While Telegram is seen as a "wild west" of free speech by many, its centralization and worrying lack of encryption for most "non-secret" chats is something to keep in mind when reading Durov's passionate claims.
Also, the optional E2EE encryption is way more limited (e.g., single-device, rather than having a key sharing mechanism) than most other, possibly more genuine, alternatives (Matrix, Signal).
I doubt many here are still under the illusion that Telegram has anything to do with security or encrypted messaging. (It's just too damn convenient for UX reasons.)
That's not the same as a "wild west of free speech", though. I have no idea how well they do on the front of censorship, they're way too intransparent an organisation for that, but the USA also sees itself as such and it is not encrypted. Secure protocols and censorship are two separate things, even if one (in this day and age) helps the other.
Signal made their server code closed source for over a year while they added a scam cryptocurrency coin that has a financial conflict of interest with the creator of the project. They claimed to be "open source" while this was happening.
More recently, they've had egregious bugs such as images being sent to random contacts in your list, an absolutely inexcusable error.
But the server code doesn't mean anything the most important thing is E2EE happen on device and the server is just a messenger. Signal is the most trusted app in authoritarian countries.
No it's not. When Belarus had it's internet blackout last summer, Telegram was the only option to communicate to the outside world. Multiple persons asked if Signal is going to do anything about it, like enable censorship circumvention but it was never addressed[1].
Matrix servers can be hosted by anyone and conversations are decentralized, i.e. can't be taken down easily.
the Matrix protocol is accessible to anyone understanding English and having access to the web.
It is even being worked on enabling P2P with Matrix, i.e. each client can spin up a local server that communicates with others (servers) via Bluetooth and other means of transports even if there is not a direct connection possible
but it shows that your argumentation to show that it wouldn't be is flawed, and it is certainly possible that more trust is put in Matrix than it is into Signal
I would pick encrypted Telegram over Signal anyday, but I believe that decentralized solutions with open source backends, like MaidSAFE, Freenet, and to some extent Matrix.org are the future.
> The average guy likely doesn't host for thousands of people
The python server already has trouble if you subscribe to large rooms. I'm all for promoting Matrix (it's a great project), but the default server has warts and nobody is served by trying to hide them.
Can confirm. I'm joined into Matrix HQ from a not-very-powerful VPS and a recent Synapse uses about 700M RAM and otherwise has no trouble handling it at all.
> Dendrite is their own project. Conduit is the project of another guy they don't get on with it.
Seems you've mixed something up. Dendrite is a matrix.org project, just like Synapse. Conduit is written by Timo Kösters who is currently employed by Famedly and is on good terms with both matrix.org and Element staff. They frequently cooperate.
Yeah, I agree. I am simply counting them due to their future plams to do E2E peer to peer networks.
What I would really LOVE to see is just decentralized backends that can be accessed via a growing number of https gateways by a widget on any website, and used to sideload code that will run apps and update apps.
That will be an uncensorable app store (unless you censor all websites, or sniff all https packets and block ones that seem like they follow this protocol).
If only Apple/Google would allow us the ability to run our own notification servers…
It's not.
It doesn't work with iOS in practice and requires you to verify each single session instead of just a the people to prevent MITM attacks.
Afaik it does not have any audit either
Here's my experience. I have three devices I use to connect to my XMPP server: phone (Conversations), PC and laptop (both gajim). Each one generates a keypair. I verified the public keys of PC and laptop by scanning a QR code using Conversations (phone). Conversations remembers all fingerprints as my own. Next time I meet a friend, they scan the QR code on my phone. They now have verified all three of my devices.
I find Telegram in this gray area as a messaging app like WhatsApp or Signal and public channels and groups app as Discord. Durov is passionate about Telegram encryptions when many Telegram users do not actually care of privacy and more about convenience and a way to keep update with may communities as Discord.
- https://www.wired.com/story/telegram-encryption-whatsapp-set...
- https://portswigger.net/daily-swig/amp/multiple-encryption-f...
Also, the optional E2EE encryption is way more limited (e.g., single-device, rather than having a key sharing mechanism) than most other, possibly more genuine, alternatives (Matrix, Signal).
- https://telegram.org/faq#:~:text=Remember%20that%20Telegram%....