Matthew Green, a cryptographer at Johns Hopkins University, warned that there is a common misconception online that Telegram is a highly anonymous app and explained why this is the case in a blog post.
Is Telegram really an encrypted messaging app? – A few thoughts on cryptographic technology
https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/
The incident began on August 24, 2024, when Pavel Durov, founder and CEO of Telegram, was arrested in France for “failing to take appropriate measures to curb criminal activities such as drug trafficking, money laundering and child pornography through the Telegram app.” The extension of the detention has already been decided, and Pavel Durov is expected to remain in custody for up to 96 hours.
Telegram founder and CEO Pavel Durov reportedly arrested in France – GIGAZINE
Telegram stated in its lawsuit that it had “nothing to hide” regarding Pavel Durov’s arrest, that its app “complies with EU law,” including the Digital Services Act, and that it was “absurd to claim that the platform or its owners are responsible for the misuse of its platform.”
⚖ Telegram complies with EU laws, including the Digital Services Act. Moderation is in line with industry standards and is constantly being improved.
✈ Telegram CEO Pavel Durov has nothing to hide and travels frequently through Europe.
😵 It is absurd to claim that a platform or its owner…
— Telegram Messenger (@telegram) 25 August 2024
Greene also noted that “the use of criminal charges to threaten social media companies is quite concerning,” but added that “that’s a different story.” She referred to news articles from France 24 , ABC News , Politico and others who have called Telegram an “encrypted messaging app.”
Many systems use some form of encryption, but in the context of messaging apps, “encrypted app” generally means “end-to-end (E2E) encryption by default.” This means that the contents of a message can only be seen by the sender and recipient, not even the app developer or law enforcement.
However, Green pointed out that “Telegram does not provide E2E encryption by default, making it difficult for ordinary users to have E2E encrypted chats.” The diagram below shows how to enable E2E encryption in the iOS version of the Telegram app. From left to right, there are four steps involved.
In addition, there are limitations such as the requirement that the other party must be online to have an E2E encrypted chat and that E2E encryption is not possible for group chats with three or more people. “It’s clear that Telegram does not meet the definition of an encrypted app,” Green said.
Telegram’s encryption has been criticized since at least 2016, but has not been improved. In fact, Telegram CEO Pavel Durov
praised Telegram’s security, saying: “Signal and WhatsApp have American backdoors and only independent encryption protocols are truly trustworthy.”
“When you compare platforms that both support E2E encryption by default, Durov’s statements are completely unfounded,” Green said. “It’s starting to feel a bit malicious that he’s urging people to stop using messaging apps that come with E2E encryption by default, while refusing to implement the feature to encrypt his own users’ messages.”
However, E2E encryption does not mean you are completely safe, and metadata such as “who you chatted with” and “when and how much you chatted” are still visible even with E2E encryption. Green wrote that his reason for publishing the blog was “don’t jump to the conclusion that encryption alone is enough,” and that “if we don’t clear up the misconceptions about Telegram, many users could suffer great harm.”
