Why I Don't Use TelegramRonit Ray | 2021-01-10
If the title wasn't clear enough, I don't believe Telegram is a good fit for a WhatsApp replacement if you are a privacy-conscious individual. I believe it is a significant security downgrade, and potentially a privacy liability as well.
On WhatsApp, all chats are end-to-end encrypted using their implementation of the Signal protocol. Of course, WhatsApp is proprietary software and you have pretty much only their word for it. That said, the Signal protocol itself is very well defined and has implementations available under GPLv3. It comes down to whether you trust WhatsApp to implement said encryption without incompetence or malice (see Hanlon's Razor). Being owned by Facebook leaves significant room for malice, I suppose, but less so for incompetence considering they have the talent and resources of one of the largest corporations in the world behind them. Ultimately, a matter of trust.
Telegram, on the other hand, have gone ahead and released the sources for all their clients on Github under GPLv2, as reproducible builds too. This is commendable and should be the standard for any app that performs such critical functions for millions of users. It allows discerning users to verify that their messages are indeed encrypted as stated by the specification before they leave their device, for instance. Yet, this does not alleviate the issues with the platform as they would like you to believe.
First, Telegram's developers have made an active choice to drop end-to-end encryption for the bulk of messaging on their platform, stating creature comforts like ease of backing up as the reason for doing so. For most 1-1 chats and ALL group chats on the platform, Telegram use a "server-client" encryption scheme that essentially allows for in-transit encryption between your device and their servers, which is effective against MITM attacks, but involves keys generated and controlled by Telegram themselves as part of an exchange between your device and their servers. End-to-end encryption is provided for 1-1 chats in the form of their "secret messages" feature, but it being only an option tends to mean very low adoption, not to mention the fact that this courtesy isn't even extended for group conversations where it is perhaps needed more. The secret chats feature is also entirely unavailable on the desktop or web versions of the Telegram client. The purpose of end-to-end encryption is that only the sender and the intended recipient are able to see the contents of the message, and the medium over which it is sent is essentially taken out of the equation if the encryption is strong enough. This is very clearly not the case with Telegram by design.
While apps like WhatsApp and Signal choose not to retain any of your messages on their servers once they are delivered successfully, Telegram back up all your messages to their servers and retain them indefinitely, for the stated purpose of allowing near-instant cloud sync for your message database across all your devices no matter where you are. This stated purpose it achieves with flying colours, but with some (in my opinion significant) compromise to privacy. For all their assurances about encryption and all their declarations of open-sourced clients, you end up in a similar situation to WhatsApp where you have to trust the channel (Telegram servers) to not deal with your messages with malicious intent. Telegram's own site states "All data is stored heavily encrypted so that local Telegram engineers or physical intruders cannot get access", a claim that is tenuous given the encrypted-at-rest content is on servers controlled by them and so are the keys to decrypt them. You are relying on their goodwill to handle your data with the utmost integrity at all times, a situation that would not have arisen if your chats were verifiably end-to-end encrypted. Further, such a claim is also impossible to verify since Telegram have not open-sourced the code for their servers, and even if they had, there is no way you can verify that the provided code is what is running on their servers, and no more. This is the case with Signal as well, even though they provide their server code freely.
It is true that WhatsApp decrypts their backups before uploading to cloud storage like Google Drive and iCloud, and this is a major vulnerability since even if you yourself have disabled these backups, as long as those you interact with have them enabled, your messages are available in what is essentially plaintext for at least two parties (Facebook and Google/Apple) to use as they please. It goes without saying that this is a privacy nightmare, especially since all 3 concerned corporations have been known to be willing to collaborate with governments in some capacity in the past, and likely would again of their own volition or under sufficient duress. That said, it seems unlikely that sacrificing e2e encryption is the only choice that would allow you to avoid such a situation, like Telegram would have you believe. While "instant sync" may not be achievable, it does not seem like it is completely impossible to create multipart fully end-to-end encrypted containers that are then backed up to the cloud, only decryptable on either end with the local keys. WhatsApp themselves have a key transference/new key association with each profile procedure in place if you are switching devices.
In recent years Telegram has earned renown for pushing back against government agencies across the world who have sought personal data from them, to the extent that the application has been banned in some jurisdictions and deplatformed in others. Again, however, it is a situation totally at their mercy, one that can be changed if Pavel Durov or other people in positions of power in their hierarchy change their mind, or in the event of a buyout to people with more questionable morals. Further, Russia recently lifted their ban on Telegram, their telecom watchdog Roskomnadzor said the company had expressed willingness in assisting them in their counterterrorism efforts. However you feel about the Russian government and whether or not this reeks of collusion is entirely up for interpretation and likely not verifiable, but it would not be the case if the option to do so was never given to Telegram.
And yet the problems do not end here.
In a blog post, no doubt attempting to grab some attention given recent events, Telegram creator Pavel Durov claims "Our encryption and API are fully documented and have been reviewed by security experts thousands of times." It is curious that in a post where he cites a number of references to put down competitors to his app, he provides no citations to this claim.
Further, Durov attempts to sully the Signal protocol by calling it "an encryption protocol funded by the US Government", as if that alone is tantamount to some kind of secret backdoor they've paid for, or association with government funding itself disqualifies it from any discussion about security. This, of course, is borderline conspiracy theory, considering the Signal protocol along with its implementation in Signal's own app has been open and available for years, having survived multiple rounds of audits to the extent of being considered reliable and secure by security experts the world over. The same cannot be said about Telegram's own MTProto algorithm, which was initially received very poorly perhaps due to the maxim "You don't roll your own crypto" popular in the infosec community. There are multiple studies and articles that were critical of its implementation and of the hype surrounding it like the fact that they decided having a bunch of PhD's on their team was testament to its security , or the enormous bounty someone who found a vulnerability in the system would receive. A 2^64 attack was also theorized against Telegram in 2015. These are events in the 2013-16 period, and many of the criticisms may not be valid now. Telegram themselves have released a new version dubbed MTProto 2.0, but the thousands of reviews Durov alludes to are certainly not forthcoming after a cursory web search for "MTProto 2 audit" and similar terms, except one that seems overall positive, which is good. I am not a cryptanalyst myself so I do not have an opinion on MTProto, but I wish to highlight some of the hype surrounding the application, much of which comes from the horse's mouth. Durov is very quick to proclaim that Telegram does not spend on marketing, but it is worth remembering that it does not mean that they do not indulge in marketing.
I have some other reservations about the app that prevent me from using it, one of which is the "delete everywhere" feature, that allows you to delete any message in a conversation from your device as well as that of the other party. On the surface, this seems alright, especially since apps like WhatsApp and Signal allow you to do this too. However, Telegram differs from them in two key areas. First, Telegram allows you to not only delete messages you have sent "for everyone", but also ones that you have received. Secondly, while WhatsApp and Signal choose to have a placeholder in the message bubble on the lines of "this message was deleted" to show that a message used to exist but has now been deleted, Telegram removes any trace of its existence altogether, from the devices of everyone involved in the conversation. In true Telegram fashion, this too was branded as returning complete control on conversations to all their users, because private data is "sacred" to them. They fail to recognize, or do realize and outright ignore the fact that giving a recipient control over a message they have not sent and allowing them to delete it from both ends means control is taken away from the sender. Further, the fact that messages can be deleted without trace leaves a horrible taste in my mouth, as it is ripe for gaslighting and getting rid of evidence in serious matters. I cannot, in good conscience, use an app that allows this to happen.
All this said, it would be unfair to say Telegram is entirely insecure or that its developers have made a bad application with no thought put into its security. As is the case with everything in life, there is nuance to it, and they have chosen to trade convenience for security/privacy in several instances. If your threat model is okay with these compromises, Telegram may well be the most engaging, fluid, and featureful instant messaging platform you can find. Personally, it is not for me, and I choose to keep my messages on Signal, and have tried Briar (peer-to-peer, decentralized, e2ee) and Matrix (decentralized, p2p available, e2ee available) recently. No messaging app is perfect, and trade-offs like the ones Telegram made exist on each of these, although the options I prefer do tend to value security and privacy over convenience in most aspects. I do continue to use WhatsApp simply because network effects (India is WhatsApp's largest market in the world) have made it so that most of my contacts as well as professional groups use WhatsApp as their platform.
I've tried to do my due diligence while writing this article but would absolutely appreciate being proven wrong in any of my claims or being provided any information that proves useful in evaluating the viability of Telegram or any oftheir competing platforms. Please free to contact me with the information on this site, and I will put up corrections to this article if pointed out. Until next time.