The messaging app 'Telegram' is considered to be a 'highly anonymous' app, but in reality it is not like that at all



Matthew Green, a cryptographer at Johns Hopkins University, warned that a common misconception on the Internet is that Telegram is a highly anonymous app, and explained in a blog post why this is so.

Is Telegram really an encrypted messaging app? – A Few Thoughts on Cryptographic Engineering

https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/

The incident began on August 24, 2024, when Pavel Durov, founder and CEO of Telegram, was arrested in France for 'failing to take appropriate measures to curb criminal activities such as drug trafficking, money laundering, and child pornography conducted through the Telegram app.' The extension of detention has already been decided, and Pavel Durov is expected to be detained for up to 96 hours.

Telegram founder and CEO Pavel Durov reportedly arrested in France - GIGAZINE



Telegram said in its lawsuit that it has 'nothing to hide' about Pavel Durov's arrest, that its app 'complies with EU law,' including the Digital Services Act, and that it is 'absurd to claim that the platform or its owners are responsible for the misuse of its platform.'




Greene also commented that 'using criminal charges to threaten social media companies is quite worrying,' but added that 'that's a different story.' She pointed to news articles from France 24 , ABC News , Politico and others that have referred to Telegram as an 'encrypted messaging app.'



Many systems use some form of encryption, but in the context of messaging apps, 'encrypted app' generally means 'end-to-end (E2E) encryption by default,' meaning that the contents of a message cannot be seen by anyone other than the sender and receiver, not even the app developer or law enforcement.

However, Green pointed out that 'Telegram does not provide E2E encryption as standard, so it is difficult for ordinary users to have E2E encrypted chats.' The diagram below shows how to enable E2E encryption in the iOS version of the Telegram app. There are four steps required, from left to right.



In addition, there are restrictions such as the requirement that the other party must be online to have an E2E encrypted chat, and E2E encryption is not possible for group chats of three or more people. 'It is clear that Telegram does not meet the definition of an encrypted app,' Green said.

Telegram's encryption has been criticized since at least 2016, but has not been improved. In fact, Telegram CEO Pavel Durov has

touted the security of Telegram, saying, 'Signal and WhatsApp have American backdoors, and only independent encryption protocols can be truly trusted.'



'While comparing platforms that both support standard E2E encryption, Durov's statements are completely baseless,' Green said. 'It's starting to feel a bit spiteful that he's urging people to refrain from using messaging apps that come with E2E encryption as standard, while refusing to implement the feature to encrypt his own users' messages.'

However, E2E encryption does not mean that you are completely safe, and metadata such as 'who you chatted with' and 'when and how much you chatted' are still visible even with E2E encryption. Green wrote that he wrote the reason for posting the blog, 'Do not fall into the conclusion that encryption alone is enough,' and that 'if we do not correct the misunderstandings about Telegram, many users could suffer great harm.'

Related Posts:

in Mobile,   Software,   Web Service,   Security, Posted by log1d_ts