Difference between revisions of "Telegram (application)"

From SI410
Jump to: navigation, search
Line 78: Line 78:
  
 
===Non secret mode===
 
===Non secret mode===
Telegram's default encryption mode is not end-to-end encrypted, so an attacker could hypothetically read your messages sent to Telegram's servers if they were to gain access in the future. Moreover, Telegram does not support end-to-end encryption between groups of users, and so users are stuck using less private (non-secret) messages for their group chats. Letting Telegram access the content of messages means that their privacy can be flawed <ref>https://www.howtogeek.com/710344/psa-telegram-chats-arent-end-to-end-encrypted-by-default/#:~:text=In%20Telegram%2C%20only%20%E2%80%9Csecret%20chats,chats%20in%20Telegram's%20chat%20list.</ref> <ref>https://www.trustedreviews.com/news/is-telegram-safe-4130553</ref>.
+
Telegram's default encryption mode is not end-to-end encrypted, so an attacker could hypothetically read your messages sent to Telegram's servers if they were to gain access in the future. Moreover, Telegram does not support end-to-end encryption between groups of users, and so users are stuck using less private (non-secret) messages for their group chats. Letting Telegram access the content of messages means that their privacy can be flawed <ref>https://www.howtogeek.com/710344/psa-telegram-chats-arent-end-to-end-encrypted-by-default/#:~:text=In%20Telegram%2C%20only%20%E2%80%9Csecret%20chats,chats%20in%20Telegram's%20chat%20list.</ref> <ref>https://www.trustedreviews.com/news/is-telegram-safe-4130553</ref>. Moreover, due to Telegram's reputation for privacy, users chatting in non-secret mode might not realize that their communications are not private and don't understand that they have to enable secret mode in order to truly have secret conversations <ref>https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415</ref>.
  
 
===Russian Ties===
 
===Russian Ties===
 
In 2021, Alexei Navalny, a jailed critic of Vladimir Putin, had his recommendations on who to vote for in order to unseat Putin banned by Telegram. . Telegram stated that it was because they were following local Russian law, which prohibits any form of campaigning once the polls open <ref>https://www.reuters.com/world/europe/navalny-allies-accuse-telegram-censorship-russian-election-2021-09-18/</ref>.
 
In 2021, Alexei Navalny, a jailed critic of Vladimir Putin, had his recommendations on who to vote for in order to unseat Putin banned by Telegram. . Telegram stated that it was because they were following local Russian law, which prohibits any form of campaigning once the polls open <ref>https://www.reuters.com/world/europe/navalny-allies-accuse-telegram-censorship-russian-election-2021-09-18/</ref>.
 +
 +
===Lack of security of MTProto===
 +
Due to MTProto's status as a newly developed form of cryptography, it has neither been proven secure nor safe compared to some of the more established cryptographical algorithms in use today <ref>https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415</ref>. Moreover, researchers have found that MTProto is not IND-CCA secure, meaning that "it is possible to turn any ciphertext into a different ciphertext that decrypts to the same message". While it is not possible to decrypt ciphertext with this flaw, more established encryption protocols do not have this flaw, and thus they should be preferred compared to Telegram's own MTProto encryption. <ref>https://dl.acm.org/doi/10.1145/2994459.2994468</ref>
  
 
===Banned===
 
===Banned===
 
A number of countries have banned or previously banned users from downloading and accessing Telegram. Countries which currently ban Telegram include China <ref>https://www.scmp.com/tech/policy/article/3125694/chinas-great-firewall-ensnares-encrypted-messaging-app-signal-joining</ref>, where the app is banned using their great firewall, Cuba <ref>https://www.engadget.com/cuba-blocks-internet-access-220656055.html</ref>, which banned Telegram in the wake of the anti-government protests in mid 2021, Belarus, which banned Telegram due to their own anti-government protests in 2021, and Iran, where the government is attempting to force citizens to use their domestically produced app, Soroush, but which users are refusing to use due to privacy concerns <ref>https://www.theverge.com/2018/5/1/17306792/telegram-banned-iran-encrypted-messaging-app-russia</ref>.
 
A number of countries have banned or previously banned users from downloading and accessing Telegram. Countries which currently ban Telegram include China <ref>https://www.scmp.com/tech/policy/article/3125694/chinas-great-firewall-ensnares-encrypted-messaging-app-signal-joining</ref>, where the app is banned using their great firewall, Cuba <ref>https://www.engadget.com/cuba-blocks-internet-access-220656055.html</ref>, which banned Telegram in the wake of the anti-government protests in mid 2021, Belarus, which banned Telegram due to their own anti-government protests in 2021, and Iran, where the government is attempting to force citizens to use their domestically produced app, Soroush, but which users are refusing to use due to privacy concerns <ref>https://www.theverge.com/2018/5/1/17306792/telegram-banned-iran-encrypted-messaging-app-russia</ref>.
 +
  
