That didn't answer my question about secret chats being decrypted somehow just because Telegram does the initial key exchange, which you stated there (if I misunderstood your sentence, please forgive me for that. English is not my native language):
since Telegram handles the encryption keys (even if it doesn't officially run through their server), it could theoretically be decrypted via your device by Telegram
Yes, you have to let Telegram do the exchange for you, but that's just trading user experience over security, I'm sure most people would accept this "trade" and those who don't - I doubt they use Telegram at all (they probably use GPG + E-mail or something like that).
Diffie–Hellman key exchange have been used for years, as long as Telegram clients use that algorithm, I'm fine with that.
As for the diagram provided, I guess it shows integration of your service with Telegram? I'd not trust any bot (except created by myself) to do the decryption of my messages. It must be done on the client side. Otherwise you're not controlling it at all. You can send/receive encrypted messages over Telegram, but that's not user friendly at all. At that point, I'd simply use GPG over e-mail with a plugin for Thunderbird that would encrypt/decrypt messages automatically.
The article you linked do not provide any valuable arguments either. I can take screenshot of any decrypted data and there's no protocol that wouldn't let me do that. As for MTProto, how is that proprietary? No one stops you from implementing it as a library so anyone could use it. The specification is open.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
That didn't answer my question about secret chats being decrypted somehow just because Telegram does the initial key exchange, which you stated there (if I misunderstood your sentence, please forgive me for that. English is not my native language):
Yes, you have to let Telegram do the exchange for you, but that's just trading user experience over security, I'm sure most people would accept this "trade" and those who don't - I doubt they use Telegram at all (they probably use GPG + E-mail or something like that).
Diffie–Hellman key exchange have been used for years, as long as Telegram clients use that algorithm, I'm fine with that.
As for the diagram provided, I guess it shows integration of your service with Telegram? I'd not trust any bot (except created by myself) to do the decryption of my messages. It must be done on the client side. Otherwise you're not controlling it at all. You can send/receive encrypted messages over Telegram, but that's not user friendly at all. At that point, I'd simply use GPG over e-mail with a plugin for Thunderbird that would encrypt/decrypt messages automatically.
The article you linked do not provide any valuable arguments either. I can take screenshot of any decrypted data and there's no protocol that wouldn't let me do that. As for MTProto, how is that proprietary? No one stops you from implementing it as a library so anyone could use it. The specification is open.