Here’s what he said in a post on his telegram channel:
🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷
🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕🦺
🕵️♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡
🕵️♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤
🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪
Original post: https://t.me/durov/274
Sorry I have a hard time understanding the gist of your text. I don’t think it’s viable to be upset about what happens with access that was already acquired previously because that very fact already poses a bigger threat (which might have more to do with the nature of conversations vs how the platform works).
I wasn’t talking about situations with compromised accounts, I was talking about legitimate accounts that were created in a typical way being converted to a zero knowledge encryption method, I was aknowledging that it’s hard doing that conversion when a user might have several clients logged on (2 phones, 6 computers…).
My point was that if they have not put any motivation in the transition, they never will because the bigger the userbase, the harder for them to manage the transition. Also, I find that sad because they should have invested more effort in that instead of all the features we are getting, but whatever.
If you found the technical terms confusing, public/private keys are some sort of asymmetric “passwords” used in cryptography that secure messages, and shared keys would be symmetrical passwords. The theory between key exchanges and all around those protocols are taught in introductory courses to cryptography in bachelors and masters, and I’m sorry to say that I don’t have the energy to explain more but feel free to read about the terms if you feel like it.
If you however found it confusing because I write like crap, I’m sorry for potentially offending you with the above paragraph and I’ll blame my phone keyboard about it :)
No that’s not what I didn’t understand. The problem itself as you described it seems either a non-issue or something very few people (who’s already using telegram for some time) would care about. I don’t understand the scenario that would pose a problem for the user. The moment some account legitimately gains access to some chat is probably what should trouble you instead.