“Telegram is not a private messenger. There’s nothing private about it. It’s the opposite. It’s a cloud messenger where every message you’ve ever sent or received is in plain text in a database that Telegram the organization controls and has access to it”
“It’s like a Russian oligarch starting an unencrypted version of WhatsApp, a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. Somehow, they’ve done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives in Russia, and their families are there.”
" What happened in France is they just chose not to respond to the subpoena. So that’s in violation of the law. And, he gets arrested in France, right? And everyone’s like, oh, France. But I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn’t have access to the data and couldn’t respond to that same request. To me it’s very obvious that Russia would’ve had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment"
And it will again be about someone added to the wrong group. Meaning - not a hack.
See this is why I’m reluctant to start listing them because I don’t want to get dragged into an interminable discussion about how hacks like https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html?m=1 somehow “don’t count” because it was the user’s fault, or https://support.signal.org/hc/en-us/articles/4850133017242-Twilio-Incident-What-Signal-Users-Need-to-Know doesn’t count because it didn’t include chat messages.
The irony is I very carefully chose my words when I said “Signal-related hack” instead of “Signal hack” because I knew fanbois would show up to argue that anything short of a central database leak isn’t really a hack.
It’s a thread about comparing Signal to Telegram of all things. In comparison to Signal as anything secure Telegram doesn’t exist in any quality.
At the same time Signal doesn’t have mass group chats and is not intended for that purpose.
The first link does count, it’s a valid failure from Signal devs. Humans err.
The second link does not, it’s an unofficial centralized aggregator, not from Signal devs, and the “hack” was a direct consequence of how it worked. It’s absolutely something that no sane person would use.
The relevance is that it’s not some unaligned security professional talking in the article, it’s literally the guy that runs Signal having a pop at his competition.
The right kind of pop, saying only the obvious and nothing more.