Paul Miller avatar

I make projects which help developers to build awesome things. Founder of web consultancy called Hell Yeah and partner at security firm Sakurity. Sometimes I write essays on libertarianism as I love freedom and stuff.

You can ping me on twitter or send me an email.

The story of Telegram or “Why you shouldn’t listen to Hacker News”

Dismissive comments about new things bother me partly because there’s an asymmetry that seems unfair. It’s so risky to create something new, and so easy to dismiss it. At their worst, the people making such comments are like schoolyard bullies picking on someone who tries to do something different. – Paul Graham, HN founder

tl;dr: go make some real stuff, don’t listen to hacker news (or any other similar site) comments, separate the wheat from the chaff.

A bit ago in the past, new messenger became known in IT community. It was Telegram.

The idea behind the app was a messenger for an average user, for all people, which is secure and fast. Not some another thing no one uses besides a few nerds (like BitMessage).

A messenger like a Whatsapp, but more secure, more open and faster. Telegram was backed by the same guy who’ve made russian social network VK, which still outperforms Facebook in ex-USSR market share — by Pavel Durov.

Immediately after the announcement, various “experts” started throwing in their thoughts on this (these are just a few top-rated comments from the original HN discussion):

Some of them were advertising TextSecure messaging app instead of telegram.

Some people were even writing full-sized articles for this: Telegram, AKA “Stand back, we have Math PhDs!”

What was Telegram’s response for that?

  1. They were replying almost to every article, comment or tweet:
  2. They’ve started a contest!

The contest

$200’000 for anyone who breaks founder’s traffic. Simple as that.

Experts were now able to truly prove their theories, break the protocol and get $200K. That’s a lot of cash.

Guess what happened? Crypto “experts” started writing posts describing why the contest is bad too. Why Telegram is still “theoretically” non-protected. And other stuff.

  1. On Telegram’s Cryptanalysis Contest
  2. A Crypto Challenge For The Telegram Developers

(note that again some of them are advertising TextSecure)

Of course they were not able to prove their thoughts with real actions. Neither any other “crypto-skeptic” did so.

The real vulnerability

After two days of the contest, a russian cryptography newbie (as he told us) had written a post describing a real vulnerability in Telegram protocol. No “this uses RSA / SHA1 / IGE so it is not secure” bullshit. A real and concise man-in-the-middle vulnerability.

In forty minutes, he got two responses from Telegram developers:

After that, he received $100,000 (not $200K because he didn’t really decipher the network traffic) and the vulnerability is fixed now.

The HN is still ranting.

What this teaches us to

  1. Separate the wheat from the chaff. See folks who are really relevant and follow them instead of folks who just talk.
  2. Go make your own stuff and don’t listen to HN or any other skeptical community.

TextSecure folks: instead of ranting that “our stuff exists already, but we got no money and we got no cross-platform support Y U NO USE our protocol?” and using political tricks, go make better protocol and market yourself better.

I wish Telegram luck and I believe they will win the messaging battle.