top | item 41351502

(no title)

mfiro | 1 year ago

In my opinion, Telegram is more of a social network than a messenger. There are many useful channels and in many countries, it plays an important role in sharing information. If we look at it from this point of view, e2ee does not seem very important.

We should also not forget that, in the time when all social media (Reddit, X, Instagram etc.) close their APIs, Telegram is one of the only networks that still has a free API.

discuss

maqp|1 year ago

That's the dangerous part. It's a messaging app that took in the function of a social media platform. It did so without robust security features like end-to-end encryption yet it advertised itself as heavily encrypted. Like Green stated in his blog post, users expect that to mean only recipient can read what you say, i.e. end-to-end encryption.

Telegram would be fine if it advertised itself as a public square of the internet, like Twitter does. Instead, it lures people into false sense of security for DMs and small group chats, which is what Green's post and thus this thread is ultimately about.

Free API doesn't mean anything until they fix what's broken, i.e. provide meaningful security for cases where there's reasonable expectation of it.

est|1 year ago

> a social media platform. It did so without robust security features like end-to-end encryption

Most social media platforms doesn't support e2ee.

Some chat apps do support e2ee but also requires a god damn phone number to login (yeah so does telegram), this makes "encryption" useless because authorities just ask the teleco to hand out the login SMS code.

niutech|1 year ago

> It did so without robust security features like end-to-end encryption yet it advertised itself as heavily encrypted.

Telegram has E2E encryption, but only in Secret Chats: https://telegram.org/faq#secret-chats

mikrotikker|1 year ago

The free API is amazing I have so many little helper bots that help me automated my life. It's easy better easier and more feature rich than twilio or slack. I made my own stock management bot that ate a screener spreadsheet I upload in the chat and tell me if I should sell my stocks.

There is even that freqtrade bot that runs on telegram, even RSS bots. It really is amazing. So easy to use for chat ops.

I don't know what else you would use the API for.

prmoustache|1 year ago

Most "normal" people use messaging app and social medias DM interchangeably.

For instance 2 days ago my partner wanted to show me a message her friend sent, went to whatsapp and couldn't find it then realized said friend had used instagram DM for that. Most people don't care enough.

codedokode|1 year ago

> It's a messaging app that took in the function of a social media platform. It did so without robust security features like end-to-end encryption yet it advertised itself as heavily encrypted.

Do you want to say that social networks must implement E2E? Personally I think it is a good idea, but existing social networks and dating apps do not implement it so Telegram is not obliged to do it as well.

As for promises of security, everybody misleads users. Take Apple. They advertise that cloud backups are encrypted, but what they don't like to mention is that by default they store the encryption keys in the same cloud, and even if the user opts into "advanced" encryption, the contact list and calendar are still not E2E encrypted under silly excuse (see the table at [1]). If you care about privacy and security you probably should never use iCloud in the first place because it is not fully E2E encrypted. Also note, that Apple doesn't even mention E2E in user interface and instead uses misleading terms like "standard encryption".

This is not fair. Apple doesn't do E2E cloud backups by default and nobody cares, phone companies do not encrypt anything, Cloudflare has disabled Encrypted Client Hello [2], but every time someone mentions Telegram, they are blamed for not having E2E chats by default. It looks like the bar is set different for Telegram compared to other companies.

[1] https://support.apple.com/en-us/102651

[2] https://developers.cloudflare.com/ssl/edge-certificates/ech/

unknown|1 year ago

[deleted]

vaylian|1 year ago

What is your definition of a social network?