Telegram (application)

From SI410
Jump to: navigation, search
Back • ↑Topics • ↑Categories
Telegram
Telegram-Logo.png
Telegram-official-example.png
Telegram Site
Type Chat Application
Launch Date August 14, 2013 [1]
Status Active
Product Line product
Platform Android, iOS, Windows, Mac, Linux
Website telegram.org

Telegram is an open source encrypted messaging app, and currently the fifth most used messenger type app in the world with over 500 million users [2] [3]. It can be accessed from Windows, iOS, Android, Linux, and from most web browsers[4]. The associated code with these clients is all open source [5][6][7] Telegram is famous for their secret chats, which are end-to-end encrypted, meaning that no intermediary, including Telegram itself, can access user chat logs[8]. Due to this feature, telegram has gained adoption among privacy conscious individuals due to its better privacy protections compared to competitors such as WhatsApp [9]. Still, Telegram is not without it's own controversies. A common complaint is that chats are not end to end encrypted by default and as such, Telegram's servers some chat data from users [10]

History

Telegram was developed by Paul and Nikolai Durov and was first launched on August 14, 2013 [11][12]. It was initially started as a research project for during the pair's tenure as founders of VK, Russia's largest social network before their ousting by pro-Kremlin investors [13]. The Durov's made Telegram as a response to Edward Snowden's leaking of the NSA's spy programs on the internet. Telegram was described as a privacy centric company where profit was not a priority[14]. In April 2018, Telegram was banned in Russia, but due it's open source nature, the ban was ineffective[15]. In 2020, Telegram was unbanned in Russia[16]. Due to its decentralized nature, Telegram does not disclose the location of their data centers or offices despite being registered as a British/American company. Similarly, co-founder Paul Durov has stated that he and a core team of four engineers develop Telegram from locations around the world, changing locations every 3-4 months.[17]

Features

Messaging

Telegram supports messaging between users, groups of users, and channels, where one person can broadcast announcements one-way to a large audience. Moreover, users can send files up to 2 Gb in size, which is bigger than every other messaging app.[18]. Telegram's group chats support up to 200,000 members per chat, and users can mention users and pin messages [19]. Lastly, Telegram's channels are a one way method of broadcasting messages to large audiences. There is an unlimited amount of subscribers but only admins of the channel are allowed to post. For these types of non end-to-end encrypted messages, Telegram is able to back these up into the cloud so that users can access their messages from any client. [20] Telegram also supports polls in groups and channels, where a poll creator can ask questions of other members in the channel or group (polls can either be a questionnaire, with no answer, or a quiz, with a correct answer).[21]


Telegram also supports secret chats between users, where messages are end-to-end encrypted and will self destruct in a certain amount of time (selected by the user). These secret chats are not backed up into Telegram's servers (as Telegram does not have the key to decode the messages) and thus are only viewable on the original device that received those messages, regardless of other devices that were logged in at the time. Secret chats are lost upon logout[22].

Sign-up

Telegram requires a working phone number and the mobile app on either android or iOS.[23] Telegram does not support registration on the desktop app. To register, a user must verify their phone number with Telegram, and can then add a first and last name and a profile picture.[24]

Profile Pages

Telegram offers profile pages for users where other users can see their profile picture and their shared posts, videos, and links [25]

Voice/Video calls

Voice calls were introduced in 2017 [26] and video calls were added in 2020. Both aforementioned services are supported by end-to-end encryption.[27] In addition, Telegram also supports group video calling, which was added in 2021 and is limited to 30 participants (there is an unlimited amount of participants for audio calls).[28]

Emojis

Telegram not only supports regular Emojis and reactions to posts, it also supports interactive Emojis, where the Emoji will vibrate both the sender and the receiver's phone upon tapping.

