Telegram (messaging service)

Development

Telegram was launched in 2013 by brothers Nikolai and Pavel Durov, who previously founded the Russian social network VK, but had to leave the company after it was taken over by Mail.ru Group. Nikolai Durov created the MTProto protocol that is the basis for the messenger, while Pavel provided financial support and infrastructure through his Digital Fortress fund with business partner Axel Neff, a third founder of Telegram.

Telegram is registered as both an English LLP and an American LLC. It does not disclose where it rents offices or which legal entities it uses to rent them, citing the need to "shelter the team from unnecessary influence" and protect users from governmental data requests. The service says that it is headquartered in Berlin, Germany. Durov left Russia and is said to be moving from country to country with a small group of computer programmers.

Usage numbers

In October 2013, Telegram had 100,000 daily active users. On 24 March 2014, Telegram announced that it had reached 35 million monthly users and 15 million daily active users. In October 2014, South Korean governmental surveillance plans drove many of its citizens to switch to Telegram. In December 2014, Telegram announced they had 50 million active users, generating 1 billion daily messages and that they had 1 million new users signing up on their service every week; traffic doubled in five months with 2 billion daily messages. In September 2015, an announcement stated that the app had 60 million active users and delivered 12 billion daily messages. In February 2016, Telegram announced that they had 100 million monthly active users, with 350,000 new users signing up every day, delivering 15 billion messages daily.

Account

Telegram accounts are tied to telephone numbers and are verified by SMS or phone call. Users can add multiple devices to their account and receive messages on each one. Connected devices can be removed individually or all at once. The associated number can be changed at any time and when doing so, the user's contacts will receive the new number automatically. In addition, a user can set up an alias that allows them to send and receive messages without exposing their phone number. Accounts can be deleted at any time and they are deleted automatically after six months of inactivity by default, which can optionally be changed to 1 month and 12 months. Users can replace exact "last seen" timestamps with fudged messages such as "last seen within a week".

The default method of authentication that Telegram uses for logins is SMS-based single-factor authentication. All that is needed in order to log in to an account and gain access to that user's cloud-based messages is a one-time passcode that is sent via SMS to the user's phone number. These login SMS messages are known to have been intercepted in Iran, Russia and Germany, possibly in coordination with phone companies. Pavel Durov has said that Telegram users in "troubled countries" should enable two-factor authentication by creating passwords, which Telegram allows, but does not require.

Cloud-based messages

Telegram's default messages are cloud-based and can be accessed on any of the user's connected devices. Users can share photos, videos, audio messages and other files (up to 1.5 gigabyte in size). Users can send messages to other users individually or to groups of up to 5,000 members. The transmission of messages to Telegram Messenger LLP's servers is encrypted with the service's MTProto protocol. According to Telegram's privacy policy, "all data is stored heavily encrypted and the encryption keys in each case are stored in several other DCs in different jurisdictions. This way local engineers or physical intruders cannot get access to user data".

Bots

In June 2015, Telegram launched a platform for third-party developers to create bots. Bots are Telegram accounts operated by programs. They can respond to messages or mentions, can be invited into groups and can be integrated into other programs. Dutch website Tweakers reported that an invited bot can potentially read all group messages when the bot controller changes the access settings silently at a later point in time. Telegram pointed out that it considered implementing a feature that would announce such a status change within the relevant group.

Channels

Channels can be created for broadcasting messages to an unlimited number of subscribers. Channels can be publicly available with an alias and a permanent URL so anyone can join. Users who join a channel can see the entire message history. Each message has its own view counter, showing how many users have seen this message. Users can join and leave channels at any time. Furthermore, users can mute a channel, meaning that the user will still receive messages, but won't be notified.

Stickers

Stickers are cloud-based, high-definition images intended to provide more expressive emoji. When typing in an emoji, the user is offered to send the respective sticker instead. Stickers come in collections called "sets", and multiple stickers can be offered for one emoji. Telegram comes with one default sticker set, but users can install additional sticker sets provided by third-party contributors. Sticker sets installed from one client become automatically available to all other clients.

Secret chats

Messages can also be sent with client-to-client encryption in so-called secret chats. These messages are encrypted with the service's MTProto protocol. Unlike Telegram's cloud-based messages, messages sent within a secret chat can be accessed only on the device upon which the secret chat was initiated and the device upon which the secret chat was accepted; they cannot be accessed on other devices. Messages sent within secret chats can, in principle, be deleted at any time and can optionally self-destruct.

Secret chats have to be initiated and accepted by an invitation, upon which the encryption keys for the session are exchanged. Users in a secret chat can verify that no man-in-the-middle attack has occurred by comparing pictures that visualize their public key fingerprints.

According to Telegram, secret chats have supported perfect forward secrecy since December 2014. Encryption keys are periodically changed after a key has been used more than 100 times or has been in use for more than a week. Old encryption keys are destroyed.

Telegram's local message database is not encrypted by default. Some Telegram clients allow users to encrypt the local message database by setting a passphrase.

Encryption scheme

Telegram uses a symmetric encryption scheme called MTProto. The protocol was developed by Nikolai Durov and other developers at Telegram and is based on 256-bit symmetric AES encryption, RSA 2048 encryption and Diffie–Hellman key exchange.

Servers

Telegram Messenger LLP has servers in a number of countries throughout the world to improve the response time of their service. Telegram's server-side software is closed-source and proprietary. Pavel Durov has said that it would require a major architectural redesign of the server-side software to connect independent servers to the Telegram cloud.

Client applications

Telegram has various clients. This list includes versions developed on official platforms backed by Telegram Messenger LLP and unofficial clients that are developed by the community. The source code of all official Telegram clients (and some of the unofficial clients) is open source and released under the GNU General Public Licence version 2 or 3.

Users can also access Telegram's cloud-based messages via an official web browser interface called Telegram Web (aka Webogram). Users can share images, files and emoticons with previously-added contacts; this works in most modern browsers, such as Firefox, Safari, and Google Chrome.

APIs

Telegram has public APIs with which developers can access the same functionality as Telegram's official apps to build their own messaging applications. In February 2015, creators of the unofficial Whatsapp+ client released the Telegram Plus app after their original project got a cease-and-desist order from WhatsApp. In September 2015, Samsung released a messaging application based on these APIs.

Telegram also offers an API that allows developers to create bots, which are accounts controlled by programs. In February 2016, Forbes launched an AI-powered news bot that pushes popular stories to subscribers and replies to search queries with relevant articles. TechCrunch launched a similar bot in March 2016.

Security

Cryptography experts have expressed both doubts and criticisms on Telegram's MTProto encryption scheme, saying that deploying home-brewed and unproven cryptography may render the encryption vulnerable to bugs that potentially undermine its security, due to a lack of scrutiny. It has also been suggested that Telegram did not employ developers with sufficient expertise or credibility in this field.

Critics have also disputed claims by Telegram that it is "more secure than mass market messengers like WhatsApp and Line", because WhatsApp applies end-to-end encryption to all of its traffic by default and uses a protocol that has been "reviewed and endorsed by leading security experts", while Telegram does neither and insecurely stores all messages, media and contacts in their cloud. Since July 2016, Line has also applied end-to-end encryption to all of its messages by default.

On 26 February 2014, the German consumer organisation Stiftung Warentest evaluated several data-protection aspects of Telegram, along with other popular instant-messaging clients. Among the aspects considered were: the security of the data transmission, the service's terms of use, the accessibility of the source code and the distribution of the app. Telegram was rated 'critical' (kritisch) overall. The organisation was favourable to Telegram's secure chats and partially open source code, but criticised the mandatory transfer of contact data to Telegram's servers and the lack of an imprint or address on the service's website. It noted that while the message data is encrypted on the device, it could not analyse the transmission due to a lack of source code.

The Electronic Frontier Foundation (EFF) listed Telegram on its "Secure Messaging Scorecard" in February 2015. Telegram's default chat function received a score of 4 out of 7 points on the scorecard. It received points for having communications encrypted in transit, having its code open to independent review, having the security design properly documented, and having completed a recent independent security audit. Telegram's default chat function missed points because the communications were not encrypted with keys the provider didn't have access to, users could not verify contacts' identities, and past messages were not secure if the encryption keys were stolen. Telegram's optional secret chat function, which provides end-to-end encryption, received a score of 7 out of 7 points on the scorecard. The EFF said that the results "should not be read as endorsements of individual tools or guarantees of their security", and that they were merely indications that the projects were "on the right track".

In December 2015, two researchers from Aarhus University published a report in which they demonstrated that MTProto does not achieve indistinguishability under chosen-ciphertext attack (IND-CCA) or authenticated encryption. The former means that it is possible to turn any ciphertext into a different ciphertext that decrypts to the same message. The researchers stressed that the attack was of a theoretical nature and they "did not see any way of turning the attack into a full plaintext-recovery attack". Nevertheless, they said they saw "no reason why [Telegram] should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist". The Telegram team responded that the flaw does not affect message security and that "a future patch would address the concern".

In April 2016, accounts of several Russian opposition members were hijacked by intercepting the SMS messages used for login authorization. In response, Telegram recommended using the optional two-factor authentication feature. In May 2016, the Committee to Protect Journalists and Nate Cardozo, senior staff attorney at Electronic Frontier Foundation, recommended against using Telegram because of "its lack of end-to-end encryption [by default] and its use of non-standard MTProto encryption protocol, which has been publicly criticized by cryptography researchers, including Matthew Green".

Cryptography contests

Telegram has organised two cryptography contests to challenge its own security. Third parties were asked to break the service's cryptography and disclose the information contained within a secret chat between two computer-controlled users. A reward of respectively US$200,000 and US$300,000 was offered. Both of these contests expired with no winners. Security researcher Moxie Marlinspike and commenters on Hacker News criticised the first contest for being rigged or framed in Telegram's favour and said that Telegram's statements on the value of these contests as proof of the cryptography's quality are misleading.

Censorship

Telegram was open and working in Iran without any VPN or other circumvention methods in May 2015. In August 2015, the Iranian Ministry of ICT asserted that Telegram had agreed to restrict some of its bots and sticker packs in Iran at the request of the Iranian government. According to an article published on Global Voices, these features were being used by Iranians to "share porn and satirical comments about the Iranian government". The article also noted that "some users are concerned that Telegram's willingness to comply with Iranian government requests might mean future complicity with other Iranian government censorship, or even allow government access to Telegram's data on Iranian users". Telegram has stated that all Telegram chats are private territory and that they do not process any requests related to them. Only requests regarding public content (bots and sticker packs) will be processed. In May 2016, the Iranian government asked all messaging apps, including Telegram to move all Iranian users' data to Iranian servers.

Use by terrorists

In September 2015, in response to a question about the use of Telegram by Islamic State of Iraq and the Levant, Pavel Durov stated: "I think that privacy, ultimately, and our right for privacy is more important than our fear of bad things happening, like terrorism." ISIS has recommended Telegram to its supporters and members and in October 2015 they were able to double the number of followers of their official channel to 9,000. In November 2015, Telegram announced that it had blocked 78 public channels operated by ISIS, which were used for spreading propaganda and mass communication. Telegram stated that it would block public channels and bots that are related to terrorism, but it would not honor "politically-motivated censorship" based on "local restrictions on freedom of speech" and that it allowed "peaceful expression of alternative opinions." Telegram's usage for daiish's propaganda has reignited the encryption debate and encrypted messaging applications have faced new scrutiny.

In July 2016 a tabloid journalist branded Telegram a "jihadi messaging app".

In August 2016, French anti-terrorism investigators asserted that the two daiish-directed Jihadists who fatally cut the throat of a priest in Saint-Étienne-du-Rouvray in Normandy, France, and videoed the murder, had communicated via Telegram and "used the app to coordinate their plans for the attack". daiish's media wing subsequently posted a video on Telegram, showing the pair pledging allegiance. A CNN news report stated that Telegram "has become known as a preferred means of communication for the Sunni terror group daiish and was used by the daiish cell that plotted the Paris terror attacks in November".