(no title)
exo762 | 20 days ago
Correct way of speaking about Telegram is - nothing* is encrypted. (encrypted chats are not more than 0.5% of all chats). That would be a "no spin" take.
> one guy dared write a crypto library rather than using their own
Red herring. This library is NOT used for more than 99.95% of chats on Telegram. It is applied only to "secret chat", which is a torture device with horrible UX. I guess that horrible UX is the result of choice of using custom crypto library instead of going with something capable of working when addressee is not online.
> Another darling is Signal who refused to stop collecting phone numbers until recently even though they never needed it, does not allow open source or other clients to use their servers (and won't release the actual server code) and frankly does not work half as well as Telegram in terms of UX.
Phone numbers are still used as anti-spam measure. You are free to get a burner, register an account and throw away the SIM card.
> does not allow open source
Signal client is open source.
> frankly does not work half as well as Telegram in terms of UX.
It works well where it does matter. Vide Telegram's "secret chats".
> All of this is really confusing for me.
You are clearly misinformed. That explains the confusion.
dizhn|20 days ago
- The library IS used for all encryption including the above client to server encryption. As far as I can tell from casual use the other end does not need to be online for secret chats per se. There's a key exchange with picture verification that requires the party on the other end to accept the chat request.
- The phone bits in your and the other commenters response sound a little bit handwavy to me.
- Telegram client(s) are also open source. The comment was about the server and interoperability with other clients.
After all it doesn't seem to me that I am more misinformed than yourself.
Valodim|20 days ago
No connection over the internet is not transport encrypted these days, but that is not what this conversation is about. It's about whether messages are encrypted so the server cannot read them. And Telegram is commonly mistaken to have this property, including OP I was responding to.
If you go around telling people that telegram is "encrypted", please stop. You are spreading disinformation.
exo762|20 days ago
By this metric Facebook and Google are encrypted, because TLS. Sorry, Telegram's messaging is an attempt to mislead users, plain and simple.
> The library IS used for all encryption.
They could chose to use TLS for for almost all chats, and instead they've "invented" MTProto. Why go with MTProto?
> As far as I can tell from casual use the other end does not need to be online per se.
You are wrong. Phone on other side has to accept "secret chat request" (no user interaction is needed). Until its accepted, initiator's app interface is blocked with a spinning circle. And to add insult to injury, one can't initiate secret chat from desktop client.
> Telegram client(s) are also open source.
Yes, it is very refreshing to be able to verify that they can read all of my messages. /s
> The comment was about the server and interoperability with other clients.
Signal leadership explicitly stated that they care about secure comms and don't care about ecosystem around the chat. You can create your own client, you can't market it as Signal because that might "endanger lives".
> - The phone bits in your and the other commenters response sound a little bit handwavy to me.
I issue you a formal apology on behalf of HN hive mind. /s
On serious note - palata's point is right, but a bit outdated. Functionality is still there, but it became opt-in. New users have phone number automatically hidden and phone number is collected only as an anti-spam feature.
I'll repeat my point again. Telegram is a honey pot of messengers and nobody should use it.