  

Revision as of 09:57, 28 January 2022

Back • ↑Topics • ↑Categories
Telegram
Telegram-Logo.png
Telegram-ui.jpeg
Telegram Site
Type Chat Application
Launch Date August 14, 2013 [1]
Status Active
Product Line product
Platform Android, iOS, Windows, Mac, Linux
Website telegram.org

Telegram is an open source encrypted messaging app, and currently the fifth most used messenger type app in the world with over 500 million users [2] [3]. It can be accessed from Windows, iOS, Android, Linux, and from most web browsers[4]. The associated code with these clients is all open source [5][6][7] Telegram is famous for their secret chats, which are end-to-end encrypted, meaning that no intermediary, including Telegram itself, can access user chat logs[8]. Due to this feature, telegram has gained adoption among privacy conscious individuals due to its better privacy protections compared to competitors such as WhatsApp [9]. Still, Telegram is not without it's own controversies. A common complaint is that chats are not end to end encrypted by default and as such, Telegram's servers some chat data from users [10]

History

Telegram was developed by Paul and Nikolai Durov and was first launched on August 14, 2013 [11][12]. It was initially started as a research project for during the pair's tenure as founders of VK, Russia's largest social network before their ousting by pro-Kremlin investors [13]. The Durov's made Telegram as a response to Edward Snowden's leaking of the NSA's spy programs on the internet. Telegram was described as a privacy centric company where profit was not a priority[14]. In April 2018, Telegram was banned in Russia, but due it's open source nature, the ban was ineffective[15]. In 2020, Telegram was unbanned in Russia[16]. Due to its decentralized nature, Telegram does not disclose the location of their data centers or offices despite being registered as a British/American company. Similarly, co-founder Paul Durov has stated that he and a core team of four engineers develop Telegram from locations around the world, changing locations every 3-4 months.[17]

Features

Messaging

Telegram supports messaging between users, groups of users, and channels, where one person can broadcast announcements one-way to a large audience. Moreover, users can send files up to 2 Gb in size, which is bigger than every other messaging app.[18]. Telegram's group chats support up to 200,000 members per chat, and users can mention users and pin messages [19]. Lastly, Telegram's channels are a one way method of broadcasting messages to large audiences. There is an unlimited amount of subscribers but only admins of the channel are allowed to post. For these types of non end-to-end encrypted messages, Telegram is able to back these up into the cloud so that users can access their messages from any client. [20] Telegram also supports polls in groups and channels, where a poll creator can ask questions of other members in the channel or group (polls can either be a questionnaire, with no answer, or a quiz, with a correct answer).[21]


Telegram also supports secret chats between users, where messages are end-to-end encrypted and will self destruct in a certain amount of time (selected by the user). These secret chats are not backed up into Telegram's servers (as Telegram does not have the key to decode the messages) and thus are only viewable on the original device that received those messages, regardless of other devices that were logged in at the time. Secret chats are lost upon logout[22].

Sign-up

Telegram requires a working phone number and the mobile app on either android or iOS.[23] Telegram does not support registration on the desktop app. To register, a user must verify their phone number with Telegram, and can then add a first and last name and a profile picture.[24]

Voice/Video calls

Voice calls were introduced in 2017 [25] and video calls were added in 2020. Both aforementioned services are supported by end-to-end encryption.[26] In addition, Telegram also supports group video calling, which was added in 2021 and is limited to 30 participants (there is an unlimited amount of participants for audio calls).[27]

Emojis

Telegram not only supports regular Emojis and reactions to posts, it also supports interactive Emojis, where the Emoji will vibrate both the sender and the receiver's phone upon tapping.

Instant View

Instant view is a feature where articles are parsed by Telegram bots for content to pre-load inside a Telegram template. When a user clicks on an instant view, there is no need to load the content from the web thus reducing page load times. The Instant View Editor allows users to create and test templates for content on different domains. [28]

Telegraph

Telegraph is Telegram's blogging tool, where users can format their posts and publish. Telegraph is linked with Instant View, so the blog posts are cached and do not require loading to view. [29]

Location Sharing

Telegram offers

Design

Encryption for Messaging

Telegram uses their own encryption protocol (called MTProto) for messaging where messages in non secret chats are added with a server salt, a session id, the message sequence number, the message length, and the time. These are then embedded into the transfer protocol's payload (either TCP/HTTP or otherwise) before being sent to the server and then to the receiving client. With non secret chats, the server knows the decryption key and so can theoretically decrypt messages. [30]


With secret chats, the messages are end-to-end encrypted and can only be decrypted by the sender and receiver. On top of the MTProto encryption mentioned above, messages sent in secret mode are encrypted by the Diffie-Hellman protocol where only the receiver and sender have access to their corresponding private keys. [31]

Encryption for Voice/Video calling

For voice and video calls, they are encrypted in a manner similar to messages where each side generates their own secret keys via the Diffie-Hellman protocol and their data packets are hashed by SHA256 before being sent to each other.

