Telegram allows logins per SMS code (they will be rolling out changes in two days). So as long as you knew the number of your victim and have the ability to re-route SMS, you were able to login to other people’s accounts.

Of course this can be easily mitigated by setting a “cloud password”, but I guess most people don’t do that.

If this is true, then Signal should be subject to the same weakness no ?

Yes it is. It’s worse for Telegram though because it gives the attacker access to the chat history too. Telegram does however send a message to all devices when a new device is logging in, so at least you would know. Signal does not do that but your contacts will get a message that your security code changed if they have the option for that enabled, but people generally ignore this message.

Both services offer to set an additional pin or password to protect your account.

> people generally ignore this message.

Because it's noisy. You get that message whenever your conversation partner switches phones or re-installs Signal. The reaction on seeing that message is more "enjoy the new phone, what did you get?" than "have you been hacked?"

For most people, sure. If you're conspiring with others to protest against the oppressive Russian government, you may want to pay closer attention, though. You may even want to do physical verification of the keys.

Signal provides a Registration Lock that is available in the settings for preventing this from happening to some degree, it's however opt-in and you need to set and remember a PIN.

Telegram too.

Nope.

First of all, everything's end-to-end encrypted and no chat logs are stored, so even if someone did do that they wouldn't have access to your chat history.

Second of all, if someone tries to impersonate you, your contact gets a notification that your encryption keys have changed, ideally making the recepient slightly more vigilant.

Finally, Signal has built-in (optional and not on by default) protection for these types of attacks which require a PIN after activating the number on a new device, making SIM swap attacks useless without PIN as the second factor: https://support.signal.org/hc/en-us/articles/360007059792-Si...

Indeed, you're right: the worst that can happen is that chat recipients would see a "your security number has changed". But nothing will happen when talking to a whole new person, or when you join a group you've never been in before.

But notice that these are all things you could do anyway. Why are we even bothering to impersonate someone else?

If local group "Superb Fun for a Superb Owl" is letting in anybody who wants to join, rather than pretending to be party animal Steve, by using SMS interception to impersonate Steve, why wouldn't a cop named Bill just join the group as Bill ? And if they don't want cops, perhaps because they suspect that "Set fire to the mall" will be considered a crime rather than a fun celebration of NFL Glory, they're not going to wave Steve through, they're going to want to check, and they'll discover that's an impersonator not the real Steve.

The impersonator, by definition isn't known. Only the profile being impersonated is.

If an activist is part of a private group, and a cop impersonates the activist, they can get all the new messages without raising any doubt. In a lively conversation, the cop can even send messages and expect the activist not to see them. Disappearing messages will help here.

To make things easier, let's suppose our Activist is named Alice, and our Cop is named Charlie.

> The impersonator, by definition isn't known. Only the profile being impersonated is.

Charlie isn't able to impersonate Alice's profile because that's encrypted and Charlie doesn't have the key. Charlie can make a fresh profile, but it's not Alice's, although of course Charlie is able to use a stock photo of Alice (if he has one) and name it "Alice". Let's label this Alice2.

> If an activist is part of a private group, and a cop impersonates the activist, they can get all the new messages without raising any doubt.

Although Alice may be part of a group, Charlie isn't and Alice2 isn't either. Messages sent to Alice (as a group member) are not received by Alice2, who wouldn't be able to decrypt them anyway. Charlie will need to (as Alice2) ask to have Alice2 admitted to the group. Perhaps he can pretend Alice dropped her phone and bought a new one. Depending on what sort of "activist group" this is and the threat level, this may be quite easy or involve an in-person meeting which will be difficult to fake.

Of course since apparently you're imagining Alice is actually still around, she presumably tells people Alice2 is an imposter and it's likely this goes very badly for Charlie even if it's not an in-person meeting.

> In a lively conversation, the cop can even send messages and expect the activist not to see them. Disappearing messages will help here.

If Alice isn't knocked off the network, none of this "impersonation" works. You seem to be imagining Signal is some toy message board system where you can log in as Alice - just need an SMS, but it's nothing like that, that's why subpoenas don't bring anything meaningful back when they ask Signal about phone numbers, Signal doesn't know anything.

In Telegram the first is available opt-in, an equivalent to the second is available opt-in (key change = shows up as a different chat), and the third is equally true.

We know from experience that most users never change defaults. For that reason alone, Telegram‘s "secure chat" is anything but.

I agree Telegram is a worse choice for security, but I think it’s important to know specific differences and not just simplify to “not secure”, because that approach’s flip side - believing simply that “Signal is good and secure” - leads to mistakes like applying the law of defaults only to Telegram, not Signal.

> For that reason alone, Telegram‘s "secure chat" is anything but.

I didn't think that particular Telegram feature was affected in any way by any option, only that they needed to be started explicitly but were always secure no matter what.

So I immediately went looking through my settings and found an option that leaks tracking info by default, even in Secure Chats.

Signal, by default, routes all calls through their server. The option of using P2P connections for better latency and call quality is opt-in.

Telegram? See [1]. I found no evidence that Secure Chat calls are any different from regular calls.

1: https://www.bleepingcomputer.com/news/security/telegram-leak...

Huh? Signal uses P2P call routing by default. The "always relay" option is available for users who do not want to reveal their IP to anyone but the OWS service, and is found (defaulted to off) in Settings>Privacy>Advanced>Always Relay Calls.

Of course of P2P is impossible your call gets routed through the server no matter what, but I don't think there's a fix for that -- there's ~always going to be a need to relay connections in case of NAT issues, firewalls, etc.

it's worse than that. secure chat in telegram is very limited. you can't save anything shared in them. for most practical applications, like talking to friends and family you don't even want to use secure chat. if it were default you'd have to turn it off most of the time

Cool. But are they still closed-source?

How out of date are you? Both server and client apps have been on GitHub for half a decade.

Signal did notoriously not update their repositories for a while when they implemented their cryptocurrency scheme into the app.

If you're basing your trust on their open source software, you should also run a client you've compiled yourself (after auditing the code, of course).

I'm aware that there was at a certain point over a year without server code updates. I'm also aware that Signal went out of their way to discourage forks of the official clients, but I don't know if that was just Moxie or does the new CEO share the same opinion.

In any case, I don't think either of those things = Signal not being open source. Not free software? Sure, who gives a shit. But the source is there and long pause doesn't mean much to me. While it was still happening, it certainly raised my eyebrows. Now that we know it was a pause and not a full stop? Doesn't mean a thing to me.

> Of course this can be easily mitigated by setting a “cloud password”, but I guess most people don’t do that.

I have a faint memory of being forced to set said cloud password, or at least not finding a way to skip the set password screen. So I've always assumed it wasn't entirely uncommon.