Reads like a hit piece on Telegram from a crypto expert who couldn't be bothered to explain in more than one paragraph why the app he is calling not an encrypted app (according to how he personally thinks everyone refers to when talking about encryption) actually uses some encryption technology that he's not exactly sure of but suspects is insecure.
He specifically explains what people think an encrypted app is:
>Many systems use encryption in some way or another. However, when we talk about encryption in the context of modern private messaging services, the word typically has a very specific meaning: it refers to the use of default end-to-end encryption to protect users’ message content. When used in an industry-standard way, this feature ensures that every message will be encrypted using encryption keys that are only known to the communicating parties, and not to the service provider. From your perspective as a user, an “encrypted messenger” ensures that each time you start a conversation, your messages will only be readable by the folks you intend to speak with.
So and encrypted messaging app means to people the security that an end-to-end encrypted app provides.
He then explains how Telegram is not end-to-end encrypted.
* No end-to-end encryption by default
* No end-to-end encryption for groups, not even small groups.
To add, there's no end-to-end encryption for desktop chats either. And no end-to-end encrypted cross-platform chats either.
Your post reads like dollar-store damage control team post that didn't even read the article they're trying to discredit.
TLDR: 99.95% of messages on Telegram stored as plain text on their servers and only encrypted between client and telegram server. End-to-end encryption only working for 1on1 chats, not available half of their clients and have terrible UX.
All this is just wrong. I wonder why HN likes throwing up wrong information about Telegram as fact. Is taking up 5 mins to proof these claims that hard?
> 99.95% of messages on Telegram stored as plain text on their servers and only encrypted between client and telegram server.
Wrong and OP doesn't even mention plain text. The non-E2EE client-server data is stored encrypted sparsed out in various servers to different countries.
https://telegram.org/privacy#3-3-1-cloud-chats
> End-to-end encryption only working for 1on1 chats, not available half of their clients and have terrible UX.
Wrong again. I actually recently checked this for myself their official clients on Android and Linux desktop have support for MTProto 2.0. Feel free to check if other OS don't support this feature. The only clients I know where this is not enabled are the web clients.
> The non-E2EE client-server data is stored encrypted sparsed out in various servers to different countries.
Yet all this data available to any person connecting to Telegram API endpoints. It's really doesn't matter how they distributed storage look like underneath if there is point where everything available as plain text.
Also this is just "trust me bro" encryption. You cant check any of it.
> Wrong again. I actually recently checked this for myself their official clients on Android and Linux desktop have support for MTProto 2.0.
E2EE in telegram is burdensome to use. It's just fact for anyone who actually used it daily.
Also many desktop versions only gained E2EE capabilities relatively recently.
