They may be sponsored by the US Government, or by cryptographers with ties to the government.
https://thebaffler.com/salvos/the-crypto-keepers-levine
It’s a long read, but it’s quite good. Here’s a snippet to whet your palate where he describes some of the prominent people behind these projects:
At least that’s how they saw themselves. My reporting revealed a different reality. As I found out by digging through financial records and FOIA requests, many of these self-styled online radicals were actually military contractors, drawing salaries with benefits from the very same U.S. national security state they claimed to be fighting. Their spunky crypto-tech also turned out, on closer inspection, to be a jury-rigged and porous Potemkin Village version of secure digital communications. What’s more, the relevant software here was itself financed by the U.S. government: millions of dollars a year flowing to crypto radicals from the Pentagon, the State Department, and organizations spun off from the CIA.
For context: I have become very interested in the debate amongst app users such as Telegram, Signal, Threema, etc… and I know that many people claim that Signal is the very best amongst all of them but there’s something really sketchy about its location (US based) and the fact that the government can for anyone to comply with their orders and forbid them from telling anyone about it via gag orders (see Durov’s comments on this: https://t.me/durov/59).
Both are fascinating reads, and certainly help me appreciate platforms like Telegram and Threema even more. Regarding Threema, today they posted a comparison between their app and the competition, and found this interesting tidbit regarding Signal:
https://threema.ch/en/blog/posts/messenger-comparison-2021
Signal enjoys an outstanding reputation among experts, and it’s certainly a good alternative to WhatsApp. However, just like WhatsApp, it requires users to disclose personally identifiable information: Providing a phone number is mandatory. As a US company, Signal is also subject to the CLOUD Act, which entitles US authorities to access data from IT service providers that are based in the US.
Also: I just learned that FB spends millions of dollars every year on marketing and trying to influence people to not use platforms such as telegram.
The thing to remember is that cryptography is very tricky business, and even when an algorithm is sound on paper that does not guarantee that it’s implemented in a secure way. A famous example is when NSA “helped” develop the Diffie-Hellman cryptographic key exchange standard and introduced a vulnerability that nobody noticed for a very long time.
Any standard that’s been developed in conjunction with US agencies should be considered compromised in my opinion.
deleted by creator
Yeah exactly, if you know a specific exploit then it’s not that hard to design the system in a way that looks innocuous, while being compromised. Without knowing the nature of the exploit it can be incredibly difficult for a third party to find it.