🇬🇧 🇩🇪 Is Telegram secure?

I don’t want to spark the discussion here, but Telegram is absolutely not supposed to be on this list. It’s trash.

I also don’t think this is the place to discuss this; I will reply however this one time and as briefly as possible.

This article addresses two main concerns regarding Telegram, one that it doesn’t use encyrption for default messages (one should use secret-chat messages) and two their encryption algorithm is custom made, regarded as bad practice by many security experts due to the difficulty of properly implementing it, and lack auditing.

However, this article is 3 years old, and there have been major updates since then. For instance you can see at the bottom of this very article a recent update stating that their protocol has been recognized as IND-CCA secure. Telegram also offers a reward system for anyone capable of breaking their encryption (they previously held contests offering up to $300,000 with no winners).

Also a number of oppressing governments have taken steps to ban Telegram, like China where Hong Kong activist use it as a mean to organize themselves. This by itself proofs nothing of course, but if does proof that this app has been tested.

So I don’t know if Telegram “is trash” but it’s been battle-tested and seems to be doing what is promises so far. That said I repeat: do your research! No system is 100% safe.

Yeah sure, there are secret chats. But that’s the point. THERE ARE. How many people do you know who manually activate secret chats for every new conversation, also because if they are activated you can’t access the conversation via any other device than the one you started it with. Moreover, group chats cannot be end-to-end-encrypted, which is completely ridiculous.
And like the article said, if it’s “so secure”, why can’t they make secret chats the default and update their damn algorithm to support multiple devices as well as group chats?

The app is marketing high security, but 90% of people don’t even know that the app can’t deliver on that promise.

Why use custom algorithms like these? It makes zero sense. If you distrust everything from sound cryptographers, then it makes sense. If you made a NOBUS backdoor in it, then it makes sense. If the algorithms we are using are broken (and we have every reason to believe, from the Snowden leaks, that our cryptographic standards work) then it could indeed make sense. However, then we have far different issues. That’d mean TLS would be broken (no doubt Telegram uses TLS for the update checker). I don’t touch Telegram with a 10 feet pole.

The above won’t convince Telegram users, as it is easy to dismiss with reasoning such as “yeah but the Pavel dude is a dissident”, “yeah but I invested time in this client”, “yeah but [network effect]”, “yeah but I like the UI”; none of these are good arguments against the above. I use WhatsApp as my main client because of the network effect (it is the defacto standard in The Netherlands). It isn’t open source, therefore not my personal preference, as it is difficult to look into how it works, and easy to add a backdoor in it. OTOH, it does have working E2EE. But a lot of people conveniently put their backups on Google Drive, defeating the purpose. Hence I assume my WhatsApp chats can be read by Google and those Google replies to (US government, EU governments, etc). So if you are a dissident or activist, it is not a good choice (but neither is Telegram).

What is your personal preference?

I use Telegram quite a lot at the moment, but I’m open to suggestions.

I have been led to believe, by multiple people around me, that Signal messenger provides the most secure foundation for private messaging. Being an open-source application, this has become my messenger of choice. However, for more technical details I’m afraid you’d have to wait for a reply from people more immersed in crypto and communication technology.

Signal - yes, I came across that one thanks to another member here that already uses it. It looks good. It’s a pity it’s not on F-Droid. I see that it can work on Linux (Debian only). I don’t think a web version is available though. I’m trying to get started with Matrix myself. The Android version had a few security breaches but I assume that has been resolved now. The nice thing about Matrix is that it can communicate with other social media services using what they call ‘bridging’ (https://matrix.org/bridges/). Actually, I don’t really care about my own data privacy but I would not like to compromise anyone else’s. I’ve only started looking at Facebook alternatives since the Cambridge Analytica scandal anyway.

It depends on your threat assessment. Let us assume you are a dissident or activist.

TL;DR if there was an ideal solution to the problem, we’d all be using it, right now.

If you don’t want to persuade your network to use an other client (and I have been there done that, you probably don’t unless it is of high importance) I recommend to use whatever your network uses. In my case, that is WhatsApp. I don’t use the Google Drive feature, but I realize a lot of people do and people run around with vulnerable phones (mine has at least a known local root vulnerability). If I were currently an activist, I probably would not use a smartphone; or perhaps the Librem 5. Either way, it is a trade off. The option of taking your smartphone with you, is also a trade off, one Bruce Schneier described in an essay.

Without taking the network effect into account, ideally we have,

• Open source protocol.
• Federated.
• E2EE (therefore easily has OTR which Axolotl protocol has).
• User-friendly clients for the main, popular OSes (ideally, including desktop clients).

Signal is not federated. IIRC Matrix/Riot is (have not looked much into them). I also don’t like how the author of Signal is trying to hide their real name (I do understand the reason behind it; no it is not government). Signal has a user-friendly UI, with easy self destructing messages (zero knowledge?). However it does depend on phone number for initial authentication. Remember, with E2EE your initial handshake must be done over a secure channel. If you SSH into a random box, the initial handshake can be MITM. So you need to confirm public and private keys in a different manner. Ideally, you want physical confirmation. Signal allows this with a QR code IRL. That is user-friendly.

There is a desktop client though.

XMPP is quite popular right now, but I have to say that none of my contacts use this protocol. As it is easier to change messaging apps than friends, I stopped using it.
I have tried Wire with a friend, but quite briefly. Nice design.

More info on different options in this thread:

About the eternal Signal vs. Telegram discussion, this article is more up-to-date that the one quoted above: Telegram vs Signal: Which is More Secure and Private App - TechWiser

And Telegram’s FAQ is quite interesting about multi-device end-to-end encryption:

Multi-device End-to-end encrypted chats are a mess

The concept of End-to-End Encryption has no limits for the number of communicating devices. However, if you want to access your end-to-end encrypted chats from multiple devices, you’re facing many technical difficulties, especially when it comes to connecting new devices, loading chat history and restoring backups.

