Are Multi device usage and bots in Telegram an excuse for only ssl encryption?

Question

Telegram's E2E encryption is not secure. See: Is Telegram E2E Still Insecure? and Is Telegram secure?

Lets asume its is secure and talk about the "excuses" why E2E encryption is not always used. It is only used in secret chats, from ONE device to another ONE, but not between all devices from one account to another. Groupchats are also insecure.

Is the key exchange between two devices with the same account really so hard to implement, that it is still easily usable for everybody?

Another excuse is, that bots could not read chats (in human vs bot conversations), when they are E2E encrypted, but couldn't it be implemented? Isn't this the same situation then writing with a real person?

Answer 1

TL;DR: Secure key management is hard. Who knows, but probably eats into profits.

I would think that the big problem is that if Telegram is going to allow you to do any sort of crypto and present yourself as the same person across multiple devices, they have to do one of two things: manage the keys for you, or allow you to manage the keys. If they manage the keys for you, then they hold the keys, which means they can be subpoenaed or stolen. If they encourage you to manage your own keys, it probably opens users up to a lot more opportunities to misuse their own keys, resulting in a less secure product.

If you you want E2E encryption in chats with bots, I suspect it's not an issue of what is possible, but rather what is cost effective. What is the use-case for needing encrypted chat with bots, and how much would it cost to develop, implement and maintain? Again, assuming a profit motive, why should telegram increase costs on its revenue stream? What liability do they assume by managing keys?