It's funny to see this towards the top of the comments here. Feels like not that long ago that Telegram updates would be downvotes on HackerNews because "you should never trust an app that designed their own encryption protocol."
Telegram's UX is outstanding. Their E2E encryption (for "secret chats") is also questionable. Both are simultaneously true.
It depends on your needs.
I use Telegram like an IRC client, primarily participating in medium/large (20-200 user) group chats. In that sense, I don't really care about encryption because the channels are semi-public anyway. I just want whatever client gives me the best experience.
(On the other hand, if I were discussing sensitive topics, I'd probably pick something else.)
…yes, I am aware Telegram does not use the absolute best practices, and at the very least, I imagine it can be cracked wide open by a nation-state intelligence agency.
Which is why, for my occasional super-secret must-be-hush-hush chats, I use other clients. For my day-to-day chats? Telegram. Because, to be privileged, to be flippant: the NSA is welcome to read my texts about what I’m buying at Target this afternoon.
It is built by an anarchist person who always refused to give out personal info of people to the point where his company was taken from him, and he ran away to France. He and his brother hired a ton of PhDs and made lots of paid challenges that no one could break their encryption. Their software is open sourced. The encryption Moxie Marlinspike uses was conveniently funded by the very US government agencies interested in breaking encryption.
He is simply pointing out what others have as well - that using the crypto whose development was financed by the very people interested in breaking it, may not be that smart.
And is the story about from Jan about vulnerabilities in Signal that are absent in Telegram also planted by him? Want to see more incidents like that?
Signal is a US company and „do not roll your own crypto“ is an NSA meme. It translates to „only use crypto we probably know how to compromise“. That doesn’t mean the algorithm itself must be wrong, it could just be that the implementation has subtle bugs.
