You and I discussed quite a bit already and we can't agree on many things -- but I can still see where Telegram's team is coming from in their security decisions. A balance between ergonomics and security has to be struck if you want wide adoption.
We likely both abhor how quick and easy it is for many users to just say "yeah, sure, get access to my contacts so I don't have to re-add my people one by one" -- I feel that this practice is responsible for trillions of personal data points sitting out there in warehouses waiting to be used for advertising profiling, but what can we do? Seems that this is what the people want.
Having stricter -- and thus non-ergonomic in terms of UX -- security as an opt-in is apparently the best we can do in this age. By "we" I mean "all programmers and corporations".
Before you say it: I used Matrix and Riot/Elements for several months. The app itself is hopelessly behind in basically everything: it's not responsive even on a very modern Linux laptop, it often hides messages (and shows them up again a few minutes later after the app somehow force-refreshes its UI by itself), synchronization of chats when logging in from a new device was almost non-existent and took minutes to recover a channel with like 30 messages (although I heard they are working on this)... Even notifications would fire 9 out of 10 times and I had to make it a habit to check the client every 10-15 minutes or so (since it was a work chat).
Very far from convenient. Not to mention part of the time non-functional.
Telegram makes security trade-offs, I have no doubts about it. But it's a damn good app in almost all regards -- and me and many others can forgive their lack of to-the-letter end-to-end encryption implementation.
If there's an app with such a good UX and polish like Telegram that also does end-to-end encryption and doesn't drown you in GPG-like keys and passwords management minutiae, I'll gladly switch tomorrow.
