The world seems to be shocked by the news that WhatsApp turned any phone into spyware. Everything on your phone – including photos, emails and texts – could be accessed by attackers just because you had WhatsApp installed [1].
This news didn’t surprise me, though. Last year WhatsApp had to admit they had a very similar issue – a single video call via WhatsApp was all a hacker needed to get access to all of your phone’s data [2].
Every time WhatsApp has to fix a critical vulnerability in their app, a new…
This is an article written by telegram’s founder and CEO Pavel Durov in 2019 on “Why whatsapp will never be secure”. Your thoughts?
What a load of hipocrisy. The dude uses unauthenticated DH for his apps “secret chats”, which a bored student with a laptop can MITM in seconds. Other chats use just TLS, meaning they get to read EVERYTHING.
He’s not wrong about WhatsApp, though. WhatsApp is closed source, and did have a string of vulnerabilities that lead to remote code execution. I disagree with the presumption that open source means secure, but their security guarantees can’t be validated to the same extent their competition can be validated.
Of course, WhatsApp being bad doesn’t make Telegram any good. I don’t think their DH is still vulnerable (MTProto 2.0 has been out for ages now) but as a general purpose chat app, it’s practically worthless in terms of privacy.
Signal beats WhatsApp/RCS, which beat Telegram, which beats IRC/SMS.
Users can’t report it because there is no way to tell for them
Atleast the one who breached can tell? no telegram users data have been seen on dark web yet, no person/org have claimed to get any vulnerability in their system. Also if its that easy to breach why govt’s keep banning telegram for not giving them userdata? despite telegram is the biggest app where most terrorist orgs operate, hub of piracy and illegal things, you can call it “public” darkweb.
I have some friends working in the police, many years they showed me how they can read messages of like anyone on telegram
I was trying to tell people to stop using telegram for years, but now at least therecs some conversation is going on because of the journalists
What a load of hipocrisy. The dude uses unauthenticated DH for his apps “secret chats”, which a bored student with a laptop can MITM in seconds. Other chats use just TLS, meaning they get to read EVERYTHING.
Use Signal, people.
He’s not wrong about WhatsApp, though. WhatsApp is closed source, and did have a string of vulnerabilities that lead to remote code execution. I disagree with the presumption that open source means secure, but their security guarantees can’t be validated to the same extent their competition can be validated.
Of course, WhatsApp being bad doesn’t make Telegram any good. I don’t think their DH is still vulnerable (MTProto 2.0 has been out for ages now) but as a general purpose chat app, it’s practically worthless in terms of privacy.
Signal beats WhatsApp/RCS, which beat Telegram, which beats IRC/SMS.
No, how can a bored student breach e2ee in seconds? note that no such cases have been reported by any telegram user so far.
Because the DH is unauthenticated, as I already said. Users can’t report it because there is no way to tell for them.
Atleast the one who breached can tell? no telegram users data have been seen on dark web yet, no person/org have claimed to get any vulnerability in their system. Also if its that easy to breach why govt’s keep banning telegram for not giving them userdata? despite telegram is the biggest app where most terrorist orgs operate, hub of piracy and illegal things, you can call it “public” darkweb.
Same reason they ask Apple for backdoors even though they crack iPhones routinely. It’s about legal precedent.
The data is available. See this article - it’s a Google link.
Check stories about russian journalists…
I have some friends working in the police, many years they showed me how they can read messages of like anyone on telegram I was trying to tell people to stop using telegram for years, but now at least therecs some conversation is going on because of the journalists
Signal is based in the United States, enjoy having CIA and NSA reading all your messages.