Is Telegram really an encrypted messaging app?

Original Article ↗ Hacker News Discussion ↗

Perception vs. reality of Telegram’s encryption

  • Many non-technical users, journalists, and even some techies assume Telegram is fully “encrypted” or e2e by default.
  • Commenters stress: only 1:1 “Secret Chats” and 1:1 calls are end‑to‑end encrypted; regular private chats, groups, channels, and desktop/web clients are not.
  • Secret Chats are hidden in the UI, can’t be used for groups, don’t sync across devices, and are unavailable or awkward on some platforms, so most real-world use is non‑e2e.

Why people actually use Telegram

  • Common motivations: UX, stickers/emoji, cross‑device sync, media handling, bots, large groups/channels, and not having to expose phone numbers to other users.
  • Some frame Telegram as closer to Discord/Reddit/Twitter than Signal: a social platform and public broadcast tool, not primarily a secure messenger.

Durov’s arrest, moderation, and censorship

  • Several argue his French arrest is about lack of moderation of illegal content (drugs, CSAM, extremist material) in public channels, not about e2e encryption.
  • Others view it as pressure to obtain access to data or enforce state censorship.
  • There is debate over whether Telegram already cooperates with some governments (Russia, UAE); evidence is mixed and largely “unclear.”

Data storage, metadata, and the “mud puddle test”

  • Telegram’s cloud chats are stored on its servers; users can re-login on a new device and see history, so the service can access content.
  • This fails the “mud puddle test”: if you can recover data without your own key, so can law enforcement or an attacker with server access.
  • Telegram’s claims about split keys and “0 bytes disclosed” are challenged with reports of data handed to German and Indian authorities.

Comparisons with other messengers

  • Signal, WhatsApp, Matrix, Briar, Cwtch, SimpleX, Jami, etc. are discussed.
  • Signal is widely treated as the “gold standard” for default e2e, but criticized for UX, phone-number requirement, and metadata exposure.
  • Matrix offers e2e and self‑hosting but has metadata and UX issues.
  • Some argue Telegram is safer “in practice” for some protest/crime use cases (burner SIMs, anonymity of handles); others strongly disagree.

Trust, threat models, and user behavior

  • Repeated theme: defaults matter; most people won’t opt into hidden secure modes.
  • Several emphasize that if you must reason about the operator’s honesty under legal pressure, you should not treat the system as a secure messenger.