He keeps referring to the video encoding vulnerability in WhatsApp as a "backdoor". That is not supported by the source[1] he cites, which instead refers it to as run-of-the-mill buffer overflow vulnerability. There is massive difference here - backdoor implies something that was planted purposefully. Extraordinary claims require extraordinary proof.
I don't think this post is fair in its assessment and seems more like an advertisement for Telegram, which itself has its own security issues (like lacking E2E encryption by default and terrible[2] code quality).
It probably isn't, but I don't think we can know whether it was on purpose or not.
If I had to put a backdoor in something, it'd definitely be a buffer overflow. It gives full remote code execution, it may be hard enough to find to be NOBUS, and it has perfect plausible deniability.
The huge majority of applications with any c++ code have some sort of memory safety vulnerability. Codecs are a classic place where this shows up all the time. Why would this vuln out of the literally gazillions of similar vulns be considered a backdoor?
The underhanded C contest has many examples of malicious code that appear like plausible bugs. An intentional but rare buffer overflow would be a perfect backdoor.
As an aside, this isn’t true. There are many things right in front of us that we dismiss routinely, and “everyone knows” these things are extraordinary/insane/wrong and so on. Usually, if you spend the time to learn about such things you can discover that they’re very normal and provable, you just have to go against the crowd. That’s different from needing extraordinary evidence.
Primarily this seems to be due to disinformation efforts and plain old human biases.
WhatsApp is bad, but Telegram isn't great either. All chats that you haven't explicitly made "secret" are not end-to-end encrypted. They're apparently "encrypted", but the keys are controlled by Telegram.
Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.
Their reason for why you can trust them with encryption keys was "we didn't hand them over to <insert country here> and so they banned us where we could have cooperated and continued to have operating in said country", which seems like a pretty weak argument.
For truly decentralised, private and encrypted communication, I highly recommend matrix+riot.im.
EDIT:
> To support this idea, Pavel Durov claims that Telegram is banned in Russia and Iran, where both governments asked him for encryption keys to access the platform’s messages. Hence for refusing the proposal given by the governments of those countries, the app was banned.
Even if telegram hasn't handed over keys so far, the fact remains that the keys are still controlled by them and tomorrow if they wished they could read/expose/publish/share all "private" communication.
Think of it this way. If Bezos had been using telegram like is recommended in the article and the CEO of telegram wanted to spy on Bezos' chats, he would have totally been able to.
They say that chats don't have e2e by default so that they can be backed up to the cloud [0], but there's no reason why you can't back up encrypted chats and ask the user for a pin and decrypt them on-device.
Furthermore, telegram forces you to link your account with a phone number, and that acts as the primary (or only) form of authentication, opening you up to sim-jacking.
Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.
Happened to us, we built a bot[1] to buy and sell bitcoins privately on Telegram. Someone messaged me saying that they would get a 'SCAM' label on our bot if we didn't pay them the ransom. We didn't comply and within a few days we got the label(guess they managed to get a lot of accounts on our bot to report scam). Their support team was unresponsive and it took around 3 weeks to get it resolved.
Needless to say, our users lost trust and we couldn't risk this happening again.
We still run the service(from request of a few existing users) but not actively promoting it.
> They're apparently "encrypted", but the keys are controlled by Telegram.
Yes, but they take steps to ensure they cannot easily be forced to decrypt chats via a court order in a single country. From the Telegram FAQ:
To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data.
> Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.
AFAIK messages are only forwarded to Telegram support if they are reported by users. Chats spreading pornographic content are often banned on iOS due to the App Store guidelines (and in certain countries due to local laws), but illegal channels (e.g. CP) may be blocked globally.
> Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.
This is not true anymore, a while ago they added new privacy settings that allow you to prevent others from finding you unless they are in your Telegram contact list. (Of course, this means if you don't want anyone in your phone's contacts to be able to find you on Telegram, you should deny the app contacts permission.)
IMO it's a reasonable trade-off for general use as a chat platform with public groups and all, you can use secret chats if you really want to be confident in your privacy. Maybe they could add support for end-to-end encrypted groups though.
> Yes, but they take steps to ensure they cannot easily be forced to decrypt chats via a court order in a single country. From the Telegram FAQ
Again, this is just what they claim. Doesn't mean they don't read chats because they feel like it. And this doesn't mean that they won't cooperate with other entities in the future. Or that the keys won't get leaked.
Your data being encrypted is pointless if it's stored one someone else's servers, and they have the keys to it.
If we are going with a conspiracy theory that whatsapp deliberately included a buffer overrun bug as a backdoor... then why the heck would we trust telegram about this?
I see no reason why open source helps here. Closed source clients aren't black boxes. You can examine the bytecode. You can decompile the binaries.
I see no reason why a conspiracy dedicated enough to hide a backdoor as a buffer overrun wouldn't also be capable of making the Telegram server store key material in a single country to make it available to legal requests (since, as you say. the back-end software isn't open source).
Bytecode is basically the same as source. Decompiled binaries are harder to read, but there are oodles of professionals who are very skilled at reading decompiled code. The actual structure of the program itself plays (to me) a much bigger role in the auditability of a system.
It's my understanding that one reason people like Telegram is unlike Signal, you can use a username and hide your phone number. (Please correct me if this is incorrect, I don't know anyone who uses it so I stick to Signal)
Signal is the gold standard for confidentiality, but forcing folks to disclose a phone number as a primary identifier has privacy issues.
Telegram also has native, non-Electron apps, for many platforms, could it be an advantage? It also has convenient public chats and "channels" (microblogs). It has support for proxy servers, allows sharing proxy servers and has traffic obfuscation which Signal (I assume) doesn't have.
But for me Telegram and Signal are equally insecure because they don't allow anonymous accounts without a phone number. Using phone number for authentication is insecure because it is very easy to intercept SMS messages, especially if you are a telecom or the government. You better avoid using such messengers and not support them unless you want to provide your ID in future for registration on any website.