Servers

Telegram's messaging servers are decentralized and based all over the world, being in certain locations for certain groups (London for Europe, Singapore for Asia and San Francisco for US). [32]


Telegram uses their own encrypted CDN's which store files that are sent to it (and encrypted with AES-256). They rent these CDN's so that they are able to switch providers in case of negative government influence.

APIs

Telegram offers an API to developers, firstly, the Bot API, where developers can leverage the API to create bots to send custom emojis or messages.[33]. Their bot API is an http based API where developers can make requests using GET and POST requests to an http URL (https://api.telegram.org/bot123456). Bot developers can host a local bot API server where their requests will be able to download unlimited files. The second API available to developers is TDLib, the Telegram Database Library, where third party developers can build their own custom apps that run on the Telegram cloud, in effect being able to offer custom clients for Telegram. [34] The TDLib API natively supports Java and C/C++.

Sources of Profit

In 2018, Telegram launched an initial coin offering, in which they collected 1.7 billion dollars worth of funding for the platform. The project was shut down in 2020 [35].

Currently, all of Telegram's services are free (and supported by the founder's personal funds from their successful venture VK). In 2021, ads were introduced to Telegram in order to generate revenue for the company (revenue from the telegram messenger itself was previously 0). The founders stated that they plan on introducing non-targeted advertising in the platform in order to pay their operating costs, who they estimate at a few hundred million dollars a year[36].

In 2021, Telegram sold 1 billion dollars worth of Bonds to foreign (non-US) investors, which will be used to "help roll out expansion plans as well as drive its monetization strategy". [37][38]

Controversy

Collection of identifiable information

Telegram collects your phone number (in order to create an account) and allows users to add Telegram contacts from their mobile contacts list. Protestors in Hong Kong have alleged that this presents a security risk, as authorities could search mass numbers of phone numbers in order to find a match and then request the relevant records from the applicable telecommunications company to find out their identities. In late 2019, Telegram added an update to address this privacy issue and allow users to hide their phone numbers[39]. Still, Telegram has access to contacts and does not anonymize the data (unlike their competitor Signal) and also collects metadata, including IP address and device type, data that can be used to track down users [40]. In 2016, Telegram users in Iran had their phone numbers leaked and more than a dozen accounts were hacked due to sms interception, where hackers redirected the two factor authentication code after finding out users' phone numbers and managed to login to their accounts. To identify phone numbers, the hackers used a publically available API built into Telegram [41].

Non secret mode

Telegram's default encryption mode is not end-to-end encrypted, so an attacker could hypothetically read your messages sent to Telegram's servers if they were to gain access in the future. Moreover, Telegram does not support end-to-end encryption between groups of users, and so users are stuck using less private (non-secret) messages for their group chats. Letting Telegram access the content of messages means that their privacy can be flawed [42] [43]. Moreover, due to Telegram's reputation for privacy, users chatting in non-secret mode might not realize that their communications are not private and don't understand that they have to enable secret mode in order to truly have secret conversations [44].

Russian Ties

In 2021, Alexei Navalny, a jailed critic of Vladimir Putin, had his recommendations on who to vote for in order to unseat Putin banned by Telegram. . Telegram stated that it was because they were following local Russian law, which prohibits any form of campaigning once the polls open [45].

Lack of security of MTProto

Due to MTProto's status as a newly developed form of cryptography, it has neither been proven secure nor safe compared to some of the more established cryptographical algorithms in use today [46]. Moreover, researchers have found that MTProto is not IND-CCA secure, meaning that "it is possible to turn any ciphertext into a different ciphertext that decrypts to the same message". While it is not possible to decrypt ciphertext with this flaw, more established encryption protocols do not have this flaw, and thus they should be preferred compared to Telegram's own MTProto encryption. [47]

Banned

A number of countries have banned or previously banned users from downloading and accessing Telegram. Countries which currently ban Telegram include China [48], where the app is banned using their great firewall, Cuba [49], which banned Telegram in the wake of the anti-government protests in mid 2021, Belarus, which banned Telegram due to their own anti-government protests in 2021, and Iran, where the government is attempting to force citizens to use their domestically produced app, Soroush, but which users are refusing to use due to privacy concerns [50].


Countries that previously banned Telegram but have unblocked them include Indonesia [51]

Initial Coin Offering

Telegram's 2018 Initial Coin Offering was cancelled by the US Securities and Exchange Commission, which regulates the sale of investment products in the United States. The SEC alleged that Telegram "violated federal securities laws" [52] and fined Telegram 18.5 million as well as requiring them to return 1.2 Billion dollars of unspent money from their initial coin offering back to investors.

