Telegram Analysis: Secure Messenger or Dangerous Delusion?

[Friend]

Non-obvious risks of using a popular messenger.

Recently, the news spread around the world that Telegram CEO Pavel Durov was arrested by the French authorities for failing to adequately moderate content. While this raises many questions, the very fact of prosecuting social media is a serious step that deserves to be discussed.

However, cryptographer Matthew Green focused not on the arrest itself in his post, but on one particular aspect of the coverage of the event. Almost all media outlets call Telegram an "encrypted messenger." The term, while not technically incorrect, is misleading to users and journalists, which can lead to serious consequences.

Does Telegram have encryption?
Many systems use encryption in one form or another. However, as Matthew Green points out, when it comes to modern instant messengers, encryption usually implies end-to-end encryption by default. This means that each message is encrypted using keys known only to the participants in the communication, and not even the service provider can read it.

Telegram, as Green emphasizes, does not meet this standard for one simple reason: end-to-end encryption is not enabled by default. If a user wants to use encryption in Telegram, they need to manually activate the "Secret Chats" feature for each individual conversation. This feature is not available for group chats and is only enabled for one-on-one conversations.

"To activate encryption in Telegram, you need to take several difficult steps that are not obvious to most users. This makes the use of end-to-end encryption unlikely, which means that most Telegram chats remain vulnerable," writes Matthew Green.

Does encryption matter by default?
Green notes that perhaps for some users, the lack of encryption by default is not critical. Many people use Telegram not as a messenger, but as a social network. Telegram supports channels and large groups, making it ideal for public discussions. In such cases, encryption may not be a priority.

However, as Green emphasizes, many users, starting with public use, may switch to private messages without realizing that their conversations are not properly protected. Telegram is probably aware of this and is actively promoting itself as a "secure messenger" despite the difficulty of activating encryption.

Criticism of Telegram and its response
Telegram's encryption has been criticized since 2016. Despite the significant increase in the number of users, the functionality of Secret Chats remains almost unchanged. At the same time, Pavel Durov continues to actively promote Telegram as a secure messenger, which raises questions about the integrity of such statements.

"Despite criticism and user requests, Telegram has not changed the user experience of encryption since 2016. This gives the impression that their position on this issue is more marketing than technical," Matthew Green emphasizes.

Technical Details of Telegram Encryption
Matthew Green also pays attention to the technical aspects of encryption in Telegram. He notes that Telegram uses its own MTProto 2.0 protocol for "Secret Chats". This protocol includes several non-standard solutions that may raise questions among experts.

While the protocol itself may be technically secure, its effectiveness, as Green emphasizes, is meaningless if most users simply don't activate encryption.

Metadata and other threats
In addition to the shortcomings in encryption, Matthew Green also draws attention to the metadata that Telegram collects. This data about users, their connections, and the time of communication can be just as valuable as the content of the messages, and they are not end-to-end encrypted.

Thus, even when using "Secret Chats", users remain vulnerable to leakage of information about their activities.

In conclusion, Matthew Green recommends that users be careful when using Telegram, taking into account all the nuances of encryption and its limitations. Before trusting a platform with your sensitive data, you need to weigh all the risks.

Source

 

[Friend]

Hacking, lunch with the president and passport: Telegram chronicles in France

What did the WSJ investigation uncover?

On Wednesday, the Wall Street Journal, citing sources, revealed a number of details about the relationship between Pavel Durov, who received French citizenship in 2021, and the French authorities. According to the material, in 2018, French President Emmanuel Macron during lunch invited Durov to move the headquarters of Telegram from the UAE to Paris. However, Durov reportedly refused. Despite this, in 2021, France granted him citizenship under a simplified procedure.

In addition, a year before the alleged meeting between Macron and Durov, according to the publication, the French and Emirati special services hacked Durov's mobile phone as part of a joint operation. This was due to fears that the terrorist organization "Islamic State" (banned in Russia) is using Telegram to recruit supporters and prepare terrorist attacks.

Also, the publication, citing a source close to Durov, claims that Telegram for years ignored subpoenas and court orders "that accumulated on the company's rarely verified email address."

