1. "Telegram has a wide range of security issues." Yet people can only ever name one thing: end to end encryption turned off, by default (it's available). That's all people can ever come up with.<p>2. It mentions the FBI being for encryption, while they are obviously happier when they can tap people (see FBI vs. Apple, and a dozen other cases). Then it quotes something, which (on first glance) makes it sound like it's being said by the FBI.<p>3. "Telegram has delivered everything the government wants." Except non-compliance with any government requests, and not being a legal entity in privacy-invasive countries. "The government" you refer to is probably the USA federal government, which can make no claims on Telegram's chats or even metadata.<p>4. "There is no reason not to encrypt your messages by default." Besides that group chats with 5000 people in it are hard to encrypt (that makes for a very good reason, Whatsapp just does not support this to begin with), the reason is efficient device synchronization. I agree that it should be turned on for all small scale chats, but if we are being fair, it took Whatsapp 6 years to implement <i>any</i> sort of encryption.<p>5. "making flawed product choices like non-encrypted chatting" The market leader sent messages unencrypted over the wire for years, then did not offer end to end encryption as an option, and now two minutes after they implemented it, competing products are suddenly the devil? Despite making none of those mistakes and only not turning it on by default? I agree it's a serious issue, but you are blowing it <i>way</i> out of proportion.<p>6. "I've seen no proper proof of its security." I am familiar with the professor's work and it's usually top notch, and while I can see where he is coming from, it's wrong to claim there is no proof of its security. Various experts have looked at it, yet none have actually broken the algorithm. People usually do this just for fun, but Telegram added a bounty of $200 000. Someone has yet to win that prize. I don't see Whatsapp or Signal doing that. And as for "proof" that it's secure, almost nothing has proof of being secure. HTTPS uses RSA, DH and, more recently, ECC, none of which have mathematical proofs of being secure. RSA relies on that we have no known way of factoring large primes, but nobody knows whether an efficient algorithm exists or not. We have no proof either way. That MTProto is not proven to be secure is no surprise; neither has the Signal protocol been proven to be secure.<p>7. "[Telegram rolled their own encryption,] which is widely considered to be a fatal flaw" In general it's not recommended to do this, but they used existing building blocks (SHA1, AES, DH) to form a new protocol that has stood the test of time so far. The Signal protocol is less old than that and has no bounty for breaking it either. I feel like it's libel to claim it's insecure just because they invented something themselves. I mean, so did Signal/Whatsapp, or it wouldn't be called "the Signal Protocol".<p>8. "Woodward criticized Telegram for their lack of transparency" Lack of transparency? Telegram?! If anyone is opaque it's Whatsapp with their closed-source clients. They say they implemented the Signal Protocol, but it's in a sealed envelope. They say we just have to "trust them". If I have trust issues with anyone, it's a subsidiary of Facebook, not Telegram with a published protocol. This claim is a complete fabrication.<p>9. "This is computer security 101. There’s no reason to roll your own when something perfectly good already exists that has been audited extensively." I am sorry mister Woodward but at the time Telegram came out with MTProto, there was no such thing as the Signal Protocol. And besides, cryptographic diversity is also something we generally want as a community (Keccak was chosen because it's very different from SHA2; ECC is promoted because it's very different from RSA).<p>10. "Earlier this year a security researcher discovered that an attacker could figure out when a user was online and offline" that has been a feature (and weakness) of chat clients since they first came out. Yes of course I can see when someone is online or offline, because the application frickin' tells me so. As if Whatsapp does not tell you this. The screenshot shown is from an existing client that anyone can download and use, it's even officially promoted by Telegram themselves. This is not some freaky hacker tool, like you would have to use with Whatsapp and their own little darknet with their closed source protocol.