Telegram gets a lot of hate on HN, but I have to say that of all large messaging apps Telegram has by far the best UX. That said, I can see it slowly turning into a walled garden. For example, in public channels (distinct from groups, they're broadcast only) it should be possible to link to their content from the outside. Instead if you try that they force you to download the app to see the content. EDIT2: As someone noted you can link each individual post on a channel, but you can't see and scroll through a list of posts as you can from inside the app.
I wish we had a messaging app with a market as large as WhatsApp's, UX as good as Telegram, security as good as Signal, run by an organization like Mozilla.
An open protocol is a prerequisite. There's a 2018 IETF proposal for interoperable E2E messaging, initiated by Cisco, Google, Facebook and Wire:
Architecture: https://datatracker.ietf.org/doc/draft-omara-mls-architectur...
Protocol: https://datatracker.ietf.org/doc/draft-barnes-mls-protocol/?...
"Messaging Layer Security (MLS) ... is not intended as a full instant messaging protocol but rather is intended to be embedded in a concrete protocol such as XMPP [RFC3920]. In addition, it does not specify a complete wire encoding, but rather a set of abstract data structures which can then be mapped onto a variety of concrete encodings, such as TLS [I-D.ietf-tls-tls13], CBOR [RFC7049], and JSON [RFC7159]. Implementations which adopt compatible encodings should be able to have some degree of interoperability at the message level, though they may have incompatible identity/authentication infrastructures."
Already, in the starting point draft, it's been crudded up: it has "ciphersuites", and comes with support for the NIST P-256 curve --- despite the fact that the underlying design wants to take byte strings to curve points, which is tricky to do on the P-curve. It will only get worse from here. They'll figure out some reason to bolt a PAKE onto it soon enough.
Signal Protocol is exceedingly well-documented (and even before those documents were written, it was open enough for Wire to lift the protocol wholesale).
The IETF is bad at cryptography. Your default position should be distrust of IETF crypto standards.
This would be ideal. Until then I still feel Signal gives me the best balance and I haven't had too much issue with friend/family adoption.
Edit: To perhaps stem the downvote tide: The impulse for my comment is that OP probably hasn't tried it, even though Telegram and KakaoTalk have similarly sized userbases and the emotion-inspiring stuff in the Telegram client app is mostly a timid knock-off of better Asian messengers (the Telegram team faces the challenging task of slowly acclimatizing Western audiences to features it knows will eventually be popular, by example). The West-centricness of such statements is grating to me.
The reason my comment doesn't substantiate the UX difference further is that I can't think of a single feature or screen that isn't better realized in Kakao's Android app than in Telegram's. General performance, group management, galleries / archive retrieval stuff, cross sharing, search, stickers, etc. It's available with a full English UI, go have a look. (From a privacy/security/freedom POV Kakao is terrible, though.)
The only way I could see this happening is some open/decentralized chat protocol takes hold and private companies build nice UX on top of that.
Sadly, strong UX is not the strength of opensource/foundation driven development. (For the love of god someone please prove me wrong on this)
Even worse, one can only participate in their network with a mobile phone number. In my country, land line numbers do not even work.
To my mind Mozilla should have had, and kept, a set: Firefox, Thunderbird, instant messaging, Persona. Not forgetting Lightning etc.
But you can link the content, no? (example: https://t.me/dailyeng/1402). You see the full post, you don't have to donwload Telegram for this.
But you're right. I'll edit above.
I would donate some money for such an initiative if it also had strong privacy protections from the start.
Edit:// Evil might is the wrong word. But if you have the choice between a self enforced world police with a history of using information against people in foreign countries and a country that is mostly involved in their own shit and area the choice is IMO easy
https://en.wikipedia.org/wiki/Russian_military_intervention_...
https://en.wikipedia.org/wiki/Russo-Georgian_War
By using telegram you are directly supporting the Kremlin.
I think the fundamental component to their success is just how snappy and 'live' their chat conversations feel. Everything including their backend perf, chat bubble animations, etc seems to be finely tuned to make conversations feel alive and active.
And it absolutely is, from a 2 minutes look at their code :
- their chat activity is 12000 lines of code : https://github.com/DrKLO/Telegram/blob/master/TMessagesProj/...
- it looks like they have copy pasted tons of Android library like exoplayer directly in their repo
It does work very well though !
I guess that they have an extremely small team (or just one persone) and it is their first Android project.
It looks like they have acqui-hired a competing chat client (Telegram X), so it looks like they have a solution to clean this mess.
I've seen some huge Android java functions where everything gets stuffed into the Fragment creation/update/etc API functions... but this is one just stuffed everything in them.
It's just asking for bugs and security issues.
Edit: the commit history all comes the same developer, each titled with a generic "Bug fixes" commit and no description of the changes. Seems like a single guy is just cowboying the whole App, it's not a team project at Telegram. Which explains the above... https://github.com/DrKLO/Telegram/commits/master/TMessagesPr...
1. https://itunes.apple.com/us/app/telegram-x/id898228810?mt=8 2. https://play.google.com/store/apps/details?id=org.thunderdog...
if (view instanceof ChatMessageCell) {
.......
ChatMessageCell cell = (ChatMessageCell) view;
....
}It is a car with seatbelts that don’t work; a car without any seatbelts is better.
All of the peer review by qualified professionals has been negative. Don’t take my word for it, go look it up.
This is a wrong comparison.
Furthermore:
As an early enthusiastic Whatsapp user I'd love to use Whatsapp if it had continued developing into what Telegram is now instead of selling out and start feeding data Facebook.
