Pavel Durov on making server side code of telegram open

1. User 1: https://t.me/durovschat/514781
2. This is a really biased text. Telegram servers are closed-source, and because there is no end-to-end encryption (except in secret chats), we have to trust blindly that Telegram doesn't do anything with our messages, data and metadata we don't want them to.
3. Since there literally is no way to prove otherwise, we even have to assume that literally any Telegram employee has access to everyone's messages.
4. Currently, Telegram's security model is fundamentally flawed.
5.  
6. Don't get me wrong, Telegram is still so much better than WhatsApp. But we just can't fully trust our secrets are really secret.
7. Please open-source servers and fix those flaws, so I can finally start recommending Telegram with a clean conscience again.
8.  
9. User 2: https://t.me/durovschat/515100
10. Even if servers were open-source, how could you verify it? There’s no point in making servers open-source.
11.  
12. The only thing Telegram can do, is to make itself unable to read users’ data, such as what Mega has done (your password is used as an encryption key, so only you can read your data). However, I think we would then lose the great user experience of the app, because it won’t be as fast.
13.  
14. Durov: https://t.me/durovschat/515221
15. Exactly, I’m also puzzled by folks who even mention server-side code in this context. Publishing the server code doesn’t guarantee privacy, because - unlike with the client-side code - there’s no way to verify that the same code is run on the servers.
16.  
17. And you don’t even need the server-side code to check the integrity of Secret Chats - they are solid regardless of how the servers function (that’s the whole point). In other words, publishing server-side code won’t help verify Secret or Cloud Chats, and would constitute a marketing gimmick that has nothing to do with security.
18.  
19. Me: The code of Telegram apps is open. It is verifiable. No other app has verifiable builds on all mobile platforms. WhatsApp’s code is hidden and intentionally obfuscated.
20. Confused user: You are lying, your server code is not open! 🤬
21. Me:🤯
22.  
23. So why not publish the server code anyway, even if it is only a publicity stunt? 3 years ago I learnt that an authoritarian regime (you may guess which) was looking for a way to obtain Telegram’s server code. Their plan was to launch their own equally convenient local app and then to shut down all other social media in the country.
24.  
25. After having heard that I put our plans to publish the server code on hold. I didn’t want to provide dictators with tools to enslave their population - that shouldn’t be the legacy of Telegram. We are not ready to betray our values because a few confused users seem to think publishing server-side code will somehow improve verifiability.