The native apps certainly help… Signal’s desktop app is pure afterthought and it shows.
The other thing is that Telegram is just far more feature rich. It feels like what you’d like expect from a modern messaging app.
Perhaps the most unfortunate thing about this all, though, is that third party devs can’t make their own Signal clients to try to improve the situation. If you want to use Signal, you have to take it with all of its warts, and that’s a hard sell.
I use both telegram and signal and I find that the general user experience (syncing chats across devices, bots, rich media types) is better in telegram, at the expense of privacy.
> Furthermore, telegram forces you to link your account with a phone number, and that acts as the primary (or only) form of authentication, opening you up to sim-jacking.
Linking phone or use it for 2FA should be like red light today. For Telegram, banking app, don't matter.
Actually, there's something interesting to note. If you enable 2FA, it's not possible to recover your account without either the password or the recovery email (if any). However, via SIM-jacking an attacker can still erase all data in your account and then take it over.
End-to-end encryption is available, but not yet enabled by default for private rooms/direct messaging. See this for status, it seems it will soon be enabled by default: https://github.com/vector-im/riot-web/issues/6779
It is amazing how fast the goalposts can move to fit a narrative. So chats in Matrix are not E2E encrypted? The very thing Telegram is being called out for in this thread?
If the chat isn't e2e, you are warned at every moment because the message text box that you type into prominently says "(unencrypted)". You can easily enable e2e for all conversations, and it will soon be the default. The data is on your own homeserver, and no one else has access to keys. Riot/matrix is vastly superior to telegram.
Edit: also, telegram doesn't support e2e encrypted group chats, unlike riot.
One of them does rather dishonest marketing, the other is upfront about capabilities and defaults.
Telegram: we do E2E!* That makes us MORE SECURE than other messengers!
Matrix: you can enable E2E if you want.
* just not by default†
† unless you count "E2E" security between your client and our servers,‡ which we'll confusingly highlight in our security documentation as if it were special††
‡ you don't really need E2E anyway because we store your data in shell companies across the world
†† I guess it is "special" because Telegram invented its own crypto algorithms?
I'd like Telegram a lot more if they would stop with their bullshit claims, because it's actually a good service for some usecases. While reading the article I was hoping it was just written by a clueless Telegram fanboy, but reality is disappointing…
I understand that with MTProto 2 they stepped away from their homecooked crypto and follow a more traditional scheme which on the surface looks OK. It's still not the default (you must enter into a 'secret chat'), but if you do, isn't it acceptable? Telegram now is one of the last remaining clients that has excellent device support, its available for everything.
_native_ clients, mind you. Their desktop client is built on top of (heavily patched) Qt and is relatively light on resources. That's pretty rare these days, unfortunately.
What is the point of going truly native on apps like chat?
They have a web version anyway and with Electron for desktop and webview for mobile, they can concentrate on the responsive single design instead of hiring different talents to communicate with each others left and right to slow down their development with inconsistencies.
I think it's because they want to give both usability (history shared between devices) and security (E2E encryption). Not anybody or any kind of conversation need encryption, so you as the end user can choose what's more appropriate.
TBH I don't know how other secure messaging programs like Signal or Wire handle the multi-device history issue.
With signal each registered device will receive a copy of the chat while that device is registered. If a new device is enabled afaik it doesn't get sent any messages from the past, although technically the other devices could transmit previous messages.
From what I understood, each time a new device joins the conversation, a new key is generated for everyone in the conversation (and each devices), so they are allowed to decrypt others' messages. That being said, they can't access chat history.
Groups on Telegram can have 100k+ members. Enabling Signal like E2E encryption scheme and ensuring you can have that many members in a group is basically impossible. See this video to understand why, https://www.youtube.com/watch?v=Q0_lcKrUdWg
I guess they could enable E2E encryption in private messages but being able to sync conversation across different telegram clients you are logged into is one of the features. Enabling E2E encryption by default will probably break this. I guess they could try and implement it like Signal has done for Private messages but I don't know why they have not done that already.
It's about priorities. Signal's priority is security. If the current state of the art is you can chose security or foozles, then Signal doesn't have foozles. If people really want foozles then they need to do the work to figure out how to deliver foozles securely and then Signal can integrate that work.
All of the other products have some other priorities, and so if security gets in the way, too bad security loses. Even WhatsApp, which uses the Signal protocol, has other priorities so the actual client software isn't focused on security, they were just happy to get a secure protocol out of the box.
The interesting thing is that years of research hasn't found many things that are just plain impossible securely, there are just a lot of unknowns or places where the secure option is harder. For example when you add a popcorn GIF to a chat Signal proxies this twice, masking your request from the GIF provider (Somebody used a popcorn GIF but the GIF provider doesn't learn who) and also from Signal's own servers (ishanjain28 used a GIF but Signal doesn't learn which one). Most outfits wouldn't bother, who cares about security anyway? But the feature now just works, without unnecessarily giving away information to people you might not trust.
It's possibly because secret chats need to be started interactively (you can't send a message until the other party has come online), and later cannot be shared among different devices (open the same channel in desktop|web|mobile), so it degrades UX.
Signal has only e2e and is able to offer synced chat between phone and desktop - the phone just sends the content to the desktop instance and vice versa.
So Apple will boot an app that gives users the ability to send adult content to other users....?
That is completely ridiculous and if that is the reason Telegram is policing adult content then Telegram is ran by idiots. You can use any IM app to share adult content, there are plenty of groups on Whatsapp sharing porn, there are plenty of groups in iMessage sharing porn, there are porn accounts on Instagram and twitter, hell the entire reason snapchat even exists is so that you can send self destructing nudes to people.
The idea that an app will be banned due to content shared with people using the app, and not uploaded and/or hosted on some public website accessible to anyone (CP on tumblr) sounds completely ridiculous to me.
