Can you, please, elaborate? Wasn't it their main feature and the selling point?

lynndotpy · 2024-08-25T15:41:47 1724600507

Telegram's E2EE isn't available for group chats. It's not on by default for other chats, so most or all of your chats are probably just transport encrypted. Further, they rolled their own crypto (bad), MTProto2, which has a number of problems (but is not necessarily broken)

This places Telegram's security stance below that of even Instagram or Facebook (which also has optional E2EE chats, but uses the Signal protocol, which is considered better than MTProto2.)

nickthegreek · 2024-08-25T15:37:46 1724600266

Telegram e2ee FAQ covers the nuances https://tsf.telegram.org/manuals/e2ee-simple

maqp · 2024-08-26T09:45:01 1724665501

Let's get a professional cryptographer without vested interest in the matter to give that assessment

https://blog.cryptographyengineering.com/2024/08/25/telegram...

tail_exchange · 2024-08-25T15:35:01 1724600101

E2EE is optional. Telegram does have it, but you don't need to use it.

jsheard · 2024-08-25T15:37:22 1724600242

Telegram also only supports E2EE in one-to-one chats, so any bad guys operating out of group chats / channels are definitely doing so in the clear.

financetechbro · 2024-08-25T15:50:23 1724601023

What are the downsides to telegram providing default E2EE? Seems like a no brainer to have it as a default feature for the product.

jsheard · 2024-08-25T16:29:15 1724603355

I think they don't support cross-device syncing or automatic backups of E2EE chats, so it's about minimising friction by default. Telegrams main focus is UX, unlike Signal which prioritizes security at the expense of UX.

maqp · 2024-08-26T09:47:33 1724665653

There's nothing in Telegram that couldn't be implemented with security in mind. They just lack the expertise in designing cryptographic protocols that offer those features, and Durov is too proud to consult experts in helping improve the design. Well, now he gets to enjoy French hospitality.

robjan · 2024-08-25T16:03:36 1724601816

Their focus is on UX more than security. The app is super snappy and supports group chats with hundreds of thousands of participants.

maqp · 2024-08-26T09:45:56 1724665556

It doesn't. Groups chats lack E2EE and all desktop chats, including 1:1 lack E2EE.

kdmtctl · 2024-08-25T15:49:05 1724600945

E2EE is optional on Telegram and not really convenient. You can create a private chat which will be E2E encrypted but this takes a few taps and pins to device. Most of the users don't bother. And the main target is not personal chats but channels which can be easily discovered and followed.

This is not an e2e battle, this is the hunt for channel owners. Frankly it is too easy to make a "local chat" and sell stuff. Durov has the data and this is his weakness and strength. Platform is viral but there are too much for one hands.