Saturday, October 01, 2016

 

Why I Chose Telegram

I've been monitoring the world of messaging for a while, looking for the next messaging platform to be my primary. After trying several applications, monitoring their development, reading how their software and networks work, and how they protect privacy, I've come to the conclusion Telegram is the best option. No solution is perfect, but Telegram checks the most boxes. It's available here, https://telegram.org.

Why Telegram was chosen and answers to common objections will be addressed in the concluding paragraphs. There's also an app that gets an honorable mention.

Here are the ratings...




In regards to privacy...


Privacy is a hot topic. Privacy is not just about keeping prying eyes out of your conversations, but also about how your information is being used by the hosting company, e.g. phone carriers, Google, Facebook, et al. There is no total privacy. (Signal is near complete privacy.) Given that, how much of your privacy is forfeited for features is up to you.

My philosophy is if privacy is to be forfeited, don't put it all in one basket. Don't give one company as much non-public pieces of information about yourself or those you know. Companies like Google and Facebook harvest your messages, images, likes, etc and draw connections to those you know. All of this together develops a more complete picture about you. The more you give, the more they get.

Facebook Messenger and WhatsApp (Facebook owns WhatsApp.) have been making the news about end to end encryption. End to end encryption is great with the caveat of feature limitations. Certain features are not available when encryption between 2 parties is engaged.

Even when E2E is used, these companies still collect metadata about you, i.e. who you are talking to, his/her contact info, and how long and often. Combining information collected from Messenger/WhatsApp with Facebook traffic, Facebook get can get pretty good picture of your life. Ditto with Google, Google+ and Allo if you use these services.

This tight relationship compromises a messenger's privacy rating. If WhatsApp was not tied to Facebook, I would more than likely recommend it as the messenger to get. They made promises about privacy which have since been compromised and rewritten since joining Facebook.

One last important note on privacy and use of the latest generation of messengers. The old generation required signing up for an account with a user name and password. You would join a friend's list by exchanging user names. The new generation uses your phone's address book to match you with your friends. It makes the level of entry very low, and match making convenient. But it makes it that much more important to know how the company is storing and using that information.

Some messengers, like Telegram and Wire, allow using phone numbers or user names. That's a nice option.

Least honorable mention goes to...


SMS. An entire article could be written on my frustration with this tired, old protocol. From what I understand, it is popular primarily in the U.S. Move on America. Make messaging great again! :-) I am ready for this dinosaur to go extinct.

Honorable mention goes to...


Wire. This application was created by a co-founder of Skype. It comes with a lot of features, including video chat, voice chat, and group voice chat. It's open and open sourced. The company is very up front about privacy. 

The choice goes to...


Telegram. Telegram has always aimed to excel at being a messaging system. It's one of the reasons it does not have voice or video call support (I hope it's added one day.). This aim has led to some to copy its features. You appreciate the value of these features and how they make a conversation more expressive than dinosaur protocols like SMS.

Combined with a desire for strong privacy and broad set of clients, Telegram is a winner. 
If you want, you could stop reading the article at this point. What follows are some common objections to Telegram, which are somewhat geeky.

Addressing objections to Telegram...


I know some are reading what I said about privacy and face palming in regards to Telegram. Here are common objections and my responses.

Objection 1: It uses home grown encryption, MTProto.

I have never been of the mind that there is only one way to do something. Using tested industry standards across the board would be great, but different does make it dubious.

Objection 2: MTProto has not been vetted.

MTProto has been studied and tested to a limited extent. Telegram has documented MTProto and the app's security for review. The source code is available on GitHub. It's not a complete mystery.

Objection 3: No credible cryptographer supports MTProto .

Comments from cryptographers fall into 2 categories: a) MTProto is broken, b) Not enough is known (info and tests) about MTProto to make a judgment. Comments from A are usually from people who have competing interests or prejudice. Comments from B come from cryptographers with less bias and more interest in something new.

Objection 4: MTProto is like having no encryption at all.

Its encryption has been around 4 years and has no known major hack. If MTProto is so flawed, why hasn't it been hacked? Why are international intelligence agencies having such trouble cracking it? Enough talk. Prove MTProto is weak by breaking it.

Telegram's security is not just MTProto. Its de-centralized network design provides additional protection. It makes re-assembling a conversation difficult. Some will say obscurity is not security. I agree to an extent, but obscurity is what makes encryption cryptic.

Objection 5: You have to opt in Telegram's end to end encryption conversations.

This is true, and it is how most other messengers work. This will always be the case if participants wish to enjoy all the features the system provides. If you must have complete privacy all the time, then always opt into private conversations. 

You cannot conclude the requirement to opt into private conversations means other conversations are not encrypted. Telegram does encrypt non-private conversations and store the data encrypted on their servers. The traffic and data are not traveling through the Internet in plain text.

Final note: Do not conclude from the responses that I do not prefer Telegram to use a tested encryption solution or that I do not want to see MTProto continually improved.


This page is powered by Blogger. Isn't yours?