Telegram is not end-to-end encrypted by default, which allows the
Telegram server to see all of your messages unless you use a "Secret Chat". Telegram uses custom, unaudited encryption, and the first
version of MTProto had severe security issues, although these were fixed with MTProto 2.0. However, Telegram still uses strange
cryptographic primitives, such as AES-IGE, for "performance", although they use it in a way that they aren't
affected by its known security issues. Telegram has also been criticised by well-known cryptographers, such as Moxie
Marlinspike, Matthew Green and Filippo Valsorda.
Telegram has held crypto cracking contests, but these
were rigged. Although the clients are open source, the server is not, so self-hosting
is not a possibility. The creators of Telegram have also spread unfounded misinformation about competing
apps before.
Telegram, along with most other messengers, leak significant metadata about your messages, even if the message itself was end-to-end
encrypted.
Silence is dead, and the only commits for a long time have been translations, not code updates.
Wire stores all metadata unencrypted on their servers, although there are plans to correct this. Unlike Telegram, however, Wire has been audited, and its server code is fully open source, allowing it to be self-hosted.
Use Signal. It uses the gold standard of encryption, conceals metadata well, has a great track record, is recommended by countless experts in the field and more. Most other messengers are subpar.
Go back