Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Communications Government Privacy Security

Why You Should Stop Using Telegram Right Now (gizmodo.com) 68

Earlier this week, The Intercept evaluated the best instant messaging clients from the privacy standpoint. The list included Facebook's WhatsApp, Google's Allo, and Signal -- three apps that employ end-to-end encryption. One popular name that was missing from the list was Telegram. A report on Gizmodo sheds further light on the matter, adding that Telegram is riddled with a wide range of security issues, and "doesn't live up to its proclamations as a safe and secure messaging application." Citing many security experts, the report states:One major problem Telegram has is that it doesn't encrypt chats by default, something the FBI has advocated for. "There are many Telegram users who think they are communicating in an encrypted way, when they're not because they don't realize that they have to turn on an additional setting," Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. "Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if it's not turned on by default, it doesn't matter."The other issue that security experts have taken a note of is that Telegram employs its own encryption, which according to them, "is widely considered to be a fatal flaw when developing encrypted messaging apps." The report adds:"They use the MTproto protocol which is effectively homegrown and I've seen no proper proofs of its security," Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. "At present we don't know enough to know if it's secure or insecure. That's the trouble with security by obscurity. It's usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn't write your own crypto. No one really understands why they did that."The list goes on and on.
This discussion has been archived. No new comments can be posted.

Why You Should Stop Using Telegram Right Now

Comments Filter:
  • by __aaclcg7560 ( 824291 ) on Saturday June 25, 2016 @02:34PM (#52389467)

    The railroads are still here. Shouldn't be surprising that telegrams are still around almost two centuries later.

    https://en.wikipedia.org/wiki/Telegraph [wikipedia.org]

    • DOn't we get enough one-weird-trick, and you-wont-believe-what-happened-next headlines elsewhere. Et tu, Slashdot?

  • by Anonymous Coward

    Publicly criticizing them and their users, is not.

  • by NotInHere ( 3654617 ) on Saturday June 25, 2016 @03:04PM (#52389587)

    Its the only messenger that:

    1. can be used without gapps spyware
    2. is halfway popular
    3. has the source code released under a open source license
    4. has authors who tolerate third party clients connecting to their server. This is not the case for Whatsapp, and also not the case for signal [github.com]

    Thanks to 1 and 3, telegram is available in the f-droid app store. This is why I use it, and I don't want to install software from third party stores like google play or sideload apps.

    Yes, the encryption is not perfect, but I prefer that over having to install google spyware that would be required for signal for example.

    • You mean aside from Silence, which

      1) Is entirely open source.

      2) Is based on SMS, not IP (plus or minus, depending on whether you view SMS as being the more universally-available transport in your area)

      3) Does not have a central server.

      4) Supports easy, in-person key exchange.

      5) Requires no Google anything, and is the default messaging app for several Android spins that have no Google integration.

      • Well SMS has lots of bad properties, one being that lots of bad guys have access to at least metadata.

        Also, it costs money. If you tell your contacts "look this costs money", they surely won't like it.

        SMS is alot like the CA system in many ways: outdated, overpriced, old, insecure and broken.

    • I use Telegram for.convenience. Not because sharing gifs with my wife needs to be ultra secure, or anything.

      Having clients available everywhere is what got my attention also the fact it "Just Worksâ" for my needs.

    • by MRZA ( 4458075 )
      Why I don't use Telegram:
      It knows my phone number. All this crypto is useless then you are not anonymous.
      It's centralized. It's very bad idea to use centralized services because it's a weak point. Use only federated services.
      • Well yes anonymity is a problem about phone numbers, but they are really convenient to use for most users. Their whole address book can be re-used if you have the phone number.

        And about centralisation: centralized services are as well more convenient for the users. With federation you will need an @ some way or another (or you will get totally randomly generated usernames, which is shit too). The only escape here seems to be namecoin, but then your address info is public, which maybe is something not everyb

        • by MRZA ( 4458075 )
          I thinks it's a security problem if such apps have access to user's phonebook. On Android I always deny apps from accessing my phonebook. Why do they want to know my contacts? They shouldn't!

          In case of XMPP your username looks like yourname@someserver.tld. Looks like email. I see no problem here. Random IDs just give you more anonymity. You always have a choice.
    • Is it just me or does anyone else view the timing between these reports and Google I/O a month ago launching Allo a little suspicious?

      Alphabet marketing person: "Yeah, it would be good in the timeline if there was a review the month after I/O, to legitimize Allo as one of the major players in the messaging App space."
      Intercept editor: "The optics wouldn't be good if it was just a review of one App. We could do a comparison of the 'top ten' Apps."
      Alphabet: "Make it the 'top three'."
      Intercept: "We would
  • We can all just re-post pretty much the exact same comments we made a few days ago! Woo hoo!

  • Bullshit (Score:1, Informative)

    by Brethil ( 1107807 )
    I'll just leave this here. https://telegram.org/faq#q-how... [telegram.org]
  • by dbIII ( 701233 ) on Saturday June 25, 2016 @11:34PM (#52391291)
    Why You Should STOP Using Telegram Right Now STOP
  • Comment removed based on user account deletion
    • by jours ( 663228 )
      Best explanation seems to be that they were concerned about portability of the chats between desktop and handset (they wouldn't be.) There are 3rd party clients that implement it.

  • Remember, Telegram only promises high grade encryption for Secret Chats.

    This is something you get for free with Telegram and no big corporation can spy on you.

    Sorry, you should be very upset about the lack of spying in Secret chats. Stop using Telegram right now before you continue!

    You should immediately use WhatsApp which uses your data in ways that will make you shit yourself.

    Oh, and also; PLEASE PLEASE PLEASE stop using Telegram. A huge consortium of eaves dropping government bodies and gigantic

Your own mileage may vary.

Working...