There are tons of non-consensual nude images, e No Vax uses it to circulate the lists of bars and restaurants that do not ask for the Green Pass. But Hong Kong protesters have also used it to organize themselves in 2019, and it hosts some of the bravest independent journalists, who dare to tell what really happens on the ground in war zones and authoritarian countries. It’s Telegram, the messaging and broadcasting service created by the Russian entrepreneur Pavel Durov in 2013which became popular for its very lax approach to content moderation and the idea that it is more secure than the main mainstream competitor, which is WhatsApp.
Attracted by the promise of a highly encrypted platformwhich keeps users safe from governmental requests for cooperation and allows even those with extreme political positions to coordinate without being kicked out, in 2021 millions of people joined the service, and Telegram passed the half-billion mark. active monthly users.
This digital diaspora has been a little the wave of panic around the misconception that WhatsApp would start sharing much more data with Facebook (which, to put it mildly, does not enjoy a lot of public trust), after an update of the privacy policies, and a little bit the fact that the more mainstream social platforms have become much less permissive with groups and pages far-right in the United States after the attack on the Capitol on January 6, 2021: “We have had download spikes in the past, during our 7 year history of privacy protection of users – wrote Durov from Telegram, welcoming the newcomers – But this time it’s different. People no longer want to trade their privacy for free services. “
Consider Durov’s words and the fact that, since his debut, Telegram being sold as a heavily encrypted alternative to other messaging services, so many are convinced that their communications and data are totally secure when they happen on Telegram. Except it isn’t.
WhatsApp aims at the American market, which in 2022 is still the realm of texting
by Emanuele Capone
The first problem: encryption
Telegram uses its own encryption protocol, called MTProto, which was developed by the company itself and is used only by it. This out of the ordinary choice is often criticized by cybersecurity expertsbecause discovering vulnerabilities in a new protocol takes many years of work and extensive scrutiny, so a protocol used by many companies is more likely to be more secure than a home-made one.
Unlike WhatsApp or Signal (which among the most popular messaging apps is by far the safest for those who want to protect data and communications), on Telegram chats do not automatically enjoy encryption end-to-end. This means that, in most cases, messages sent via Telegram are decrypted and saved on the company’s servers, and therefore potentially readable not only by the company itself, but also by any hackers who enter the servers, as well as by any governments that require access to servers for a specific reason. The company often went subtracted from the requests of the authorities (on this, he has been in dispute with Germany for months)but has sometimes decided to cooperate to crack down on content relating to Islamic extremism or child pornography.
Telegram gives you the ability to send messages with end-to-end encryption, but only if you specifically select the Secret Chat option with another user. The option must be selected individually for each of the contracts, as opposed to how it happens on Signal and WhatsApp. Additionally, end-to-end encryption is not available for group chatswhich are used extensively to organize demonstrations or exchange sensitive information.
The second problem: metadata
The company also retains other metadata (such as the IP addressthe information of devices with which you log in to the application, your username and Photo profile) for a maximum of 12 months, and reserves the right to read messages saved in the cloud for spam or other forms of abuse. This means it is very difficult to use the application anonymously: to register, on the other hand, it is mandatory to provide a mobile number, and it is rare for someone to have a number that is not easily traceable to them.
Who is Moxie Marlinspike and why he left Signal after creating it
by Andrea Daniele Signorelli
The third problem: localization
Recently, then, the analyst Jordan Wildon pointed out that there is another feature application that potentially endangers users. Telegram provides the People Nearby function, which is advertised as a way to find new friends and groups in your area based on the location of the GPS. But it is worryingly precise: “It only takes one person to have this function turned on and that he sends a message in a group chat in which, for example, a protest is being organized, to reveal the movements of all the people he is with – stressed Wildon – It would not be the first time that a live position is shared in these groups during a demonstration “.
“An example: today I did a search within a kilometer around a place where a known manifestation of coronavirus skeptics was taking place “, he clarified. By locating an account with the People Nearby option turned on within one of the groups organizing the protest, he was able to find all the other groups he belongs to.
In short: “It is surprising to me that after all this time, almost all of Telegram’s media coverage still calls it an encrypted service – Moxie Marlinspike commented in Decemberfounder of Signalinstead considered a much safer alternative to both Telegram and WhatsApp – Telegram has many interesting features, but in terms of privacy and data collection, there is no worse choice ”.