#Telegram and #Durov are once again in the media, so I translated my May piece about the service to English:
Telegram is neither "secure" nor "encrypted"
https://rys.io/en/171.html
Calling Telegram "secure" or "encrypted" is misleading, and is journalistic malpractice.
Telegram itself seems to mislead about it on purpose.
Telegram's encryption protocol is suspicious and transmits cleartext device identifiers with every message.
They have been called out for it many times, and refuse to change.
Despite the claims that #Telegram never shares any data or metadata, there are relatively clear cases of them having shared metadata with an Indian court and German law enforcement.
There are strong indications, as reported by Wired, they might have shared message contents with the Russian government, targeting activists in Russia.
By default, Telegram chats do not use end-to-end encrypted mode aka "Secret Chats". End-to-end encryption is also completely unavailable for groups and channels.
@rysiek they are routinely reported as secure/encrypted when they are in the news - I saw several stories repeating this with the news of the arrest in France.
@simonboggis that's precisely why I translated my piece to English.
@rysiek @simonboggis AFAIK #Durov got arrested because #Germany #MLAT'ed #France for #NetzDG violations and he refused to integrate #Govware #Backdoors in compliance with French Law, which is rather a case if #incompetence by #LEA|s than actual #security.
@kkarhan it's worse than HTTPS, MTProto broadcasts cleartext a device identifier.
@rysiek @simonboggis so it's worse than the shittiest #OMEMO implementation...