| |
| ▲ | palata 2 days ago | parent | next [-] | | > I don't know how they're the only independent app that seems to be able to produce such a well built UI/UX for a chat application in 2025. Precisely because they don't spend so much effort for privacy. If your server can read all your messages, it's suddenly easier to provide great features. For instance, GMail can add your next hotel stay to your calendar automatically because it has access to your emails. That's great UX, but poor privacy. | | |
| ▲ | athenot 2 days ago | parent | next [-] | | This is not entirely true. For example, Calendar.app does the same by locally extracting the .ics out of Mail.app without ever sending anything to Apple. I don't think Telegram's UX is tied to their permissive privacy, but they do seem to start with UX then do what's needed to support it. That does give them an edge.
(Instagram has terrible privacy and actively mines information from chat and their UX is only passably good.) | | |
| ▲ | palata 2 days ago | parent [-] | | > This is not entirely true. My point is that it's generally harder to add those features in a privacy-preserving way. GMail couldn't do it if it couldn't read the content of the emails, period. It doesn't mean that there is no way to have nice features in a privacy-preserving way. I just said it's harder (sometimes impossible). > I don't think Telegram's UX is tied to their permissive privacy Not exclusively, but it is obviously a lot easier! Take a web client: if the server has access to the data, your client can just fetch it. If the server doesn't even know about the existence of the group, that's harder. Why do you think only the "secret chats" are E2EE in Telegram (and those don't support groups)? > then do what's needed to support it What do they do to support privacy? They don't have E2EE except in the secret chats! That hasn't changed in a decade! > Instagram has terrible privacy and actively mines information from chat and their UX is only passably good This keeps getting further from what I said :). Of course, it's possible to do worse than Telegram! |
| |
| ▲ | Klonoar 2 days ago | parent | prev [-] | | This is such an odd comment. What on earth makes you think that the same engineers responsible for fluid and smooth UI/UX are the ones who’d ever influence the cryptography/privacy/security? Whether or not the chats are encrypted has zero to do with this. Telegram has almost universally smooth scrolling, things work well across platforms, it’s native pretty much everywhere with low memory usage and mostly platform specific behaviors. Signal half asses this, and Element is… shoddy, at best, in comparison. | | |
| ▲ | maqp 2 days ago | parent | next [-] | | Unless you're extremely privileged, privacy does play a role in every feature. There is no user experience if you're imprisoned for speaking your mind and your government intelligence has pwned Telegram servers. Making a smooth app isn't that hard. Inventing the cryptographic protocols to enable group management without server-side control, and proving their security is the hard part. Something Telegram's developers haven't the faintest idea of how to do. | | |
| ▲ | izacus 2 days ago | parent | next [-] | | People communicated via unencrypted phone calls and SMS and other unencrypted mediums for decades so you might just be massively overstating the importance of E2E message encryption for an average person. | | |
| ▲ | maqp a day ago | parent | next [-] | | That was the time before we lived our half of our social lives online in group chats and social media. My calls and texts used to be about me agreeing with my buddies when to hang out. They weren't nearly as private as me keeping in touch with buddies I rarely see IRL, online. Also, there was a period of transition. Had I known the MSN messenger was completely unencrypted, in that everyone, not just Microsoft, could listen in, I might have felt my privacy violated. I sure as hell feel that in hindsight. | | |
| ▲ | palata 19 hours ago | parent [-] | | What the hell was MSN messenger plaintext over unencrypted transport? I'm genuinely shocked, I didn't know! I naively assumed it was at least encrypted to Microsoft. But now that you say it, it makes sense... Also feels like missed opportunities :D. |
| |
| ▲ | kelnos a day ago | parent | prev | next [-] | | The world has been changing a lot over those decades, and the technological and surveillance capabilities of state actors (and malicious, non-state actors, for that matter) has increased dramatically. Not needing E2EE a few decades ago has nothing to do with whether or not we need it now. | |
| ▲ | palata a day ago | parent | prev [-] | | The world was fine without Internet for most of its history. What's your point? |