Right now
-one side has sketchy crypto (according to world leading cryptographers AFAIK) and correct incentives
while the other side has
-- good crypto,
-- incentives stacked towards tracking me (contrary to their previous promises)
-- and a track record of doing exactly that
I don't think it is an obvious choice without trade-offs either way.
But it's not like "just use Whatsapp" is an obvious alternative.
(Signal seems to be a completely different story but most of my contacts don't use it.)
https://fas.org/sgp/crs/intel/RL33332.pdf
NSLs don't break well-designed and well-implemented E2E encryption. They can obtain metadata, which can still be harmful, but that's it.
If you want metadata on Telegram users, just hack Telegram's ISP. If the NSA hasn't already done so, I'd be surprised.
As a practical matter, it's even starker. WhatsApp messages are end-to-end encrypted by default, forward secure so that losing your phone doesn't let adversaries retroactively decrypt sniffed messages, and, most importantly, encrypted for groups.
Telegram's messages are plaintext by default --- you have to opt conversations in to encryption! --- and don't encrypt group messages at all. Telegram plays a sneaky game where they tell users that all messages are encrypted because they use TLS. But, of course, so was AOL Instant Messenger.
If you need top security - maybe. If you need features - not. I'd consider using something else if other apps have same features or similar features done better.
On topic, I don't like these third party login systems much. Yes, they could provide better security compared to what smaller websites with less competent teams could, but associating a login with a provider also means I'm putting more eggs in one basket, so to speak. I also don't like the privacy implications, regardless of what Telegram states. It's sad that Mozilla Persona didn't take off and was shelved. It seemed like the best solution for this requirement.
When you say features, which ones do you mean? Do you mean the user interface?
But comparing to e.g. Line or WeChat maybe the entire social & stickers & attending services thing. Signal is a pretty bare-bones chat client, and WhatsApp only slightly less so.
Although not "features", having an open API for writing clients for whatever platform I choose and the fact that their official clients are open source are also a big plus.
Wire went two steps further and allows a) signing up with email addresses (without revealing phone number to Wire) and more recently b) multiple accounts for a person. Telegram has just started catching up on multiple accounts, but is still tied to a phone number.
A minor feature in Telegram that I use a lot is to edit my messages after sending them. No more re-typing messages with corrected typos prefixed with an asterisk. This either doesn't exist or came much later in other platforms I've listed in my comment (including WhatsApp).
This is anecdotal, sharing photos in Telegram means it gets through with the same resolution instead of being re-compressed and losing detail. I've heard from some others that re-compression happens on other platforms, but I don't recall on which ones right now.
Speed of message delivery, which is the most basic thing for any messaging platform. While Telegram has slowed down over time (it used to be almost instantaneous a few years ago), it still seems faster than the other platforms. This may just be my experience, since there are multiple factors that affect this.
Multi-platform and multi-device support with synced conversations across all of them. Telegram did it this way from the beginning. Wire is also similar, and better, since it has end-to-end encryption as well (but it doesn't store all conversations forever, and so newer devices will start with the most recent messages). Signal is way too behind in this department, and doesn't even allow carrying over received messages from one phone to a newer phone (this is true in iOS, and on Android it involves some work by the user). Signal actively prevents data from being backed up from the device!
Telegram's search, both within conversations and across conversations, is very fast and reliable.
Telegram allows chatting with oneself, which was renamed to Saved Messages a little while ago. I use it as a bookmarking feature to store interesting information. Combined with great search, it becomes a reference repository.
I'm sure I'm forgetting some other stuff, but the overall user experience is much better, right from application startup.
Security with fewer features is still useful; features without security are unusable.
I'm still waiting for Signal to come closer to being relevant, as per my expectations, before moving to it and pushing some others to move to it. But every time I look at a new release and compare, Telegram still seems about a year or more ahead.
It's 2018. Why are we still trusting the phone network for anything related to authentication? Surely companies like Telegram can't use the excuse that they didn't know how horribly insecure SMS and the phone network in general is, no?
I don't know how Telegram does it, but it keeps picking the wrong security options. It's like a gift they have.
It's 2018 but this problem is far from solved.
(there is a lengthy rant about that somewhere in my post history)
It then calculates a second number that you send back to the bank. No SMS at all!
This isn't like a Facebook share widget, which is usually so ubiquitous, they really can know all the sites you visit.
EDIT: Yes, Telegram uses passwords if you enable them. This is what the questionable query looks like: https://i.imgur.com/BAnddlg.png
https://i.imgur.com/BAnddlg.png
I counted the asterisks, they do in fact reveal the length of the password.
Or in other words: We are ready to sell your private data now. Because that's what actually happens when you login to another website via Telegram login.
First, it's you who decide to use telegram to login to a website (as you would login with Facebook / google).
Secondly, you see what informations will be shares with the website.
Lastly, there is no money involved. It's totally free to use.
Yes, this is implicit in what the parent is saying. The point is, your data can be shared if you volunteer it by using this feature.
> Secondly, you see what informations will be shares with the website.
At a minimum, you are sharing the fact that your identity logged into the application. A profile of logins associated with your identity can be built, and a profile of how many Telegram users logged into a particular website can also be built. Both (and particularly the latter) are valuable.
> Lastly, there is no money involved. It's totally free to use.
This has nothing to do with whether or not your data is actually shared or sold with third parties.
I'm not necessarily agreeing with the parent that Telegram is going to start selling user data, but your arguments here do nothing to diminish the fact that they could do so en masse. A graph of your logins should probably be considered "private data."
I'm good.
