alt Hacker News- Messages by default are encrypted in transit. Client to server. Yes Telegram does have access to those messages. (I don't believe we had any e2e encrypted chat service before the likes of signal, matrix etc. Whatsapp added it after Telegram too if my memory is right.)
- The library IS used for all encryption including the above client to server encryption. As far as I can tell from casual use the other end does not need to be online for secret chats per se. There's a key exchange with picture verification that requires the party on the other end to accept the chat request.
- The phone bits in your and the other commenters response sound a little bit handwavy to me.
- Telegram client(s) are also open source. The comment was about the server and interoperability with other clients.
After all it doesn't seem to me that I am more misinformed than yourself.
Replies
> Messages by default are encrypted in transit. Client to server.
By this metric Facebook and Google are encrypted, because TLS. Sorry, Telegram's messaging is an attempt to mislead users, plain and simple.
> The library IS used for all encryption.
They could chose to use TLS for for almost all chats, and instead they've "invented" MTProto. Why go with MTProto?
> As far as I can tell from casual use the other end does not need to be online per se.
You are wrong. Phone on other side has to accept "secret chat request" (no user interaction is needed). Until its accepted, initiator's app interface is blocked with a spinning circle. And to add insult to injury, one can't initiate secret chat from desktop client.
> Telegram client(s) are also open source.
Yes, it is very refreshing to be able to verify that they can read all of my messages. /s
> The comment was about the server and interoperability with other clients.
Signal leadership explicitly stated that they care about secure comms and don't care about ecosystem around the chat. You can create your own client, you can't market it as Signal because that might "endanger lives".
> - The phone bits in your and the other commenters response sound a little bit handwavy to me.
I issue you a formal apology on behalf of HN hive mind. /s
On serious note - palata's point is right, but a bit outdated. Functionality is still there, but it became opt-in. New users have phone number automatically hidden and phone number is collected only as an anti-spam feature.
I'll repeat my point again. Telegram is a honey pot of messengers and nobody should use it.
> - Messages by default are encrypted in transit. Client to server. Yes Telegram does have access to those messages.
No connection over the internet is not transport encrypted these days, but that is not what this conversation is about. It's about whether messages are encrypted so the server cannot read them. And Telegram is commonly mistaken to have this property, including OP I was responding to.
If you go around telling people that telegram is "encrypted", please stop. You are spreading disinformation.