Telegram Is Not End-to-End Encrypted by Default

Signal founder Moxie Marlinspike, on Twitter a month ago:

Telegram is the most popular messenger in urban Ukraine. After a decade of misleading marketing and press, most ppl there believe it’s an “encrypted app”.

The reality is the opposite — TG is by default a cloud database w/ a plaintext copy of every msg everyone has ever sent/recvd.

Every msg, photo, video, doc sent/received for the past 10 yrs; all contacts, group memberships, etc are all available to anyone w/ access to that DB.

Many TG employees have family in Russia. If Russia doesn’t want to bother w/ hacking, they can leverage family safety for access.

He links to a longer thread he wrote in December about Telegram and the common misconception that it uses E2EE across the board. I made this mistake yesterday. (We regret the error.)

Friday, 25 March 2022