Telegram is neither "secure" nor "encrypted"
Telegram is a popular – especially in the East – internet messenger. It bills itself as “encrypted”, “private”, and “secure”. One of its creators (and the CEO of the company that operates the service), Pavel Durov, has for years been suggesting, in a more or less direct manner, that other internet messenger services expose our conversations and endanger our privacy.
It’s a pretty crude, yet surprisingly effective strategy for distracting attention away from Telegram’s very real problems with security and privacy. And there are quite a few of those.
What is being encrypted?¶
On Telegram’s website we can find claims, that “messages are heavily encrypted.” This is also how Telegram promotes itself on social media. This would strongly suggest that the contents of messages exchanged using that tool are available only to their senders and recipients – and that nobody else could read them. This kind of encryption is called “end-to-end”, and is exactly what we should expect today when we hear that some communication service is “encrypted.”
In the context of Telegram this is, however, misleading.
For conversations this IM has two modes. By default, messages are encrypted between our device and Telegram’s servers. The company calls it “cloud chats.” Messages sent by us are indeed encrypted, but only between us and the company’s ifnrastructure, and then between that infrastructure and the messages’ recipients. Same goes for messages we receive.
This most definitely is not end-to-end encryptuion. The service’s operator, Pavel Durov’s company, has full access to the contents and the metadata of our conversations, including any files we send, when this mode is in use. And again, this is the default mode for all private and group chats.
A second, optional mode is the so-called “secret chats.” When this mode is used messages are actually end-to-end encrypted, and the only people who could get access to them are us and people we are chating with. Unfortunately, “secret chats” need to be explicitly enabled separately for each of our contacts. And, conversations we are having in this mode are only available between specific devices they were turned on for – if we enable a “secret chat” with one of our contacts while using our mobile device, this conversation will not be available to us when using the desktop client, for example.
“Secret chats” are also not available for group chats and channels. In other words, no groups and no channels on Telegram are encrypted end-to-end. Their contents – and the associated metadata, including members, who sent which message when, and so on – are available to Telegram service operator. And thus to any law enforcement agencies that are able to force or convince the company to comply with data requests.
Suspicious encryption¶
The good news is that MTProto, the message encryption protocol created by Telegram’s team and used both for regular conversations and “secret chats”, does not currently have known vulnerabilities.
But there is also the bad news: cryptologists seem to mostly agree that the way the protocol is designed is generally somewhat suspicious. When desigining and implementing encryption protocols it’s easy to make non-obvious mistakes, and Telegram’s protocol seems to have a lot of places where such mistakes might lurk.
Similar concerns regarding the previous version of MTProto were eventually proven correct.
Cryptology experts indicated where problems could potentially be expected. Telegram’s developers’ reaction was, to put it mildly, not particularly friendly. In the end it turned out that the first version of the protocol indeed had serious vulnerabilities. Including one that was described by an expert as “the most backdoor-looking bug I’ve ever seen.” Time will tell if history repeats itself with the new, currently used version of MTProto.
So, does Telegram use encryption? Yes. Is it possible to use end-to-end encryption in that service? Yes, but in a very limited way, only if you remember to actually enable it, and using a protocol that cryptology experts do not find trustworthy.
Claiming that “Telegram is encrypted” is like claiming that pizza is a healthy food, because there’s a slice of tomato on it.
What about privacy?¶
This is not the only place where Telegram’s promotional materials are misleading or outright false. In the FAQ section of their website the company claims that:
(…) [W]e can ensure that no single government or block of like-minded countries can intrude on people’s privacy and freedom of expression. Telegram can be forced to give up data only if an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world.
To this day, we have disclosed 0 bytes of user data to third parties, including governments.
And yet when a court in India ordered the company in 2022 to provide information – including phone numbers, e-mail addresses, and IP addresses – in relatioon to an on-going case, the company provided the requested data. German law enforcement was also apparently able to receive information about specific Telegram users.
It gets worse. The protocol itself, MTProto, enables tracking Telegram users by simply observing network traffic. Every single message contains an unencrypted header that identifies specific user device (called auth_key_id
in the protocol specs).
Among others, Russia has capabilities sufficient to use this for tracking specific peoplewho use Telegram on territory it controlls (thanks to SORM). And apparently it used this capability in Kherson, against Ukrainian partisans. It’s not difficult to imagine, what the consequences could have been.
There are also indications that Telegram might be sharing with law enforcement contents of conversations that are not using the (seldom activated) “secret chats” mode. Activists in Russia learned about this the hard way.
Marketing¶
In some cases, promises made in promotional materials are broken, and the materials then modified accordingly.
For example: as late as 2020 in Telegram’s FAQ one could find the question whether Telegram will ever display ads – along with a simple, clear answer: “No.”
In 2021 Telegramn enabled ads “in some public channels.” The FAQ entry was then modified. Today it is: “Will you have ads in my private chats and groups?”
In and of itself this is of course a pretty small change. But it raises a question about other promises the company makes in their documentation – for example about not selling private data of people who use the service. And they do collect a bunch of such data.
Black PR¶
We should not be surprised, then, that the company, and Pavel Durov personally, deploy a strategy of misdirection and casting doubt on the competition.
A few weeks ago ex-Twitter accounts related to Telegram attacked Signal. Not the first time. For example in 2017 Durov publicly claimed that he expects a backdoor in Signal to be found within 5 years – and that he is willing to bet a million dollars on that.
Tech journalist Max Eddy tried to take that bet, but Durov did not respond.
Telegram vs. Signal¶
There has never been any backdoor found in Signal. As opposed to Telegram’s MTProto, Signals end-to-end encryption protocol is widely considered the golden standard of secure encryption protocol design.
All communication on Signal is end-to-end encrypted – there is simply no way available to send a message that is not fully end-to-end encrypted message on that service. End-to-end encrypted are also groups, stickers, voice and video calls. And all of this is available to all devices connected to one’s account.
Signal is managed by a non-profit organization; Telegram’s operator is a regular company, but it promises it isn’t in it for the money.
Signal does not keep any metadata, apart from date and time of when an account was created, and date and time of the last time the account was active. And has the documentation to prove it – as it does publish all data requests along with its own responses. I have never seen any information that would put that in doubt.
I am not writing this to promote Signal (even though it’s not hard to figure out I find it to be considerably more secure). I am trying to show that it is possible to create a tool that does not have Telegram’s flaws and actually fulfills its promises related to encryption, privacy, and security.
Is Telegram safe and secure?¶
A question about safety and security with regards to any communication tool is always a complex one. A lot depends on individual needs, context in which the tool is to be used, on the reasons for using the tool. But in case of Telegram it is difficult to find situations in which it is the safest available tool for the job. And it is really easy to find situations where using it is dangerous.
There is no such thing as a perfect tool. All internet messaging services, including Signal, had vulnerabilities found in them. Their protocols evolved with time, reacting to often valid criticism. But the way Telegram and Pavel Durov react to criticism and how they misdirect does not build trust.
Safety and security of any tool never boil down only to technical issues (and even these are definitely not Telegram’s strong suit). It is immensely important how strengths and weaknesses of a given tool are being communicated to people who use it. How does the user interface work? Does it make it difficult to make a mistake, for example unintentionally to send a message that is not fully end-to-end encrypted?
Telegram has been misleading people for years, abusing terms such as “encrypted messenger” – and it is not hard to conclude this is intentional at this point. It apparently cooperates with law enforcement even though it claims otherwise. And its user interface seems designed to mislead users into a false sense of security.
This is dangerous. I had worked with investigative journalists who used Telegram to talk to their sources. I had seen on many occasions the shock when I explained what “encrypted” really means in the context of this tool. By trusting Telegram’s claims they had put their sources in danger.
Telegram is certainly aware of all this – many people had pointed all of this out over the years. But it refuses to change.