Basically, it's about the cash. Signal's business model is to convince everyone that their protocol is the only secure one and charge everyone to licence it. If that means promoting non-E2E services that store and mine chat history, that's fine so long as they pay up.
What?
The protocol is publicly described. They've blogged about it. I can imagine people being able to reconstruct it from memory.
The first Google result for "signal protocol license" is https://whispersystems.org/blog/license-update/ , clarifying that it's under GPLv3 (i.e., patent grant) with an exception for the App Store. Has anyone paid money to license the protocol? Has Signal asked for money? Is it even possible to give them money for the protocol?
Q: So how do you encrypt data?
We support two layers of secure encryption. Server-client encryption is used in Cloud Chats (private and group chats), Secret Chats use an additional layer of client-client encryption. All data, regardless of type, is encrypted in the same way — be it text, media or files.
Our encryption is based on 256-bit symmetric AES encryption, RSA 2048 encryption, and Diffie–Hellman secure key exchange. You can find more info in the Advanced FAQ.
Wire [1] (which I discovered a few months ago) is a platform that has end-to-end encryption, multi-platform support and multi-device sync. It also has text chats, voice calls, video calls, doodling, etc. The UX still needs a lot of improvement (compared to Telegram).
[1]: https://wire.com
What Telegram should do to earn the trust of the technical community (specifically, the security savvy people who criticize it for unorthodox encryption methodologies), is contract a real audit from a leading security firm that specializes in cryptanalysis, like Riscure.
[1]: https://twitter.com/matthew_d_green/status/72642891296898252...
Suggestions like this do nothing to dispell the image that modern security firms are little more than a protection racket. If you don't pay for "an audit" from an "industry leading" firm, you'll be shunned by everyone.
Otherwise, you're just making claims that are unbacked by anything. Presumably only the fact that there hasn't, yet, been a public exploit. But that's not a useful metric.
At the end of the day, for many nerds looking at these two pieces of software and their developers-- Moxie comes out looking a lot more serious about privacy and more experienced with crypto than Nikolai and Pavel. To say nothing of Telegrams closed source cloud app model, questionable financing strategy or debatable ties to the Russian intelligence apparatus.
Soo you counter FUD with FUD. Great strategy!
The Telegram devs more or less said "f*ck you, we are programming world champions and PhDs".
Then, about 6 months after they were all cocky, a russian guy showed that the telegram server could mitm every secret chat by providing the client with shitty entropy. Either it was a back door, or the telegram devs showed that everyone else was right.
Don't use it for the crypto. If that is what you want, use something else.