| |
| ▲ | Klonoar 2 days ago | parent | prev | next [-] | | > Unless you're extremely privileged, privacy does play a role in every feature. No, dude. Come on - you really think that plays a role in how smooth a listview renders? Or whether it follows the correct tab focus order? I don't think I could be more clear about what I'm saying in my last comment. Their client side app is incredibly smooth and well built. Signal, Element, etc do not stack up. > Making a smooth app isn't that hard. Yes, it surprisingly is. Multiple chat apps in 2025 still fail at this. > Inventing the cryptographic protocols to enable group management without server-side control, and proving their security is the hard part. Something Telegram's developers haven't the faintest idea of how to do. This isn't even in the realm of what my point was. | | |
| ▲ | maqp a day ago | parent [-] | | >Come on - you really think that plays a role in how smooth a listview renders? That's not a feature. Stickers is a feature. Calls are a feature. Messages are a feature. Group chats are a feature. Group video calls are a feature. Link thumbnails are a feature. Forwarding messages is a feature. >Their client side app is incredibly smooth and well built. Yes, and the Trojan horse was so beautiful John Oliver would totally have hit on it. Telegram UI is fine, I'll give you that. But it was created at the expense of designing the app private. Move fast yolo security isn't the justification. They'd have to re-design the protocol from scratch to make it E2EE by default. Hell, you can't even get feature parity with secret chats. E.g., stickers do not work. Signal might not have every bell and whistle like pinned messages, but when it eventually does, I will know it's done with proper privacy design. I get that your point is to bore exclusively in the UI/UX with, admiring the forest from the trees. I'm saying the true beauty is with the ridiculously seamless and easy to use end-to-end encryption for everything Signal provides. Both phone app, and all desktop apps stay in sync, all 1:1 chats are E2EE and they are available on all platforms, unlike Telegram where they're limited to phone only. All group chats are E2EE and they're available on all platform, unlike Telegram that doesn't have E2EE for group chats. All chats are E2EE by default, unlike Telegram where no chat is E2EE. Privacy and security are integral part of every feature. Everything else is a footgun. Arguing about how well the footgun is polished, doesn't make it any less of a footgun. Signal has over time polished its secure features. Telegram isn't in the process of securing it's polished turd of a protocol. |
| |
| ▲ | est 2 days ago | parent | prev [-] | | > privacy does play a role in every feature It really depends. People discuss and communicate in public channels like IRC or Discord. A large chunk of chatting is shitposting with anonymous identity. Secure chat is only needed in some scenarios. |
| |
| ▲ | palata 2 days ago | parent | prev [-] | | > What on earth makes you think that the same engineers responsible for fluid and smooth UI/UX are the ones who’d ever influence the cryptography/privacy/security? Did you even read my comment? I gave an example of how privacy directly impacts UX: GMail couldn't automatically add your events to your calendar if it could not read the content of your emails. I never talked about engineers, just the technical reality. If you don't have it, you can't read it. That seemed absolutely obvious to me: the best UX for a car would be one that doesn't need a source of energy, fits in my pockets and instantly teleports me anywhere I want. Go ask your engineers to make a car that allows that perfect UX, and see how they react. Telegram has no E2EE except for the secret chats. Last time I checked, the secret chats were not synchronized between devices (i.e. the privacy has an obvious impact on the UX). So no, I don't think it was an odd comment. It just feels like you don't know how it works technically. | | |
| ▲ | Klonoar 2 days ago | parent [-] | | > Did you even read my comment? I'm not even sure you read mine. > It just feels like you don't know how it works technically. You're disregarding what I've said and trying to have a different discussion. Please pay attention. I am not discussing - nor do I consider it relevant to my point - privacy/security/etc contexts for Telegram's client side applications. Whether or not it's encrypted has zero to do with how smooth and well built a chat UI is. I am commenting on the frontend client side engineering and how Telegram has, hands down, the best implementation. Other apps need to catch up. | | |