I disapprove of Apple’s puritanical approach to sex, and agree that this is ridiculous given that the logic applies equally well to literally all apps with groups or arbitrary URL web access, but it does appear to be the sincere justification for this situation.
A thought: I hear that most of the complaints about “adult” TV channels crossing the line from “broadcastable” to “violating obscenity laws” are made by their competitors. Perhaps a similar thing happens here? That at least one of Telegram’s competitors constantly look for reasons to get them blocked from the App Store?
There are other apps that use universal e2e encryption and have not been banned by Apple. Also if someone idi want to use Telegram for seedy purposes, they still can by enabling full security, so it’s pretty clear this excuse is flat out bogus. Otherwise all the same arguments would apply to the other apps.
> So Apple will boot an app that gives users the ability to send adult content to other users....?
Yes they will, if they're on channels (which are considered public).
Not only are Whatsapp groups and Snapchat chats are considered private, those companies have much more clout (and lawyers) than Telegram. Facebook threatening to remove Instagram/Facebook/Whatsapp from iOS would hurt Apple more than Facebook.
Side note: Even lists with no adult content, but referring to adult activities get banned. The creator of an app listing Burning Man events had to remove all references to adult workshops or get the banhammer. Apple's walled garden, Apple's rules (sigh).
- A ton of cam models have private snapchat accounts where they share porn of themselves
- Reddit is basically a cornucopia of porn
- I can subscribe to a porn email list
- Share nudes to a group of friends on Facebook or even SMS
- I can join a hundred Discord channel to satisfy every single weird ass fetish I have,
- I can outright buy porn from Amazon and have it home delivered in 30 minutes.
And that's just from the top of my head. I'm sure you can find a metric ton of other apps that provide their users with easy access to sexual content. None of those apps will be banned for it since that is not the primary purpose of any of these apps. It's simply something that you're able to do with the tools provided. This is like banning all knives just because someone got stabbed.
If your plan is to ban apps that provide access to pornographic content, then you're gonna have to do a lot of banning.
I would also argue that a public blogsite where tagging and discovering new content is one of the key selling points of the platform, is very different from a Telegram channel where you need to specifically know the channel name to even join. As long as Telegram puts forth their best effort to eliminate illegal content from channels, they should be fine.
It might be OK for one app to allow such content and it might be not OK for Telegram. Because Telegram earlier had issues with Apple [1] and if they violate Apple's rules again it would become a convenient excuse to remove Telegram from App Store.
You are trying to find a reasoning in Apple's decisions, but isn't it easier to assume that not all apps are equally welcome in a private app store?
That's ridiculous. There are plenty of Reddit apps out there, for example, and they are just fine.
Telegram folks are just afraid that obscenity laws will be used against them by officially-not-censoring-but-actually-pretty-curious-about-everyone's-communications governments, like UK, France, Italy, and so on. "Oh, you cannot police your underage nudes? Law says we have to do it then, hand over the keys or shut it all down. We will absolutely not use these keys for anything else, honestly, uh-uh..."
That's the charitable reading that doesn't insult anyone's intelligence. I still don't particularly trust Telegram not to cooperate with authorities anyway - any centralized model is doomed to, at some point.
>>Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... I don't like them much.
My understanding was that it isn't Telegram that bans them, but Apple that doesn't let certain channels be shown in the iOS app. Android and the web version show all channels.
Apple doesn’t dig into third party apps to police their forums, chat channels and content. That is very clearly the responsibility of the app developers. More bullcrap excuses from Telegram. Come on. E2e disabled by default, phone numbers exposed by default. Channels stalked by moderators. It’s a joke.
My understanding was if Apple got a report about NSFW/hate speech/whatever channels, then they had to be hidden on the Apple version or else the app gets pulled from the app store.
As to the rest of the app's quality, no idea. I use it on my phone and it seems OK, but I've not really dug into it.
> Also, this means that anyone who has your phone number is told you're on the app and given your username, which you may not want for privacy reasons.
You can disable that behavior in your privacy settings iirc
Because most people are not privacy conscious and just want their messaging app to work (including having people know they are available to message on said platform).
Really. It's a constant fight between Telegram and the not-so-great Russian Firewall. There are actually public channels you can join in Telegram that run a tally of Telegram IPs blocked by Roskomnodzor.
We even had a speaker advertise a telegram channel for everyone I was there with to talk to each other, and the Russian audience laughed to his amusement. I didn't get the joke; kind of funny now.
I still never ended up using it, have too many messaging apps as it is. It's really sad how much that can limit staying in touch with international friends though.
> Furthermore, they frequently "ban" channels that they deem contain "inappropriate" or "adult" content. Clearly they're reviewed by either humans or AI of some sort. So... that makes me uncomfortable.
If you are uncomfortable about content being read by humans -- (they claim) that only happens for public channels (open for anyone to read/search)
Sorry, you are right. That being said, it's a remarkable approach to messaging. E2E, decentralized, can be used over WiFi, Tor, Bluetooth (In case there is a blockage)[1]. Has been pentest reviewed[2] before the first release.
Or to sum up:
"Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging tools such as email, Twitter or Telegram, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices. If the Internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the Internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance."
What's more is that Telegram's approach to crypto has been shown to be deeply flawed[1].
I take my chances with Signal instead. Unfortunately, enticing all of my contacts to do the same has proven difficult.
An aside: is anyone else disturbed by the fact that Whatsapp now shows the Facebook logo when you first open the app? The day the Facebook Messenger/Instagram/Whatsapp merge happens is the day I'm deleting Whatsapp.
> is anyone else disturbed by the fact that Whatsapp now shows the Facebook logo
I'm disturbed because I dislike facebook, but reality hasn't changed – only become more visible. That's good. Especially for people who aren't savvy enough to already know FB owns whatsapp.
