Signal founder criticizes Telegram and compares it with facebooks messenger
Marlinspike's main claims
- Telegram stores all your contacts, groups, media and all messages that you have ever sent or received in clear text on its servers... The app on your phone is just a "view" of their servers, where the data is actually stored.
- Here's a simple test: uninstall Telegram, install it on a brand new phone and register with your number. You will immediately see your entire conversation history, all your contacts, all the media you've shared, all your groups.How? All this was on their servers, in the clear.
- The confusion is that Telegram allows very limited “secret chats” (no groups, synchronous, no sync) that nominally use end-to-end encryption, even if the security of the e2ee protocol they use is questionable.
- By default, e2ee is not, but they talk about it as if it is... Facebook Messenger also has e2ee's "secret chat" mode, which is actually much less restrictive than Telegram (and also uses the best e2ee protocol), but no one considers Messenger an "encrypted messenger". Facebook Messenger and Telegram are built in almost the same way.
- In reality, privacy technology is not about trusting someone else with your data. It's about not trusting. The message you send should be visible only to you and the recipient. The information about the group should be visible only to its members. Finding contacts should not disclose them to anyone else.
- Privacy technology is really about making the technology consistent with the user interface. Butif Telegram's user interface matched how the technology works, each chat would be a group chat with everyone who works on Telegram + everyone who hacks into Telegram + all government agencies that have access to Telegram, and so on.
- For those who write about this space, my request is that when you write "encrypted messenger", it should at least mean an application in which all messages are by default e2ee. Telegram and Facebook Messenger are built in exactly the same way. And none of them are "encrypted messengers".
The fact is that Telegram has never been hacked, while the same e2e-encrypted WhatsApp owned by Meta (formerly Facebook - approx. KD) is successfully hacked through backdoors and backups. The founder of Telegram, Pavel Durov, has repeatedly talked about this in his publications. For example, in January 2020, he released a great piece in which he speculated about why it is dangerous to use WhatsApp.
And in January 2021, Durov emphasized that every chat on Telegram was encrypted since the launch of the messenger, while WhatsApp had no encryption at all for a long time, and later "adopted a protocol funded by the US government that makes the presence of backdoors and dependence on backups meaningless."
In the same month, in response to a comment that more and more publications appear about a higher level of privacy in Signal compared to Telegram, Pavel Durov said that it is not correct to compare these two applications, since Signal is only one of Telegram's functions - secret chats. In Durov's own opinion, secret chats are much more convenient and safer.
As for the fact that end-to-end encryption is "not used by default" in Telegram, Pavel Durov explained the essence back in August 2017. This is also discussed in the FAQ . In short: secret chats are e2e-encrypted chats that are never saved, and cloud chats are encrypted in the same way, however they have a built-in cloud backup.
Another important thing is server-side code. Telegram does not disclose it after Durov found out about attempts to ferret him out by one of the "authoritarian regimes" to create the same convenient local application with the subsequent closure of all other social networks in the country: