Telegram needs to enable e2ee by default, cause the way it is now, you may as well not have it.

I mean that is a fair point. But open source client only matters if people were using Telegram’s secret chats consistently. The closed source server is what’s most important when almost all communication happens plain text.

You can hide your phone number now with the release of usernames in Signal. Still need it for registration tho.

I suspect that’s because Telegram’s marketing and it’s users consistently try to place Telegram in the same categories as actually secure and encrypted messengers. Whereas I don’t see tech blogs claiming that FB messenger is secure.

Good catch 🫡

Maybe it’s different on Android or Desktop/Web. On iOS it’s more than 2 clicks. And it’s tucked away. It would be surprising to me if the UI is that inconsistent across different platforms. But I can’t know for sure. So I will defer to the subject matter experts on Telegram.

It’s 100% not just two clicks. You make it sound easier than it really is. But there’s no way for a new or infrequent user to know where it is unless they explore a bit or even knew to look for it. It’s hidden away behind a hamburger menu.

In my OP, I was merely referring to how FB Messenger and Telegram functions the same.

Speaking to the protocol used for encryption is a moot point… because even if MTProto 2 was better, it’s still not enabled by default in both messengers.

Right. But it’s also not exactly “easy” which is what you’re saying it is.

If easy was a sliding scale. Easy would be enabled by default. Hard would be making it obscure and hard to find. I would say it’s definitely closer to the harder to find side. But that’s just me. But 3 clicks, and having to switch chats and maybe delete the old one to avoid confusion, none of that is easy.

Ah good point, gotta delete the old unencrypted chat too to avoid confusion. That’s definitely more than just 3 clicks.

If you’re talking to 30 people, it’s 90 clicks. It might be 3 clicks if you know where to look, but end of the day, even if you know where to find it, that’s still that many clicks times how many people you chat with. It’s not ideal. I wouldn’t say it’s complicated sure, but it’s not easy.

Yeah, the fact that FB messenger uses Signal protocol, means the encryption is better recognized than the one used in Telegram. But the lack of on-by-default or the need to drill in a few options before enabling secret chats… I mean it’s even named the same thing as Telegram.

It’s three clicks. And it opens a separate chat from the existing one. It’s obscure enough that you could say the UX deprioritizes (which at best is not an actively malicious design choice) usage of end-to-end encryption.

If Telegram is considered an encrypted messenger, then FB messenger should be too. Works exactly the same. I don’t know about you, but being the same level as FB messenger should speak volumes to whether Telegram is “encrypted” or not 🙄

You should try out https://pcpartpicker.com/

Great tool to spec out a computer and give you an idea of how much it’ll cost you.

Anyone have an invite code for Filelist? 🫶

We are in a privacy community. A privacy community with a specific website that makes recommendations on messenger apps. And yet, OP is asking for an opinion on comparisons between Signal (recommended by the guide) and Telegram (which isn’t even in the guide). Why would this be necessary if they weren’t thinking Telegram could be a private and secure messenger too? Even tho it’s not recommended on privacy guides. Draw whatever conclusions you want to fit your own world view. But just because others do so differently, doesn’t mean they’re bots. That’s a very lazy way to view the world. And that is also just my opinion. If you wanted to discuss the points of the article, I’m down. But if you’re coming in here to be reductive because you have a differing opinion, then this is all I’m going to be saying to you.

Thanks for the article. That’s a really good breakdown for most arguments of Telegram propagandists. 🙌

Hm? Not sure which Signal you’re using. But it very much still requires a phone number to use. Usernames are not available just yet. There’s activity related to usernames in the GitHub repository, but no release yet.

They did remove the ability to send and receive SMS from their Android app. That was about last year or so.

https://signal.org/blog/sms-removal-android/

I’m getting at the fact that most platforms do stupid shit like “this message might not be deleted if the receiver already saw it” like WhatsApp does and/or replacing messages with placeholders saying “this message was deleted”. Telegram can be plain-text and can have a lot of issues but it guarantees that stuff is actually removed without trying to bullshit you like other do.

There’s absolutely 0 guarantee that what you’ve “deleted” is deleted. On any platform really. But what you can rely on is the fact that the E2EE is there to make sure things are only readable by whoever the messages were intended for (barring being hacked and compromised keys etc). The message can say whatever it wants, doesn’t mean a lot if you can’t trust the source. Again, we’re just talking about different threat models. With Telegram, it’s not meant for secure and private communication. It has a different audience. And to push Telegram as a private or secure communication, you’re actively doing the public a disservice.

If we assume that your privacy / security is broken (because it is) I might as well use the platform that provides the best desktop and mobile experience with fast syncs, ability to disable animations, have real desktop apps and not electron shit.

If you can’t trust even open source technology that you can review and build yourself. And trust renowned cryptographers reviews of this technology… then why are you in a privacy community telling people their experiences aren’t true to what they’re telling you?