Cool! I’ve recently consolidated all of my Google Chat and WhatsApp friends onto Matrix (via Element) because it’s E2EE. Gchat isn’t and I assume that Meta has a backdoor into WhatsApp conversations. So, those platforms can’t be trusted. Signal doesn’t have a web interface, so that’s a no-go for me. lol Telegram.
Matrix has been great for me and I recommend that everyone else use it!
I set firefox to clear cookies, also using cookies to "strict"
This somehow causes a huge pain to connect to mozilla's matrix instance, and I never understood why. This is a bit ironic since firefox has that feature to clear cookies.
I had to reset password, and do other weird things, I can't remember what exactly.
I hope this MAS thing fixes it.
So unusable for people like me who only surf in private mode
Putting tracking protection to strict essentially makes Firefox violate certain web standards. Developers aren't going to test against that, and if they are they're probably not going to be able to do much about the problems strict tracking protection causes.
If MAS fixes this, it'll be by accident and it'll probably break in the future. Firefox warns against this kind of breakage if you enable strict tracking protection in the settings. You can't have strict tracking protection + websites doing cross-domain authentication working.
I mean, yeah, tracking prevention features basically completely break cross-domain authentication. There are a surprising number of valid use cases that need cross-domain auth (or make the user experience a lot easier). While there are workarounds these days, sometimes it does require deep changes in how auth works
> There are a surprising number of valid use cases that need cross-domain auth
I am not a web developer, but I would disagree with that.
Either web standards respect privacy or they don't, but I would not sacrifice privacy for anything.
Firefox was right to prevent tracking, it highlights how webstandards are just not good. I something doesn't work properly in a firefox private window, to me it should not exist.
Authentication requires the opposite of privacy. If you don't want to be identified, you can't restrict anything to your identity.
... which requires an addon to the browser, or for it to be built in specifically for that company.
That's not something companies like Matrix can use. If you're installing software already, why not skip the browser engine and install a full Matrix client instead?
With OIDC, both occur: the client is redirected to the authentication server where they directly authenticate, then carries a token cross-domain back to the service. Finally, the service validates the token against the auth server.
The alternative would be something where I enter my Google username/password on random websites, and trust that they will forward it to Google and not do anything nefarious. This is less secure and less private.
The status quo appears to involve handing over your account password to your chosen client. That's worse than this.
Yeah, I would argue it's less about removing trust from the client (which will ultimately get an auth token in addition to secrets and plaintext messages) and more about allowing for centralized authentication and authorization policies.
Not necessarily, you could give restricted access to a client
my google account has way more power over me than whatever i ever wrote in matrix in my life (ever, ever)
How do you prevent them from collecting "Interaction Data"?
https://www.mozilla.org/en-US/privacy/firefox/#bookmark-how-...
I vaguely remember an old MSC or TWIM or something that described (the possibility of) a new authentication mechanism whereby I could set up either a dummy homeserver or something in .well_known that would allow me to use my own domain but without needing to use my own homeserver for the actual traffic. Sort of like an auth-only homeserver, if you will.
Is that part of MAS? Was that initiative ever fully-baked? Or am I just misremembering?
That's .well-known based delegation, which was proposed in MSC1708 in Nov 2017: https://github.com/matrix-org/matrix-spec-proposals/blob/old... and merged into the spec in Jan 2019 (prior to Matrix 1.0 in June 2019): https://github.com/matrix-org/matrix-spec/commit/0347e873efc...
So yes, fully-baked and part of Matrix since 1.0!
Next Gen Auth via OIDC is instead a key part of the (upcoming) Matrix 2.0 spec release - see https://areweoidcyet.com and https://github.com/matrix-org/matrix-spec-proposals/pull/386...
Afaik that's not related to this, that was already possible as a domain alias. I think that feature is called a delegation if I remember correctly.
Love matrix. Improving the onboarding is a great step. I've seen less technical people have issues in that area until now.
Mostly a desktop/web user myself, hoping all that Element X work will trickle down to us.
* Is all matrix.org's server-side for this open source, and able to be self-hosted?
* Do all the Matrix clients need to be modified to support this authentication method?
The new authentication server (MAS) is at https://github.com/element-hq/matrix-authentication-service (AGPLv3) and entirely self-hostable - e.g. https://github.com/element-hq/ess-helm for the brand new official helm charts from Element, or https://github.com/element-hq/element-docker-demo for a very quick and dirty docker-compose setup i threw together.
