Good on you for being so quick to implement these bug fixes.
Others on HN have commented that the iteration process is probably not the best way to approach crypto, due to the high risk for the end user.
It seems obvious to me that nothing in this world is ever bug-free, and there is no such thing as foolproof where time is involved. You might as well accept this, and actually embrace it. It seems to me Telegram are embracing it very well.
Telegram is not robust at any point in time, but it is antifragile, since it benefits from shocks to become stronger over time. Like Hydra's heads, you can cut them off, but they will grow back twice as numerous. This is actually much better than robustness, it just doesn't look like it, because heads being cut off is more memorable and mediatic than heads growing back.
Of course, there is the argument that such high claims should not have been made on buggy software. But it is because such high claims were made, and because crypto people got annoyed about them, that everyone has been trying to break it, thus rendering it more foolproof.
It's annoying, but it's clearly working: at this rate of improvement, I'd be surprised if the product weren't pretty damn good in just a few months' time. If anyone has doubts over the current version, well, just don't use it in life-threatening situations until you're reasonably confident about it being fit for your purposes, which is an assessment that will also depend on the person or institution you're trying to avoid, and the quality of resources they have at their disposal.
Would you be happy with bridges, or elevators, using an iterative process for safety design?
How about training doctors? Don't build up through school (frogs and a sheep's lung) through universities (pigs, human corpses) and medical school (more corpses, watching surgery, assisting surgery) - just let them learn with open heart surgery?
> If anyone has doubts over the current version, well, just don't use it in life-threatening situations
That's good advice. How is Telegram advertising itself?
On the homepage:
> Telegram messages are heavily encrypted and can self-destruct.
> Telegram keeps your messages safe from hacker attacks.
In their FAQ:
> Telegram is the fastest and most secure messaging system in the world.
> Secret chats are meant for people who really want secure messaging.
etc.
This is nice wording, and I appreciate them saying this:
> Telegram is more secure than mass market messengers like WhatsApp and Line. We are based on the MTProto protocol (see description and advanced FAQ), built by our specialists, employing time-tested algorithms, to make security compatible with high speed delivery and reliability. We are continuously working with the community to improve the security of our protocol and clients.
It contains worrying bits ("built by our specialists"), but is mostly okay.
Your point about bridges and elevators actually illustrates my own point very well. Bridges and elevators may be quite safe today, but they weren't when people first started making them. Some bridges collapsed under various forms of pressure, and better bridges were designed as a result. They all necessarily made the claim to be safe until they were shown not to be.
So, yes, even bridges were built using the iterative process. It's just that the iterative process started long before you were born, and you found the world as it is without seeing the iterations that occurred before.
The same is true for doctors. There used to be all kinds of theories about how to cure the plague, or tuberculosis, or diseases we now know how to cure with a pill. Some of them worked, others didn't. Iteration at work, just over a longer timeline than your own lifetime.
This would make sense if cryptography was a young field, but this iteration and improvement has been going on for thousands of years (and modern digital cryptography has been developing for the better half of a century). It is known how to implement cryptography securely. Just as you would expect bridges built today to stay up, and doctors working today to be properly trained, you should expect cryptography implementations to be sensible and secure, or at least not try to carve a new, experimental path when people's lives are potentially at stake.
On the other hand, think about the benefits we get from seeing a bug in the software, and then seeing that Telegram have fixed it within the hour. Until a bug is shown and fixed, you don't even know whether it exists or not. So, you have doubt. But once it's exposed, and fixed, your attention is brought to an aspect of the software that you now know is good. The doubt is reduced. Which is a good thing.
That assumes that there are people with enough expertise and time to point out these flaws and the company actually listens to them. Something like an http/https grep is easy enough to do and doesn't require a lot of deep technical knowledge about how crypto works and should be designed, but someone doing an analysis of their entire algorithm and architecture for free and point it out to them? Forget about it. Especially since their "bounty" program has very specific parameters for what is acceptable to get any prize money.
So far, Telegram have been listening a lot to people pointing out errors, and fixed their errors promptly.
>for free and point it out to them? Forget about it.
It doesn't appear to be for free: aside from their bounty program, Telegram have been rewarding various troubleshooters with pretty decent ex gratia payments in bitcoin. In the article linked to this title, the first comment was from Telegram, asking the author to contact them for a reward.
They haven't been transparent about the amounts nor about the parameters of the initial bounty, which does not mean that the algorithm is safe, but rather that it wouldn't be worth the reward in effort to expose a vulnerability in the exact specified way by the authors.
That can apply to other apps and products, but much less so to crypto tools. It's basically one of the reasons why new crypto algorithms only start being used after 5 years of being in the wild, and many more in pre-release research.
Others on HN have commented that the iteration process is probably not the best way to approach crypto, due to the high risk for the end user.
It seems obvious to me that nothing in this world is ever bug-free, and there is no such thing as foolproof where time is involved. You might as well accept this, and actually embrace it. It seems to me Telegram are embracing it very well.
Telegram is not robust at any point in time, but it is antifragile, since it benefits from shocks to become stronger over time. Like Hydra's heads, you can cut them off, but they will grow back twice as numerous. This is actually much better than robustness, it just doesn't look like it, because heads being cut off is more memorable and mediatic than heads growing back.
Of course, there is the argument that such high claims should not have been made on buggy software. But it is because such high claims were made, and because crypto people got annoyed about them, that everyone has been trying to break it, thus rendering it more foolproof.
It's annoying, but it's clearly working: at this rate of improvement, I'd be surprised if the product weren't pretty damn good in just a few months' time. If anyone has doubts over the current version, well, just don't use it in life-threatening situations until you're reasonably confident about it being fit for your purposes, which is an assessment that will also depend on the person or institution you're trying to avoid, and the quality of resources they have at their disposal.