Back to blog

Telegram and Secure Messaging

2017-07-05 12:00

Telegram, as it states on its home page, is a secure messenger. Over the years it became a simple, powerful multi-device messenger which is selected as the main messaging platform by many people (the official Android app has more than 100 million installs, for example).

100 million installs

Many people say Telegram really is a secure messenger. They trust Pavel Durov, its creator, they get overwhelmed with its promotion, they get obsessed. I will try to dissolve Telegram as a secure messenger suitable for private messaging from the end user's point of view.

So, let's start with the main promotional Telegram's feature which was heavily advertised—the secret chats.

Secret chats

Secret chats is the way Telegram does end-to-end encryption on your messages. They are said to leave no trace on Telegram's servers and to be not available to them. This is the recommended way to message securely on Telegram.

However, they are pretty unconvenient, as you have to start them by hand. They also have a few problems that make their usage painful.

Telegram FAQ

All secret chats in Telegram are device-specific and are not part of the
Telegram cloud. This means you can only access messages in a secret chat from
their device of origin.

Messengers really caring about end-to-end encryption of its clients should provide the way to somehow synchronize encrypted chats, or such feature would not be used by masses. For example, Signal Protocol, the cryptographic protocol used by Signal, does scale, so as its port to XMPP, OMEMO, and Proteus, the port made for Wire messenger. They achieve multi-device encryption by encrypting the message separately for every recipient device.

OMEMO

Proteus

Signal Protocol

Telegram's secret chats are like OTR in XMPP—an old encryption protocol that doesn't allow you to neither synchronize messages nor send messages to offline devices.

OTR has significant usability drawbacks for inter-client mobility. As OTR
sessions exist between exactly two clients, the chat history will not be
synchronized across other clients of the involved parties. Furthermore, OTR
chats are only possible if both participants are currently online, due to how
the rolling key agreement scheme of OTR works.

Introduction to XEP-0384, the motivation to replace OTR

[^1]: It's already July 26, 2021. Four years passed. No change. Still waiting.

June 1, 2014

1

2

3

MTProto security

Any security protocol should be independently audited to be trusted on being secure. MTProto, the homegrown encryption protocol used by Telegram to encrypt messages, wasn't audited, but instead a challenge was posted by Pavel Durov to crack the secret chat he started with his brother.

challenge was posted

The lack of winners noted by Pavel Durov is the thing he mostly admires when claiming the protocol security. Why is a marketing promotional better than an independent expert audit which would state things better? We only have to guess and hope the protocol is really secure.

xkcd #153

Spreading fear and doubt

Pavel Durov recently stated the encryption of Signal was funded by US government, so the backdoor is predicted to be found in 5 years.

stated

The encryption of Signal (=WhatsApp, FB) was funded by the US Government. I
predict a backdoor will be found there within 5 years from now.

The development of a new crypto is a hard task to accomplish. The cryptoexperts funded by the governments know there shouldn't be any backdoors, as any security tamper used by "good guys" can eventually be used by "bad guys".

If the protocol is sound from the bad guys, it is safe and sound from anyone, so predicting the protocol to be found vulnerable in just 5 years sounds more like spreading FUD[^2] among people to help promoting Telegram. Not only it doesn't look like a fair play, it's a very dangerous thing to do as people trusting Durov probably will just abandon on things after such statements.

[^2]: Fear, uncertainty, and doubt

xkcd #1820

Undermining the competitors isn't a good thing to do. Undermining them with spreading FUD among people is even worse.

Source Code

Telegram is a program with sources published under the GNU General Public License v2[^3]. Yet the only apps whose recent code is always available are Telegram Desktop and Telegram for Web while the mobile apps’ code is updated irregularly (Android, iOS).

[^3]: The apps licensed under the GNU GPLv2 are Telegram’s mobile apps. Telegram for Web and Telegram Desktop are licensed under the GNU GPLv3.

GNU General Public License v2

Telegram’s mobile apps

Android

iOS

The repos linked above face occasional updates with the interval close to 6 months or something about that. This is a rare case in the open source world, where the development almost always goes social, so you can see any interaction happened with the app’s code. But Telegram’s mobile apps development goes behind closed curtains: no pull requests are accepted, no issues are closed, commits do not link to individual changes, but instead consist of huge changesets pushed at once.

What prevents the messenger’s team from going fully open source as others already do? No idea. Still the reason to watch out.

Summary

Let's summarize the things we've learned:

If you're going to use Telegram for secure messaging, you'll have to trust it on being secure, and there are many signs you shouldn't. So, why don't you make a change then? There are already a few secure messengers on the market that allow you to chat securely while handling things like multiple devices much better than Telegram does, like Wire or Signal.

Wire

Signal