Two questions.
My family insist on using Whatsapp for the family chats. I have to keep a copy on a device just so I can communicate with them. I do so under protest, as I was always told it isn’t secure. My brother has just said
“oh Whatsapp is encrypted, it’s perfectly secure”.
First, is it actually as encrypted and safe as my brother claims? That would solve everything.
Second, if it isn’t, where can I get some proof that we should switch to Telegram or whatever? Proof which doesn’t make me look like a raving loony?
You know it’s not even E2EE by default, and when it is it uses a homegrown algo that is not exactly well spoken of? (at least V1)
for clarity, i think that the worst thing anyone’s been able to decisively prove about telegrams encryption is that it’s vulnerable to replay attacks… which in the context of privacy rather than full security isn’t suuuuper problematic
that’s not to say that there aren’t other flaws; that’s kinda the point behind “rule number 1: DONT INVENT YOUR OWN CRYPTO”: you just don’t know what flaws there are… AES (etc) has had a LOT of eyes on it
but for the most part, the negativity with the crypto boils down to what-ifs
IIRC Telegram is only e2e if you explicitly enable it, and not at all for group chats. My info is probably (and hopefully) outdated though.
And E2EE is only available on phones, circa a couple of years ago anyways
yeah that’s also correct and a very valid criticism
As I see it, the key advantage of Telegram is not technical, it is political.
Yes, Telegram is a slightly shady company with an ambiguous business model and a possibly-dodgy encryption algorithm (when it is even turned on).
But Telegram is based outside the reach of the West (in UAE, eastern Europe, maybe even Russia). Whatever its other problems, nobody thinks that Telegram is under the thumb of Western governments, as the Big Tech corporate messengers almost certainly are.
Personally I don’t care much if Russia or even China is spying on me. Because if we can be certain of anything in this world, it’s that Russia and China are not sharing their spyware data with Western intelligence agencies. And as Westerners we live outside the reach of the Russian and Chinese police states, fortunately. So for us it’s win-win for privacy. That’s the way I see it.
The ideal solution, of course, is a truly private messenger which protects everyone’s privacy, including Chinese and Russians.
Telegram’s servers are located in US, Singapore, Netherlands (and maybe some other countries) from what I’ve gathered. And all chats that are not E2EE’ed are stored there, encrypted at rest at best with keys in the same database, or somewhere else that can still be accessed in automated way. Maybe it is not even encrypted at rest.
The point is, all those countries are either in 5 eyes or have information sharing agreements with 5 eyes countries. So as far as I’m concerned, TLAs can still have their fingers in those pies, in addition to Telegram’s overall shadiness and Russian ties. So maybe you get KGB strongman keeping a watch over your chats too.
This is not something I’d have much confidence in to be honest.
For the average Westerner, the threat from shady Russian agents seems orders of magnitude less serious than that from their own governments and police forces.
For EE2E, the corporate spyware messengers are asking us to take their word for it. Hard.
About the server locations, that’s interesting and does indeed undermine my argument a bit.
But how can I virtue signal when using the mainstream app???