‘How Telegram Played Itself’
Casey Newton, writing at Platformer:
Telegram is often described as an “encrypted” messenger. But as
Ben Thompson explains today, Telegram is not end-to-end
encrypted, as rivals WhatsApp and Signal are. (Its “secret chat”
feature is end-to-end encrypted, but it is not enabled on chats
by default. The vast majority of chats on Telegram are not secret
chats.) That means Telegram can look at the contents of private
messages, making it vulnerable to law enforcement requests for
that data.
Anticipating these requests, Telegram created a kind of
jurisdictional obstacle course for law enforcement that (it says)
none of them have successfully navigated so far. From the FAQ
again:
To protect the data that is not covered by end-to-end encryption,
Telegram uses a distributed infrastructure. Cloud chat data is
stored in multiple data centers around the globe that are
controlled by different legal entities spread across different
jurisdictions. The relevant decryption keys are split into parts
and are never kept in the same place as the data they protect. As
a result, several court orders from different jurisdictions are
required to force us to give up any data. To this day, we
have disclosed 0 bytes of user data to third parties, including
governments.
As a result, investigation after investigation finds that Telegram
is a significant vector for the spread of CSAM. (To take only the
most recent example, here’s one from India’s Decode last
month, which like others found that criminals often
advertise their wares on Instagram and direct buyers to Telegram
to complete their purchases.) […]
“Telegram is another level,” Brian Fishman, Meta’s former
anti-terrorism chief, wrote in a post on Threads. “It has
been the key hub for ISIS for a decade. It tolerates CSAM. Its
ignored reasonable [law enforcement] engagement for YEARS. It’s
not ‘light’ content moderation; it’s a different approach
entirely.
From the Ben Thompson piece yesterday that Newton links to above, is this description of just how unusual Telegram’s “secret chats” are:
That is why “encryption” in the context of messaging means
end-to-end encryption; this means that your messages are encrypted
on your device and can only ever be decrypted and thus read by
your intended recipient. Telegram does support this with “Secret
Chats”, but these are not the default. Moreover, Telegram’s
implementation has a lot of oddities, including some non-standard
encryption techniques, the fact that secret chats can only be
between two devices (not two accounts, so you can’t access a
secret chat started on your phone from your computer), and that
both users have to be online at the same time to initiate a secret
chat (I’ll come back to these oddities in a moment).
★
Casey Newton, writing at Platformer:
Telegram is often described as an “encrypted” messenger. But as
Ben Thompson explains today, Telegram is not end-to-end
encrypted, as rivals WhatsApp and Signal are. (Its “secret chat”
feature is end-to-end encrypted, but it is not enabled on chats
by default. The vast majority of chats on Telegram are not secret
chats.) That means Telegram can look at the contents of private
messages, making it vulnerable to law enforcement requests for
that data.
Anticipating these requests, Telegram created a kind of
jurisdictional obstacle course for law enforcement that (it says)
none of them have successfully navigated so far. From the FAQ
again:
To protect the data that is not covered by end-to-end encryption,
Telegram uses a distributed infrastructure. Cloud chat data is
stored in multiple data centers around the globe that are
controlled by different legal entities spread across different
jurisdictions. The relevant decryption keys are split into parts
and are never kept in the same place as the data they protect. As
a result, several court orders from different jurisdictions are
required to force us to give up any data. […] To this day, we
have disclosed 0 bytes of user data to third parties, including
governments.
As a result, investigation after investigation finds that Telegram
is a significant vector for the spread of CSAM. (To take only the
most recent example, here’s one from India’s Decode last
month, which like others found that criminals often
advertise their wares on Instagram and direct buyers to Telegram
to complete their purchases.) […]
“Telegram is another level,” Brian Fishman, Meta’s former
anti-terrorism chief, wrote in a post on Threads. “It has
been the key hub for ISIS for a decade. It tolerates CSAM. Its
ignored reasonable [law enforcement] engagement for YEARS. It’s
not ‘light’ content moderation; it’s a different approach
entirely.
From the Ben Thompson piece yesterday that Newton links to above, is this description of just how unusual Telegram’s “secret chats” are:
That is why “encryption” in the context of messaging means
end-to-end encryption; this means that your messages are encrypted
on your device and can only ever be decrypted and thus read by
your intended recipient. Telegram does support this with “Secret
Chats”, but these are not the default. Moreover, Telegram’s
implementation has a lot of oddities, including some non-standard
encryption techniques, the fact that secret chats can only be
between two devices (not two accounts, so you can’t access a
secret chat started on your phone from your computer), and that
both users have to be online at the same time to initiate a secret
chat (I’ll come back to these oddities in a moment).