top | item 35667136

(no title)

The argument regarding "source code" is misleading and not entirely relevant. It's worth noting that Telegram's backend is also closed source, yet its supporters often overlook this fact.

Decompiling and inspecting mobile apps is relatively simple, so if there were any issues with the WhatsApp client, they would likely have been uncovered already.

As for Telegram, its messages are stored in plain text on their servers, and it doesn't offer default end-to-end encryption. This means that if Russian secret services were to gain access to Telegram's backend, they could easily read all the messages.

Therefore, when using Telegram, it's important to be aware that its administrators have the ability to read all of your messages.

discuss

NayamAmarshe|2 years ago

> It's worth noting that Telegram's backend is also closed source, yet its supporters often overlook this fact.

Backend is never verifiable. It's a moot point. Signal's backend is open source yet they always release the sources late. Their servers were running entirely different code for a year and they even injected some cryptocurrency related features which weren't reflected in the source code.

Backend is always unverifiable, open source or not.

> Decompiling and inspecting mobile apps is relatively simple

Not so much when WhatsApp obfuscates binaries on purpose.

On top of that, the T&C clearly forbid you from doing it.

> As for Telegram, its messages are stored in plain text on their servers

Absolutely false. Telegram's cloud encryption algorithm has already been audited by independent researchers.

Calling symmetric encryption as "plain text", is disingenuous.

> This means that if Russian secret services were to gain access to Telegram's backend, they could easily read all the messages.

I guess Russia's telegram ban doesn't matter then? Nor Durov's fight with the Russian government. He actually moved to another country to stop the Russian government from having access to the servers.

It's totally fine to understand your security context and the security your messaging medium provides but it's not good to misrepresent facts and use terms that mislead people.

AdrenalinMd|2 years ago

My point is precisely this: With robust end-to-end encryption in place, there's no need to rely on the trustworthiness of the backend. Unfortunately, Telegram lacks this feature, making it untrustworthy.

Even with Telegram's encryption, messages can be compromised through a straightforward SIM swap. This means that their encryption is essentially irrelevant since messages can be read without needing an encryption key from the client.

I recommend checking out Moxie Marlinspike's Twitter thread on this topic for further insight. You can find the link I previously shared in another thread.