Monday, August 31, 2015

Review on Telegram

According to Group 5 which did a presentation on Telegram, I have slight fear for the security of Telegram. Based on the group's presentation, Telegram is a open source product where the quality control is not properly implemented in which it may leads to threats from virus and malicious data.

However, being an open source project actually exposes some of the security issues. In addition, chat application tends to contain important and sensitive during the chat. As a user, I definitely do not want my chat to be exposed to such threats. Although the developers should not be uploading all the important information such encryption keys or private keys information online during development, there are still some part of code that will provide the malicious hackers some information to crack the security of the application. Imagine if the hacker is able to make changes and redirect a copy of the message to himself, it will be very dangerous and insecure for the users.

However, I do agree that open source application does have its benefits. It is able to tap on the power of community to produce fantastic product. Therefore, if a good quality and information control are in place, the above worries still can be minimized.

Regarding UI/UX of Telegram, I do agree that less clicks sometimes make the application more user friendly but it does not necessarily true all the time. Assume a huge list of logo representing multiple functions in a single function page, the user  can reach almost all functions in one or two clicks but due to lack of organisation among the functions, it becomes less user friendly. It is indeed the case for Telegram where the function is grouped in a long list. In other hand, a well grouped and organised function may require more clicks to traverse the categories before it can reach the actual functions but due to neat organisation, it may gain more users' supports. Therefore, I believe the simplest may not be the best.

The team suggested one marketing possibility that Telegram can adopt is to allow custom keyboard. It reminds me of messaging application such as WeChat and LINE. In WeChat, there are various animated emoticons where user can download them. Some of the emoticons require users to purchase before it can be used. This strategy has been implemented by many messaging application. Therefore, this strategy may lose its originality and may not be able to attract more users to use it or to pay for it.

One key reason a messaging application is dominated by a few major applications such as Whatsapp, Line, etc is the importance of users. Without a large user pools, those applications are nothing but useless application. It requires two parties to use the application at the same time in order to form a communication. Therefore, users tend to go for the messaging application with large users pool or the one with most friends. It is very hard for user to migrate to another messaging application if the targeting application has very small number of friends using it.

Therefore, I feel that the messaging application market is hard for new companies to enter unless there is a very strong breakthrough or innovative changes in the messaging application. If not, I will rather stick with the old application such as Whatsapp although it may be slightly worse off in term of design or functionalities.

5 comments:

  1. Hello Mun Aw,

    I agree with your point regarding messaging applications and its difficulty in gaining a significant user base. Indeed, users tend to gravitate towards the messaging application that most of their friends are on. Thus I feel that if a new messaging application were to gain traction, it needs to first differentiate itself from its competitors. One example is Line which offers a virtual shop that allows its users to buy stickers, themes and oher merchandizes for themselves and their friends. Also Line introduces their own anime characters which strategically portray many different personality whom their users can identify themselves with. All said and done, I'm not trying to sell Line but just saying how an app can differentiate itself from its competitors even though the core functionalities are the same. (Line is still awesome tho =D)

    ReplyDelete
  2. Hello Mun Aw,

    In Information Security, we have this principle known as Kerchkoff's principle, it goes something like "A cryptosystem should be secure even if everything about the system, except the key, is public knowledge". Basically what it means is that a design should be secure even if it is open source. With respect to Telegram, being open source might force its developer to place more emphasis on its design and to rely less on "security through obscurity".

    To add on, there has been many discussions on the new cryptography design that Telegram is using (MTProto), many has mentioned that the design is flawed/badly done. However, up till date, there has been no known successful attack on the design although there has been constraints placed on the challenge. In theory, the design might be flawed, however, in real world application, the same design might be secure enough with certain constraints put in place. Personally, I believe Telegram is secure enough for my daily messaging. :)

    I hope that reading this will dissipate your fear in Telegram.

    Cheers!
    Quan yang

    ReplyDelete
  3. Hi Mun Aw,

    I am of the same opinion as you with regards to the importance user base of an application largely dependent on interpersonal communication. Sometimes what is really important is timing and how much of the market an application can capture during its initial entry to the market. From what I observed and remember, WhatsApp managed to enter the market for IMs on phone very early and captured a very large part of the market. And it only needed to be providing service of reasonable quality from then on to get continued use. Facebook might have very well been able to build an amazing direct competitor(I would say that Facebook Messenger is not a direct competitor per se), but might have seen itself not having enough to sway the market dominance WhatsApp had already established, and chose to acquire it instead.

    ReplyDelete
  4. Yup I agree that for social apps like Whatsapp, a strong user base is important. So usually the first guy to dominate the market maintains stronghold over the market so long as they do not screw up their service and no one else comes out with a much cooler product (like how Friendster died when Facebook came out)

    With regards to your security concerns, I agree that having the code open source may make it easier for people to find potential exploits in the system. But even then, keeping the code closed source is not really a solution as given enough time and skills, a determined person would still be able to find exploitable weaknesses in an insecure application. So perhaps, like Quan Yang said, having an open source code base is probably a good thing as the onus is on the developer to ensure that the design of the system is secure since any security bugs will be free for all to discover =P. The developers will also be forced to be quick to patch any security loopholes found.

    ReplyDelete
  5. Hey Mun Aw,

    You are absolutely right that the user base is the most important factor in determining the popularity and usage of messaging applications. Since a messaging client is for people to message each other, if their friends are not using the same messaging service, then it will not be used regardless of how many extra features it has.

    An interesting way to get around this is to already be a big player - be an established app that users use frequently. Well, I suppose that's not exactly trivial. The examples I'm going to use here are Facebook Messenger and Google Hangouts. Although other messaging services were released first and had gathered a huge userbase, Messenger and Hangouts are able to increase their userbase due to their convenience. With Messenger, the time you spend being online on Facebook is also the amount of time that you are online. It is easy to pick a friend and start messaging. With Hangouts, it is a similar experience while you are checking your mail. Since your friends are likely to be on Facebook or GMail (admittedly, less likely for GMail), the userbase barrier of entry is a lot lower. Then you "just" have to convince your users that Messenger or Hangouts are more convenient or better in some way than the messaging clients you are already using, and see where the userbase goes from there.

    This reminds me of when MSN Messenger was the de-facto client for instant messaging. Somewhere along, I'm not sure why it died out in popularity (and the users were migrated to Skype), and my friends and I all shifted to Facebook Messenger before WhatsApp was really a thing. It's notable that Microsoft is trying to push Skype pretty hard in Windows 10, we'll see where that goes.

    - Zheng Hao

    ReplyDelete