It's a capital T.
Granted, most of it is a bit newer than the heyday of telegrams, but there's a little bit of overlap.
If you're feeling any better latency on the west coast it's more likely to be placebo than real.
• Quincy, WA (Microsoft)
• The Dalles, Oregon (Google)
• Prineville, Oregon (Facebook, Apple)
• Hillsboro, Oregon (Cloudflare, others)
• Boardman, Oregon (AWS)
Also, it looks like it's easy enough to ID your DC on their API, though I haven't tried it yet (more of a Matrix Stan personally): https://core.telegram.org/method/help.getConfig
Why not a sticky master election per user, and have no special data centers?
You are suggesting to develop a compicated solution (spend money) when current simple one is working ok without any elections.
Any DC may refuse a request and force the client to switch DC.
Profile URL doesn't show where messages/chats/channels are stored, as telegram has two dedicated DCs mostly for media. The rest DCs allow media with bandwidth being throttled.
Signal can't do live location sharing
Code blocks (let alone syntax highlighting) was the first thing my friend ran into after switching last week
In general, formatting on Telegram is a lot more versatile with >quote blocks that show up formatted as quotes and inline links without needing to have a giant message because of the giant URLMany more image features, like you can do yellow highlighting and not only ugly shades of olive, you can put a message above an image instead of below, you can mark an image as spoiler, you can send it uncompressed, much simpler UI for selecting multiple images, etc.
Jumping to a date was one of the first things I ran into
Web client lets you temporarily use someone else's computer without needing to install software
Making a Telegram bot takes 10 minutes if you just want a simple http callback and know roughly how it works. Signal has no support at all. Some third parties have made libraries but we keep having issues at work with our internal Signal bot to the point where I think we just gave up altogether now
Many people use Telegram to check if internet works because when opening the app it does a lightning quick check and it's very robust (I think it has no problem if DNS is down, for example) Looking at the title bar confirming that it works is much faster than trying to do a random web search
You can have memorable/pretty group URLs like telegram.me/OpenStreetMapOrg
Large files can be sent (also because of server-side storage not clogging up your phone, which is a double-edged sword of course)
Scheduled messages send at the right time when you're not online & the desktop app supports scheduled messages
As of like next week you can do moderation in groups in Signal. This has of course been a thing in Telegram since 10+ years. I don't know how we'd have run the OpenStreetMap group on Telegram without being able to delete spam messages
Chats take a lot less space. The Signal authors probably don't have many contacts that they use Signal with because you can view the message markers of 4 chats before having to scroll down. In Telegram, 9 fit in view. Similar on desktop but both numbers are bigger. Messages are also more space efficient in Telegram
Telegram so so so much faster than Signal's web, ahem, electron client
The only advantage of Signal that comes to mind is the intangible property of privacy (and maybe local back-ups, so data availability, but then Signal doesn't provide software to view your backup data so is it really a backup if you can't test it and they can lock you out of the app?). I'm nevertheless switching everything over to Signal but it's often very hard to explain to people why they should give all this up for encryption. My family doesn't use all the advanced features but some techy friends do
Yes, let's see
* Not end-to-end encrypted by default
* No end-to-end encrypted groups
* No end-to-end encryption on any desktop client by the vendor, forcing cross-platform users to drop secret chats. This includes 81% of working age people who sit on their computer during work day, and 100% of college students and IT workers.
* No post-quantum key exchange
* No future secrecy
* No per-message forward secrecy
* Bullshit claims about distributed keys https://security.stackexchange.com/questions/238562/how-does...
* Lacks ALL metadata protection from server like phone number, IP-address and thus geolocation, contact list, group memberships, quantity and schedule of communication, data types. In fact --
* Secret chats leak additional metadata about intent to hide content from TG as the vendor.
Also,
History of poor encryption implementation
* 2013: A cracking contest https://news.ycombinator.com/item?id=6932648
* 2013: Telegram, AKA "Stand back, we have Math PhDs!" http://unhandledexpression.com:8081/crypto/general/security/...
