The founder of the private messenger Signal, Moxie Marlinspike, sharply criticized Telegram’s protection methods. He believes that Pavel Durov’s messenger collects a lot of data and stores it on servers in clear text, while the e2ee encryption method is not enabled by default, although the same Facebook has it even with the best protocol.
In addition, Marlinspike believes that Telegram has many interesting features, however, in terms of privacy and data collection, there is “no worse choice.”
It amazes me that after so much time, almost all the media covering Telegram still call it an “encrypted messenger,” emphasizes the founder of Signal.
For this reason, in the event of unforeseen circumstances, hackers can gain access to all user data – such information is also available to persons associated with the messenger services.
Almost everything that you see in the application, Telegram also sees, – the founder of Signal is sure.
Marlinspike’s main claims
- Telegram stores all your contacts, groups, media and all messages that you have ever sent or received in clear text on its servers… The app on your phone is just a “view” of their servers, where the data is actually stored.
- Here’s a simple test: uninstall Telegram, install it on a brand new phone and register with your number. You will immediately see your entire conversation history, all your contacts, all the media you’ve shared, all your groups.How? All this was on their servers, in the clear.
- The confusion is that Telegram allows for very limited “secret chats” (no groups, synchronous, no sync) that nominally use e2ee, even if the security of the e2ee protocol they use is questionable.
- By default, e2ee is not, but they talk about it as if it is… Facebook Messenger also has e2ee’s “secret chat” mode, which is actually much less restrictive than Telegram (and also uses the best e2ee protocol), but no one considers Messenger an “encrypted messenger”. Facebook Messenger and Telegram are built in almost the same way.
- Some may feel fine allowing Telegram to have access to all of their data, messages, images, contacts, groups, and so on, because they “trust Telegram.” butthe meaning of “encrypted messenger” should be that you do not need to trust anyone other than those with whom you communicate…
- Privacy technology is not really about trusting someone else with your data. It’s about not trusting. The message you send should be visible only to you and the recipient. The information about the group should be visible only to its members. Finding contacts should not disclose them to anyone else…
- Privacy technology is really about making the technology consistent with the user interface. Butif Telegram’s user interface matched how the technology works, each chat would be a group chat with everyone who works on Telegram + everyone who hacks into Telegram + all government agencies that have access to Telegram, and so on…
- For those who write about this space, my request is that when you write “encrypted messenger”, it should at least mean an application in which all messages are by default e2ee. Telegram and Facebook Messenger are built in exactly the same way. And none of them are “encrypted messengers”.