Sorry. You're wrong and you're spreading SEVEN years old information, which is not true in 2020.
Telegram crypto was redone, and is now using standard primitives. You can verify it at high level at https://core.telegram.org/mtproto or low level if you'd like to check sourcecode in their github. BTW, telegram has reproducible builds since last year.
I'm tired of people repeating 7 years old meme without verification.
Standard primitives, perhaps, but has the scheme itself been reviewed by competent cryptographers?
At best, the Telegram developers are well meaning but have demonstrated in previous versions of MTProto that they lack a background in cryptography or a desire to consult experts. And their public face—posts like this one—seem often to be hyperbolic attacks on competitors, which is not a great look.
I’m not a cryptographer, so I’m not going to review the current MTProto. I hope it’s awesome and bug-free. But some skepticism seems warranted.
Does Telegram use end to end encryption by default yet, or does it still send and store everything except for secret chats to the Telegram service in plaintext?
Also, when you use the secret chat feature does that now support multiple clients or does it still establish a secret chat with a random recipient client over which neither initiator nor receiver can control?
What does "deeply flawed" mean? Is there any proof Telegram has been severely compromized over the last years? It appers not, thus in my opinion it is impossible that Telegram's approach to crypto is "deeply flawed".
Let's not forget that the report we saw last week proved nothing.
The company testing his device were poorly equipped (skills wise) to perform such an analysis and basically chose the answer they wanted with weak to no real evidence.
The comment about e2e making it virtually impossible to know what was in the payload immediately put me off anything they said; they had the end of the e2e in their hands and thus everything they needed to decrypt the payload.
Someone posted a wrapper script proving all the tools needed already existed.
The article is based on that report and thus is immediately unfounded speculation.
If the tool you're using claims its services are "free", you can bet there's nothing private about it. This whole notion of free services, is deeply flawed. Wall all have witnesesed this , first hand, from the Cambridge Analytica fallout. Facebook has royally skull fucked society, politics, and our economy in so many different ways it's not even funnny. This is why I'll never install apps like Facebook, Facebook messenger, signal, whatsapp, instagram, tictoc, or similar. It's all garbage.
> I am not a whatsapp fanboy, but I strongly doubt that these flaws were designed, and to call them "backdoors" is hyperbole.
Well after listening to the Darknet diaries podcast regularly, and reading about Stuxnet, I'm pretty convinced nothing is outside the realm of possibility and we doubt these things at our own peril.
The Telegram author may be biased, but learning these facts is still useful. I'm in the same boat re: Signal - want to use it more broadly but can't get others to....
> Had Jeff Bezos relied on Telegram instead of WhatsApp, he wouldn't have been blackmailed by people who compromised his communications
You can have a healthy debate about whether Telegram is a better option than WhatsApp for the average Joe (I don't think it is, but that's just my opinion). Jeff Bezos is not the average Joe.
The idea Telegram somehow offers people like Bezos more protection than WhatsApp from nation state attacks is crazy. Pavel Durov is irresponsible for suggesting otherwise.
If you're a Bezos level target and Saudi Arabia wants your messages to blackmail you, they will get them. This is a country with effectively unlimited resources and no moral qualms. The app you're using is irrelevant.
President of Ecuador was forced to give up Julian Assange because he was blackmailed using content from conversations he had with his relatives in Telegram. This makes me think that Telegram is not as safe as it tries to appear. At least there's a backdoor for CIA/USA government.
The only mentions of Telegram on that page also mention WhatsApp right next to it. I’d love to read more about the alleged Telegram hack/leak but this link does not appear to be a source for the accusations levelled upthread.
Also, his phone can be hacked. After Snowden revelations I do not trust any piece of electronic equipment. I don't worry because I don't believe any privacy is possible in contemporary society. Every device has tons of bugs. Every application I use phones multiple networks gathering facts about me.
Just yesterday I've visited Off-facebook activity and was very surprised to find there information that I though nobody could trace back to me. And I believe it's only tip of an iceberg. Probably there wasn't even direct wiretapping - it was guessed by comparing some patterns of my checkins or pages I've browsed.
Still, I don't believe Telegram and Pavel Durov. Also, the first story I've read about this case mentioned only Telegram. I'm not sure I can find it now - it was almost one year ago - it's long gone from my browsing history.
Yeah I've found that too but it's quite thin. This inapapers.org link strangely links to facebook. Don't know what to think about that. Especially with all the other sources for data mentioned there I'd assume they had control of the device not really access to the apps.
Yes, but I doubt there's will be anything more substantial. It's kind of information that is only useful if kept secret. If everybody starts to distrust some IM network because there's a proof that it's wiretapped, people will start using something else.
At least WhatsApp has End to End encryption by default. I would be surprised if more than 1% of Telegram communications were similarly secure. I also find the constant mention of the vulns being "backdoors" disingenuous.
I'm a big fan of Telegram for its top notch bot support, but I'm flagging this submission.
> Do you trust claims made by Facebook about privacy and encryption?
I trust facebook that when they say something is E2E encrypted, it really is (except in the case of targeted attacks). If it weren't, I would expect an internal whistleblower to very quickly report it.
Since both client and server side are proprietary, it can't be proven that the OpenWhisper implementation wasn't tampered with. and it's very disheartening to see Signal licking WhatsApp's metaphorical feet every step of the way.
Open source isn't magic. Closed source isn't a black box.
Reading bytecode is trivial. Reading decompiled binaries is even not so bad. Hiding some tampering of the protocol in closed source clients is not that much easier than hiding it in open source clients. Especially if tens of thousands of engineers have access to the whatsapp source and change history and a deliberate backdoor would be international news.
End to end encryption has its disadvantages. If only 1% of communications use it then in only 1% of communications require the users consider it necessary and worth it. And there's nothing wrong with that.