* 2015: IND-CCA issues https://eprint.iacr.org/2015/1177.pdf,
* 2015 64-bit complexity MITM attack https://web.archive.org/web/20160425091011/http://www.alexra...
* 2021 Valsorda "The Most Backdoor-Looking Bug I've Ever Seen" https://words.filippo.io/telegram-ecdh/,
* 2021 https://mtpsym.github.io/ and https://mtpsym.github.io/paper.pdf
Some analysis:
* 2025 Matthew Green analysis https://blog.cryptographyengineering.com/2024/08/25/telegram...
* 2025 "Telegram is indistinguishable from an FSB honeypot" https://rys.io/en/179.html
Also,
They employ volunteering sockpuppets https://tsf.telegram.org/
Durov who supposedly lives in exile has visited Russia over 50 times https://eutoday.net/pavel-durovs-secret-visits-to-russia/
I can't scream "drop & run" loud enough.
Based on the analysis of packet captures above, I believe it is clear that anyone who has sufficient visibility into Telegram’s traffic would be able to identify and track traffic of specific user devices. Including when perfect forward secrecy protocol feature is in use.
This would also allow, through some additional analysis based on timing and packet sizes, to potentially identify who is communicating with whom using Telegram.
I love how the author of your honeypot blog post has nothing concrete other than potential attack vectors and is like "Well this is obviously a Russian honeypot" with no evidence what so ever other than a claim that there are plain text device identifiers, which is something the FSB would do. [insert clown emoji]. You can do similar attacks on signal and whatsapp.. Why is it that the Russian one bothers you so much?
Well they realized their mistake and banned Telegram's use on state issued devices in 2024 https://www.bbc.com/news/articles/c78dwepw95do
I'm not going to speak for the author of that article. But I agree with his conclusion. Telegram is indistinguishable from a honeypot.
In the world of infosec, stuff isn't secure until someone proves you wrong (which you reject assuming racism). Stuff is secure when you prove it's secure.
Practically every major secure messaging app vendor has proven they can not be a honeypot, by end-to-end encrypting their communications, offering open source clients with public key fingerprints to verify that end-to-end encryption is working correctly.
Telegram hasn't done that. Telegram's lack of end-to-end encryption, paired with zero effort for metadata protection (not even stuff like sealed sender) shows they don't give a damn about actual security.
But what they do is also what an FSB op would do.
* It would advertise "heavily encrypted" and bash WhatsApp day after day convincing average Janes and Joes about it being really really secure, and confuse readers who take a closer look, with claims of all chats using MTProto but also calling both client-server and end-to-end encryption protocols MTProto.
* It would construct a narrative that the face of the app is a rebel dissident in exile.
* It would be banned temporarily or poorly
* It's role would be obfuscated by releasing an obviously backdoored app like Max, to make Telegram seem safe compared to it. Like Russian intelligence really believed they could use Max to monitor Russian dissidents. FSB isn't dumb. Russian military deception is world famous. https://en.wikipedia.org/wiki/Russian_military_deception
The backdoor sits in the fact nothing is end-to-end encrypted, groups can't be E2EE, but troll army can still defend it, claiming it does have 1:1 E2EE if you want. Yes, it does, if you really want the highest friction UX possible. People try and drop secret chats when they want to be able to alt-tab into the conversation instead of digging into their phones 100 times a day. This backdoor is ingenious because the users can only blame themselves when their 1:1 messages end up to the server.
A good messaging app creator knows this, so they make E2EE default so that users don't encounter such friction. E.g. Signal allows you to have E2EE 1:1 and group chats between all of your devices. That's what proper privacy by design looks like. Would Telegram do that, they would've proven they stand for their users, and I'd actually recommend them.
Data is a toxic asset. Even if Telegram isn't a honeypot, it's a massive data collecting apparatus, that has all that data sit on its servers, from which the hacking team of any major intelligence agency can access it en mass. That's the life of 1B users worldwide. So ultimately, it doesn't even matter if Telegram is a honeypot, it's equally usable to https://en.wikipedia.org/wiki/Fancy_Bear or NSA TAO or whoever.
