“Telegram is not a private messenger. There’s nothing private about it. It’s the opposite. It’s a cloud messenger where every message you’ve ever sent or received is in plain text in a database that Telegram the organization controls and has access to it”
“It’s like a Russian oligarch starting an unencrypted version of WhatsApp, a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. Somehow, they’ve done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives in Russia, and their families are there.”
" What happened in France is they just chose not to respond to the subpoena. So that’s in violation of the law. And, he gets arrested in France, right? And everyone’s like, oh, France. But I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn’t have access to the data and couldn’t respond to that same request. To me it’s very obvious that Russia would’ve had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment"
If the username doesn’t have to be unique, couldn’t you impersonate people?
It doesn’t work like a centralized server for connecting contacts. You use a unique link per device to initiate the original connection with others at a distance or you can use QR codes in-person.
The link just tells briar where to route the messages and looks like:
So there’s no way to impersonate someone directly. If you made two contacts and they use the same username, I suppose you could mistake them, but their contact connection keys will not be the same.
Hopefully that makes sense, if you look in the app or their site, it’s probably explained clearer.