Moxie Marlinspike was one of the creators of the Signal messaging service, which is considered to be the 'gold standard' for encryption.
It's amazing to me that after all this time, almost all media coverage of Telegram still refers to it as an "encrypted messenger." Telegram has a lot of compelling features, but in terms of privacy and data collection, there is no worse choice. Here's how it actually works: 1/
Telegram stores all your contacts, groups, media, and every message you've ever sent or received in plaintext on their servers. The app on your phone is just a "view" onto their servers, where the data actually lives. Almost everything you see in the app, Telegram also sees 2/
Here's a simple test: delete Telegram, install it on a brand new phone, and register with your number. You will immediately see all your conversation history, all of your contacts, all the media you've shared, all of your groups. How? It was all on their servers, in plaintext 3/
The confusion is that Telegram does allow you to create very limited "secret chats" (no groups, synchronous, no sync) that nominally do use e2ee, even if the security of the e2ee protocol they use is dubious. There's no e2ee by default, but they talk about it like there is 4/
FB Messenger also has an e2ee "secret chat" mode that is actually much less limited than Telegram's (and also uses a better e2ee protocol), but nobody would consider Messenger to be an "encrypted messenger." FB Messenger and Telegram are built almost exactly the same way. 5/
Some may feel okay letting Telegram have access to all of their data, msgs, images, contacts, groups, etc. because they "trust Telegram." However, the point of an "encrypted messenger" should be that you don't have to trust anyone other than the ppl you're communicating with 6/
Actual privacy tech is not about trusting someone else w/ your data. It's about not having to. A msg you send should only be visible to you & recipient. A group's details should only be vis to the other members. Looking up your contacts should not reveal them to anyone else. 7/
Privacy tech is really about making the tech consistent with the UI. But if Telegram's UI were consistent with the way the tech worked, every chat would be a group chat with everyone that works at Telegram + everyone that hacks Telegram + every gov that accesses Telegram, etc 8/
For the folks writing about this space, my request is that when you write "encrypted messenger," it should at *minimum* mean an app where all messages are e2ee by default. Telegram and FB Messenger are built exactly the same way. Neither are "encrypted messengers." 9/
Tweetstorm is an occasional series bringing you the best threads that we see, sometimes informative, educational, amusing and/or controversial...