Bug#767418: closing telegram WNPP bugs
After reviewing the litterature, I agree that Telegram has serious
security issues that go beyond usual security compromises and
tradeoffs.
It seems to imply incompetence if not downright maliciousness from the
Telegram developpers, especially concerning the way contacts are shared
with the server without the user's consent, the lack of contact
authentication (allowing the server to perform MITM attacks) and
downright censorship in Iran.
One has to question why Telegram hasn't fixed those issues by changing
their protocols to fit the best current practices (e.g. the Axolotl
rachet) in the years since those criticisms came into being.
Anyways, I am still not clear on whether the software should just be
rejected from Debian completely. If someone comes up with neatly done
Debian packages, with warnings and all, maybe it would be useful if only
for the sake of interoperability. A *lot* of people are using Telegram
to chat, and the same way we allow users to install software that talks
with Facebook, Twitter and Gmail users, maybe we could allow Debian
users to talk to Telegram users...
But of course, I won't waste my time with Telegram anymore, now that I
know. I also clarified the state of the software in Wikipedia to avoid
future me getting confused again:
https://en.wikipedia.org/w/index.php?title=Telegram_%28software%29&type=revision&diff=710418931&oldid=710242518
Thanks for everyone for the reviews, it was useful, as always, to have
Debian's WNPP directory as such an excellent source of information for
this sort of things.
A.
--
We all pay for life with death, so everything in between should be
free.
- Bill Hicks
Reply to: