From: grgmusk@skiff.com   
      
   https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-   
   really-an-encrypted-messaging-app/   
      
   Is Telegram really an encrypted messaging app?   
   Matthew Green   
   13–17 minutes   
      
   This blog is reserved for more serious things, and ordinarily I wouldn’t   
   spend time on questions like the above. But much as I’d like to spend my   
   time writing about exciting topics, sometimes the world requires a bit of   
   what Brad Delong calls “Intellectual Garbage Pickup,” namely: correcting   
   wrong, or mostly-wrong ideas that spread unchecked across the Internet.   
      
   This post is inspired by the recent and concerning news that Telegram’s   
   CEO Pavel Durov has been arrested by French authorities for its failure to   
   sufficiently moderate content. While I don’t know the details, the use of   
   criminal charges to coerce social media companies is a pretty worrying   
   escalation, and I hope there’s more to the story.   
      
   But this arrest is not what I want to talk about today.   
      
   What I do want to talk about is one specific detail of the reporting.   
   Specifically: the fact that nearly every news report about the arrest   
   refers to Telegram as an “encrypted messaging app.” Here are just a few   
   examples:   
      
   This phrasing drives me nuts because in a very limited technical sense   
   it’s not wrong. Yet in every sense that matters, it fundamentally   
   misrepresents what Telegram is and how it works in practice. And this   
   misrepresentation is bad for both journalists and particularly for   
   Telegram’s users, many of whom could be badly hurt as a result.   
      
   Now to the details.   
   Does Telegram have encryption or doesn’t it?   
      
   Many systems use encryption in some way or another. However, when we talk   
   about encryption in the context of modern private messaging services, the   
   word typically has a very specific meaning: it refers to the use of   
   default end-to-end encryption to protect users’ message content. When used   
   in an industry-standard way, this feature ensures that every message will   
   be encrypted using encryption keys that are only known to the   
   communicating parties, and not to the service provider.   
      
   From your perspective as a user, an “encrypted messenger” ensures that   
   each time you start a conversation, your messages will only be readable by   
   the folks you intend to speak with. If the operator of a messaging service   
   tries to view the content of your messages, all they’ll see is useless   
   encrypted junk. That same guarantee holds for anyone who might hack into   
   the provider’s servers, and also, for better or for worse, to law   
   enforcement agencies that serve providers with a subpoena.   
      
   Telegram clearly fails to meet this stronger definition for a simple   
   reason: it does not end-to-end encrypt conversations by default. If you   
   want to use end-to-end encryption in Telegram, you must manually activate   
   an optional end-to-end encryption feature called “Secret Chats” for every   
   single private conversation you want to have. The feature is explicitly   
   not turned on for the vast majority of conversations, and is only   
   available for one-on-one conversations, and never for group chats with   
   more than two people in them.   
      
   As a kind of a weird bonus, activating end-to-end encryption in Telegram   
   is oddly difficult for non-expert users to actually do.   
      
   For one thing, the button that activates Telegram’s encryption feature is   
   not visible from the main conversation pane, or from the home screen. To   
   find it in the iOS app, I had to click at least four times — once to   
   access the user’s profile, once to make a hidden menu pop up showing me   
   the options, and a final time to “confirm” that I wanted to use   
   encryption. And even after this I was not able to actually have an   
   encrypted conversation, since Secret Chats only works if your conversation   
   partner happens to be online when you do this.   
   Starting a “secret chat” with my friend Michael on the latest Telegram iOS   
   app. From an ordinary chat screen this option isn’t directly visible.   
   Getting it activated requires four clicks: (1) to get to Michael’s profile   
   (left image), (2) on the “…” button to display a hidden set of options   
   (center image), (3) on “Start Secret Chat”, and (4) on the “Are you   
   sure…”   
   confirmation dialog. After that I’m still unable to send Michael any   
   messages, because Telegram’s Secret Chats can only be turned on if the   
   other user is also online.   
      
   Overall this is quite different from the experience of starting a new   
   encrypted chat in an industry-standard modern messaging application, which   
   simply requires you to open a new chat window.   
      
   While it might seem like I’m being picky, the difference in adoption   
   between default end-to-end encryption and this experience is likely very   
   significant. The practical impact is that the vast majority of one-on-one   
   Telegram conversations — and literally every single group chat — are   
   probably visible on Telegram’s servers, which can see and record the   
   content of all messages sent between users. That may or may not be a   
   problem for every Telegram user, but it’s certainly not something we’d   
   advertise as particularly well encrypted.   
      
   (If you’re interested in the details, as well as a little bit of further   
   criticism of Telegram’s actual encryption protocols, I’ll get into what we   
   know about that further below.)   
   But wait, does default encryption really matter?   
      
   Maybe yes, maybe no! There are two different ways to think about this.   
      
   One is that Telegram’s lack of default encryption is just fine for many   
   people. The reality is that many users don’t choose Telegram for encrypted   
   private messaging at all. For plenty of people, Telegram is used more like   
   a social media network than a private messenger.   
      
   Getting more specific, Telegram has two popular features that makes it   
   ideal for this use-case. One of those is the ability to create and   
   subscribe to “channels“, each of which works like a broadcast network   
   where one person (or a small number of people) can push content out to   
   millions of readers. When you’re broadcasting messages to thousands of   
   strangers in public, maintaining the secrecy of your chat content isn’t as   
   important.   
      
   Telegram also supports large public group chats that can include thousands   
   of users. These groups can be made open for the general public to join, or   
   they can set up as invite-only. While I’ve never personally wanted to   
   share a group chat with thousands of people, I’m told that many people   
   enjoy this feature. In the large and public instantiation, it also doesn’t   
   really matter that Telegram group chats are unencrypted — after all, who   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)