That’s not really how this works. This is how it works: Contribute wiki page, chapter Documentation
This milestone was made possible thanks to the incredible support from our community. Thank you!
Big parts of the wiki have been contributed by the community. That includes large parts of the Chat wiki page.
Wow, I didn’t know about this. Cool. Then I can add some additions to the wiki on the topic of messengers. For example, I can edit a bit of the section about Telegram: the information about calls is now outdated, but I can add articles where mtproto 2.0 is criticized for weak cryptography. And I can help add information about Simplex Chat, Briar and Session based on forum messages, If sections about these messengers are created in the wiki (I can’t create sections in the wiki, can I?). And I hope the moderators will correct my possible formatting errors when editing the wiki
New sections (wiki chapters) can be created. There’s no limitations, except:
Okay. I will prepare a text on new messengers and send it to you. and I tried to edit page about telegram (made the actual information), please check it.
Thank you
That must have failed. No edit has been received by the wiki.
Hmmm. Okay. I will try again.
Done
Patrick, I made a small correction in wiki. It seems that my edits have disappeared from the site, but I can see it in the editing section. Please check.
New edits only appear after reloading wiki page after accepting site’s terms. Sorry for the inconvenience
Perhaps some wiki editing usability issues, documented just now:
Flagged Revisions
I want to share a great telegram review. The author very subtly ironizes about the security of telegram and provides very important arguments that telegram deliberately misleads users and makes every effort to ensure that users never use secret chats
By default, Telegram chats do not use end-to-end encryption, and nor does the messenger inform users about the secure chat option. Who could have thought that a user who just installed a messenger precisely because it was advertised as secure wanted to keep correspondence private? Answers on a postcard, please. The upshot is that when a user creates a new chat, Telegram neither offers to secure it nor even hints at the existence of an option other than the default chat.
What’s especially interesting is that the secret chat button is hidden as deep as possible. It’s not in the chat interface itself. It’s not available at the next level either: even if you tap the name of your chat partner and go to their profile, you won’t find the coveted button there. You need to dig a bit deeper: tap the three dots menu, rummage around in the secondary features, and there it is — the secret chat option with end-to-end encryption.
Another complaint arises regarding the name Telegram has given to its end-to-end encrypted chats. The developers could have called them something neutral like “secure”, “protected”, or “private”. But no: they went for “secret” — and this word has a very interesting effect on people’s perception.
Many a time, after creating a secret chat in Telegram, I receive a sarcastic quip from the other end something like: “Wow James – For My Eyes Only, eh?!?” Others apprehensively enquire as to what could possibly be so important – or naughty or something else – for its needing to be secret.
Patrick, I made changes to this wiki in the section of recommended messengers Instant Messenger Chat I added Simplex Chat and Swtch as the most recommended for their maximum anonymity and protection against metadata collection Instant Messenger Chat I think that now XMPP and Matrix are significantly inferior to these messengers, which is also emphasized by many security specialists (in fact, XMPP and Matrix only encrypt messages but do not protect metadata). If you agree, then move the sections for Simplex and Swtch higher up. I’m not quite sure how to do that. Thank you.
Wow, I found a report on the Australian regulator’s website stating that Telegram can moderate even secret chats! https://www.esafety.gov.au/sites/default/files/2025-03/BOSE-responses-to-mandatory-notices-tvec-March2025.pdf
Telegram stated that messages in Secret Chats were not ‘forwarded’ to moderators when they were reported by an end-user. Without access to the messages being reported, Telegram reported that it relies on alternative signals or indicators to determine if ‘the reported user is not otherwise engaging in harmful or malicious behaviour’
I added it to the wiki Send Telegram Messages over Tor with Whonix ™
ps Hmm but I don’t know how to fix • • after quote. It might be a typo due to the quote inside the subsections
This does not follow from the quote that you provided.
Not sure what “moderate” means in this context. Obviously, Telegram can ban any account tied to any registered phone number at any time. To ban an account (for spam or anything) is a form of moderation.
Not forwarded.
That could be anything. I haven’t read the source but it’s your argument to make. Speculation: the “alternative signal” could be unencrypted chats or the social graph (who is chatting with whom, extending surveillance to chat partners).
Pretty much any centralized service that conttols all the components should be assumed to do this, whether it’s tracking the chats content itself or “only” the metadata.
By the way, if I recall correctly in the past one could use Telegram on desktop without the mobile app (and telegram-desktop is currently included in Debian apt sources so installation is trivial). Phone number verification was required but not a mobile device (and there are fairly easy solutions for online verification).
Now however, the situation is different - you can’t register an account without creating it on a mobile app first (similar to Signal). This means that to use Telegram on Whonix we are potentially exposed to location / network / other identifying data being recorded by the Telegram mobile app during the initial registration, or otherwise use some kind of Android emulator in the workstation - I haven’t seen a solution for this either.
Similar issue with Line - an account must be registered on the phone first. The user can then set email / password credentials and use these to log in to the desktop version (in Whonix the desktop version can be installed as a chromium’s Line extension).
It’s even worse with WhatsApp - if I’m not mistaken, there the user needs to have the app active on the phone for the desktop version to be usable.
I started to evaluate it, tried both through flatpak and the appImage, my initial impression (regarding usability) is that it’s rather resource intensive. Takes over 90% of CPU at times and pretty slow to respond even to simple actions. This is compared to Gajim for example, that runs on a workstation with same resources. What’s your take on this?
I found an article with a detailed review of the forensic analysis of popular messengers. https://dl.acm.org/doi/10.1145/3727641
Telegram turned out to be highly vulnerable to forensic analysis - experts from different teams were able to access deleted messages and files on desktop and mobile clients. This forensic analysis is currently being conducted in Russia (it seems that I read about this in Wired)
Satrya et al. [113] have extracted data from the Telegram android system for potential use in criminal cases. Gregorio et al. [53] developed a method for analyzing Telegram on Windows mobile devices. Borodin et al. [28] simulated Telegram artifacts on Windows. Wicaksanaa and Suhartanaa [140] performed a crime simulation on the desktop application. In these studies, researchers have successfully recovered user messages, chat history, and other encrypted data.
Notably, a 2021 discovery of a self-destruct function vulnerability led to the recovery of deleted images [118]. Recent studies in 2022 have furthered Telegram’s forensic analysis, with Raza and Hassan [104] examining the application in an Android virtual environment, while Fernández-Álvarez and Rodríguez [45] performed an exhaustive forensic analysis on Telegram Desktop. These studies continue to provide valuable insights into potential cybercrime investigations.
I added this to wiki Send Telegram Messages over Tor with Whonix ™
Signal proved to be sufficiently secure against forensic, but experts were able to find some artifacts. I did not add this to the Signal wiki
I use appImage on Kicksecure. The resource consumption level is average (lower than that of Telegram and Element)
Yes, that’s true. I think this info should be published on wiki Signal and Telegram. This is a very serious problem (no less serious than a phone number being intercepted). This problem can be detailed described in a separate section on the wiki. Will you add it to the wiki?
If every user uses exactly one device, it is known that Signal achieves forward secrecy and even post-compromise security (i.e. security of future communications in case of leakage of long-term secrets).
But the Signal protocol also allows for the use of multiple devices via the Sesame protocol.
This multi-device setting is typically ignored in the security analysis of Signal.
In this work, we discuss the security of the Signal messenger in this multi-device setting.
We show that the current implementation of the device registration allows an attacker to register an own, malicious device, which gives them unrestricted access to all future communication of their victim, and even allows full impersonation.
This directly shows that the current Signal implementation does not guarantee post-compromise security.