Also, https://dfrlab.org/2018/02/15/putinatwar-how-russia-weaponiz... shows Russian troll army is using russophobia as a narrative online.
This isn't about hating on Russians. This is about Durov not passing the minimum bar of what modern secure communication is about.
You've so far claimed telegram is the best with nothing to back that claim, ignored every counter argument, attacked argument of someone other than me, and you're now replaying Russian government shill tactics to try to rally people behind you for emotional reasons, when I'm explicitly giving technical critique.
Besides that, they know and, as it seems, to be happy about it's wide availability and information.
Having their own app, they obviously also use for their causes, is just a cookie for the patriots.
That doesn’t exclude the statements about Telegram to be correct though. That is, if some hater against whatever group say 1+1=2 or water is wet, what’s the conclusion?
>You can do similar attacks on signal and whatsapp.
Well yes. Don’t trust devices, they are not humans, they don’t qualify. They can at most have some degree of reliance for some purpose. But assuming that all devices out there are powned by some external parties is a rather sound security baseline approach.
>Why is it that the Russian one bothers you so much?
One don’t need to bother more on any specific oligarchy really, they all use their fellow humans like disposable pawns.
>> That doesn’t exclude the statements about Telegram to be correct though.
just attack the telegram from the technical standpoint, then no complains about "racist towards russians" will be given. Like, mentioning the lack of user-friendly E2EE is great already. Saying things like "Durov who supposedly lives in exile has visited Russia over 50 times" is meh. How can one intepret it in any other way is "Russia is evil and visiting Russia is thus evil"?
and regarding the cracking contests — one of the telegram bugs was actually uncovered this way, see https://habr.com/ru/articles/206900/
Simple: Durov has no problem with constructing a narrative that has little to do with reality.
As noise. The fact it's xenophobic or some other kind of noise is just implementation details at that level.
In this context "heavily" means "we can't legally claim it's end-to-end encrypted because it's not".
Also it's not even post quantum, so it's not heavy. Telegram's Diffie-Hellman breaks instantly with a quantum computer large enough to run Shor against it.
Also, the keys sit on the servers' RAM, no matter what they lie. There is no global distributed RAM system, especially one that encrypts data in distributed fashion and works at the negligible latencies that Telegram boasts.
Something like this:
DC1 politically belongs to UK which "spies" on CA/US but physical servers are located in US so US ultimately retains control.
DC2 politically belongs to France which "spies" on RUS/UKR/DE but physical servers are located in NL (e.g. in UK because one wouldn't be able to spot difference in ping). Maybe it's politically owned by UK/NZ or UK/AUS because France can't be publicly caught spying on Germany. But France wouldn't risk public arrest of Telegram CEO and the spectacle with russia if there is nothing to gain.
DC4 politically belongs to USA which "spies" on UK/Israel but physical servers are in NL/UK
DC5 politically belongs to UK/USA which "spies" on AUS/China/India but physical servers are in Singapore (e.g. former UK colony)
I love mentioning the UK in these kind of discussions because the pushback is biggest every time the Crown is mentioned, and ultimately US/CA/NZ/AUS are all colonies under the King.Really cool to see realpolitik mapped out like this. It also highlights the problem of metadata with these kind of topics.
[1] https://dev.moe/wp-content/uploads/2022/05/image-14.png
[2] https://en.wikipedia.org/wiki/Arrest_and_indictment_of_Pavel...
(and a follow-up: https://istories.media/en/news/2025/06/10/telegram-responds-... )
There is product stuff, like misleading claims about Telegram's encryption and comparisons to Signal. In reality, for the vast majority of chats they have plaintext, unlike Signal.
There are more subtle positioning claims. Durov made a huge deal of his "exile", but I saw Telegram's office in St Petersburg with my own two eyes a year after Durov "fled the country". It definitely wasn't shut. There were even local news of Pavel assaulting a guy in St Petersburg for trying to make a photo of him a couple years later.
And then there are just completely unnecessary lifestyle claims. He said multiple times how he doesn't take any "pills" or medications. It only takes a minute to find his old photos. Male pattern baldness doesn't stop progressing without DHT suppression, and last time I checked, finasteride comes in pills. I don't understand why would he make misleading statements about something so visible, but it doesn't make him any more trustworthy.
I know it’s supposed to be encrypted but it also has a public channel search and has a long history of channels dedicated to the worst crap in hell: trolls targeting children, CSAM, animal abuse videos, dropship scammers, people who idolize mass shooters, and it’s not that well camouflaged. Telegram is like the social media chat network version of a Wal-Mart in a meth infested town at 2AM.
Maybe it’s just a free for all but combined with the allegations of working with more than one spy agency and the perpetual disdain it gets from the infosec community… yeah whole thing seems sketch.
- Cat stickers
- Did I mention it has the best native clients out of all the messaging apps? It boggles the mind why other companies can’t get this done.
- Telegram had usernames in 2014 before Signal added them a decade later, allowing people to chat without sharing their phone number
- Telegram has unencrypted chats which allow for giant chat rooms of 200,000+ and channels with millions of subscribers. Signal warns about performance issues when you have more than 150 people in a group. Telegram isn't just a messenger - it's often used as a social publishing platform like Instagram.
I don't use Telegram and use Signal a lot, but I also understand why other people use Telegram: the same reason they use Instagram.
Not to mention you create ANY kind of bot without any trouble.
I guess we just live in two different worlds. Like with China where WeChat is the default. (except we now have fucking Max instead).
But indeed their native clients are great, especially on iOS. It legitimately feels more native and intuitive than Apple's own Messages app. Animations run at a smooth, stable framerate. Never hitches jumping between conversations. One of the greatest apps ever made.
Those nice things are what you get when you're fine having all your data (messages, images, files) forever in plaintext on servers owned by some Russian rich guy.
Pray there will never be a telegram.zip torrent.
- Telegram uses usernames instead of phone numbers by default, which is good if you're using it as an IRC replacement instead of an SMS replacement.
- You can have the client open on essentially unlimited devices simultaneously, including a web app if you need it.
- Messages can be edited at any point after sending with no expiry.
- You can schedule messages to send later, or send a message silently so it doesn't wake people up.
- Different group types - announcement channels, Discord-style groups with sub-channels, flexible moderator roles, etc. (I believe WhatsApp has some of this.)
- Support for bots, which is also very helpful for managing large communities.
- Community-created, sharable stickers. Seriously, people underestimate how nice these are.
The downside is that a lot of this requires state to be stored on the Telegram servers, so most chat's aren't E2E encrypted. (They do have an option for E2E encrypted private 1:1 chats, but you lose most of the polish by using that.)
Also, the official apps are open source, so you can modify them if needed.
- insanely fast search, chat history browsing and in app navigation - unlimited unencrypted cloud storage, your chats and docs always stays available - ability to send very large files - ability to host large video and voice chats - chat automation - auto translation and transcription - mini apps - open source client, with lots of customization - phone number less sign up (you can purchase a burner number from them and sign up with that, I guess it costs their crypto (ton) tho) - sending gifts
---
What? When you register, I'm pretty sure it requires putting in a phone number that preferably isn't a VoIP line and not a username. It's been that way any time I've tried to use the service on mobile.
Scheduled messages have been a thing for a long time on Signal, but they seem to be only on mobile, which is wild to me.
I would posit that Signal is more for individual to individual. I'm seeing in these comments that telegram is clearly a lot more community centric, ala Discord lite than I realized.
And I agree, I think yours is an accurate assessment. Telegram is indeed much more community centric.
It lets you keep your number private from everyone else you're chatting with.
I don't understand what there is to accelerate.
Signal is not as bad, but can still take a minute or two to update everything on my computer. The phone app is better.
I live in Germany and use both. None do that and as I'm "the IT guy" for many people at work an din private, I'd have heard about it. Hell, the whole continent would have heard about it as whatsapp is widely used.