The problem is that many users think they are using E2E, because that's what Telegram advertises. Those people needed security, and looked for it, and are now vulnerable.
Besides, security and privacy should be the default. It's not like the user experience of WhatsApp is drastically worse for having E2E.
> The problem is that many users think they are using E2E
Source, please.
> Besides, security and privacy should be the default.
Not at the cost of usability and freedom. Especially considering E2E encryption isn't necessary to protect against the attackers most people can expect.
> It's not like the user experience of WhatsApp is drastically worse for having E2E.
It absolutely is. WhatsApp doesn't even allow you to use multiple devices!
If you activate WhatsApp on another phone while your first phone is still active and you open both apps it will copy them over, but that wasn’t the point I was making.
The case for whatsapp web is absolutely true- and you can’t say that it 100% doesn’t have any remote admin features, because it’s closed.
EDIT: I'd like to clarify; many people's reasoning seems to be:
> If you activate WhatsApp on another phone while your first phone is still active and you open both apps it will copy them over, but that wasn’t the point I was making.
To my knowledge, that's not true. But even if true, that doesn't mean e2e encryption isn't in effect.
---
> The case for whatsapp web is absolutely true
The web interface is completely driven by your phone, acting as a remote control and WhatsApp still doesn't have access to your conversations.
https://signal.org uses the exact same model and it's open source, so you can review it.
It is true that WhatsApp being proprietary, Facebook could insert local content scanners that bypasses e2e encryption. Which they actually threatened to do in the past, not sure what the status of that is.
But in spite of this, WhatsApp is still much better than any other service that doesn't do e2e encryption by default. Yes, I'd prefer Signal.org personally, but it's not what my acquaintances use ¯\_(ツ)_/¯
And I'll never use Telegram, unless it reaches FB Messenger levels of popularity.
> To my knowledge, that's not true. But even if true, that doesn't mean e2e encryption isn't in effect.
It's not true. I just recently switched phones. If you activate your phone on the app, you can't use the app on your previous phone without authenticating again, and it only shows your local history. I lost all my history when moving phones, as I chose not to back up my messages (who would?).
> I lost all my history when moving phones, as I chose not to back up my messages (who would?).
The trick is to use the local backup option (it's encrypted with a key from the whatsapp servers, but all the files are kept on your device), and use syncthing to copy the whole folder structure (containing the backup and the media) to the new phone before installing whatsapp. When first run, the whatsapp client detects the presence of that backup, asks whether you want to use it, gets the key from the whatsapp servers (after you authenticate your account), and restores the backup.
(By the way, Signal can do the same trick, but it's slightly less user-friendly: the encryption key does not come from the signal servers, it's a sequence of numbers you have to write down and type on the new phone.)
> The web interface is completely driven by your phone, acting as a remote control and WhatsApp still doesn't have access to your conversations.
> https://signal.org uses the exact same model and it's open source, so you can review it.
To be clear, Signal's desktop interface does not work like WhatsApp's web interface: Signal is not completely driven by your phone. Signal Desktop can still send and receive messages even if the phone it is tied to is completely off.
I might have misunderstood what you're trying to say, but wanted to clarify this.
> If you activate WhatsApp on another phone while your first phone is still active and you open both apps it will copy them over,
This is not true on Android. You cannot activate WhatsApp on 2 phones at once. If you try, the first will instantly deactivate and will not do any copying of messages. Message restore is from Google Drive backups. There is also a way to backup to a file, but it's an unsupported hack.
I was put off at the very beginning of the article by the claim that it was a "backdoor". None of the sources I read even alluded to this, and in fact, it was, as far as I understood, a very "classical" buffer overflow problem.
But I went ahead with the article and it's just marketing spiel for Telegram. Basically based around FUD.
- Telegram offers opensource clients and WhatsApp doesn't.
- Casts doubt about the actual implementation of E2E encryption in WhatsApp. And his claim of "you can't be sure" is actually pretty wrong. There have been open-source clients (of limited success) but they still prove that it is indeed at least implemented.
- I think the author is missing the fact that WhatsApp's encryption is, technically, documented in a whitepaper that highlights all of the protocol and how to different tokens and keys are generated and recycled. Because he clearly thinks Telegram is the only one to document its encryption.
Overall, I love Telegram, I use it daily. I don't mind the lack of demonstrable privacy, because I really don't need it for what I do on Telegram. It's convenient and I love the cross-platform TRUE clients, none of that webapp packaging stuff (Seriously the QT client is amazing). But this is almost all wrong ...
This is a case of the pot calling the kettle back, to be honest. Telegram controls encryption keys centrally as well. If you want true end to end encrypted messaging then Signal is the way to go.
FWIW, I don’t understand the trend in open source projects to use Telegram for messaging given its closed source / proprietary origins.
“Telegram's security model has received notable criticism by cryptography experts. They criticized the general security model of permanently storing all contacts, messages and media together with their decryption keys on its servers by default and by not enabling end-to-end encryption for messages by default.”
Even if they did, it would just mean that Facebook (WhatsApp's parent company) could now see your messages, but that is still no worse than the default Telegram setting, which guarantees that the company will be able to decrypt your messages. And what prevents Telegram from tampering with their own end-to-end encryption for the binary they upload to app stores? Hardly anyone compiles their own apps if they can download it from a convenient app store instead.
Telegram clients are open source and have reproducible builds. There is so much FUD being spread in the comments here which could probably be resolved by sticking your HN comment directly into your search engine of choice.
They started having reproducible builds since the start of this month, when they released v5.13, and I admit that I had not checked to see if it had changed since the last time I looked.
However, this still lets Telegram decrypt people's messages (on the default setting), which makes it less secure than WhatsApp and Signal.
The article itself is riddled with FUD about WhatsApp, and the author has written similar FUD/unfounded claims before.
FUD "against" proprietary software is pretty much the "reverse racism" of technology.