| ▲ | palata 2 days ago | parent [-] | | > Whether or not it's encrypted has zero to do with how smooth and well built a chat UI is. Ok, let's talk with concrete examples. 1. Say you open the Signal Desktop app: either you don't get the history of the messages, or you need to wait a fairly long time for them to arrive. With Telegram, you get the whole history immediately. Does that count as "smooth and unrelated to encryption" to you? 2. Say you send a message to a group on Telegram and on Signal/Element. On Telegram you see that the message was received noticeably faster than on the others. Does that count as "smooth and unrelated to encryption" to you? 3. Let's talk about GIFs and stickers: I'm sure Telegram has many more than e.g. Signal. Is that something you consider when you say Telegram has a better implementation and it is unrelated to the privacy concerns? 4. Telegram has bots that enable a lot of feature. Does that count? You're telling me that for the stuff that isn't impacted by privacy concerns, Telegram is better. You seem very sure of that, and maybe that's right. But can you give concrete examples? Because until now, what I've been reading from you is that the UI/UX is not impacted by the privacy, and this is obviously wrong. So let me ask this: would you agree that at least some UI/UX is impacted by the privacy concerns? | | |
| ▲ | Klonoar 2 days ago | parent [-] | | Every single point that you want to try here has nothing to do with implementing a smooth scrolling, buttery UI/UX of a chat application. Please stop moving the goalposts if you want to actually discuss this. I also frankly don't even get what you're trying to say with point 1, because Signal loads messages instantly for me on Desktop. There's zero delay. The UI/UX of the scrolling and chat display is the problem. > what I've been reading from you is that the UI/UX is not impacted by the privacy, and this is obviously wrong It is not obviously wrong, and you've done nothing but attempt to loop the conversation back to some level of privacy/encryption/etc. These things do not matter in this conversation, full stop. This (my thread, not the greater thread we're in) is a design and frontend implementation discussion, not a privacy/security discussion. If that is not clear to you, I don't know what to say anymore. | | |
| ▲ | maqp a day ago | parent | next [-] | | >These things do not matter in this conversation The largest UX hit is when launching a client after it's been powered off for a while. Telegram uses a symmetric session key. The client can with SINGLE AES-IGE decryption operation decrypt a massive packet containing every message received to every non-secret chat. Signal uses Diffie-Hellman ratchet or SCIMP ratchet for every received message. That means there's X25519 and AES-CBC involved for every message. It is not, and will never be as fast as Telegram's insecure approach. Thus the security design will absolutely affect the smoothness of the experience. But Signal has blazing fast search function since it's local only. Telegram's search functionality freezes when you go over the server's chat history cache limit, to try to find years old posts. >The UI/UX of the scrolling and chat display is the problem. My desktop computer loads messages from my Signal history as fast as I can scroll my mouse. My cheap smart phone loads messages from my Signal history as fast as I can swipe my fingers. You can solve this with faster hardware. | |
| ▲ | palata a day ago | parent | prev [-] | | > This (my thread, not the greater thread we're in) Well, you're answering to my thread, if we go like this. Where I said that one reason the UX is better in Telegram is that they don't care about privacy. > Every single point that you want to try here has nothing to do with implementing a smooth scrolling, buttery UI/UX of a chat application. Then we fundamentally disagree on what UX means. If it takes 2 days to receive a message because a human has to check that it is not spam, wouldn't you say that it's bad UX? Or is "scrolling" the only thing that you put into "UI/UX"? Do you actually know what UI/UX is? > It is not obviously wrong, and you've done nothing but attempt to loop the conversation back to some level of privacy/encryption/etc. Because that's my goddamn point from the beginning on. Privacy has an impact on UX (which means "user experience", by the way), period. > If that is not clear to you, I don't know what to say anymore. Same here. You don't seem to understand how privacy works technically, and you don't seem to understand what UI/UX means. |
|
|
|
|
|
| |
