@thegibson @Mer__edith @inthehands
Did someone say “Telegram”?
[Crashes into the thread like the Kool-Aid man]
Please do not use #Telegram Messenger for any message that you would not want to see on the side of a building. Don't take my word for it, listen to these folks.
Here's Dan Goodin (@dangoodin) in Ars Technica summarizing an exploit discovered by Ahmed Hassan:
"Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location."
Independent security researcher The Grugq (@thegrugq) on Telegram's many problems:
"In summary, Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger."
https://grugq.tumblr.com/post/133453305233/operational-telegram
Former maintainer of the Golang cryptographic libraries Filippo Valsorda (@filippo) on a bug in Telegram's cryptographic protocol:
"To this day, itʼs the most backdoor-looking bug Iʼve ever seen."
Prof of cryptography Matthew Green (@matthew_d_green) on Telegram's custom encryption:
"Like seriously. Wtf is even going on here."
https://twitter.com/matthew_d_green/status/582249709286326272
And finally, Bruce Schneier:
"Don't Use Telegram."
https://www.schneier.com/blog/archives/2016/06/comparing_messa.html
If you want to communicate confidentially, use @signalapp
https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/