It’s official. Your private communications can (and will) be spied on - European Digital Rights (EDRi).
On 6 July, the European Parliament adopted in a final vote the derogation to the main piece of EU legislation protecting privacy, the ePrivacy Directive, to allow Big Tech to scan your emails, messages and other online communications.
Read in full here:
This thread was posted by one of our members via one of our news source trackers.
I wish them luck with spying on Telegram. 
I have no doubt there are entities that can do it but I’m pretty sure EU isn’t one of them.
Have a guess? 
I used it ages ago, then deleted it, then reinstalled it and weird stuff started happening like phone calls from withheld numbers! No idea if it was connected but I deleted it and they stopped (probably just a coincidence!)
I use Telegram ever since at least 2016. Most non-intrusive app ever, really have no idea what happened to your phone. Definitely give it another go.
I too am using Telegram but it’s a far cry from the secure messaging platform it’s touting to be.
In a nutshell:
At best all of this makes Telegram odd and at worst sketchy and untrustworthy. Decide for yourself.
Really baffling post you made here. On the surface it seems to show super strong negative bias based on very flimsy “evidence”. I might be wrong but, just a general impression.
And I very strongly disagree with you here – for a change, I guess? 
…And? Are you a dissident journalist or an enemy of the state? I am not, and so aren’t 99.9% of all people.
You think WhatsApp and Apple Messages are end-to-end encrypted? They are not. Keys to the kingdom are right there in their HQ. Are there even any end-to-end and fully audited messengers today? IMO no and it’s a sad reality but I am trying to be a realist. Telegram, if it is like all others, at least is super convenient to use. So it seems like the least evil option. 
Has Threema been ever audited?
Questionable? Yes, I agree, because we can’t see what’s going on exactly. Does it prove anything? No. They might hide it because else it might help adversaries? I will immediately agree that security through obscurity is a terrible practice, sure. But show some benefit of the doubt.
Signal hasn’t been forthcoming on their exact mechanisms as well. Moxie has been getting defensive when asked in a bit more detail and it left a sour taste in my mouth when I read about Signal’s practices some months ago.
…and why is 100% transparency the virtue here, by the way? Older versions of RSA were “100% transparent” as well until it turned out the NSA supplied predictable randomness function to it so it made it more or less easy to brute-force.
So is transparency the real hero we must look up to? One would think so but history has proven that hero to not be universally virtuous. So I have my doubts.
…And this is bad, because why exactly? I don’t follow. Again, benefit of the doubt: they might be under fire because they refuse to install backdoors. Durov at least claimed that’s why he ran away from Russia. Seems plausible to me. But not to you, it seems? Can you clarify further here?
“Far better alternatives” based on what criteria exactly, please?
Telegram is widely recognized as one of the best chat UX that is out there today, even in very conservative circles like HN (where it also periodically falls under fire due to people who can’t get over the fact that the “USA vs USSR” rhetoric doesn’t exist for decades now but it somehow very often turns into an ideological debate for reasons unknown – that’s a separate topic however).
The app has zero lag, has very convenient interface with many keyboard shortcuts (a rare blessing these days), is super easy to use, is very customizable, and is widely supported on all major OS-es. Signal in the meantime is barely limping along synchronizing histories which sometimes needs a full device or SD card wipe to function well (testified by people in Reddit and HN). Telegram just asks you to authenticate and you have all your chats in a minute.
“Far better alternatives” just thrown in your post like this makes me wonder if you argue in good faith. If I am reading you wrong then you’ll absolutely receive my sincere apologies but currently I find it hard to understand why did you say it. It’s not based on anything actually objective and provable. Just a subjective opinion (like mine).
I’m sincerely surprised by your reaction to what I wrote. “Baffling” describes exactly what I thought while reading your response.
I feel like you read most of what I said in the most negative way, I’m uncertain why that is though.
