logoalt Hacker News

dakollitoday at 4:52 PM1 replyview on HN

telegram is the safest encrypted messaging app. Period, full stop.


Replies

maqptoday at 5:06 PM

>telegram is the safest encrypted messaging app. Period, full stop.

Yes, let's see

* Not end-to-end encrypted by default

* No end-to-end encrypted groups

* No end-to-end encryption on any desktop client by the vendor, forcing cross-platform users to drop secret chats. This includes 81% of working age people who sit on their computer during work day, and 100% of college students and IT workers.

* No post-quantum key exchange

* No future secrecy

* No per-message forward secrecy

* Bullshit claims about distributed keys https://security.stackexchange.com/questions/238562/how-does...

* Lacks ALL metadata protection from server like phone number, IP-address and thus geolocation, contact list, group memberships, quantity and schedule of communication, data types. In fact --

* Secret chats leak additional metadata about intent to hide content from TG as the vendor.

Also,

History of poor encryption implementation

* 2013: A cracking contest https://news.ycombinator.com/item?id=6932648

* 2013: Telegram, AKA "Stand back, we have Math PhDs!" http://unhandledexpression.com:8081/crypto/general/security/...

* 2015: IND-CCA issues https://eprint.iacr.org/2015/1177.pdf,

* 2015 64-bit complexity MITM attack https://web.archive.org/web/20160425091011/http://www.alexra...

* 2021 Valsorda "The Most Backdoor-Looking Bug I've Ever Seen" https://words.filippo.io/telegram-ecdh/,

* 2021 https://mtpsym.github.io/ and https://mtpsym.github.io/paper.pdf

Some analysis:

* 2025 Matthew Green analysis https://blog.cryptographyengineering.com/2024/08/25/telegram...

* 2025 "Telegram is indistinguishable from an FSB honeypot" https://rys.io/en/179.html

Also,

They employ volunteering sockpuppets https://tsf.telegram.org/

Durov who supposedly lives in exile has visited Russia over 50 times https://eutoday.net/pavel-durovs-secret-visits-to-russia/

I can't scream "drop & run" loud enough.

show 1 reply