Again, there is no proof OpenWhisper wasn't tampered with. It'd take WhatsApp becoming Free Software and having independent audits to be reliable as a communications platform. Suspiscion is but a matter of survival, and chances will continue to be usually against the most vulnerable party: the users.
Why would it need to be Free? Surely a license for modifying the code has exactly nothing to do with being able to audit it. They could distribute the source in a different manner if you really really really need to be able to see it in order to audit it (professionals don't).
There's no way to prove that any client hasn't tampered with a protocol. Halting problem and all that.
But reading closed source code isn't hard. Most of whatsapp on android is implemented in dalvik bytecode, which is basically like reading source without good names or comments. And there are piles of professionals who are very skilled at reading decompiled binaries for the native code in the app. The idea that oss code is easy to verify and closed source code is impossible to verify is just bogus.
A reminder, because this sometimes surprises people, and feel free to correct me if the facts have changed recently:
Telegram supports end-to-end encryption only in 1:1 private chats.
End-to-end encryption is disabled by default.
Telegram does not support end-to-end encryption, at all for group chats, its most popular use case.
Instead, Telegram claims that those group chats are "encrypted" by dint of the TLS connection between Telegram clients and the Telegram servers, which can, in this model, read all group traffic.
People like to dunk on the weirdness of the limited E2E crypto Telegram does have; it's archaic and idiosyncratic and people have published research results about it, though none to my understanding are of real practical impact. I support people dunking on bad crypto. But that has nothing to do with why Telegram is an inferior secure messenger.
By comparison, Signal, which Durov has repeatedly talked down:
* has modern, ratchet-based forward secure end-to-end crypto, always, in both group and private messaging;
* won the Levchin Prize, refereed by some of best-known names in academic cryptography, for the design and implementation of that cryptosystem, as well as for its implementation at WhatsApp;
* ha repeatedly foregone basic messaging app features simply to avoid collecting user metadata; Signal didn't even have user profiles until they could figure out a way to implement it in a privacy-preserving manner, and even their GIF sharing feature has a purpose-built anonymity system; we'll only this year potentially get usernames instead of phone numbers because it took that long to design a trustworthy social graph that didn't leave Signal with a giant pile of subpoenable metadata.
Reading this article, I was thinking that Durov was really over-exagerating when saying that WhatsApp plant backdoors, while it was simply security flaws.
But then I looked at the flaws, and that definitely raises questions. At least two of the flaws are in mp4 parsing done by WhatsApp itself, while both Android and iOS provide hardened platform tools for that.
There are two reasons you would want to do that:
- Increase security. Yeah that's a bit paradoxal considering what I said before, but it is possible you could want to do that, because Android devices are barely updated, and even though the mp4 parsing is hardened, there are known not fixed flaws on many devices.
If that was the intent, then the very first thing they would have done, is have this run inside a dedicated sandboxed process (Android allows that pretty easily), with no access to either the data or the internet.
Or they could have written it in a managed language, where the worst case of failed parsing is crashing/DoS-ing.
Or they could do it in rust of course :-)
- Increase compatibility with a wider range of mp4 files. As far as I know, mp4 support of those platforms should be good enough for most cases, but ok, let's say such a case exist, that means that they don't actually care about the security. As Durov say, they are using "end-to-end encryption" to say they are secured, but don't seem to care much past that.
I'm still not convinced those are actual purpose-built backdoors, but I will at least agree that security doesn't seem to be a core value of WhatsApp.
Video decoding ability on Android devices varies widely device to device, and on some devices if you try to play a video it is incapable of playing, you have no way to know the user is looking at a blank screen. On a few devices, trying to play a bad file even results in an instant device reboot. You 100% don't want to be sticking untrusted data into the platform media api's, and in fact I'd caution against using them at all unless power usage is so important you need hardware accelerated decodes.
Considering that, I can completely see why WhatsApp decided to bundle their own libraries.
In my understanding, they are using only mp4 files, and control the mp4 writers, so they should be fine with most devices' Android MediaPlayer.
Though yeah, I'd personally rather go to ExoPlayer to have a managed, maintained solution that already contains most fucked up hardware workarounds you might need.
Sure it's not cross-platform, but just define a high-level player api, use iOS' native player, ExoPlayer on Android, vlc on other platforms, and you're good to go.
As for "sticking untrusted data into platform media api's", well the power consumption of reading a video with CPU is absurdly high. You'd be going from 6 hours view time on a standard smartphone to 2 I'd say? You could decide that you value security /that much/. But then if you do, the very first thing to do is to run the player in a dedicated isolated process.
I doubt WhatsApp is doing software video decoding, but if they are, it is all the more ridiculous.
> At least two of the flaws are in mp4 parsing done by WhatsApp itself, while both Android and iOS provide hardened platform tools for that.
I imagine this choice was made at least partly for consistency across platforms, because WhatsApp supports a lot of devices and OS versions. You can use the current apps on Android back to 2.3.7 (2011) and on iOS 8+ (2014).
Until 2018, WhatsApp also ran on BlackBerry 7+ (2011).
ad1: starting from quite a long time, secret chats use MTProto 2.0 which is build on stanard crypto primitives you're seeing everywhere. Read it here high level: https://core.telegram.org/api/end-to-end and free to verify on github.
ad2: this is not true, and is discussion about user choice, not security.
please do not spread false old information. world changes.
Last I tried WhatsApp it refused to let me use it without giving it access to my entire contact list. Even when “giving it access” to a blank list via PrivacyGuard, I couldn’t see a way to add a contact manually. That was a deal breaker for me.
Same. I had a visiting relative from overseas who needed to contact me and WhatsApp was their only means, but despite installing the thing and using my Google Voice Number to register, the thing refused to let me do anything without giving the thing carte blanche access to my contacts. No thanks. I had to ask my spouse to use her existing WhatsApp profile to contact the number.