Instant View

Instant view is a feature where articles are parsed by Telegram bots for content to pre-load inside a Telegram template. When a user clicks on an instant view, there is no need to load the content from the web thus reducing page load times. The Instant View Editor allows users to create and test templates for content on different domains. [29]

Telegraph

Telegraph is Telegram's blogging tool, where users can format their posts and publish. Telegraph is linked with Instant View, so the blog posts are cached and do not require loading to view. [30]

Location Sharing

Telegram also allows users to share their location with others in real time, for a pre-determined amount of time (15 minutes, 1 hour, or 8 hours). This feature also works in groups, where a user can share their location with everybody in the group (and view the locations of the other members of the group, if they also share). [31]

People Nearby

People nearby is a feature that uses a user's location to show people's approximate distance to the user. This feature is off by default and must be manually enabled, and can be disabled at any time. [32]

Design

Encryption for Messaging

Source: https://core.telegram.org/mtproto

Telegram uses their own encryption protocol (called MTProto) for messaging where messages in non secret chats are added with a server salt, a session id, the message sequence number, the message length, and the time. These are then embedded into the transfer protocol's payload (either TCP/HTTP or otherwise) before being sent to the server and then to the receiving client. With non secret chats, the server knows the decryption key and so can theoretically decrypt messages. [33]


With secret chats, the messages are end-to-end encrypted and can only be decrypted by the sender and receiver. On top of the MTProto encryption mentioned above, messages sent in secret mode are encrypted by the Diffie-Hellman protocol where only the receiver and sender have access to their corresponding private keys. [34]

Encryption for Voice/Video calling

For voice and video calls, they are encrypted in a manner similar to messages where each side generates their own secret keys via the Diffie-Hellman protocol and their data packets are hashed by SHA256 before being sent to each other.

Source: https://core.telegram.org/api/end-to-end

Servers

Telegram's messaging servers are decentralized and based all over the world, being in certain locations for certain groups (London for Europe, Singapore for Asia and San Francisco for US). [35] Telegram uses their own encrypted CDN's which store files that are sent to it (and encrypted with AES-256). They rent these CDN's so that they are able to switch providers in case of negative government influence.

APIs

Telegram offers an API to developers, firstly, the Bot API, where developers can leverage the API to create bots to send custom emojis or messages.[36]. Their bot API is an http based API where developers can make requests using GET and POST requests to an http URL (https://api.telegram.org/bot123456). Bot developers can host a local bot API server where their requests will be able to download unlimited files. The second API available to developers is TDLib, the Telegram Database Library, where third party developers can build their own custom apps that run on the Telegram cloud, in effect being able to offer custom clients for Telegram. [37] The TDLib API natively supports Java and C/C++ and has a JSON interface. The TDLib API is licensed under the boost software license [38]

Telegram X

Telegram X is an alternative Telegram API built by the Telegram team themselves in order to compete with third party client developers. It has a different set of features over the original client and is written in Swift (compared to the original client which was written in Objective-C). In 2018, the Telegram X client replaced the original iOS Telegram client, but the Telegram X client for android still exists as a separate application [39].

Sources of Profit

Currently, all of Telegram's services are free (and prior to 2021 were supported by the founder's personal funds from their successful venture VK). In 2021, ads were introduced to Telegram in order to generate revenue for the company (revenue from the telegram messenger itself was previously 0). The founders stated that the reason for introducing advertising into the platform in order to pay their operating costs, who they estimate at a few hundred million dollars a year[40]. Among the ads that Telegram prohibits include political advertising, medical services, and gambling [41]

In 2018, Telegram launched an initial coin offering, in which they collected 1.7 billion dollars worth of funding for the platform. To do so, they launched a subsidiary that controlled and sold the tokens to buyers(the Telegram Open Network). The project was shut down in 2020 [42].

In 2021, Telegram sold 1 billion dollars worth of Bonds to foreign (non-US) investors, which will be used to "help roll out expansion plans as well as drive its monetization strategy". [43][44]

Controversy

Telegram has had a number of controversies over its existence. Controversies include Telegram's collection of user data, Telegram's ties to Russia/the Kremlin and the usage of Telegram by terrorist and other extremist groups.

Russian Ties

In 2021, Alexei Navalny, a jailed critic of Vladimir Putin, had his recommendations on who to vote for in order to unseat Putin banned by Telegram. Telegram stated that it was because they were following local Russian law, which prohibits any form of campaigning once the polls open [45].

