Users can’t report it because there is no way to tell for them
Atleast the one who breached can tell? no telegram users data have been seen on dark web yet, no person/org have claimed to get any vulnerability in their system. Also if its that easy to breach why govt’s keep banning telegram for not giving them userdata? despite telegram is the biggest app where most terrorist orgs operate, hub of piracy and illegal things, you can call it “public” darkweb.
the fact that E2EE is opt-in already makes this app ridiculous
in matter of privacy, yes. But it have cool features so.
They’re stored in plain text on Telegram servers No, non secret chats use mptroto but with different schema, thats not plain servers. And no data breach have been reported in telegram yet if it was “that” easy to breach them. From my last comment: “Also the research you shared is based on mtproto 1.0 which telegram abandoned almost a decade ago and there have been No such defects found in mtproto 2 yet.”
No. Whatsapp’s metadata is not encrypted and can be used by its parent company, also backups are not secure. While telegram’s is opt in (yeah that sucks and here’s there excuse for that tsf.telegram.org/manuals/e2ee-simple), they are as secure as signal’s (if not more).
Messages are stored on the server, not on the device
Yes, pretty much necessary to provide multidevice support
end-to-end encryption not enabled by default
True that and telegram sucks big here, but I donth think e2ee can be enabled in a feasible way for multiple devices.
uses proprietary encryption, making security audits difficult
The MTProto isnt open source but its fully documented, there have been security audits on it.
dubious financial backing
No. Pavel Durov have always said since starting he paid for telegram’s servers from his pocket, in recent years telegram has started monetisation programs to cover its costs.
Russian developers
The founders were born in Russia, but they now have dual citizenship of UAE and France. If you are talking about politically questionable, even signal have been accused of having backdoors for CIA.
I am not talking about mtproto lmao. I was talking about their opt-in e2ee feature. Edit: Also the research you shared is based on mtproto 1.0 which telegram abandoned almost a decade ago and there have been No such defects found in mtproto 2 yet.