Finally got rid of telegram, congratulations to me
It was a many months transition, and it's finally done
Fun thing, you can actually make a backup of all* your messages, groups, contacts, etc. So before leaving you can have all of your data in case you need that one contact or something
The final red flag was as that allegedly Russian authorities were messing with people's deleted messages. Not for the first time there are news that they could read, modify, delete, see location, and etc. Screw it, this is unsafe, I'm out.
Also, these days telegram is really at the state of a pile of garbage, bloated, buggy, and shady messenger.
The final red flag was as that allegedly Russian authorities were messing with people's deleted messages.
I don't know about "Russian authorities", but the fact remains that if you can login anywhere and see your messages, then your public private key is stored in the server.
Since Telegram requires authorization from an extant connection, I don't know if that means your public key isn't stored on the servers and it's being sent from the authorizing device, or if that device is merely authorizing the Telegram servers to transmit that key to the new device.
Since they have a full e2e chat feature (Private Chats), I'm going to assume the latter.
So anyone who can get those keys can gain access to your chats.
I still say Telegram is far superior to anything from Fuckbook/Meta, because it's not integrated into everying you do (even those of us who've never once been on Facebook, and yet have ghost profiles), not to mention the Facebook app integrated into Android on many vendor phones.
Even so, know Telegram for what it is - not ideal, just better than WhatsApp, and a step along the path to moving to more secure and privacy-respecting apps.l
Why did Telegram get so popular in the privacy scene compared to Signal in the first place? To my knowledge Signal came out first and never had a history of breaches or leaks.
I posted this down below in a comment thread but I'm afraid it won't be seen and not enough people know about this.
Session was at first a fork of Signal without usernames.
Now by design it uses their own custom tor-like service (instead of just... using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.
Regarding Australia's 2018 bill...
The Australian Parliament passed a contentious encryption bill on Thursday to require technology companies to provide law enforcement and security agencies with access to encrypted communications. Privacy advocates, technology companies and other businesses had strongly opposed the bill, but Prime Minister Scott Morrison’s government said it was needed to thwart criminals and terrorists who use encrypted messaging programs to communicate.
Regarding the 'vulnerability or cracking them later' bit...
Messages that are sent to you are actually sent to your swarm. The messages are temporarily stored on multiple Service Nodes within the swarm to provide redundancy. Once your device picks up the messages from the swarm, they are automatically deleted from the Service Nodes that were temporarily storing them.
From Session's own FAQ:
Session clients do not act as nodes on the network, and do not relay or store messages for the network. Session’s network architecture is closer to a client-server model, where the Session application acts as the client and the Service Node swarm acts as the server. Session’s client-server architecture allows for easier asynchronous messaging (messaging when one party is offline) and onion routing-based IP address obfuscation, relative to peer-to-peer network architectures.
I never got with these russian authority claims. Telegram is not based in russia, sure its founders are born in russia but they have taken citizenship of France for a long time now, its based in saudi arabia. I never saw a single proof of them giving data to russian authorities, they were banned in russia for that iirc but eventually got unbanned due to mass adoption. At this point these russian claims just seem racism to me.
I must agree on the bloated part. Telegram was awesome before Pavel got greedy and added more and more stuff that are just not related to any chat service, for an example payments and crypto.
I installed Snikket on my server few weeks ago and are now trying to move everyone to it. It seems to be a very slow process, though.
But I might keep Telegram only for the porn channels. Mighty good stuff!
By the way. Do you have the source for your claim that Russian authorities were messing with people's deleted messages?
Russian authorities usually just hijack login sms confirmation codes. This is a common practice in Russia. Not denying that something else shady might be going on, but I do know mobile providers there don't even bother to ask why - they just provide shit on demand.
A lot of speculation that does end with this in the article:
"After discussing her case with experts, Matsapulina now believes her Telegram messages may have been compromised by a form of spyware. When she was told that a hacking device would need to be physically nearby to infiltrate her phone, a memory resurfaced: At times before her arrest, she had noticed an unmarked truck with a dome on its roof parked outside her building. She had even jokingly mentioned it to friends on Telegram. Now, she remembered, as the police were banging on her door that morning, she’d spotted the same mystery vehicle parked outside. By the time the police stormed her home, the vehicle was gone.
Matsapulina has since started using Telegram again."
Most messaging apps are vulnerable on the client side with spyware, no matter what E2EE exists along the way.
I deleted telegram long ago, but not my account, just the apps.
As of recent, I wanted to log back in and actually delete my phone number from there, so there's no more association.
I can't login. I download the app, and it sends a verification code through Telegram and won't do SMS, but I'm not logged in at all so I can't get the code.
I'm stuck there. I contacted support and they're yet to respond. :p
I will probably up this one, it's really a lot of materials, and articles, and news if you read behind all this war and politics stuff
You should really search, I tried to compile all I could find, but I'm here to stop using tg, not going back to tg and scroll Russian opposition channels for all the mentions of stuff like that
There are some articles in English that describe the events, but most of them are in Russian
Also, from the search it's really hard to find anything because a lot of stuff about the war
Here are a few topics:
Telegram leaking location
Telegram leaking IP address
Deleted many years ago chats/messages were recovered remotely (just recently)
Telegram is delaying source code publishing
The source code's build has a different hash and a few mb smaller than the release
Their data sharing reports are empty although they were openly giving data to authorities in e.g. Germany
Compilation of different technical vulnerabilities and issues of telegram(in Russian):
Gonna have to disagree. Telegram is the ONLY chat app with ACTUALLY NATIVE code clients on desktop and mobile. Its the only one that isn't website in a box trash that's slow heavy and buggy. I use discord mostly because it's where everyone is but i fucking hate everything about it and wish people would use telegram.
If you think other chat apps don't read/process metadata from your dms and such your an idiot. Nothing is safe short of self hosted matrix with full E2E encryption or similar and ain't nobody doing that.
tg premium user here, WTF? i tought telegram was privacy respectfull and pretty secure, what changed/happened? that's not the first post i saw abt It. also, any alternatives? with almost same features and as many channels/groups as telegram ofc like don't suggest me signal or Matrix nobody Is on that platforms...
EDIT: lmao people Just downvoted me for asking... what a world
Is it even possible to get a telegram account these days? I heard their SMS service was down or something making it impossible to sign up and they don't support email.