Just as a reminder, this thread is literally titled:
It’s official. Your private communications can (and will) be spied on
So I think you’d agree that we should scrutinize suggested messaging solutions in the light of privacy, right?
As it stands Telegram is proclaiming itself as a private and secure messaging option. It’s right there on their website:
From where I’m standing it seems only fair to verify these claims accordingly.
I must admit, I’m surprised by your stance on this. I don’t think it’s unreasonable to expect that private conversations between me and my friends, family members, and my partner stay just that: private.
Even if all we’re writing about are various versions of pie recipes I don’t want anybody else to read that. You don’t want somebody standing next to you taking notes when chatting with friends over a beer too, right? How is this different?
And just to reiterate, after all the thread is titled “It’s official. Your private communications can (and will) be spied on”.
The folks from DuckDuckGo have written some interesting thoughts on why privacy should be the default:
I’m not sure what you’re trying to get at here, but yes, WhatsApp is end-to-end encrypted and so is Apple’s iMessages.
Telegram is arguably the outlier here.
Yes, repeatedly, and so has Signal.
As far as I know the same is not true for Telegram. I’m happy to be proven wrong here though.
Are we talking about the same messenger here? Because Signal is very transparent about how they do encryption.
There’s also official documentation from Signal on this, including a number of fully open-source libraries implementing said encryption (links at the bottom of the page).
I sincerely fail to see how that is “not forthcoming”?
I don’t understand what you’re trying to say here. That closed-source is better than open-source? You’re not really arguing that transparency is bad when it comes to “how do we do privacy”, are you?
I never said it’s bad, just that it’s odd. And you’re right, the folks from Telegram claim that it’s to evade pressure from parties such as Russia but it’s just that: a claim. We only have their word.
Combined with their questionable choice on encryption I do find it odd. Nothing more, nothing less.
Privacy.
To reiterate again: this thread is titled “It’s official. Your private communications can (and will) be spied on”.
And don’t get me wrong I agree that Telegram’s UX is great. If this were a thread about UX I’d have no qualms to acknowledge this.
But this is a thread about privacy, and in the context of privacy Signal and Threema are the better choices based on everything I wrote earlier and now. It’s my earnest opinion which I continue to stand by.
TL;DR: They all lie, Telegram included.
I did, and as promised, you have my apologies. This is due to many people showing very unreasonable bias against Telegram, and one I don’t share, simply because people’s stance during those discussions often is:
…How is that a good argument, or a factual discussion at all? These arguments inevitably devolve into a belief war, one I am not willing to fight but one I’m very willing to point out and identify that it exists.
I agree with that but I don’t share your faith in Whatsapp / Threema. And it’s only that: faith.
Apple’s iMessages might be end-to-end encrypted – not sure – but their iCloud backups are encrypted with a master key that only Apple has. All it takes is one knock on the door from FBI / CIA / NSA et. al. and they’ll have any chat history they like. The only solution is to turn off iCloud which is only a technical possibility because it’s not a realistic usage scenario for a lot of people.
https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT
I did some digging on WhatsApp but sadly the 2-3 articles I’ve read about two years ago – that said that WhatsApp provides golden keys to authorities – are no longer around (makes you think about how permanent or unbiased the internet really is… what happened to freedom of speech and acknowledging the dissenting voices?) so we’re left with the official PR fluff pieces which I have no reason to trust blindly. Facebook is really big and has influence. You think they aren’t in bed with authorities? I personally am very sure that they are but, yet again, belief war right? 
I don’t trust US-based companies in general. Even if they have the very best and purest of intentions the justice system there is completely broken. If they want to get your data, they will. A famous example:
Remember Lavabit shutting down because of Snowden? They basically said “we couldn’t do anything legal to prevent the US intelligence agencies getting your data so we prefer to shut down and nuke the data”. What does that say about all US companies? To me it says “if you want privacy, don’t trust anything US-based”. (Although I wonder how can you do that, like 50% of the internet is hosted in AWS anyway. 