There's zero technical reason why I can't have a silo'd list of contacts WITHIN WhatsApp. Facebook knows it. Fuck them.
You used to be able to set up different user profiles on Android - I set one up just for WhatsApp, and only WhatsApp contacts went in it.
I am dismayed to find that my new Android phone no longer has this feature, except as part of some bullshit "work profile" nonsense that apparently isn't possible for me to set up by myself, on my own phone. "You'll need a code from your IT admin", I'm told, and "a management tool will be downloaded and used by your IT admin to manage your work profile". Great.
Contact list access is literally THE thing that makes WhatsApp valuable to Facebook. You lock down that and they are now staring at a massive hosting bill with nothing in return.
I think that the actual discussion's metadata is more valuable that the contact list itself.
Knowing that I discuss everyday with X, is more interesting than to know that I somehow have the phone number of A,B,C,D...X,Y,Z.
But yeah I agree that's not surprising. When I personnally hit this issue I was like "ain't that a good old facebook product behind all that fresh paint"
I was willing to let it have my phone number, which is the thing that would cut down spamming (as a hard-to-generate-in-bulk identifier). I just wasn't willing to give it my contact list.
On the contrary; having to type each in Whatsapp is much harder than just bulk importing to Android contacts, which you can do by the thousands at once.
> Telegram, an application used by hundreds of millions of people including heads of states and large companies, has had no issues of that severity in the last 6 years.
Sounds misleading no? Should rather say: no issues of that severity "reported" in the last 6 years.
He says this is a vulnerability in Whatsapp, rather than in iOS/Android-
But if a full-phone exploit is possible using the app, isn't that inherently an iOS/Android bug?
My understanding is that that an application should not have full access to the system.
I would expect that even if it were hacked/acting maliciously all you could pull is what the app already has access to.
Did they stack an iOS exploit on top of a WhatsApp bug?
(Using WhatsApp for remote execution, then a privilege escalation of some sort?)
WhatsApp is also quite user-hostile. For example:
(1) There is no way to stop being added to groups.
(2) There is no way to disable their calling service. I don't want people to call me on WhatsApp.
(3) If you've chosen not to give them your contact book, they have worsened the UX over time (for example, it only shows phone numbers now and not the display names they have set).
> (3) If you've chosen not to give them your contact book, they have worsened the UX over time (for example, it only shows phone numbers now and not the display names they have set).
Adding to this, you also cannot initiate a first (new) message to anyone unless you have granted contact access. The workaround is to ask the other person to message you first...
I use WhatsApp and generally trust Facebook when they talk about e2e (of course there will be bugs but Facebook has lots of eyes on them, are a huge public company with staffed security team, encryption has been tested in Brazil where they didn't have anything to hand over to the govt, have lots to lose by lying here and Metadata collection and WhatsApp business sound like a potential business). In my opinion the biggest issue is the backups. Everybody I know backs up the chats to icloud or Google drive (even if you don't your friends might) because it offers great convenience. These backups are not encrypted( well, encrypted with key with whatsapp) and hence is a weak link. In an e2e encryption system all we need is one weak link and this is imo the one. Hopefully whatsapp or Apple or Google solves it elegantly without too much hit on user convenience.
> Telegram, an application used by hundreds of millions of people including heads of states and large companies, has had no issues of that severity in the last 6 years.
Maybe the author says "of that severity" because he keeps adding "the richest man on the planet" there, but most people in Brazil wouldn't agree with him.
He sure have heard about Operation Car Wash and how it took an "arrow in the knee" after dozens of Telegram leaks?
One source between various others with a bit more info on the tech side: "Telegram voicemail hack used towards Brazil’s president, ministers"[0]
Technically, that wasn't a Telegram issue. Telegram supports 2FA with an user-configured password. Dallagnol & co weren't using it. They were thus vulnerable to voice mail hijacking, SMS hijacking, and other carrier-based attacks.
I agree Telegram's UX could be better but the app isn't to blame if technologically illiterate users are relying on it to circulate high profile confidential info.
True, but you can imagine how mainstream media reports those. They put everything in a pot labeled "hack" and push it forward.
One thing they (mainstream media) failed to mention is they were indeed victims of sim-jacking as well, if ever by simple link phishing. That was througly described by the victims themselves at Congress investigative sessions.
Sadly, in Brazil the current mainstream media is mostly biased towards the previous government and all the people that was arrested by the Car Wash Operation. They won't openly say it ever (in here they're not as transparent as US ones, for example - and the Operation is probably one of the most popular events ever in the country's history), but the ones at mainstream media that won their place last 20 years' government just want their corrupt politicians back in power.
To say the victims there were hacked because they clicked suspicious links by their own will it's not only convenient, but what they actually want the broad population to believe.
Clegg is presumably referring to the fact that the Saudis had access to data from Bezos's phone that the WhatsApp app itself did not have, indicating a privilege escalation (iOS issue) in addition to the RCE (WhatsApp issue).
I, personally, think that neither Telegram nor Whatsapp, nor even Signal, are good for privacy.
Even if Pavel Durov say that Telegram has verifiable builds and open source client, as long as you're not in control of the whole chain (server+client), you're not in control at all. Even with e2e, an adverse party can always have access to lots of metadata, or with vulnerabilities as disclosed in this blog post, get access to the actual content.
Now that OMEMO is widespread in the XMPP world, I try to push in that direction, but as an other user has said, the hardest part is to get users to move to your "new" solution.
Maybe publish source and let people compile their clients themselves. For mobile platforms offer reproducible builds and a tool to checksum both your build and the package on the mobile. Caveat: I don't know whether totally reproducible builds are possible at all, and the checksum tool must be compiled too and uploaded as a test package to the phone. Probably only useful for groups of paranoid tech-savvy people.
This guy is like nostradamus, makes a lot of generic predictions using vague time frame. Except when his prediction comes true,he uses it as an opportunity to advertise telegram.
