I have not found any news article on this on a whim. Because my friends and family, I need to use Facebook Messenger, and Messenger Lite was a OK client - lightweight, no unnecessary features, etc., compared to the regular Messenger app.
Now I’m a little torn, having a Meta app on my phone is already bad, but having to downgrade to the bloated Messenger app? Not sure I will make a change. What are your thoughts?
Install Telegram (or Signal before everyone downvotes me) for your family & friends. For me most of my friends & relatives migrated to it and using for chats between themselves.
Bonus if you are good at programming and can make some very unique telegram bots that do some interesting stuff, like reporting local news.
I use Telegram every day, but without end-to-end encryption (by default and on groups), it’s as private as Facebook Messenger. They can read everything. The only difference is that currently people trust them more than they trust Facebook, but everything turns to shit eventually.
If Signal is too “boring” or no one uses it in your circles, try WhatsApp. Yes, it’s also from Meta, but at least comms are encrypted (same protocol as Signal) and a lot of people use it.
Really bad advice. Trading Meta app for Meta app. It is proprietary so you can be sure WhatsApp does not have encryption like Signal
WhatsApp uses the Signal Protocol. Is it as private as Signal? No, it “leaks” way more metadata. Have I personally checked if they’re encrypting messages? Also no, although others have. Is it possible that they’re doing something “funny” and no longer encrypt? Yes, but is there any suggestion or proof of that being the case?
Should you use WhatsApp? No, but the suggestion above was to use Telegram, a service that doesn’t do end-to-end encryption by default and leaks the same type of data as WhatsApp. Going from Messenger to Telegram is a sideways move. From Messenger to WhatsApp would be at least a small upgrade (with the benefit of having more contacts there than Telegram, at least in some countries).
I understand the point about it also being a Meta app. I guess the question is what do you trust more? Telegram and the people behind it with your plain text messages or a Meta app with end-to-end encryption? I don’t trust either, so I pick encryption.
I’m not anti Telegram or anything like that. It’s a nice app, lots of features, smooth, etc, and I use it, but privacy was never their main priority.
Where can I get info on Telegram storing messages in plain text on their servers? I have asked and searched and all I have seen are hypotheticals but nothing concrete.
I’ve read through the audit they had in 2020 where cloud chats are encrypted using the same MT Proto 2.0 which they also use for the secret chats (E2EE).
The same way that evidence is available, I would also like to see the evidence of cloud chats stored in plain text and not encrypted.
I didn’t say anything about them “storing messages in plain text”. I said that they don’t do E2EE by default and since they have the keys for the TLS that encrypts data in transit, they can read the content of your messages. Encrypting their drives - something that any decent service does - only protects you if someone “steals” a drive: Telegram has the keys and can obviously read the contents of their drives.
I found this Kaspersky blog post which provides a nice tl;dr. They even make the same point as me:
Let’s go straight to the root of the problem: Telegram is a unique messenger with two types of chats: regular and secret. Regular chats are not end-to-end encrypted. Only secret ones are.
No other messenger does this: even the notorious WhatsApp, part of Mark Zuckerberg’s data-hungry empire, uses end-to-end encryption by default. The user doesn’t need to do anything at all, there are no special checkboxes or anything: messages are protected from all outsiders (including the service owners) right out of the box.
[…]
This is not new. Back in 2015, Edward Snowden had this to say about Telegram’s defaults:
I respect @durov, but Ptacek is right: @telegram’s defaults are dangerous. Without a major update, it’s unsafe. [source]
To be clear, what matters is that the plaintext of messages is accessible to the server (or service provider), not whether it’s “stored.” [source]
In practice, they’re no different from Messenger, Slack, Discord or a direct message on Reddit. Most messages on Telegram can be read by them, just like Google can read all messages in your Gmail.
Why is Signal or WhatsApp better? Because they do E2EE for all messages. It doesn’t matter if they forget to encrypt their servers, all they see and store is encrypted messages. You hold the keys, not them.
You mentioned “plain text” specifically - where else would they be holding those plain texts?
So far, there is no evidence to suggest your messages are stored in plain text. And in 2015, Telegram was using MTProto 1.0 for their cloud chat encryption and Secret Chats E2EE. It’s been about 5-6 years since they’ve upgraded to MTProto 2.0 which has been proven to be a sound encryption protocol.
It was Moxie Marlinspike that also made the claim messages are stored in plain text on Telegram’s server with no evidence. And so far, the only thing we have are hypotheticals and nothing of substance to support that claim.
The audit done in 2020 goes over how Telegram encrypts their cloud chats and those encryption keys are not stored on the same servers. While E2EE is preferable, the reason why Telegram works the way it does is because how messages are handled by default.
Hopefully soon they will roll out Secret Group chats. But I do like we all have the option to use Telegram however we want.
If you (user 1) are talking with your friend (user 2) through me (telegram) and I have the encryption keys, then for me (telegram) communications are essentially in plain text. I can even encrypt them 100 times… I have the keys and can read your (user 1 + user 2) messages.
You’re again talking about storing messages (not sure why). Telegram might encrypt their storage (I never claimed they didn’t), but they have the keys and therefore can read what’s stored. They also have the keys for the messages, so there’s no hypotheticals or claims here: they have the keys for everything, so they can read everything.
E2EE is opt-in and currently only available for direct chats. Unless you manually start a “secret chat”, there’s no E2EE MTProto 2.0 to help you. They can read everything.
The audit done in 2020 goes over how Telegram encrypts their cloud chats and those encryption keys are not stored on the same servers. While E2EE is preferable, the reason why Telegram works the way it does is because how messages are handled by default.
So… Telegram has the keys to decrypt your messages?
I mean, it’s not hard to understand. The party that holds the keys can read the messages.
Messenger supports end-to-end encrypted chats, and more encryption features are rolling out. https://messengernews.fb.com/2023/08/22/expanding-testing-for-end-to-end-encryption-on-messenger/. It’s a huge project to implement encryption given the number of features that have to be rewritten (e.g. scraping URLs to show a preview picture now has to be done client-side rather than server-side)
Unfortunately FB Messenger is the defacto way to communicate in some countries - if I refused to use it I’d fail uni as I wouldn’t be able to communicate with group members, I wouldn’t be able to contact most of my family, and the number of friends I can talk to would drop to about 5 (of which most have recently had children and are thus a bit preoccupied)
You (op) use telegram, and make a relay bot that redirects messages to/from fb messenger. You use the app of your choice, and they use the app of theirs. Big downside, is you’re still reliant on fb for messages.
Can you even make a messenger bot? Last time I checked it had bots, but they were incredibly crappy.
I know of someone who made one a while back, but I don’t know if it would work with the current version of messenger. It’d be a fun project to figure that out, though. I’ll add it to the growing list of fun projects haha