In 2017, a former employee of Telegram, Anton Rosenberg, sued Telegram after being fired in 2017 [46]. He claimed that Telegram actually owns offices in Saint Petersburg and does not operate on a global basis as Telegram claims.[47] Telegram sued him for 100 million rubles for causing loss of profit and disclosing trade secrets. Both parties ended up settling in court with Telegram withdrawing their lawsuit and Rosenberg being paid a settlement [48]

Usage by Terrorist Groups and other Extremists

Telegram has been used as a platform variety of violent and extremist groups over the years. In particular, ISIS has used telegram to plan terrorist attacks, including the 2015 Paris attacks and the 2017 Berlin Christmas market attack. ISIS also hosts channels on the platform where they disseminate propaganda and attempt to recruit terrorists [49]. In 2019, Telegram began to aggressively delete ISIS content (previously, Telegram was only removing channels and disbanding chat groups, but during 2019, with the assistance of Europol, Telegram started to ban both creator and user accounts in ISIS group chats and channels).[50]. Similarly, Telegram has been used by groups such as right wing extremists, where neo-nazi and other extremist groups gather to plan attacks. Despite their initial efforts, Telegram has failed to root out banned channels and have reformed themselves (sometimes just reusing the original group name with a 2 at the end. These channels include tutorials on bomb-making and topics on racism, and Telegram has not acted.[51]. In Germany, where Telegram is popular with anti-vax protestors and far-right groups, the government has proposed banning the app unless it takes action on removing the aforementioned types of accounts and associated content [52].


Collection of identifiable information

Telegram collects your phone number (in order to create an account) and allows users to add Telegram contacts from their mobile contacts list. Protestors in Hong Kong have alleged that this presents a security risk, as authorities could search mass numbers of phone numbers in order to find a match and then request the relevant records from the applicable telecommunications company to find out their identities. In late 2019, Telegram added an update to address this privacy issue and allow users to hide their phone numbers[53]. Still, Telegram has access to contacts and does not anonymize the data (unlike their competitor Signal) and also collects metadata, including IP address and device type, data that can be used to track down users [54]. In 2016, Telegram users in Iran had their phone numbers leaked and more than a dozen accounts were hacked due to sms interception, where hackers redirected the two factor authentication code after finding out users' phone numbers and managed to login to their accounts. To identify phone numbers, the hackers used a publically available API built into Telegram [55].

Non secret mode

Telegram's default encryption mode is not end-to-end encrypted, so an attacker could hypothetically read your messages sent to Telegram's servers if they were to gain access in the future. Moreover, Telegram does not support end-to-end encryption between groups of users, and so users are stuck using less private (non-secret) messages for their group chats. Letting Telegram access the content of messages means that their privacy can be flawed [56] [57]. Moreover, due to Telegram's reputation for privacy, users chatting in non-secret mode might not realize that their communications are not private and don't understand that they have to enable secret mode in order to truly have secret conversations [58].

Lack of security of their encryption algorithm MTProto

Due to MTProto's status as a newly developed form of cryptography, it has neither been proven secure nor safe compared to some of the more established cryptographical algorithms in use today [59]. Moreover, researchers have found that MTProto is not IND-CCA secure, meaning that "it is possible to turn any ciphertext into a different ciphertext that decrypts to the same message". While it is not possible to decrypt ciphertext with this flaw, more established encryption protocols do not have this flaw, and thus they should be preferred compared to Telegram's own MTProto encryption. [60]

Issues with data retention

Multiple bugs have surfaced in Telegram where media files sent over the MacOS Telegram client were not deleted even if the file in the secret chat was deleted. Telegram themselves state that the self destruct feature should not be relied upon, stating that "The self-destruct feature is intended to be a simple way for users to send media that will delete itself. We warn users that they should use this only with people they trust"[61].

Countries that ban or have banned Telegram in the past

A number of countries have banned or previously banned users from downloading and accessing Telegram. Countries which currently ban Telegram include China [62], where the app is banned using their great firewall, Cuba [63], which banned Telegram in the wake of the anti-government protests in mid 2021, Belarus, which banned Telegram due to their own anti-government protests in 2021, and Iran, where the government is attempting to force citizens to use their domestically produced app, Soroush, but which users are refusing to use due to privacy concerns [64].


Countries that previously banned Telegram but have unblocked them include Indonesia [65], which blocked telegram after claiming that the app was used to promote radicalism, before lifting the ban a few months later after Telegram removed the violent content [66], and Russia, who banned Telegram in an attempt to force the company to hand over user data, but which lifted it after 2 years after failing to fully ban the app [67].

Initial Coin Offering

Telegram's 2018 Initial Coin Offering was cancelled by the US Securities and Exchange Commission, which regulates the sale of investment products in the United States. The SEC alleged that Telegram "violated federal securities laws" [68] and fined Telegram 18.5 million as well as requiring them to return 1.2 Billion dollars of unspent money from their initial coin offering back to investors. Telegram's refunding of tokens was sued by a Russian private equity fund, Da Vinci Capital, as they claimed that the refund process was made with a lack of communication as to the options offered. Furthermore, they claimed that Telegram offered them the refund documents 24 hours prior to the deadline, making it so that they were not able to make an informed decision regarding their method of refund. Telegram offered investors a choic between an immediate refund of 72% of their funds or to refund 110% of their invested funds in a year.[69][70]

Location insecurity

The people nearby feature, which shows a list of other users nearby, can be used to triangulate the locations of users. In particular, if a bad actor can spoof their location in three different locations and note down their distance to the person they wish to track, they can attempt to reveal the true location of the user through triangulation [71] [72]

Demands for Backdoors

Countries including the US and UK have requested that tech companies, including Telegram, offer them a backdoor in order to decrypt Telegram messages in the interest of public safety [73]. They argue that Telegram's unbreakable encryption allows for criminals to operate and communicate from beyond the scope of law enforcement, and thus allowing police and other government agencies access to encrypted material would benefit public safety in reducing barriers to their investigation and helping them better identify and rescue vulnerable populations who are exploited by criminals who use these messaging platforms [74]. Telegram has refused to provide backdoors, with co-founder Pavel Durov stating that the FBI pressured him into adding backdoors to Telegram [75]. However, such a backdoor would also expose regular users of Telegram to hackers, if the backdoors were to leak. On the flip side, the European Parliament (the EU's law making body) has proposed a ban on backdoors and that end-to-end encryption should be enforced on all forms of digital communications [76].

References

  1. https://telegram.org/evolution
  2. https://www.statista.com/statistics/258749/most-popular-global-mobile-messenger-apps/
  3. Currently, Telegram boasts over 500 million active monthly users
  4. https://telegram.org/apps
  5. https://github.com/DrKLO/Telegram
  6. https://github.com/telegramdesktop/tdesktop
  7. https://github.com/TelegramMessenger/Telegram-iOS
  8. https://telegram.org/faq
  9. https://www.nytimes.com/2021/01/13/technology/telegram-signal-apps-big-tech.html
  10. https://www.forbes.com/sites/zakdoffman/2020/08/09/whatsapp-security-apple-iphone-google-android-apps-update-signal-telegram-encryption/?sh=26f62ccd64b3
  11. https://telegram.org/evolution
  12. https://telegram.org/faq#q-who-are-the-people-behind-telegram
  13. https://www.ft.com/content/21c5c7f2-20b1-11e5-ab0f-6bb9974f25d0
  14. https://techcrunch.com/2013/10/27/meet-telegram-a-secure-messaging-app-from-the-founders-of-vk-russias-largest-social-network/
  15. https://www.theverge.com/2020/6/29/21306691/telegram-russia-ban-evaded-washington-post-go-read-this
  16. https://www.theverge.com/2020/6/18/21295535/russia-telegram-ban-lifted-security
  17. https://www.ft.com/content/21c5c7f2-20b1-11e5-ab0f-6bb9974f25d0
  18. https://www.businessinsider.com/what-is-telegram
  19. https://telegram.org/tour/groups
  20. https://telegram.org/privacy#:~:text=Cloud%20Chats,rely%20on%20third%2Dparty%20backups.&text=This%20way%20local%20engineers%20or,get%20access%20to%20user%20data.
  21. https://telegram.org/tour/channels
  22. https://telegram.org/faq?setln=en#q-how-do-i-start-a-secret-chat
  23. https://www.businessinsider.com/how-to-make-a-telegram-account
  24. https://www.businessinsider.com/how-to-make-a-telegram-account
  25. https://telegram.org/blog/new-profiles-people-nearby
  26. https://techcrunch.com/2017/03/30/telegram-call/
  27. https://www.theverge.com/2021/6/26/22551652/telegram-adds-group-video-calling-chat#:~:text=Voice%20chats%20in%20any%20group,who%20join%20a%20voice%20chat.
  28. https://www.theverge.com/2021/6/26/22551652/telegram-adds-group-video-calling-chat#:~:text=Voice%20chats%20in%20any%20group,who%20join%20a%20voice%20chat
  29. https://instantview.telegram.org/
  30. https://telegram.org/blog/instant-view
  31. https://telegram.org/blog/live-locations
  32. https://telegram.org/blog/new-profiles-people-nearby
  33. https://core.telegram.org/mtproto/description
  34. https://core.telegram.org/api/end-to-end
  35. https://twitter.com/telegram/status/437273030856019969?lang=en
  36. https://core.telegram.org/bots
  37. https://telegram.org/blog/tdlib
  38. https://core.telegram.org/tdlib/docs/#using-json
  39. https://telegram.org/blog/telegram-x
  40. https://t.me/durov/142
  41. https://promote.telegram.org/guidelines#5-5-election-or-political-ads
  42. https://www.theverge.com/2020/5/12/21256407/telegram-cryptocurrency-shutdown-sec-gram
  43. https://www.reuters.com/article/mubadala-inv-telegram-int-idUSKBN2BF0UP
  44. https://www.barrons.com/news/telegram-messenger-raises-1-billion-by-selling-bonds-founder-01616512505
  45. https://www.reuters.com/world/europe/navalny-allies-accuse-telegram-censorship-russian-election-2021-09-18/
  46. https://www.spiegel.de/international/world/the-telegram-billionaire-and-his-dark-empire-a-f27cb79f-86ae-48de-bdbd-8df604d07cc8
  47. https://medium.com/@anton.rozenberg/pavel-durov-sued-senior-tech-lead-for-1-7-b24961dec503
  48. http://www.yklaw.ru/en/news/the-telegraph-did-not-sue/
  49. https://www.vox.com/world/2017/6/30/15886506/terrorism-isis-telegram-social-media-russia-pavel-durov-twitter
  50. https://www.wired.com/story/opinion-isis-is-now-harder-to-track-onlinebut-thats-good-news/
  51. https://www.motherjones.com/politics/2021/02/telegram-capitol-insurrection/
  52. https://www.independent.co.uk/tech/telegram-germany-shutdown-ban-far-right-b1991523.html
  53. https://www.reuters.com/article/us-hongkong-telegram-exclusive-idUSKCN1VK2NI
  54. https://www.vice.com/en/article/jgqqv8/five-reasons-you-should-delete-telegram-from-your-phone
  55. https://www.reuters.com/article/uk-iran-cyber-telegram-exclusive-idUKKCN10D1DS
  56. https://www.howtogeek.com/710344/psa-telegram-chats-arent-end-to-end-encrypted-by-default/#:~:text=In%20Telegram%2C%20only%20%E2%80%9Csecret%20chats,chats%20in%20Telegram's%20chat%20list.
  57. https://www.trustedreviews.com/news/is-telegram-safe-4130553
  58. https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415
  59. https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415
  60. https://dl.acm.org/doi/10.1145/2994459.2994468
  61. https://www.forbes.com/sites/thomasbrewster/2021/08/05/telegram-self-destruct-messages-fail-to-always-destroy-everything/?sh=3f04219016ab
  62. https://www.scmp.com/tech/policy/article/3125694/chinas-great-firewall-ensnares-encrypted-messaging-app-signal-joining
  63. https://www.engadget.com/cuba-blocks-internet-access-220656055.html
  64. https://www.theverge.com/2018/5/1/17306792/telegram-banned-iran-encrypted-messaging-app-russia
  65. https://www.bbc.com/news/business-40627739
  66. https://www.aljazeera.com/news/2017/8/2/indonesia-to-lift-ban-on-telegram-app
  67. https://www.reuters.com/article/us-russia-telegram-ban-idUSKBN23P2FT
  68. https://www.sec.gov/news/press-release/2020-146
  69. https://www.yahoo.com/video/telegram-sued-investment-firm-over-083216126.html
  70. https://www.coindesk.com/markets/2021/05/25/investors-in-failed-ton-project-sue-telegram/
  71. https://lifehacker.com/dont-use-telegrams-new-people-nearby-feature-1846017886
  72. https://arstechnica.com/information-technology/2021/01/telegram-feature-exposes-your-precise-address-to-hackers/
  73. https://www.cnbc.com/2020/10/12/five-eyes-warn-tech-firms-that-encryption-creates-severe-risks.html
  74. https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety
  75. https://www.businessinsider.com/telegram-founder-pavel-durov-claims-us-offered-backdoor-bribe-2017-6
  76. https://www.bbc.com/news/technology-40326544
Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=Telegram_(application)&oldid=108673"