal is not the best choice, it's just a somewhat aceptable middle ground. I prefer something that doesn't require a phone number and something you can self-host, like XMPP.
Good luck convincing normies to use some obscure messaging protocol. It's difficult with Signal, even harder with Matrix, basically impossible with XMPP. 99.99999% have never in their life heard about XMPP. Also most mobile clients absolutely suck. You also can't get proper push notifications without completely ruining your battery life. What a great choice!
You mean that XMPP protocol which is not encrypted by default? Oh yes you mean that.
XMPP would need to be redesigned from ground up as a secure and private messaging protocol to be a valid choice.
XMPP has it advantages but to many cry out that it is the savior when it is not. We need something better.
Guys, please stop using telegram if you care for your security and privacy
Telegram is not fully open source, sometimes they release the source, but the hashes of the builds don't even match (so it's a different source code) 🚩
Zero transparency about data handling, even when they get caught they don't tell details 🚩 (Telegram in the recent years has got really shady reputation)
Very often ways they implement security is weird: non open source app, non open source server, leaking APIs, use of phone numbers, at some point they started asking for an email, non encrypted chats by default, never encrypted group chats.. it can continue forever 🚩
Non-standard encryption is a real red flag, non-open-source 🚩
I know some people that work/worked for the police, and they can read all the messages easy peasy, i was trying to tell to the people many years ago, but everyone was so amused by the stickers. Now you can just read stories of the journalists and activists, and how they got imprisoned with the use telegram 👁️🗨️💀
PLEASE, STOP USING TELEGRAM IF YOU CARE FOR YOUR PRIVACY OR SECURITY
Except if you open source server, there's no way to verify it is using same code anyways and their client is already open source so waste point.
sometimes they release the source, but the hashes of the builds don't even match.
When did this happen? Source?
Signal asks phone numbers, emails are universally known. If you don't want to give them your real phone number, buy one from fragment.com (their web3 service where they sell phone number for crypto). Emails are already public and they ask them only for recovery process and its opt on so there's no problem with that.
All chats are encrypted by default from private to group using mtproto, where there have been no breaches found yet so stop spreading misinformation.
Again telling personal experience which maybe lie, can you share source of your claims? Which journalist got arrested due to telegram?