| ▲ | Arathorn 2 days ago | parent | prev [-] | | Telegram certainly has an excellent UI/UX. On the Element side, its quality bar has very much been the target for Element X - and (in my biased opinion) we are getting very close, if not exceeding it in some places. For instance, we just landed The Event Cache in Element X and matrix-rust-sdk (https://github.com/matrix-org/matrix-rust-sdk/issues/3280 - closed 2 days ago after a year of solid work), which provides seamless offline support and local encrypted-at-rest caching of the messages it's seen, which in turn then makes the native SwiftUI and jetpack-compose UIs go brrrrrr. | | |
| ▲ | Klonoar 2 days ago | parent | next [-] | | > its quality bar has very much been the target for Element X I sincerely hope you get there, but it's really hard to believe it at the moment. You're not even at feature parity with the app (Element vs Element X) you're replacing, and it's been out for a bit now. i.e, you have significant user experience related features that keep people using Element (open graph previews, just to name one). | |
| ▲ | db579 a day ago | parent | prev [-] | | Arathorn I'm a bit confused that Element pushes Element X so much already when your own Element One service doesn't support it yet? | | |
| ▲ | Arathorn a day ago | parent [-] | | It's just because all the effort has gone into EX over the last ~2 years, and it's a way way way better app (even if it doesn't have threads/spaces yet). Meanwhile, Element One will support it shortly - the missing piece was MAS in production, which is now happening on matrix.org as per the OP. |
|
|
|
| |
| ▲ | SahAssar 2 days ago | parent | next [-] | | Besides that there it's also them choosing to roll their own crypto instead of using established cyphers and protocols. | | |
| ▲ | emptysongglass 2 days ago | parent [-] | | And every time someone makes this comment. MTProto 2 uses standard crypto primitives. Besides this, do you know who else rolled their own crypto? Moxie. You don't get to roll your own crypto first and then weaponize this against your opponents but that's exactly what he did along with abusing words like "plaintext" to describe any encryption not E2EE. | | |
| ▲ | maqp 2 days ago | parent | next [-] | | AES-IGE is not best practice. Neither is this https://words.filippo.io/dispatches/telegram-ecdh/ The difference is Moxie isn't an amateur when it comes to cryptographic design. Wikipedia actually lists him as a cryptographer. The company has also employed an actual mathematician/cryptographer, Trevor Perrin. Meanwhile, Telegram employed the CEO's brother who's a geometrician, which is not the same. You wouldn't hire a dentist to perform brain surgery even though both studied medicine. Signal protocol's double ratchet is considered best practice by pretty much every competent cryptographer. MTProto's main issues are not the teething issues of the yester-years. It's the fact every chat is sent to the server that can then read the messages. Telegram only has E2EE in internet debates about it's non-existent E2EE in practice. | | |
| ▲ | emptysongglass a day ago | parent [-] | | Are you aware the article you link to technically critiques MTProto 1, including links to web archives of the MTProto 1 docs? > MTProto's main issues are not the teething issues of the yester-years. It's the fact every chat is sent to the server that can then read the messages. Telegram only has E2EE in internet debates about it's non-existent E2EE in practice. Telegram does in fact have E2EE available in the form of Secret Chats, so that's just an incorrect statement from you. Regardless, that wasn't what I was rebutting. If anyone is going to have a reasonable debate about Telegram's problems, at least do so reasonably, without resorting to well-worn and facile language invented by the person who has the most to gain from its use. Moxie is not at all innocent in any of this and I'm glad he's no longer involved with Signal, which I use every day. | | |
| ▲ | rlpb a day ago | parent | next [-] | | > Telegram does in fact have E2EE available in the form of Secret Chats, so that's just an incorrect statement from you. But if you turn that on, other features turn off. | | |
| ▲ | maqp a day ago | parent [-] | | Exactly. I have friends that outright refuse to use secret chats because stickers are so important to them. They literally have said to my face "stickers > human right to privacy". |
| |
| ▲ | akimbostrawman a day ago | parent | prev | next [-] | | Telegram E2EE only 1:1 that is opt-in vs Signal E2EE everything by default. Its clear which is an actually private chat app. Defaults matter | |
