Reminds me how the telegram founder boasted how talented his team is as only one developer was responsible for writing the mobile client. Turns out that client was riddled with bugs that displayed messages to the wrong user. A mobile chat app shouldn't be developed with the mantra "move fast and break things" yet this is the natural product result of all-in-one apps like kakao.
Do you mean something like the mobile app had multiple user accounts added to it, and it displayed messages for one account in the other account? Otherwise it seems more like a server bug than a client bug?
Or OS developers. Video codec developers. Network stack developer. Driver developers. Web browser developers. Web service developers. Office suite developers.
And if you are a developer and your software is used in any decent scale, you are unlikely to be the exception.
And in an Apples-to-Apples comparison, WhatsApp fared far worse than Telegram on privacy, and not to mention its parent company.
The only benefit I can think of WhatsApp has is claiming to be encrypted by default. So I dont need to press an extra button. I just have to take their word for it.
> And in an Apples-to-Apples comparison, WhatsApp fared far worse than Telegram on privacy, and not to mention its parent company.
I'd like to see that comparison. Considering that WhatsApp is end-to-end encrypted, and Telegram persistently stores almost all of their users' messages on their backend in a way that lets them read them, I find that very hard to believe.
> So I dont need to press an extra button.
Nobody presses an extra button, especially not one that opts you out of multi-device support.
So we have one app that claims to be end-to-end encrypted and is under intense scrutiny of security researchers across the world, and another one that's provably not encrypted and stores everything server side. Which one should I use?
Exactly! Good points. Facebook’s been caught spying on you with audio, video, contacts, cameras you name it. What makes the true believers so sure their WhatsApp chats are really E2E encrypted and FB cant decrypt them and isnt scanning at the edge? LMAO
> Facebook’s been caught spying on you with audio, video, contacts, cameras you name it.
For contacts: I have no expectations of any contact privacy on WhatsApp. It's known and documented [1] that they upload your entire phone book for contact matching. Private set intersection would be better, but I don't see anything sneaky going on.
Audio, video, cameras: What are you referring to?
> What makes the true believers so sure their WhatsApp chats are really E2E encrypted and FB cant decrypt them and isnt scanning at the edge?
The amount of scrutiny they're under from security researchers worldwide, and the fact that many governments are currently throwing a fit about not being able to gain access to the data either.
This is the company you are now trusting with the mere claim that WhatsApp is end-to-end secured.
2018: Facebook, not satisfied with getting its own users’ data only, bought and hijacked a VPN app in order to — wait for it — bypass encryption that millions of people trusted for ALL SITES ON THE INTERNET in order to analyze traffic and be able to get the dirt on its competitors!
Oh, but at least the content of your messages is not analyzed by FB? Well, as far as we know that might be true, but if the other user flags your convo, it is in fact sent to Facebook:
But wait, there’s more. Sometimes the mask slips due to People You May Know, which is the carefully guarded mix of “secret” algorithms that has helped Facebook aggressively grow beyond 100 million people:
Telegram has NEVER tried to do any of these types of things.
So, given a choice, would I trust Zuck and co, or a guy who literally had to flee Russia because at great personal cost he had refused disclose the identities of the Maidan protestors, and losing his company to their Mail.ru conglomerate?
We forget too easily, and PR works wonders. I used to have such a list for Microsoft, but:
- I have to pull it of every time we talk about the new MS, because people think they are good guys now. They already forgot.
- People don't think it could have been that bad.
- I have to rewrite the list, I can't link to it. Or expand it. And I have to justify its existence and credibility because MS PR is so strong now.
- The links are disappearing from the web, so my previous proofs are fading away, slowly being replaced by references everywhere singing MS praises and stating how a saint Gates is.
The fact that at least two heavily-used messengers got one of the most essential things in instant messaging wrong is nightmare fuel I didn't need to have in my life :(
These two things are as different as you can get in terms of software bugs.
xz: A sophisticated supply chain attack. These are known, scary, and we don't have great ways to prevent them yet.
Apparently half of all popular instant messengers at some point making the same kind of trivial but catastrophic off-by-one error: Not rocket science to prevent. I was hoping at least high-stakes apps would have better QA.
Funny enough, I experienced this in Android in the 2010s. Several times I would text one of my buddies using vulgar language and the texts would go to random people. My grandparents, my pastor, etc. It was horrible. lol
Delivering messages to the intended recipients (and no one else) is the single fundamental purpose of chat. If many chat apps have failed at this, then many chat apps have sucked.
Yes, but in that case, no single chat app ever conceived match your criteria. They all had some kind of similar major bug at some point. Even the big names.
Seems like a rather easy thing to go wrong in the client, no?
User sends message via client. Client fumbles the recipient id. Message ends up at the wrong recipient.
Examples: incorrect recipient ID attached to contact in list where users selects recipient. Buggy selection of multiple targets in the selection UI due to incorrect touch event handling. Incorrect deletion of previously selected and then deselected recipient from recipient array of multitarget message. Or if working low level even a good old off by one error and reading out of bounds data for the recipient list (though that one hopefully should trigger a faulty send request due to other stuff no longer matching). There is endless examples.
The server can't really safeguard against the client providing a legitimate send request even though the user intended to send it to another recipient.
There are many examples, I posted one to parent. Usually it effects some small percentage of users. But size of the team or company not directly solving the problem.
