After reviewing the litterature, I agree that Telegram has serious security issues that go beyond usual security compromises and tradeoffs.
It seems to imply incompetence if not downright maliciousness from the Telegram developpers, especially concerning the way contacts are shared with the server without the user's consent, the lack of contact authentication (allowing the server to perform MITM attacks) and downright censorship in Iran. One has to question why Telegram hasn't fixed those issues by changing their protocols to fit the best current practices (e.g. the Axolotl rachet) in the years since those criticisms came into being. Anyways, I am still not clear on whether the software should just be rejected from Debian completely. If someone comes up with neatly done Debian packages, with warnings and all, maybe it would be useful if only for the sake of interoperability. A *lot* of people are using Telegram to chat, and the same way we allow users to install software that talks with Facebook, Twitter and Gmail users, maybe we could allow Debian users to talk to Telegram users... But of course, I won't waste my time with Telegram anymore, now that I know. I also clarified the state of the software in Wikipedia to avoid future me getting confused again: https://en.wikipedia.org/w/index.php?title=Telegram_%28software%29&type=revision&diff=710418931&oldid=710242518 Thanks for everyone for the reviews, it was useful, as always, to have Debian's WNPP directory as such an excellent source of information for this sort of things. A. -- We all pay for life with death, so everything in between should be free. - Bill Hicks
