I’m not sure what point you’re trying to make? The people that claim “Telegram is unencrypted” seem to be of the belief that literal plaintext is flying over the air for anyone with a mediocum of knowledge to easily intercept, and that’s just not true.
Lacking end-to-end encryption does not mean it lacks any encryption at all, and that point seems to escape most people.
To take it to its logical conclusion you can argue that Signal is also “unencrypted” because it needs to be eventually in order for you to read a message. Ridiculous? Absolutely, but so is the oft-made opine that Telegram is unencrypted.
The difference is that Telegram stores a copy of your chats that they themselves can decrypt for operational reasons. It’s up to the user to decide whether the additional functionality that comes with this is worth the risk of a hostile agent successfully requisitioning those chats directly from Telegram themselves, rather than just busting through your door and threatening to break your legs if you don’t unlock your phone.
On the other hand, if you fill your Telegram hosted chats with a whole load of benign crap that nobody could possibly care about and actually use the “secret chat bullshit” for your spicier chats then you have plausible deniability baked right in.
Lacking end-to-end encryption does not mean it lacks any encryption at all, and that point seems to escape most people.
Not using end-to-end encryption is the equivalent of using best practice developed nearly 30 years ago [1] and saying “this is good enough”. E2EE as a default has been taking off for about 10 years now [2], that Telegram is going into 2025 and still doesn’t have this basic feature tells me they’re not serious about security.
To take it to its logical conclusion you can argue that Signal is also “unencrypted” because it needs to be eventually in order for you to read a message. Ridiculous? Absolutely, but so is the oft-made opine that Telegram is unencrypted.
Ridiculous? Yes, you’re missing the entire point of end-to-end encryption, which you immediately discredit any security Telegram wants to claim:
The difference is that Telegram stores a copy of your chats that they themselves can decrypt for operational reasons.
Telegram (and anyone who may have access to their infrastructure, via hack or purchase) has complete access to view your messages. This is what E2EE prevents. With Telegram, someone could have access to all your private messages and you would never know. With E2EE someone would need to compromise your personal device(s). One gives you zero options to protect yourself against the invasion of your privacy, the other lets you take steps to protect yourself.
the other hand, if you fill your Telegram hosted chats with a whole load of benign crap that nobody could possibly care about and actually use the “secret chat bullshit” for your spicier chats then you have plausible deniability baked right in.
The problem here is that you should not be mixing secure contexts with insecure ones, basic OPSEC. Signal completely mitigates this by making everything private by default. The end user does not need to “switch context” to be secure.
I’m not sure what point you’re trying to make? The people that claim “Telegram is unencrypted” seem to be of the belief that literal plaintext is flying over the air for anyone with a mediocum of knowledge to easily intercept, and that’s just not true.
Lacking end-to-end encryption does not mean it lacks any encryption at all, and that point seems to escape most people.
To take it to its logical conclusion you can argue that Signal is also “unencrypted” because it needs to be eventually in order for you to read a message. Ridiculous? Absolutely, but so is the oft-made opine that Telegram is unencrypted.
The difference is that Telegram stores a copy of your chats that they themselves can decrypt for operational reasons. It’s up to the user to decide whether the additional functionality that comes with this is worth the risk of a hostile agent successfully requisitioning those chats directly from Telegram themselves, rather than just busting through your door and threatening to break your legs if you don’t unlock your phone.
On the other hand, if you fill your Telegram hosted chats with a whole load of benign crap that nobody could possibly care about and actually use the “secret chat bullshit” for your spicier chats then you have plausible deniability baked right in.
Not using end-to-end encryption is the equivalent of using best practice developed nearly 30 years ago [1] and saying “this is good enough”. E2EE as a default has been taking off for about 10 years now [2], that Telegram is going into 2025 and still doesn’t have this basic feature tells me they’re not serious about security.
Ridiculous? Yes, you’re missing the entire point of end-to-end encryption, which you immediately discredit any security Telegram wants to claim:
Telegram (and anyone who may have access to their infrastructure, via hack or purchase) has complete access to view your messages. This is what E2EE prevents. With Telegram, someone could have access to all your private messages and you would never know. With E2EE someone would need to compromise your personal device(s). One gives you zero options to protect yourself against the invasion of your privacy, the other lets you take steps to protect yourself.
The problem here is that you should not be mixing secure contexts with insecure ones, basic OPSEC. Signal completely mitigates this by making everything private by default. The end user does not need to “switch context” to be secure.
[1] Developed by Netscape, SSL was released in 1995 - https://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0,_2.0,_and_3.0
[2] Whatsapp gets E2EE in 2014, Signal (then known as TextSecure, was already using E2EE) - https://www.wired.com/2014/11/whatsapp-encrypted-messaging/