| ▲ | maqp a day ago | parent | prev [-] | | >Are you aware the article you link to technically critiques MTProto 1, including links to web archives of the MTProto 1 docs? Yes, but surely you realize a competent cryptographer wouldn't have implemented a backdoor looking design in the first place? >Telegram does in fact have E2EE available in the form of Secret Chats, so that's just an incorrect statement from you. No it's 100% correct and you just made my point for me. 1. Secret chats are not used by default, meaning most of users don't even know about it. 2. Secret chats are not available for group chats, not even small ones that have reasonable expectation for privacy. 3. Secret chats are not available for desktop chats, so you can not really use them seamlessly. I've spent six hours in front of my computer today. My phone is 30cm from my left hand. And I absolutely can't be arsed to pick it up every time my friend would send me a secret chat. Telegram's backdoor works exactly this way. They know I'm lazy. They make it my fault. Whereas with Signal, I can just alt-tab into the chats and reply there. When I said Telegram only has E2EE in internet debates, that means people like you who love to point out it's technically there, but who also fail to understand what it takes for such feature to be even used on a daily basis. >facile language invented by the person who has the most to gain from its use. I've been criticizing Telegram for over a decade now. You trying to make it sound like it's Moxie who's the devil pulling all the strings and making my arguments for me, makes you look like an astroturfer employed by Telegram: https://tsf.telegram.org/ | | |
| ▲ | emptysongglass a day ago | parent [-] | | > When I said Telegram only has E2EE in internet debates, that means people like you who love to point out it's technically there, but who also fail to understand what it takes for such feature to be even used on a daily basis. But you are being dishonest when you make an incorrect statement like this. Don't do that. EDIT: > makes you look like an astroturfer employed by Telegram: https://tsf.telegram.org/ I just read the linked page through: this is a request for volunteers to answer support questions for Telegram. How did you make the mental leap from a request for support volunteers to recruitment ad for astroturfers? | | |
| ▲ | maqp 21 hours ago | parent [-] | | The content is lies. E.g. https://tsf.telegram.org/manuals/e2ee-simple#are-cloud-chats... Talks about "unique distributed architecture" which I have debunked here https://security.stackexchange.com/a/243172 When people parrot those lies, they're being useful idiots, which Russia has used for ages https://en.wikipedia.org/wiki/Useful_idiot Durov is trained in information warfare and propaganda https://www.nytimes.com/2014/12/03/technology/once-celebrate... He knows what he's doing. | | |
| ▲ | emptysongglass 16 hours ago | parent [-] | | You've gone way off base here and have made a colorful array of unfounded accusations, including strongly hinting I must be part of an astroturfing brigade, that Secret Chats only available on mobile devices constitutes an intentional "backdoor", that I am a "useful idiot", that for the purposes of internet argumentation E2EE chats don't actually exist, etc. What I asked you to do was to stop misrepresenting your own bizarre theories as fact and stop linking microblog posts and blog posts describing vulnerabilities of a completely rewritten protocol that have nothing to do with its current. That is dishonest and not a reasonable basis for any argument. There are many ways of honestly portraying the problems of Telegram without resorting to false inventions, such as its immense problem of spam and ads and the fact that E2EE is not available across all devices and for group chats. |
|
|
|
|
| |
| ▲ | 2 days ago | parent | prev [-] | | [deleted] |
|
| |
| ▲ | 4cstar 2 days ago | parent | prev | next [-] | | https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by... | | |
| ▲ | celsoazevedo 2 days ago | parent | next [-] | | It's nice to see their reasoning, but the issue remains: Telegram can read most direct messages (because almost no one uses private chats) and everything sent in groups. It's a good service and in some cases it can compete with Matrix, Signal, etc, but most direct chats and all groups have no privacy from Telegram (and anyone with access to their servers). | |
| ▲ | maqp 2 days ago | parent | prev | next [-] | | https://telegra.ph/Why-you-should-stop-reading-Durovs-blog-p... | |
| ▲ | 9991 2 days ago | parent | prev [-] | | What a bizarre explanation. Element does E2EE just fine, with the caveat that you have to record your own encryption keys. But if you want E2EE and backups, what would you expect? |
| |
| ▲ | jckahn 2 days ago | parent | prev [-] | | This is exactly it. |
|
