Is there anything inherently less secure about Telegram as compared to say other apps like Discord or Slack?

[michel_cryptadamus]

I've been on Telegram once or twice and the sheer volume of spammers and hackers DMing all the time is... offputting. There's also a history of scary trojans and the like plus the fact that its origins in Israel mean that basically everyone who works on it was at one time part of the Israeli military (and thus there might be backdoors in the app for monitoring terrorist networks or some such) have convinced me it's not worth using.  

Any reason I'm wrong to think this?

[Lulz]

Telegram was made by the 2 russian brothers who made the "russian facebook" VK (Nikolai Durov and Pavel Durov), not by israeli military nor in Israel.

They left Russia in april 2014 after Pavel was forced to resign as head of VK.

https://techcrunch.com/2014/04/01/founder-pavel-durov-says-hes-stepped-down-as-head-of-russias-top-social-network-vk-com/

https://techcrunch.com/2014/04/22/durov-out-for-good-from-vk-com-plans-a-mobile-social-network-outside-russia/

They are now based in the Britich Virgin Islands as "Telegram Group Inc" (parent company), and Dubai "Telegram FZ-LLC" (group member) and they also have another group member company in the UK "Telegram UK Holdings Ltd" to manage the "personal data" side of the business(?). Legally, everything is pretty obscur as you can see, they are based in tax heavens but maybe it's to make sure they don't lose control of it like VK.

Yes, a lot of hackers(cybercriminals) and spammers are on it, maybe because everything is so obscur and they want it to be "a truly free messenger". I don't really have an answer to that.

Is it less secure than Discord and Slack? Well, nothing is 100% secure ( https://cointelegraph.com/news/millions-of-telegram-userss-data-exposed-on-darknet , https://slack.com/intl/en-gb/blog/news/notice-about-slack-password-resets , https://haveibeenpwned.com/PwnedWebsites ) so it's up to you to trust them or not. As long as you don't share too much private informations, don't do anything too edgy and don't re-use passwords, you should be mostly fine if something leaks. You have to accept the possibility of a leak when using anything on the internet. 

They is no definite answer to your question 😅

 

 

[Chauke]

Telegramm is not less secure than discord or slack, rather discord and slack are stronger moderated. 

[lurto]

Not really less secure but when they need they will give out your personal infromation. As seen with the German Federal Criminal Police Office (https://www[.]msn[.]com/en-us/news/world/telegram-reportedly-gives-user-data-to-german-authorities/ar-AAYaz3x). So, they can have the best encryption in the world and store the data under water or on the moon, if in the end it is somewhere someone can get it. As seen here https://sensorstechforum[.]com/telegram-breached-users-data-stolen/

Compared to Signal who was subpoena twice(https://signal[.]org/bigbrother/central-california-grand-jury/). Even if the wanted they coudn't give out your data because they don't store them(giving them the benefit of the doubt)

On a personal note, I hate the seminar which I had to participate, where I was forced to create a telegram account. 

 

[hyperreality]

It's not really right to compare Telegram to an application like Slack. Telegram is closer to Signal or Whatsapp. Telegram accounts are based around phone numbers, the mobile application is the main application, and messaging in one-to-one conversations is the original use-case. Slack is primarily a business application which feels desktop-first and where collaboration in channels is the key flow.

And in comparing to Signal or WhatsApp, Telegram is clearly worse from a cryptographic perspective. Telegram chats are not E2E by default, and they use a strange home-grown crypto protocol called MTProto. Historically this has had design flaws (https://security.stackexchange.com/questions/49782/is-telegram-secure) and wasn't even IND-CCA secure - which refers to a scenario where an attacker can alter ciphertexts to be decrypted by a victim, and should not be able to distinguish anything from the victim's behaviour after the victim decrypts them. Although in recent versions MTProto may have improved, it's nowhere near as solid as the Signal protocol.

But I just re-read the original question and it seems to ask more about the content of what is shared on Telegram vs other chat applications. Which surely has to do more with what groups you join, not the application itself. Perhaps there is a greater likelihood of running into questionable content on Telegram, which further increases my desire to avoid using it.

[michel_cryptadamus]

On 11/14/2022 at 11:11 AM, Chauke said:

Telegramm is not less secure than discord or slack, rather discord and slack are stronger moderated. 

that actually prolly explains a lot now that I think about it.

On 11/16/2022 at 10:52 PM, hyperreality said:

It's not really right to compare Telegram to an application like Slack. Telegram is closer to Signal or Whatsapp. Telegram accounts are based around phone numbers, the mobile application is the main application, and messaging in one-to-one conversations is the original use-case. Slack is primarily a business application which feels desktop-first and where collaboration in channels is the key flow.

yeah... the part about where I have to give a phone number to signup is part of what freaks the paranoid side of my brain out.

On 11/16/2022 at 10:52 PM, hyperreality said:

And in comparing to Signal or WhatsApp, Telegram is clearly worse from a cryptographic perspective. Telegram chats are not E2E by default, and they use a strange home-grown crypto protocol called MTProto. Historically this has had design flaws (https://security.stackexchange.com/questions/49782/is-telegram-secure) and wasn't even IND-CCA secure - which refers to a scenario where an attacker can alter ciphertexts to be decrypted by a victim, and should not be able to distinguish anything from the victim's behaviour after the victim decrypts them. Although in recent versions MTProto may have improved, it's nowhere near as solid as the Signal protocol.

💫 this is exactly the answer I was looking for. I thought I had seen something like this when I did a little research but figured this would be right venue to ask for confirmation that I wasn't just hallucinating.

p.s. I just posted a similar question about matrix.to in case you have any thoughts on that.