Telegram encryption is not opt in. End-to-end encryption however is.
Also this always get mentioned and everyone confuses encryption and end-to-end encryption.
What seems to never get mentioned here unless I do is that there is more to security than end-to-end encryption or not:
WhatsApp would (will? I don't use it since years ago) happily upload your data unencrypted (actually unencrypted not not-end-to-end-encryted!) to the biggest data harvester of all -Google if you or anyone you chat with enabled cloud backups.
Signal had months I think where they had a weird bug were tje client would send pictures to people without the user triggering it.
Facebook Messenger besides leaking all your communication patterns to the second largest data harvester also have this nifty feature were if someone reports your message an unencrypted message goes to Facebook.
Facebook was also the ones that suggested people uploaded nudes so the could "know what they should remove", wasn't it?
Signal also had a nasty exploit that would let anyone who sent a specially crafted message take control over the signal users computer if they opened the message in the desktop client.
Telegram is also the only one that I am aware of that has reproducible builds for both Android and IOS. For every other client you have to trust them. With Telegram you can (could at least last I checked) check out the source, build it and compare it to the version on the App Store.
What I mean is not that one should trust Telegram (there are things I use Signal for), only that when it comes to security engineering there is a lot more to consider than end-to-end encryption and HN really struggles to see this.
seems like meta and google jump thru a lot of hoops to maintain the sharade of e2e-privacy whereas with telegram you know upfront that everything goes to someone else's computer and call it a day
Signal I think is very good with the two major exceptions:
- AFAIK they don't publish reproducible builds
- They've (IIRC and AFAIK) at times had lower quality when it came to the non cryptographic parts.
So if someones lives depend on e2e-encryption Signal is the only recommended messenger IMO.
For following public news channels from Ukraine and the Middle East there is no alternative to Telegram.
And if I have to organize something and not everyone is ready to install Signal (i.e. all the time around here) I try to use Telegram. That way I'm at least not spoonfeeding Google and Meta at the same time.
If FSB sits on my weekend plans that is annoying but no big deal.
(I was however rather annoyed when I realized local police used Telegram a while ago. I think that was very irresponsible.)
Signal has reproducible builds on Android. If they have on IOS like Telegram then I have missed it.
I realize now that while I wrote reproducible builds on both Android and iOS further up the thread I forgot to in my last reply. It was an honest mistake, I forgot.
Telegram is open source.
And has reproducible builds.
So anyone can audit it and verify that
a) end-to-end encryption either works or does not (but I guess someone had told us if it was broken)
b) it is not enabled by default
c) in the default mode data is sent encrypted to Telegrams data centers, after that you have to trust Telegram not to snoop in it.
Does not mean it is perfect or even good, but for its use cases it is a lot better than HN gives it credit for.
