top | item 16793950

(no title)

lxglv | 8 years ago

Out of curiosity: I’ve noticed a long-term sceptical attitude to telegram in HN audience and have seen multiple arguments against it. Something like that their crypto can’t be trusted, that it’s not time-proven. Don’t you know any good source with some sort of domain expert explanation, why shouldn’t it be used or trusted? No intention to start any flame against Signal, only curiosity regarding telegram flaws. Personal point of view is also appreciated.

discuss

Analemma_|8 years ago

> Don’t you know any good source with some sort of domain expert explanation, why shouldn’t it be used or trusted?

People like tptacek have talked here at length about why Telegram is not trustworthy, you can see a history of his comments with a simple search: https://hn.algolia.com/?query=tptacek%20telegram&sort=byPopu.... Moxie Marlinspike has also pointed out a bunch of problems with Telegram, and even if you don't consider him a trustworthy source because he runs a competing service, the technical reasoning behind his opinions is sound.

If you want a personal POV, here are three reasons why Telegram is a bad idea:

1) The large number of unsound technical decisions. See Thomas and Moxie's many comments for details, or the "Security" section on its Wikipedia page.

2) Within days of launching, they had a critical security vulnerability: https://news.ycombinator.com/item?id=6948742. Frankly, this alone should have discredited them forever, especially considering how much boasting they were doing beforehand, but people are stupid.

3) They have a consistent pattern of responding to criticism not with technical defenses, but with ad hominem attacks and conspiracy theories ("You're paid by the US Government!")

gsich|8 years ago

Some years ago all you needed for Whatsapp was the phone number and MAC address to login and view all messages. Nobody gives a shit about this today. Should have discredited WA forever too.

soziawa|8 years ago

It's not even end to end encrypted by default. That's the main reason why you shouldn't use it.

StudentStuff|8 years ago

This right here, how can such a basic step to protect your users be skipped?

lozenge|8 years ago

They rolled their own crypto. Just Google "telegram security" and you'll find explanations of why that's a red flag.

pmlnr|8 years ago

Someone has to roll new crypto, otherwise we're stuck. That said, I know about the potential issues with Telegram's encryption.

raarts|8 years ago

It's Russian. You know, like: hand over the encryption keys or you, or someone you love will disappear.

kirillseva|8 years ago

Telegram is actually fighting the Russian government over the encryption keys, saying that it is impossible to hand them over (I assume this is for e2e encrypted secret chats). The consequence of this action is that they'll likely get banned (i.e. removed from app store). How much of this is a farce remains to be seen, since the whole nation, from casual users to small businesses to government employees use the app daily.

As a Russian, I do appreciate the fear that the "russki" brand instills in your soul, but I think you are rightly being downvoted for jumping to conclusions simply based on nationality.