For a guy who made telegram,I would expect a much more technical and objective post instead of ad-hominem based compariaons where the solution is his own product (feels dishonest since there are plenty of alternatives as well)
But Mr Durov aside, of course you shouldn't use anything facebbook touched! Just like you shouldn't trust a convicted arsonist to build a house compliant with fire code regardless of talent and reputation.
It doesn't really help to know that it's dangerous. I might be overly pessimistic, but from my anecdotal evidence, it is very difficult to get users to move from one messaging platform to another. And once you have gotten all of your close people moved from say Facebook Messenger to Whatsapp (In my example) as it's more recognized than, say, Signal - it would be close to impossible to get everyone to move yet _again_ in the near future in the fear of some security flaws.
- There evidence for Bezos's phone being hacked is pretty poor.
- The "backdoor" was not a backdoor. It was an ordinary bug. Whatsapp cannot pledge to not make mistakes. He can claim that it was deliberate all he likes but he doesn't have any actual evidence.
- Other apps have bugs too. Telegram may have fewer but that's because it has far fewer users. They claim 100 million. WhatsApp has 1.5 billion.
Can't comment on WhatsApp's security profile, but it's probably the least convenient among the messengers I use - there is no easy way to access the API to set up a bot for my personal use or do any other kind of scripting / automation. I hope that it will change at some point.
I tried searching, but couldn't find a good explanation online on the differences between Keybase and Riot, and why one is better than the other. Could anyone help?
Riot is open source. Matrix is an open protocol that is designed to federate so that users on different servers can talk to each other. Is the keybase server open source?
Coincidently, I deleted my Whatsapp account today. Apart from the fact that I can't really judge yet how much more secure Telegram is, I find Telegram also much more usable. Let alone being able to edit messages when swipe-writing words selected totally different words than I had intended. How often did I send a second Whatsapp message just because the first was full of swipe detection errors.
It pains me to read these comments even on HN. Telegram is strictly less secure than Whatsapp. Telegram is not designed with security in mind and if I was a TLA I'd be pretty happy about people using it.
I'm a little late to the party but I'm just going to write about what happened last night on Telegram.
I was speaking with a friend who's often pushed me towards Signal. For context: I left Signal because of Moxie. The usability concerns and terrible Electron desktop apps didn't help but Moxie's attitude and the fact that he's just not rich enough to be free of gov/corp influence were my motivating factors. He fought us for dropping dependency on Google Play Services, refuses to allow 3rd party distribution, and is anti-federation.
I've been having a back and forth with Telegram over email since the events of last night. It's... interesting. (last response was a couple minutes ago)
So last night, I was speaking with this friend and he remarked that he used a burner to register his Telegram number, he was expected it to be banned at any time. I was in the middle of typing back to him "I wouldn't worry, so long as the account is active" and my account was instantly banned before I could hit send. I was trying to provide him this re-assurance because I use Telegram with a Google Voice number instead of a carrier number that could be ported out easier.
Trying to sign back in the clients tell you the number is banned. There is a help button. It gives you a pre-drafted email filled out with app version, OS version, and phone number asking for help to unban.... and it's addressed to login@stel.com. I found this peculiar as recover@telegram.org is the email used in most documentation and is what other people suggested to email.
Within a few minutes of this email being sent my account was re-enabled with nothing deleted except my chat mutes. They apologized and I inquired about wtf had just happened. They told me that it was likely due to my usage of Google Voice and not to worry as my number is now on a whitelist. Furthermore they said in their response: "Or why did you have
such unusual authorization parameters?".
I use the secondary app password, I listed off all the clients I've used... the only really bizarre one being an ancient QT port of the desktop client to Blackberry 10 (I was curious to see if anything still worked on that platform). They told me it was likely due to that.
I questioned them about use of pattern matching in private messages, not once did I hear a denial of this. I could see it being done to prevent bot or terrorist activity, but my guess is talking about 'burners' and having a Google Voice number was enough to have me slip below their trust level even though my account is years old.
EDIT: Turns out the friend I was speaking to had people logging into his account this morning. I've also reported this to Telegram. The unauthorized logins changed his account name on each login.
I'm just going to leave this here in case people still think this guy has anybody's best interests in mind. Is it true? Is if fake? Make your own conclusions.
Can we stop using "Apple fanboy" as a derogatory term? You insult everyone - every single person - who likes the company. A lot of the times I'm tempted to say "those who don't like Apple's products are tasteless idiots" but I never say that out loud. Nope I don't :) So keep your opinion to yourself.
Signal is no better from Telegram because it doesn't allow anonymous usage without a phone number. And Telegram has relatively lightweight native non-Electron apps.
Who cares? You can't verify a server's claim that its software was actually compiled from some specific source code, so this could be a valid criticism of any service.
In Italy fake news about the corona virus are spreading like a bushfire on the platform, thanks to the broadcast features and the utter absence of any possible moderation on something Facebook turned into a proto-social network. That’s really why using whatsapp is dangerous.
This is an interesting consideration - but it seems to be much more "why democracy won't work" than anything to do with specific communication platforms.
If everyone was on matrix, with solid end-to-end encryption, surely that problem would be equally bad?
Lack of trust, lack of authoritative sources that can be trusted; that's different to having secure mass communication means.
I don’t know, I just stated a fact. Also, WhatsApp is worse than other messaging apps because of many social-style features Facebook introduced to prioritize interaction metrics, such as stories, on a platform born to br based on peer-to-peer and get-to-know trust.
I don't think this post is fair in its assessment and seems more like an advertisement for Telegram, which itself has its own security issues (like lacking E2E encryption by default and terrible[2] code quality).
1: https://www.techspot.com/news/82843-hackers-can-use-whatsapp...
2: https://www.reddit.com/r/androiddev/comments/cazz4h/why_tele...