My Signal also doesn't do that.
I don't even remember how the previous cliënt did it but my spelling suggestions are in English (as is the OS) but my chats are all in Dutch. Most words have a red underline.
It recently gave up downloading images. Turned out it was no longer allowed to write to its own folder. Not sure if this should be blamed on MS but from the (many) user perspective it just stopped working.
It keeps limited chat history which makes it inferior to IRC.
It badly wants you to use ai.
It has a spam channel where it promotes it self.
The phone app is decent tho
I use whatsapp web every day at work. The page. In my Firefox browser. It's almost constantly open. Never had any issues with that. The phone app just does what it's supposed to do and even on my Pixel6, it's just fast. I mean there is always faster but it's not even a second.
I use Whatsapp only because I have to. Privately, I prefer Signal. Works also great. Same with the windows app. Been using both since day 1. On a Pixel7Pro....
Also, what does "fast" mean? Fast on start?
There once was this thread on a blog for a windows XP pirated edition. Someone commented that something small didn't work. They replied in less than a minute, that's terrible! 10 minutes later the version was incremented and a new reply said: Try the new version! After 30 minutes the bug fix was confirmed.
They weren't trying to be funny but it still makes me laugh how it compares to Microsoft, the 3 trillion software company.
Both WhatsUp & Telegram are completely free to use.
Telegram has premium features, but they are tangential to chatting & average use.
Their desktop apps are just Qt and not WebView inside a Qt. Mobile apps are native and not React.
Meanwhile Telegram has bot support and added features specifically for interacting w/agents. It's incredibly easy to write clients and work with it. No one should use it, and I never would, but you can see why it's winning.
Signal's lack of features (like an official Signal CLI) and bots (even attached to existing phone numbers and limited to the owner) is making people less secure than they could be. And unfortunately there are no great alternatives.
I've used and promoted Signal for years and I've recently become suspicious of them and their funding as well after looking into starting my own encrypted communications app.
It's not cheap sending dozens or hundreds of megabytes of video files or whatever ... whenever the user feels like it, mind you ... with a monetization strategy that's literally simply hoping that donations will cover it?
That's insane.
Some people can get the Telegram app and never get to find any of these communities to never understand what Telegram is really about. Usually though, channel owners repost from other channels and promote channels they like. If you follow one channel then it should not be hard to find other channels in the way. You can also see what other people are subscribed to, depending on their privacy settings.
Importantly, there is no algorithm on a home page, urging you to sign up for promoted content.
As for 'where does the money come from', there are ways to subscribe to get a few more bells and whistles, with many that cultivate a community choosing to do so, in order to manage their channel(s). Few normal users pay up, and the app isn't paywalled or 'pay to post'.
There is a whole parallel universe of drug dealers and women that sell their bodies, all of which is a search away. I doubt these people are paying for premium accounts either.
IMHO only a modest amount of money is needed, sure, bandwidth has to be paid for, however, the app is already written and it is very good. I have no idea why the likes of Meta need tens of thousands of 'engineers' for optimising doom scrolling 'with AI'.
With Telegram, you could have 1% of 1M users paying $10 a year, meaning revenue of $100k a year. That would be okay if it was Pavel and his bro in his mum's basement with one server to pay for.
Scale this up to a billion and now you are talking. Since the app scales, are more staff needed? A few devs, but not that many managers since the founders are technical and therefore don't need the useless hordes of non-technical managers. Yet the money is now 1% of a billion. Multiply that by $10 a year, every year, and Pavel ends up asking finding his Bugatti on the moon.
This sounds manageable to me, no need to run in debt, have shareholders or be beholden to vested interests.
At Meta et al., there is a need to feed the greed of the stock market, pay billions in debt, do billions in share buybacks, do the AI nonsense, keep the advertisers happy, keep America's Greatest Ally happy, sign a secret deal with Five Eyes and the list goes on.
I have never met Pavel or the Meta guy, whatever his name is, but I suspect the former is getting more out of life than the latter.