They covered themselves by ensuring that the devices could only be ordered after private referral from another user. All of whom were underworld figures (the devices were initially “seeded” to “underworld influencers”).

I’m sure that added to the credibility of the device among criminal groups, but it also ensured that the platform wasn’t adopted by your average privacy-conscious user.

If moxie marlinespike is a deep cover agent he's been cultivating a whole character and persona for a very long time. I'd lean towards the "not a NSA plant" view myself.

Food for thought: Telegram estimated costs for 2021 based on 675 million monthly active users (MAU) are $220 Million. Yet, the app is somehow free to use. Where does the money to cover the costs come from?

$220M is not pocket money, but Durov's net worth is apparently $17.2B, so he could afford it for a few more years

https://www.forbes.com/profile/pavel-durov/

He was listed on the Forbes Billionaires List in 2021, with a net worth of $17.2 billion. His fortune is largely driven by his ownership of Telegram

- Wikipedia.

So billions from Telegram, a free app. What am I missing?

That's a valid point. It's free now but they do have some plans for monetization (ads in channels with huge numbers of subscribers etc.)

Thanks for this, what about Moxie? Who covers those costs?

Signal is funded by a $50M donation from Brian Acton, who made billions selling WhatsApp to Facebook.

Telegram isn't end-to-end encypted except for some 1:1 chats. The unencrypted chat data is likely being sold, as their privacy policy allows.

At least the story of them being dodgy (in terms of origin/funding) and playing up encryption which is not enabled by default is pretty well documented by now. I get that people really like the UX of the app, but I wish more of them approached Telegram with "Russian gov has access to my unencrypted messages, but maybe the encrypted ones too" mindset.

If that is the case normies living outside of the sphere of Russian influence have little to worry about surely. Better Russia than your own government.

I'd say it's just a good argument for using a popular app (like one you mentioned) because it is likely to be subject to the critical eyes of security researchers.

If you're not already operating under the assumption that TLAs have full access to your entire online history, there's really no point in trying to start now. Use secure apps like Signal to hide your information from hackers, thieves, and generic script kiddies, not to hide from national security agencies. Especially when said agency can send a van to your house to take all your digital equipment (fully legally if backed by a warrant) until you comply and give up all your passwords and encryption keys.

You cannot defeat the legal system through technical means, your only hope is having some kind of escape submarine or private jet to get yourself extracted to a non-extradition country like Russia (or, if you're Snowden, trolling journalists with your flight so all the goons get on the wrong plane).

https://xkcd.com/538/

For a slightly humorous take on this, James Mickens' paper _This World of Ours_[0] is enjoyable:

> In the real world, threat models are much simpler (see Figure 1). Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere.

[0] https://www.usenix.org/system/files/1401_08-12_mickens.pdf

This is pretty much my understanding too. We have not progressed one iota in civilization and everything comes down to torture and murder when the going gets tough.

My only hope for a future for humankind lies with this socialist software ideal I have been musing about...

Many people like me wish to hide from Google and Microsoft, not from NSA. Because of two widespread reasons.

- I don't want to have a personalized experience on the net.

- I don't want Google algorithms to hide my new bike frame invention because I also posted an opinion about bing censoring tank man, or about Google cache as commons.

Yeah, sometimes I wonder if Tor is already co-opted like this.

Except that we can see exactly what is being sent from our devices since Signal is open source. Even if the servers are run by the FBI, at best they have a whole bunch of encrypted messages (which they could get by wire tapping anyway).

And that is why open source is important (and Signal's server and open source integration should be viewed very skeptically).