MAS provides backwards compatibility for the old Matrix auth APIs for existing Matrix clients, so they do not need to be modified to keep working. However, to get the most out of all the new auth features (2FA, MFA, QR login etc. etc.) then clients will need to be upgraded to speak OIDC natively. Element X for instance is already OIDC-native.
https://areweoidcyet.com has more details.
1. Yes. Even the public website is open source. The license is AGPLv3: https://github.com/element-hq/synapse
2. Yes.
> No more typing your password in every client you’d like to log in to.
So. . . how will we log in? This post is heavy on vague promises of greatness but light on concrete details of UX.
If you use e.g., "Sign in with Google" today, you get redirected to your web browser, log in, and get redirected back to the client. This means you can use the saved passwords of your browser, and if already logged in there, you just have to click "continue" instead of logging in again.
With MAS, every login works like that. If you click "sign in", instead of getting redirected to Google, you get redirected to the website of your homeserver, where you can login and authenticate before being redirected back to the client.
The primary benefit of using a standard OIDC flow is that your authentication server can easily add support for passkeys, webauthn, TOTP or captchas, without having to wait for every single client to support these features.
While matrix.org uses MAS for this, providing the same login features as it used to, your organization might want to use Keycloak to connect their homeserver directly to LDAP.
The downside is that you need a full browser to authenticate this way.
> So. . . how will we log in?
I think you will log into your server, and then the server will offer you to give access to the client. The screenshot right below the line you quote seems to show exactly that.
I guess I can believe that, but it's unclear because there's nothing to tell me what that's a screenshot of. The icon in the screenshot is the Element icon, which is a client, so at first glance I figure it's a screenshot of Element. After reading your comment I can infer that it's actually something else (a website?) showing me the icon of the client that wants access. That makes sense, but it's not obvious just from the screenshot.
One reason I ask about this is I always wonder how it will work for someone writing their own client, perhaps a very basic client (or a bot). Any answer that involves "you will click on X" doesn't apply there. As long as there's a straightforward API based way, that's cool. And I assume there is one here. But my experience has been that such changes aimed at "greater security" often make things more cumbersome for small-time developers.
But we'll see. Certainly a smoother login (and logout!) experience for Matrix would be welcome so hopefully this will be a plus overall.
The blog mentions right at the start that it's based on OAuth 2.0/OIDC, similar to how you log in to your Google account in Thunderbird for example.
> I always wonder how it will work for someone writing their own client, perhaps a very basic client (or a bot).
For interactive clients, it'll be the standard OAuth 2.0 Authorization Code flow[1]. For non-interactive services they say in the proposal[2] that one uses the existing method but they will implement the standard OAuth 2.0 Client Credentials flow[3], which is effectively like a traditional username/password deal, though the "password" is not the account password.
[1]: https://learn.microsoft.com/en-us/entra/identity-platform/v2...
[2]: https://github.com/matrix-org/matrix-spec-proposals/blob/002...
[3]: https://developer.okta.com/docs/concepts/oauth-openid/#clien...
Read the whole blog, and it directs you further for more details. But this blog does tell you they're moving to oidc. That means you will get all the non password flows oidc supports.
This is a reading comprehension problem more than a blog writing problem
This sounds great for large and corporate servers, but a pain for small self-hosted ones. More configuration and external dependencies. Plus additional confusion for non-techy users on those smaller servers.
I don't think this will be required for other servers any time soon, if ever. Clients are going to have to support logging in the oldschool way indefinitely, especially since most Matrix servers are basically unmaintained.
You say that, but Element X (Android & iOS) already lacks full support for the oldschool way. It only supports certain flows therein AIUI.
Yeah, I realize that, but that's exactly why it's Element X and not Element. Element was actually planning on dropping support for older servers, but for ecosystem reasons they had to can that indefinitely. I don't think Element will become Element X anytime soon with the ecosystem in such bad shape.
Several years ago, Riot.im messenger had a branch called RiotX with some additional features. Then RiotX (or its codebase) became the first version of Element, while the original Riot.im stopped being supported. And this was when Synapse was the only server option and it was a hog for memory.
Congrats to Quentin and all the other contributors to this project.
I quickly looked at the MSCs and seems “MAS” and associated MSCs enable OIDC/OAUTH authentication flows (basically integration with your favorite identity provider such as Google or Apple).
I was hoping for matrix homeserver to act as an identity provider as well to give us an alternative to big tech for “identity”.
I suppose I could just setup Ory or other open source IdP, but would have been nice to have an all in one package.
MAS can be used as an OIDC IdP, and in future MAS will be embeddable in Synapse so you can use your homeserver as an IdP in the way you want, all in one package.
That said, MAS is deliberately not a very featureful IdP - it's focused on being the glue between Matrix and OIDC. If you want a more sophisticated IdP then you'll still want to run a dedicated one.
Discord's ongoing enshittification may create a market opportunity for alternatives in the near future. I'd like to think that Matrix could be a beneficiary of that, but the common-case UX needs to be polished damn well when the time comes if they want to capitalize.
MAS and Next Gen Auth open up the way to things like QR-login (complete with syncing all E2EE state and verification!) which should help enormously with common-case UX.
See https://youtu.be/ZiRYdqkzjDU?t=966 for a demo of it from The Matrix Conference in Sept, or https://youtu.be/lkCKhP1jxdk?t=1832 showing it working in on a fresh instance of element-docker-demo at FOSDEM 2025.
Eh... Discord's enshittified client is still a hundred times more usable than Element — for all its faults, at least Discord is able to deliver and display messages reliably ("unable to decrypt message", anyone?). And for the more technologically oriented, client mods do a lot to improve the Discord UX.
Element X is supposed to improve things, but it's stuck on Android and iOS for the foreseeable future.
I haven't seen that message in literal years.
So Matrix is the new XMPP?
Did XMPP ever use these protocols for authentication?
fwiw, there's a XEP for OIDC in XMPP from last year: https://xmpp.org/extensions/xep-0493.html. ATproto is also moving to it as its primary auth mechanism: https://github.com/bluesky-social/atproto/discussions/2656.
[dead]
Does actually exist matrix servers for warez?
Anybody tried Simplex? - https://simplex.chat/
> I assume that Meta has a backdoor into WhatsApp conversations
They don't need a back door when they control the front door: the app. End-to-end encryption doesn't protect the endpoints.
(In other words, your concern is warranted.)
You're absolutely right. End-to-end encryption protects message content, but WhatsApp still collects metadata, which is incredibly valuable.
Even though they can't read your messages, they know who you talk to, how often, when, and for how long. They also track your device info, IP address (which can reveal your location), network details, and app usage patterns.
And this data isn’t just sitting there—Meta uses it. For example, if you chat with a business on WhatsApp, you might start seeing ads for that business on Instagram or Facebook. They don’t need to read your messages when they can infer so much just from how you use the app.
Disclaimer: Comment translated from Spanish and corrected by Chat GPT.
> Even though they can't read your messages
I've long wondered if this is actually true.
If I have a closed-source app and claim (and can verify!) E2EE, surely I could still read every message from my closed-source app, within the app itself, and you'd never know.
I've never been a mobile app developer but I've been a desktop and web developer since the 90s so I don't know what apps can and cannot see but in a desktop app or web app, if it's on the screen, it's decrypted and I can put code in to read/steal it.
Am I missing something here?
Does it even need to be screenshots?
Surely when I open up a chat in Whatsapp it would be as easy as doing a foreach on every msgElement.text value on screen and copying it to the mothership in plain text. After all, when I am reading them, they're decrypted.
Or, when I send a message, as soon as I press the "Send" button, send a copy to the mothership.
Perhaps I'm not seeing it right but it must be this simple. Right?
At least with an open source app you can inspect the "Send" code and see if it calls "SendToMothership" when it also calls "SendToRecipient".
What I got from your comment and from that interview were very different. He starts that bit with “when I text you on WhatsApp”. The “we” refers to Mark and Joe (Alice and Bob), not Meta (Eve).
It's true in a sense - using an iPhone or an Android phone Apple/Google could be streaming your screen contents constantly, so even e2ee wouldn't help.
I just don't know if that is actually true, or if meta doing e2ee and then pinging your messages around from the app after they're delivered is true. I've no reason to believe either is.
And the default/largest homeserver, matrix.org, uses cloudflare, so all your data belongs to them as well.
It is disappointing that they use Cloudflare, especially since most Matrix metadata hasn't yet been moved to the end-to-end encrypted channel.
(Arathorn: is e2ee metadata still on the roadmap?)
But no, not all your data is exposed. The e2ee parts, like message content in encrypted rooms, are opaque to Cloudflare.
yup, encrypted metadata is very much on the roadmap. https://github.com/matrix-org/matrix-spec-proposals/pull/425... is one of the more recent proposals for it.
Self-hosted Matrix with all the bridges is awesome and brings back that Pidgin/Adium life of one chat app for all of my friends. Too bad Apple has an uncanny ability to avoid consequences with iMessage.
It's wonderful that it seems work well for you but my experience in bridging group chats with XMPP or IRC was terrible. Lost messages, bridge crashes, puppet accounts getting randomly broken/duplicated with discarded messages.
From the bridges I've run, only the Telegram bridge is somewhat stable for me but it also has it's warts.
Might be different if you run a strictly personal server for 1:1 conversations but I'd say from an ux perspective the bridges idea largely failed IMHO.
I don't think it's the fault of element/matrix it's a difficult problem and I guess with limited resources they made a lot of progress and made things possible that weren't before but it's not plug and play, at least it wasn't for me.
In general I've found it's also difficult to communicate in group chats if there are two worlds with a slightly different view (missing reactions, some elements of the messenger are not supported like captions, polls and so on...)
While I generally agree, the slidge bridge for XMPP has been working quite well for me, especially whatsapp, but it is really new.
> slidge bridge
Didn't knew about this one. Thanks I'm looking into it!
Signal doesn't have a web interface, but being able to use a desktop app is OK for me.
The big downside for me is not being able to use it on two devices. All the other services, privacy concerns or not can now do this. It's one reason why I stopped donating to / advocating for signal.
Settings -> linked devices?
https://support.signal.org/hc/en-us/articles/360007320551-Li...
This lets you use the desktop application and a phone at the same time, which I use.
It doesn't allow you to use multiple phones at the same time.
It's something I've just recently run into trying to set it up on an Android tablet. The funny thing is they allow it on an iPad. It'd be great if they allowed just any phone or tablet to link to the primary device. I'd complain but it's been deaf ears for the last 4 years to get them to put gifs back into the desktop app.
Thanks I didn't know that
You mean you access all these on Matrix/Element via the bridge? Or you actually mean you convinced all of them to ditch their chat apps and migrate to Matrix, or at least install Element as well in addition to the other ones? It’s a feat if it’s the latter without or without ditching. Is this a very privacy conscious demographic?
I got my friends to install Element and use that to message me instead of Gchat/WhatsApp. They’re all quite tech savvy and have varying degrees of privacy consciousness.
I also got my partner to switch to it. She’s not a super nerd like me but she was able to figure it out easily enough.
Wasn't there a big falling out between the Matrix team and Element or am I misremembering what happened?
Element is the company formed by the team who created Matrix to work on Matrix, almost all of whom are still there; there is no falling out :)
The Matrix Foundation is the non-profit set up by the Matrix team in 2018 to keep Matrix itself independent of Element and other Matrix vendors - to act as a steward of the protocol and a standards body. Originally Element donated almost all of its code on Matrix to the Foundation (e.g. Synapse, the original Matrix server) as permissive Apache-licensed FOSS, assuming that if Matrix was successful, folks would want to fund it.
In practice, by 2023, Matrix was very successful... but it transpired that the vast majority of folks commercially building on the Foundation's Apache licensed code failed to route any funding back to the Foundation (as the hosting body) or to Element (as the primary code contributor), despite many polite requests. As a result, there wasn't enough $ to pay folks at Element to keep working on the core Matrix projects as their day job. So, to keep the lights on, Element stopped donating their work to the Foundation, and changed license to non-permissive AGPLv3 in order to sell AGPL-exceptions to the folks commercialising it. This has helped the situation somewhat (although Element isn't at breakeven yet). Meanwhile, it's left the Foundation focused on governance, the Matrix standards process, trust & safety and hosting core libraries like E2EE and matrix-rust-sdk.
There's no beef between the Foundation and Element over this. In a utopia the projects would certainly have stayed as Apache licensed code in the Foundation - but then again, other standards bodies like W3C or XSF don't publish code these days: it's a phase that a given protocol grows out of once third party organisations get busy building implementations.
Disclaimer: i'm conflicted on this, being project lead/co-founder for Matrix, and then CEO/CTO at Element.
I say this all the time, but the point of the permissive licenses is you're making a donation to private industry.
There are reasons to do this, for example if you believe that private industry adopting some technology is good and you want to make that happen.
But people keep seeming surprised by the fact that these donations aren't reciprocated (or at least people don't seem to plan for them to never be reciprocated). It sounds to me like the AGPL license was more consistent with their goals.
