Keep in mind this is likely a hit piece in a press war. Telegram and Signal regularly attack each other, accusing the other of security and privacy failures. The number of times the author uses subjective words like “weird” and “bizarre” in a strictly technical analysis exposes their bias.
See Durov’s (Telegram founder) recent announcement regarding Signal.
> A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad
> Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick .
> Keep in mind this is likely a hit piece in a press war. Telegram and Signal regularly attack each other, accusing the other of security and privacy failures.
That argument seems like false balance.
One of the two is peer-reviewed and is participating in productive exchange with academic industry security specialists; the other is reinventing the wheel and tapering over the numerous resulting red flags with a huge marketing budget.
Their respective public statements simply do not have the same weight.
> Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones
This is technically impossible on iOS due to its app distribution model. If Telegram claims anything else, that’s concerning.
> Keep in mind this is likely a hit piece in a press war.
I don't use either but if the article isn't completely made up this does at least look super incompetent and not just like picking on random things about the other messenger.
It is worded as an accusation for what might’ve been an innocent mistake. Look how many times the author uses the word “weird”, a very subjective word to use in a seemingly technical analysis.
Absolutely nothing the author said is even remotely controversial in the cryptographic community.
MTProto is weird and countless choices made in its design are bizarre with no clear rationale. Throwing in confusing and cryptographically unnecessary steps with thin rationalizations is par for the course.
Its authors have specifically chosen an approach that all but guarantees lots of “innocent mistakes”.
You’re confusing formal/informal language and strong/hedged claims here.
The article is not a scientific paper, but even in those, if you know how to read them, you’ll find authors saying “this is very weird”, albeit in different words.
Signal is a very open company and the protocol has had extensive scrutiny, and has a history of making good choices, like minimising the data they hold and defaulting to E2EE, as well as being hated by approximately all governments.
Telegram is extremely opaque, deliberately conflates various security things, doesn't default to encrypting anything, doesn't support encrypted group chats, has been hacked several times, and is extremely tolerated by very repressive regimes.
See Durov’s (Telegram founder) recent announcement regarding Signal.
https://t.me/durov/274
> A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad
> Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick .