Users: "We want multidevice, always-on, end-to-end encryption, like OMEMO."
Telegram: "Here you have Image Search."
Users: "That's nice, but we'd really like to have encryp..."
Telegram: "Hey, we have new stickers!"
Users: "But good crypt..."
Telegram: "Chat Backgrounds."
@slp uhm I'm pretty sure that users asked exactly those things and not encryption. Techies want encryption. Most people find it annoying at best. That's bad but that's how it is.
@charlag Don't underestimate users. WhatsApp was universally praised when it added e2e encryption.
@slp I mean, like there's no Wire or Signal which have e2e always on. Users consider other things more important if they use Telegram. I speak of people I know.
@charlag Even if no one cared about encryption in Telegram, IMHO they should still implement it to honor their own social responsibility and protect their users.
@oct2pus signal being most popular properly secure chat protocol is quite questionable in my opinion.
If I have to accept a compromise I would prefer a Telegram secret chat because I have a lot of contacts on Telegram but none on Signal.
@oct2pus I think valuing Signal for open-sourcing their server-side code is ideological, that code is totally useless for all of us.
Also, if a service has open source clients and e2e encryption is already perfect from the privacy point of view. The point of self-hosting a (federated) server for IM communication is just technological soveregnity that is important too, of course.
But Signal's approach doesn't add anything in practice to the Telegram one.
@slp Reminds me of something To Roosandal said. He had a vision of 3D on the web for Blender, but the contributors were only interested in stuff that was actually useful. And they were right.
@slp There is E2EE, but only on mobile. It's opt-in and doesn't sync to all devices, just the devices that hold the private keys. So really, it only works phone-to-phone, but it works.
Telegram's ability to draw in the seagulls with shiny features isn't such a bad thing. I'm watching and waiting to see what they do when they've got more users interested in proper secure communications.
Will they go sideways, or will they deliver?
@trevdev People have been asking them for years to implement OMEMO (or equivalent tech), and they rejected it every time with poor excuses.
Why? Who knows, but sounds fishy...
My hope is their resistance is purely overconfidence. Apparently there's a $200 and $300 thousand dollar bounty on cracking their encryption model that no one has claimed yet. They seem very proud of their model for it's speed and efficiency.
On the other hand, just to poke the conspiracy theorist in you, Telegram was founded by the guy who made "Russian Facebook" (VK) so...
@slp if you know it try to understand Telegram developers instead of taking for granted that implementing OMEMO is viable, worth and secure and blaming them for not doing so...
Instead I would like Telegram server to add support for Matrix protocol and so federate with Matrix servers. If they will do so with e2e encryption but keeping server code proprietary I would be OK with that, because we would have privacy (using e2eE) and soveregnity (running a Matrix server).
@alexl If Telegram would gave a compelling reason for not enabling e2e encryption by default, I would definitely stop bashing them.
But, instead of that, they gave this ridiculous excuse about backups (how is having vulnerable backups worse than vulnerable "everything") and overreacted disabling the "Issues" features from their GitHub's repos, one of the few places where users where able to post some feedback.
So much for their "openness".
@alexl As for myself, my use of Telegram is mostly anecdotic these days. I'm a happy Conversations.im user (XMPP).
Matrix is nice too, but back when I started switching IMs (~2 years ago), the reliability of their Android client wasn't great (pretty sure it has improved a lot over this time).
@slp the reason is that providing current Telegram features with e2e encryption is actually a challenge. How is search for messages going to work if each client has to perform indexing by it self?
If you don't care about Telegram features that are not going to work with e2eE but you care more about e2eE just use something else, but stop saying "why is Telegram not enabling e2eE by default" because it's a noob question and I'm sure you can understand it.
@slp also please notice how much Telegram improved the situation with a pragmatic approach and not an ideological one:
Before Telegram — I can message people on WhatsApp or Facebook Messenger or start e2e encrypted chats with my imaginary friend.
After Telegram — millions of people message with Telegram and I can start a conversation with a contact of mine with e2eE using "secret chat".
Come on, Telegram did the best improvement in decades.
@alexl You can also look at this the other way around: Telegram is blocking the way to other, truly open alternatives, like Matrix.
@alexl The main point of disagreement here is that you think there are technical blockers for implementing e2e encryption without sacrificing features, while I don't.
We could discuss each challenge (text indexing is not the hardest one, by far) in depth, but that could take a looong time and we aren't getting paid to do it, so I'm going to pass. 😁
Telegram's omission of e2ee, and their final decision not to release server source code (as they once promised), clearly means something: they want to sell/use your data. Be careful...
AFAIK they still want to release server-side code at a certain point. Some people think Telegram is just a way to deploy and test MTProto for very large userbase and they can't release server-side code because they don't want to reveale the future use of MTProto.
I won't say e2ee is easy, but much smaller companies, like OWS, New Vector, Savoir Faire, and many others, did it, so the reason is not a matter of difficulty but a lack of intention.
Regarding Telegram's reasons not to share server's code: IMHO, a closed system is an insecure one, no matter the reason why it's closed. We shouldn't have to rely on the good will of unknown people to be able to trust on a system; it should be reliable by design.
@bauglir as I said many times, keeping actual Telegram features with e2e encryption is a tech challenge
Just use matrix via riot.im
@transcaffeine Matrix is nice, but I prefer Conversations.im (XMPP on steroids).
@slp Telegram has e2e encryption, what's the point of having it on by default? Implementing it keeping actual capabilities about history (including search) and groups management is not trivial as adding UI goodies like stickers and background editing.
@slp Use xmpp ;)
@tursiops I do. I'm a happy Conversations.im user. 😁
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!