Usage by Terrorist Groups and other Extremists

Telegram has been used by a variety of violent and extremist groups over the years.

References

  1. https://telegram.org/evolution
  2. https://www.statista.com/statistics/258749/most-popular-global-mobile-messenger-apps/
  3. Currently, Telegram boasts over 500 million active monthly users
  4. https://telegram.org/apps
  5. https://github.com/DrKLO/Telegram
  6. https://github.com/telegramdesktop/tdesktop
  7. https://github.com/TelegramMessenger/Telegram-iOS
  8. https://telegram.org/faq
  9. https://www.nytimes.com/2021/01/13/technology/telegram-signal-apps-big-tech.html
  10. https://www.forbes.com/sites/zakdoffman/2020/08/09/whatsapp-security-apple-iphone-google-android-apps-update-signal-telegram-encryption/?sh=26f62ccd64b3
  11. https://telegram.org/evolution
  12. https://telegram.org/faq#q-who-are-the-people-behind-telegram
  13. https://www.ft.com/content/21c5c7f2-20b1-11e5-ab0f-6bb9974f25d0
  14. https://techcrunch.com/2013/10/27/meet-telegram-a-secure-messaging-app-from-the-founders-of-vk-russias-largest-social-network/
  15. https://www.theverge.com/2020/6/29/21306691/telegram-russia-ban-evaded-washington-post-go-read-this
  16. https://www.theverge.com/2020/6/18/21295535/russia-telegram-ban-lifted-security
  17. https://www.ft.com/content/21c5c7f2-20b1-11e5-ab0f-6bb9974f25d0
  18. https://www.businessinsider.com/what-is-telegram
  19. https://telegram.org/tour/groups
  20. https://telegram.org/privacy#:~:text=Cloud%20Chats,rely%20on%20third%2Dparty%20backups.&text=This%20way%20local%20engineers%20or,get%20access%20to%20user%20data.
  21. https://telegram.org/tour/channels
  22. https://telegram.org/faq?setln=en#q-how-do-i-start-a-secret-chat
  23. https://www.businessinsider.com/how-to-make-a-telegram-account
  24. https://www.businessinsider.com/how-to-make-a-telegram-account
  25. https://techcrunch.com/2017/03/30/telegram-call/
  26. https://www.theverge.com/2021/6/26/22551652/telegram-adds-group-video-calling-chat#:~:text=Voice%20chats%20in%20any%20group,who%20join%20a%20voice%20chat.
  27. https://www.theverge.com/2021/6/26/22551652/telegram-adds-group-video-calling-chat#:~:text=Voice%20chats%20in%20any%20group,who%20join%20a%20voice%20chat
  28. https://instantview.telegram.org/
  29. https://telegram.org/blog/instant-view
  30. https://core.telegram.org/mtproto/description
  31. https://core.telegram.org/api/end-to-end
  32. https://twitter.com/telegram/status/437273030856019969?lang=en
  33. https://core.telegram.org/bots
  34. https://telegram.org/blog/tdlib
  35. https://www.theverge.com/2020/5/12/21256407/telegram-cryptocurrency-shutdown-sec-gram
  36. https://t.me/durov/142
  37. https://www.reuters.com/article/mubadala-inv-telegram-int-idUSKBN2BF0UP
  38. https://www.barrons.com/news/telegram-messenger-raises-1-billion-by-selling-bonds-founder-01616512505
  39. https://www.reuters.com/article/us-hongkong-telegram-exclusive-idUSKCN1VK2NI
  40. https://www.vice.com/en/article/jgqqv8/five-reasons-you-should-delete-telegram-from-your-phone
  41. https://www.reuters.com/article/uk-iran-cyber-telegram-exclusive-idUKKCN10D1DS
  42. https://www.howtogeek.com/710344/psa-telegram-chats-arent-end-to-end-encrypted-by-default/#:~:text=In%20Telegram%2C%20only%20%E2%80%9Csecret%20chats,chats%20in%20Telegram's%20chat%20list.
  43. https://www.trustedreviews.com/news/is-telegram-safe-4130553
  44. https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415
  45. https://www.reuters.com/world/europe/navalny-allies-accuse-telegram-censorship-russian-election-2021-09-18/
  46. https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415
  47. https://dl.acm.org/doi/10.1145/2994459.2994468
  48. https://www.scmp.com/tech/policy/article/3125694/chinas-great-firewall-ensnares-encrypted-messaging-app-signal-joining
  49. https://www.engadget.com/cuba-blocks-internet-access-220656055.html
  50. https://www.theverge.com/2018/5/1/17306792/telegram-banned-iran-encrypted-messaging-app-russia
  51. https://www.bbc.com/news/business-40627739
  52. https://www.sec.gov/news/press-release/2020-146
Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=Telegram_(application)&oldid=105560"