Kevin RothrockIt's amazing how Telegram has managed to get journalists to write about it this way, as though all its messaging has end-to-end encryption. In fact, this is true only for "secret chats," which must be activated manually and are therefore a tiny fraction of Telegram's traffic.
Pablo M.U. 
@kevinrothrock I just tell anyone that says to me they've switched from WhatsApp to Telegram, because of privacy concerns, that I'm a digital investigator and that about 40% of my findings are thanks to Telegram being so, so easy to get data from. The sheer amount of people discussing illegal stuff on public channels, wow.
Kyle Anderson@derpoltergeist @kevinrothrock Security not through obscurity, but marketing
waffles 
@kevinrothrock the worst part is they have encryption but the keys are owned by telegram so if it really came down to it they can decrypt anything that's on their servers
Artem Pronichkin@kevinrothrock well, yeah, but it was no oversight but an intentional design choice by Durovs back in the days. They justified it by the need to “blend” into the array of innocent apps and not get outright banned by totalitarian regimes.
their idea (at least as explained) was that having e2e encryption disabled by default allows for more conveniences (e.g., seamless sync of your chat history across devices and virtually unlimited cloud storage for your files.) Which, in turn, will make the app more appealing to casual users than, say, some alternatives that prioritize privacy at all costs and hence require users to jump through hoops. Effectively, if the app becomes popular among casual users, having it on your phone won't become a red flag immediately qualifying you as “extremist” in the eyes of law enforcement. Meanwhile, those who really need privacy are free to use secret chats anyway.
now, whether it was a good strategy and whether it succeeded is a different story. At least in Russia, it seems that it worked okay-ish.
Hippo 🍉@kevinrothrock I wonder if it's backfiring now? French authorities are persecuting them because "encryption, bad" even though there's not actually any encryption in most of that traffic. (I could be wrong; maybe it is actually about the illegal stuff and moderation, but I wouldn't be suprised if "encryption, bad" was an added factor)
Rastal@kevinrothrock Many journalists don't understand the tech they write about. This is a very common problem. They advertise to users all your traffic is "encrypted" when it's sent over a standard https connection or advertise traffic is "encrypted" when the company, not the user, holds the encryption keys, leaving users with an idea their conversations are private. They aren't exactly lying but they aren't being honest either.
David Chisnall (*Now with 50% more sarcasm!*)@kevinrothrock It's good at least that journalists have heard of Telegram. Apparently politicians use Telegram a lot because journalists know to request emails and WhatsApp messages in Freedom of Information Act requests but forget Telegram. Hopefully this will stop and they'll stop putting sensitive group chats in a platform that doesn't encrypt them.
VessOnSecurity@kevinrothrock There is nothing in the quoted text that isn't true. It *does* offer end-to-end encryption. It's just not on by default everywhere.
People often compare Telegram with Signal. This is comparing apples with oranges. Telegram is not a "secure messenger" - it is a social network that allows encrypted communications. Pretty much like Facebook. People should be comparing Telegram's encrypted messaging with Facebook's Messenger.