If you wanted to make a donation to everyone, you'd use a copyleft license.
The point of permissive licenses is to grant the ability to exclude people from the enjoying the benefit of improvements.
I.e. they're not for creating public goods. They're grants for making it easier to create excludable goods.
I think we need to distinguish using and abusing. IMO a private corporation taking the source to make a commercial project and refusing to give anything back (whether patches, money, or otherwise) is abusing.
When corporations utilize the code and make a good faith effort to contribute back something, no matter how trivial, they are using the source.
Just because it’s legal doesn’t make it right and I feel confident given the current state of the world saying that we should start expecting more from corporations. The idea “they only exist to make money” is how you break the social contract.
FWIW I think AGPL is the right license choice for you. The more experience I gain the more I lean toward AGPL for products, MIT for libraries.
I don't disagree, but I think the bigger risk is just that big companies who can and should throw some financial support your way, just won't if it's permissively licensed. They've demonstrated repeatedly that they'll just take the software and use it, including making (sometimes substantial) money on it, and none of that will flow back up.
The LGPL hits the sweet spot for libraries in my opinion.
I understand now. Thanks for clearing that up for me.
There are ways to get web interfaces for Signal.
But I think the bigger issue is that any platform that controls the javascript sent to you from a web page, can also backdoor/MITM/inject malicious code at any time without you knowing.
For me the issue was contact names tbh. Is that solved? It used to be that the contact name was set by the contact and not by me/my address book.
You should not use it ! Xmpp is the answer with its few issues and matrix requires hell of system resources as well.
>lol Telegram
Did I miss something? what's wrong with telegram?
I'll tell you what's right about Telegram: I don't know how they're the only independent app that seems to be able to produce such a well built UI/UX for a chat application in 2025.
I maintain that someone should fork their codebase and bolt on a different backend (Signal, Matrix, whatever). It's right there and it's very, very good.
(Yes, I know it's not as simple as "bolt on a different backend". You know what I mean.)
> I don't know how they're the only independent app that seems to be able to produce such a well built UI/UX for a chat application in 2025.
Precisely because they don't spend so much effort for privacy. If your server can read all your messages, it's suddenly easier to provide great features. For instance, GMail can add your next hotel stay to your calendar automatically because it has access to your emails. That's great UX, but poor privacy.
> This is not entirely true.
My point is that it's generally harder to add those features in a privacy-preserving way. GMail couldn't do it if it couldn't read the content of the emails, period. It doesn't mean that there is no way to have nice features in a privacy-preserving way. I just said it's harder (sometimes impossible).
> I don't think Telegram's UX is tied to their permissive privacy
Not exclusively, but it is obviously a lot easier! Take a web client: if the server has access to the data, your client can just fetch it. If the server doesn't even know about the existence of the group, that's harder. Why do you think only the "secret chats" are E2EE in Telegram (and those don't support groups)?
> then do what's needed to support it
What do they do to support privacy? They don't have E2EE except in the secret chats! That hasn't changed in a decade!
> Instagram has terrible privacy and actively mines information from chat and their UX is only passably good
This keeps getting further from what I said :). Of course, it's possible to do worse than Telegram!
Unless you're extremely privileged, privacy does play a role in every feature. There is no user experience if you're imprisoned for speaking your mind and your government intelligence has pwned Telegram servers.
Making a smooth app isn't that hard. Inventing the cryptographic protocols to enable group management without server-side control, and proving their security is the hard part. Something Telegram's developers haven't the faintest idea of how to do.
> What on earth makes you think that the same engineers responsible for fluid and smooth UI/UX are the ones who’d ever influence the cryptography/privacy/security?
Did you even read my comment? I gave an example of how privacy directly impacts UX: GMail couldn't automatically add your events to your calendar if it could not read the content of your emails. I never talked about engineers, just the technical reality. If you don't have it, you can't read it. That seemed absolutely obvious to me: the best UX for a car would be one that doesn't need a source of energy, fits in my pockets and instantly teleports me anywhere I want. Go ask your engineers to make a car that allows that perfect UX, and see how they react.
Telegram has no E2EE except for the secret chats. Last time I checked, the secret chats were not synchronized between devices (i.e. the privacy has an obvious impact on the UX).
So no, I don't think it was an odd comment. It just feels like you don't know how it works technically.
