I think most people here understand that telegram, which for some reason has a reputation for being more secure than WhatsApp, doesn’t even use E2EE by default. But, you’d think that if you start a secret chat you should be fine, since they promise E2EE for those.
Well, apparently not:
“She says the officer told her that investigators had been following along with her private Telegram chats as she wrote them. “There you were, sitting there, writing to your friends in the chat room,” she recalls him saying. He proceeded to dispassionately quote word for word several Telegram messages she had written from her bed. “‘They’re unlikely to bust it down,’” he recited.”
I’m assuming private chat here means telegram’s secret chat, which the all promises is end-to-end encrypted.
I’ve always been weirded out by how E2EE isn’t the default. This actually makes it less secure than WhatsApp, which has E2EE for all chats by default.
But, WhatsApp doesn’t seem to be much better anyway:
“Matt Hancock is facing a series of claims based on a leaked cache of more than 100,000 WhatsApp messages that provide an insight into the way the UK government operated at the height of the pandemic.”
And WhatsApp chats don’t even employ true E2EE anyway:
“This claim is contradicted by the simple fact that Facebook employs about 1,000 WhatsApp moderators whose entire job is—you guessed it—reviewing WhatsApp messages that have been flagged as "improper.””
“Although nothing indicates that Facebook currently collects user messages without manual intervention by the recipient, it’s worth pointing out that there is no technical reason it could not do so. The security of “end-to-end” encryption depends on the endpoints themselves—and in the case of a mobile messaging application, that includes the application and its users.”
So, WhatsApp is bad, but telegram is even worse. If you’re concerned about privacy and security, use signal when you don’t need to be anonymous, or with people who you don’t mind having your phone number, and use simplex for everything else.