"100% private" claims always make me incredibly suspicious since it is impossible to achieve that. Security is a matter of threat modeling against an expected adversary and nothing protects against a serious interest from a state level actor.

This is why I don't really care that Telegram doesn't do E2EE by default. Most of my chats aren't that interesting and in my threat model it's good enough.

I don't disagree. It's just another messenger. Just a 'check it out' - I stick with the simple things. No need for 324823494234 different things that try to solve the same problems, and never do. The telegram jpg/file exploits recently with the inline imaging just go to show security is theater until the next CVE

Yeah absolutely not. The project lies about its ability to look away from the fact it has access to all IPs conversing. A server has to have a way to relay packets from identifier A to identifier B, yet they claim they don't know if A and B talk. And they claim something as mundane as a multiprocess Queue can achieve this.