Telegram Secret Chats aren't secret at all (and neither are Whatsapp's)

I think most people here understand that telegram, which for some reason has a reputation for being more secure than WhatsApp, doesn’t even use E2EE by default. But, you’d think that if you start a secret chat you should be fine, since they promise E2EE for those.

Well, apparently not:

“She says the officer told her that investigators had been following along with her private Telegram chats as she wrote them. “There you were, sitting there, writing to your friends in the chat room,” she recalls him saying. He proceeded to dispassionately quote word for word several Telegram messages she had written from her bed. “‘They’re unlikely to bust it down,’” he recited.”

I’m assuming private chat here means telegram’s secret chat, which the all promises is end-to-end encrypted.

I’ve always been weirded out by how E2EE isn’t the default. This actually makes it less secure than WhatsApp, which has E2EE for all chats by default.

But, WhatsApp doesn’t seem to be much better anyway:

“Matt Hancock is facing a series of claims based on a leaked cache of more than 100,000 WhatsApp messages that provide an insight into the way the UK government operated at the height of the pandemic.”

And WhatsApp chats don’t even employ true E2EE anyway:

“This claim is contradicted by the simple fact that Facebook employs about 1,000 WhatsApp moderators whose entire job is—you guessed it—reviewing WhatsApp messages that have been flagged as "improper.””

“Although nothing indicates that Facebook currently collects user messages without manual intervention by the recipient, it’s worth pointing out that there is no technical reason it could not do so. The security of “end-to-end” encryption depends on the endpoints themselves—and in the case of a mobile messaging application, that includes the application and its users.”

So, WhatsApp is bad, but telegram is even worse. If you’re concerned about privacy and security, use signal when you don’t need to be anonymous, or with people who you don’t mind having your phone number, and use simplex for everything else.

Ok this is beyond creepy

The average person is extremely naive when it comes to tech sadly. Most people believe telegram is secure because telegram markets itself as a secure alternative to WhatsApp. Imagine buying a car based on what the MFR promises without looking for independent reviews… I guess people don’t scrutinize apps as much since they usually don’t have to pay for them

I thought the Matt Hancock WhatsApp ‘leak’ came from an employee he gave access to for a book they were helping write?

There’s a lot of FUD in this thread. The Wired article does not establish that Telegram end-to-end encrypted messages are not private. And the Guardian article says nothing about WhatsApp’s end-to-end encryption (which is based on the Signal protocol and is quite good). There are, however, legitimate privacy concerns about WhatApp’s retention of metadata.

This! It’s quite scary to be honest

as Acolyte said, this article mentions nothing about telegram’s E2EE - moreover it talks about a Group Chat. Group Chats can not use E2EE on Telegram which i think is key to mention here

personally as someone who doesn’t really like telegram’s false marketting a whole lot, i still have it, as at the very least you can hide your phone number from contacts, be undiscoverable by number, and as long as you use secret chats, it’s still safer than talking to friends on the likes of Discord (a lot of my friends happen to be only on Discord and Telegram and have no interest in juggling any more messaging platforms)

I don’t necessarily think it’s a bad idea to have telegram so long as you know what it is and that it’s worse than WhatsApp when it comes to security.

Also, it being a group chat doesn’t suddenly justify that the Russian government can read your messages whenever they feel like it. Yeah discord too is terrible when it comes to privacy and probably even security, which is why I also think you should never share anything sensitive in it. The problem with telegram is that so many people are under the false assumption that it’s secure, which results in such dangerous situations as the one in the OP. I mean advertising security and privacy, and then disabling E2EE by default, and making it impossible in group chats is straight up malicious behavior. It’s almost designed to fool people, and that’s assuming there’s no backdoor in their E2EE implementation.

Telegram is honeypot software that’s targeted at novice users who want security, as opposed to hackers.

Funnily enough, go to any underground hacking forum and a lot of people there will be sharing their Telegrams there. It’s hilariously stupid to believe Telegram is safe for that kind of stuff.

There’s a fork of telegram on F-droid called Nekogram X that lets you DIY the Encryption part by using your own PGP key pair. You’ll need to have a PGP app on your phone called open keychain and the people you’re talking to will need to have your public key and send you their own public keys. It should be more secure, but I see no reason to jump through such hoops instead of using something like Briar or SimpleX. It indeed is completely insane to use telegram for sensitive stuff. You’d be better off buying a prepaid burner sim card and using signal.

Sorry for my late reply. The first article uses “private chats” instead of secret chats, I’m not sure if they have the same thing in mind. That said I see no reason to risk using telegram when privacy and security are your priorities (regardless of it being a secret chat or not). There’s no good reason why encryption isn’t enabled by default.

As for WhatsApp, you can bet your bottom dollar that their implementation of E2EE is questionable at best. No matter what people tell you, you can’t moderate what you can’t see. Theoretically, WhatsApp does use E2EE by default. However, they seem to take liberty with defining the ends lol. Now WhatsApp promises that they’ll only send themselves an unencrypted copy of a message if and only if it’s reported. But I’m pretty sure we have no reason to doubt their claims… I mean Meta is trustworthy and it’s not like they’ve ever been involved in scandals bad enough to require a Congressional hearing🙄

Not to mention that Meta collects so much metadata that it seems like they’re trying to earn their name several times over, and they wouldn’t even need to read messages most of the time.

Bottom line is, there’s no reason to use either when better alternatives exist so long as privacy is your priority.

I agree with you in seeing no reason to use Telegram when privacy and security are priorities. But still, there is no public evidence that Telegram end-to-end encrypted (secret) messages are compromised in some fundamental way.

WhatsApp’s moderation of end-to-end encrypted messages depends on the recipient sending the decrypted text to WhatsApp personnel. Note that WhatsApp uses the Signal protocol for end-to-end encryption. Its originator, Moxie Marlinspike, assisted WhatsApp in implementing it.

To me, absence of evidence is no evidence of absence. Telegram is almost designed to be a honeypot trap.

As for WhatsApp, I already explained why it’s not trustworthy. End to end encryption is only as good as the ends. If WhatsApp can send themselves a copy of your messages unencrypted at all, there’s no reason why they couldn’t do it without a report technically speaking. Meta’s history of security blunders doesn’t make trusting them any easier.

Whatsapp does not send themselves a copy of anyone’s unencrypted messages. Users who wish to report abuse must do that themselves.

A leaked FBI document shows that at least parts of your messages can be accessed by the service upon a subpoena.

04TGf0L8xf5MlYdPpVrSoJf-2.fit_lim.size_1444x1444×828 199 KB

You’re free to believe what you want ofc, but always remember that misplaced trust is often dangerous.

As reported by PCMag:

The footnote on the “limited” message content field [for WhatsApp] indicates that “if target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data to include message content.” (WhatsApp’s end-to-end encrypted backups, which debuted after this document was prepared, should prevent the use of that workaround.)

I prefer not to believe what I want (as you say I’m free to do), but rather what the evidence supports. And the evidence does not support the sensationalistic claims you made in the title of this message thread.

There actually is evidence that WhatsApp can access at least parts of your messages and share it with the FBI.

By the way, do note that I didn’t say I’m 100% sure that WhatsApp keeps unencrypted copies of your messages, but that it is possible for them to do so. This is even more likely given that leaked document prove that they share parts of their users messages with the FBI.

What is this evidence of which you speak? (It’s not included in the FBI document.)

It literally says they have limited access to Whatsapp messages

Yes, but as I mentioned above, the FBI document notes that such limited access depends on the existence of an unencrypted iCloud backup. And since the document was prepared, WhatsApp has introduced encrypted backups.