Most of our competitors (notably, Whatsapp and iMessage) solve these problems in ways that make their end-to-end encryption useless (this is a big topic, so requires a separate manual). To solve them in a secure way, you’d have to sacrifice usability and some of the features you’re used to – the result would never be as fluent and simple as what we offer in Cloud Chats.

Could you explain in greater detail what this entails, and why I want this? Wikipedia gives me the following:

If a messenger relies on a central server, the setup is closed and may be surveilled. To counter this, decentralized computing architectures have been developed via a peer-to-peer technology, open source chat servers (easily setup by anyone) and/or federated protocols. An architecture in which all the messages do not pass through a central server lessens a single point for surveillance.

But I’m not entirely sure if I completely understand what it’s saying here.

On a more general note: a somewhat useful comparison of clients can be found in this Wikipedia article on secure instant messengers.

A federated protocol allows the user(s) to setup or rely on an other server than the first one who introduced the protocol. It avoids vendor lock-in. Vendor lock-in is bad, as it allows those whom you rely on to monopolize the product. Without a vendor lock-in, the normal rules of capitalism and competition apply.

While Signal is FOSS, the server is not (EDIT: it is, but M.M. disallows LibreSignal to use them based on, I don’t know, an EULA?), and Signal does not allow third party clients to use their network. This makes Signal a non-federated network.

To give you some idea I will mention some examples of federated protocols: NNTP (Usenet/news groups), SMTP (e-mail), SIP (VoIP), XMPP, ActivityPub, and arguably, HTTP(S) in general.

Federated also has a disadvantage, as can be observed by the split in ActivityPub with regards to certain Japanese pornography (a version of Hentai? I don’t know the exact name) which is arguably considered child porn in the West. As I do not know the exact nature of the content(s), I don’t have a strong opinion about this issue, except for it being a clash of culture.

These articles contain some more information.

This comparison is a great effort. It includes some other propositions I did not include, such as ‘encrypted by default’.

Agreed, default encrypted messages would be so much better. Even though I use Telegram somewhat regularly (I use mainly Whatsapp, sadly) I still haven’t met anyone that uses them unless I’m the one starting the conversation. I believe group chats aren’t encrypted due to sync issues throughout multiple devices.

I know more people using Telegram’s secret chats than people using Fairphone. What is your point exactly?

The better question is: how many people do you know that give a damn about privacy?

Telegram is relatively popular and it’s easier to promote and convince people to enable secret chats, than it is to convince them to migrate to a new app altogether. We have to start somewhere, because it doesn’t matter if we have 20 alternatives if they go unused.

I don’t know anyone IRL who uses it. I’m aware of zero cryptographers who recommend it (they all explicitly don’t. Bruce Schneier does not recommend it, and neither does Matthew Green).

https://twitter.com/matthew_d_green/status/726428912968982529

I literally got more than 4 dozens of people to download Signal in the past years. They’re probably mainly using it to communicate with me, but that’s not my problem.
However, my approach is probably a different one than yours: I don’t use any other messaging apps than Signal (and Riot, but that doesn’t really count), so it’s SMS or Signal, which makes it much easier to convince people to install it I think.

There are different kinds of use of messaging apps and I agree with you that one should dare to quite Whatsapp etc, but the main problem for many is group chats. Convincing one person at a time is doable, but convincing a group of parents (when you have kids, there are many such groups…), a group of co-workers or a group of people you do sports with is more difficult. I guess that the solution is to accept to be left out of such groups.

Well hats off to you for such an achievement, really. Unfortunately I’ve already lost contact with too many people already and realized that fighting the masses head-on won’t work, hence I keep using Whatsapp and offer Telegram whenever I can which I know many people at least have heard of.

The way I see it is as I said above: we need to make people aware that there are alternatives, and worry about which one is better later. From what I’ve seen whenever I brought this topic up the same question arises: what can we do? what options do we have? Everybody shrugs their shoulders, then proceeds to check their Instagram feeds…

I guess I’m trying be more practical here. In words of Fairphone CEO:

I will not argue against the opinion of two reputable security professionals, so let’s just say it right now: Telegram is not trustworthy. However the point of encryption is that you don’t have to trust even the words of a security professional; you have to trust math, and as far as we know this math still hasn’t failed, correct?

Well, I didn’t mean to discard your arguments, I ask myself the same questions and I just got a little pessimistic about how to get rid of Whatsapp.
I wouldn’t say that Telegram is not trustworthy as you put it. I think that you could see the problem in many ways. For me, the main concern is not to give money/information to Facebook (or Google and such). That was the main reason not to use Whatsapp and that is why I use Lineage (but I wish I could use Ubuntu as a daily driver). I also have read convincing articles about how Signal should be the best mainstream alternative and about Telegram’s issue (some of which are solved by now, as you can read in the first article mentioned in this thread). When I was trying to quit whatsapp, I installed both Signal and Telegram (and others like Wire and a xmpp client…) to check what I could use. Now I still have Signal and Telegram installed because some of my friends use one of these app.

It’s not because the developers explicitly don’t want it to be included in the main f-droid repository. But there are third-party repos that you can use. Or you can download the apk directly from their website. It come with self-updating capabilities so it’s no problem if you don’t have the play store installed.

So like the Fairphone 3. The OS is closed source.

@hex-m It actually is because the developers explicitly don’t want it to be included, see here. I also don’t get why they do this

@FairOpenIsGreat Android itself is open source, just the G00gle spyware isn’t. So as soon as OpenOS or Lineage comes out you can trust it