The most backdoor-looking bug I've ever seen (2021)

Original Article ↗ Hacker News Discussion ↗

Overall sentiment about Telegram’s security

  • Many commenters say the bug reinforces existing distrust in Telegram’s security model.
  • Some view it as either deep incompetence or a deliberate backdoor; neither interpretation is seen as reassuring.
  • Others argue that without proof of intent, it should be treated as a serious but possibly “innocent” design error.

Protocol design and “weirdness”

  • Multiple comments highlight that Telegram’s MTProto design is considered “weird” and “bizarre” by cryptographers, with extra, unnecessary complexity.
  • This complexity is seen as both a source of bugs and a sign of designers overconfident in their own abilities and distrustful of standard, peer-reviewed approaches.
  • One perspective links this to a culture of mathematically gifted contest programmers who design overcomplicated systems lacking practical security intuition.

E2EE model and usability vs. privacy

  • Telegram is criticized for:
    • Not providing end-to-end encryption (E2EE) for group chats.
    • Not enabling E2EE by default; “secret chats” are opt-in, hard to discover, and limited to mobile.
    • The reality that most chats on Telegram are not E2EE at all.
  • Some see Telegram as prioritizing usability and growth almost entirely over privacy.
  • Several commenters say they use Telegram as a “better Discord,” not as a secure alternative to Signal.

Comparisons with other messengers and accusations of bias

  • Some see the article as part of a PR war between messengers, pointing to subjective language and Telegram’s own counter-accusations against rivals.
  • Others counter that the technical criticism aligns with mainstream cryptographic opinion and that not all players have equal transparency or track records.
  • Conflicting claims appear about reproducible builds on iOS; one side calls Telegram’s claims against rivals misleading due to platform constraints.

Geopolitical and trust concerns

  • Several comments express discomfort with Telegram’s origins and ties to Russia, describing it as “too Russian to touch” or noting tolerance by authoritarian regimes.
  • Others suggest that not being aligned with Western governments could be seen as a feature, highlighting divergent threat models.