)
Additionally, Moxie rejects the idea of LibreSignal using Signal’s servers and branding (says as much on the Wikipedia page). Why not? He only said “federation is not as relevant today as it was a while ago”. Is that a good explanation?
You talk about “sketchy” and “untrustworthy”, I think it’s only fair we include this piece of info in that area as well.
I mean OK, you can think Durov is shady and I am not going to try and refute a belief with another belief (which I don’t hold strongly) but Moxie doesn’t look very good either. Reading through his various statements, he seems hell-bent on promoting privacy (and his own product) while having no problems defending his own territory like every savvy business owner. How much credibility does that take away from him? To me – a lot.
If you like, take a look of the few top comments on this HN thread: Signal’s Moxie Marlinspike calls out Telegram founder Pavel Durov. IMO people bring up an objectively good point relating to a conflict of business interest. It’s worth having the perspective.
Absolutely, I am all for it. But if we judge Telegram, then please factually and beyond any doubt prove that Threema and Whatsapp are doing better. What they say is of no interest to anyone with a critical thinking ability. Of course they’ll claim they are secure. That’s a modern marketing funnel and everybody and their dog is claiming that their products are secure. Empty words.
I never questioned that I want our comms private and I will absolutely never use the completely flawed argument of “I have nothing to hide”. I’m 100% on your side there.
I am only saying that I doubt it that anyone is really actually trying to do it (Telegram included; I am sure they haven’t lost sleep worrying about the privacy of our chats… but then again, nobody is). That’s all really.
OK, I can stand corrected on that but I am 50/50. Not like people haven’t bought green approval badges in the past so I wouldn’t believe anyone saying they were thoroughly audited (and I don’t believe Telegram was as well, for what it’s worth).
I am saying this: transparency gives you some extra points. It doesn’t completely nullify any objections against your product. As an example I cited the previously-broken RSA encryption by NSA. The whole thing was transparent alright, minus one detail that people didn’t think to inspect for a long time.
I never said closed source is better. I am just skeptical if open source really improves things as much as people seem to believe.
Same as we only have the word of Whatsapp and Threema. Let’s judge all fairly and equally.
I probably could have collapsed all my replies into two sentences and probably should have because I’ve spent an exorbitant amount of my Saturday on this discussion (but that’s 100% on me of course):
“Well, it’s only your opinion. Without us being able to look under the hood the whole thing is just ‘my belief is better than yours’ so we can never truly agree during such a discussion.”
In the end, my main goal was not to shill for Telegram. Meh. I have nothing to gain for it. It’s just super convenient for me but I’d have zero qualms ditching it tomorrow if the need calls for it. The truly important people in my life I can reach through multiple comm channels – I am a paranoid techie and I took care of that long ago.
My main point here is: let’s judge everyone equally. And when Telegram is mentioned, many people – you included – seem willing to just believe in other parties’ claims and just take them on their word without any criticism, while inspecting Telegram closely under a looking glass for every single thing they say or publish on their website.
I would like you to recognize that this is not a fair treatment. It smells of negative bias.
Finally, I prefer to think this:
“They are all backdoored and any intelligence agency can get any chat history they want as long as they put the effort for it”.
So, this would also affect mail service like Protonmail and Tutanota?
so the main point is: pick the lesser evil…?
Can someone plot a graph of this? Every app with their evil score
Still a scary thought 
I feel like I’m one of the few left that likes OTP over XMPP or OTP over IRC, lol… Or just gpg encrypt messages if needed.
Convenience, dude. I want to press a button, type my message, press Send and be done with it. I get all the benefits from end-to-end encryption but my life doesn’t only revolve around technology. If it can’t be convenient then meh.
Looks good.
Write-up on bringing Matrix protocol to elixir:
I took a shot at this with the python OTR library and all the XML was numbing my mind so I gave up 