After the arrest of the founder of the messenger, his team said that Telegram complies with EU laws, including the Digital Services Act (DSA), which provides for stricter rules to combat the spread of misinformation and illegal content. Telegram representatives also stressed that the company's CEO Pavel Durov has nothing to hide, and he often travels around Europe. They called absurd the claims that the platform or its owner is responsible for the abuses committed by users.

 

[Friend]

Durov's arrest jeopardizes Telegram IPO
Legal issues could jeopardize IPO plans.

Telegram, a popular messaging platform, has faced serious problems amid allegations against its founder Pavel Durov, which has caused the company's bond prices to plummet and jeopardized its plans for an IPO in the next two years.

In March 2024, Durov announced plans to hold an IPO, rejecting offers from investors who valued the company at more than $30 billion. However, the prospects for going public have been in doubt due to accusations in France related to the insufficient fight against illegal content on the platform, including material related to child abuse. Durov faces preliminary charges, one of which provides for a punishment of up to 10 years in prison.

These accusations were a major blow to Telegram, which has been actively seeking to increase revenue by introducing subscriptions and promotional offers in order to achieve financial self-sufficiency by 2026. In 2023, the company generated $342 million in revenue with an operating loss of $108 million, and the total loss was $173 million after taxes.

Telegram is financed by debt, the total amount of which is about $2.4 billion with maturity in 2026. A recent $330 million bond offering was oversubscribed, and Durov himself purchased at least $64 million worth of Telegram bonds.

However, Durov's arrest at an airport near Paris caused the company's bond prices to fall by 10 percentage points, from 96 to 87 cents on the dollar. As a result, bond yields rose to 16%.

The charges and arrest have caused concern among investors, and they wonder if they will be able to trust the company in the future, especially in the event of an IPO. Some suggest that private investors can take advantage of the situation to acquire the company at a discounted price.

Telegram is also closely related to the Toncoin cryptocurrency, created by the company's team. In 2023, the company's digital assets, valued at almost $400 million, helped partially offset financial losses. However, after the arrest, the value of Toncoin fell by almost 20%.

Telegram did not comment on the situation after Durov's arrest. The company is known for its centralized management structure, in which key decisions are made personally by Durov. Telegram also prides itself on minimal personnel drain and the overall commitment of employees to the company's mission.

Durov has long maintained a policy of minimal interference with content moderation, saying he supports free speech and refuses to share user data with third parties, including governments. However, the allegations and related events call into question the future of the company and its ability to continue operating in its current format.

 

[Friend]

"People nearby" disappeared from Telegram after Durov's arrest
How European laws force the popular messenger to adapt.

On August 25, 2024, Telegram founder Pavel Durov was arrested in France on charges related to his messenger. French authorities suspect that Telegram was used to support various criminal activities, such as drug trafficking, terrorism, and cybercrime. In particular, the messenger's features, such as "People Nearby," have attracted the attention of law enforcement.

Telegram's "People Nearby" feature allows users to find other people and local groups nearby using geolocation data. Over the course of its existence, it has gained a controversial reputation as it has often been used by attackers to harass and track people. In addition, it was actively used in tools such as CCTV (Close-Circuit Telegram Vision), developed by Ivan Glinkin. This tool allowed you to enter coordinates and get a list of users within a radius of up to 500 meters, which made it convenient to use for criminal purposes.

Telegram users recently noticed that the "People Nearby" feature stopped working. It is unknown if this is due to a technical glitch or if it is a deliberate outage. It is also worth noting that the day before, the function of displaying the counter of active users for bots stopped working, which may indicate possible technical changes or updates in the messenger.

Interestingly, despite the disabling of the feature, users from the contact list are still displayed in the "People Nearby" menu, and some users outside of Russia report that the feature continues to work in their regions. This may indicate that the shutdown is partial or regional.

These developments come amid increased pressure on Telegram from European regulators, especially after the passage of the Digital Services Act (DSA) in 2023, which increased control over digital platforms and obliged them to take more active measures to moderate content. The disabling of the "People Nearby" feature may be due to both this pressure and recent abuse of this feature.