Telegram certainly has an excellent UI/UX. On the Element side, its quality bar has very much been the target for Element X - and (in my biased opinion) we are getting very close, if not exceeding it in some places. For instance, we just landed The Event Cache in Element X and matrix-rust-sdk (https://github.com/matrix-org/matrix-rust-sdk/issues/3280 - closed 2 days ago after a year of solid work), which provides seamless offline support and local encrypted-at-rest caching of the messages it's seen, which in turn then makes the native SwiftUI and jetpack-compose UIs go brrrrrr.
> its quality bar has very much been the target for Element X
I sincerely hope you get there, but it's really hard to believe it at the moment. You're not even at feature parity with the app (Element vs Element X) you're replacing, and it's been out for a bit now.
i.e, you have significant user experience related features that keep people using Element (open graph previews, just to name one).
It's just because all the effort has gone into EX over the last ~2 years, and it's a way way way better app (even if it doesn't have threads/spaces yet).
Meanwhile, Element One will support it shortly - the missing piece was MAS in production, which is now happening on matrix.org as per the OP.
I assume it's the lack of end-to-end encryption by default on basic features.
Good service btw, but not the best from a privacy point of view.
Besides that there it's also them choosing to roll their own crypto instead of using established cyphers and protocols.
AES-IGE is not best practice. Neither is this https://words.filippo.io/dispatches/telegram-ecdh/
The difference is Moxie isn't an amateur when it comes to cryptographic design. Wikipedia actually lists him as a cryptographer. The company has also employed an actual mathematician/cryptographer, Trevor Perrin.
Meanwhile, Telegram employed the CEO's brother who's a geometrician, which is not the same. You wouldn't hire a dentist to perform brain surgery even though both studied medicine.
Signal protocol's double ratchet is considered best practice by pretty much every competent cryptographer.
MTProto's main issues are not the teething issues of the yester-years. It's the fact every chat is sent to the server that can then read the messages. Telegram only has E2EE in internet debates about it's non-existent E2EE in practice.
https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by...
It's nice to see their reasoning, but the issue remains: Telegram can read most direct messages (because almost no one uses private chats) and everything sent in groups.
It's a good service and in some cases it can compete with Matrix, Signal, etc, but most direct chats and all groups have no privacy from Telegram (and anyone with access to their servers).
https://telegra.ph/Why-you-should-stop-reading-Durovs-blog-p...
What a bizarre explanation. Element does E2EE just fine, with the caveat that you have to record your own encryption keys. But if you want E2EE and backups, what would you expect?
This is exactly it.
I don't understand why you're downvoted for this question.
What's wrong with Telegram is the privacy story. It's not end-to-end encrypted, meaning that the server can read the content of your messages.
I hear that Telegram has a great UX, which makes it popular. But in terms of security... it's wanting.
Telegram is a joke in professional cryptography circles https://x.com/matthew_d_green/status/726428912968982529
That would be fine unless Telegram
1) Didn't say it was "Heavily encrypted" on its front page.
2) Didn't claim it was more private than WhatsApp which is always end-to-end encrypted with Signal protocol.
3) Didn't claim secret chats were somehow adequate.
No. I will not stop pointing out the hubris and nepotism in the company. No real changes have been made in who's designing security for Telegram, so their past is their future. Incompetent people doing crap job.
1. It's not end-to-end encrypted by default.
2. No group chat, even a small one between close friends is end-to-end encrypted.
3. Almost all desktop clients support no end-to-end encryption for 1:1 chats, meaning if you use the desktop client as part of your workflow, you're forced to drop using the end-to-end encrypted secret chats.
4. No cryptographers have ever worked in the company.
5. Horrible teething issues for the protocol:
Telegram hosted a cracking contest back in 2013. Everyone in the industry know they are bullshit, and this was discussed back in 2013 The Fallacy of Cracking Contests (1998) | Hacker News The tldr is, Moxie issued a counter challenge to Telegram where he presented the same goals with already broken primitives like MD5, to break the encryption. Telegram never proved the challenge could be won even under those conditions. (Also again, given that Telegram’s built in backdoor of “people are lazy” exists, the cracking contest was pointless. It doesn’t matter how good the encryption is if the adversary wears you down to hand over the keys).
http://unhandledexpression.com:8081/crypto/general/security/...
https://eprint.iacr.org/2015/1177.pdf
https://web.archive.org/web/20160425091011/http://www.alexra...
https://words.filippo.io/dispatches/telegram-ecdh/
https://mtpsym.github.io/
Also this:
https://blog.cryptographyengineering.com/2024/08/25/telegram...
[dead]
[dead]