By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

‘How Telegram Played Itself’

Casey Newton, writing at Platformer:

Telegram is often described as an “encrypted” messenger. But as Ben Thompson explains today, Telegram is not end-to-end encrypted, as rivals WhatsApp and Signal are. (Its “secret chat” feature is end-to-end encrypted, but it is not enabled on chats by default. The vast majority of chats on Telegram are not secret chats.) That means Telegram can look at the contents of private messages, making it vulnerable to law enforcement requests for that data.

Anticipating these requests, Telegram created a kind of jurisdictional obstacle course for law enforcement that (it says) none of them have successfully navigated so far. From the FAQ again:

To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data. […] To this day, we have disclosed 0 bytes of user data to third parties, including governments.

As a result, investigation after investigation finds that Telegram is a significant vector for the spread of CSAM. (To take only the most recent example, here’s one from India’s Decode last month, which like others found that criminals often advertise their wares on Instagram and direct buyers to Telegram to complete their purchases.) [...]

“Telegram is another level,” Brian Fishman, Meta’s former anti-terrorism chief, wrote in a post on Threads. “It has been the key hub for ISIS for a decade. It tolerates CSAM. Its ignored reasonable [law enforcement] engagement for YEARS. It’s not ‘light’ content moderation; it’s a different approach entirely.

From the Ben Thompson piece yesterday that Newton links to above, is this description of just how unusual Telegram’s “secret chats” are:

That is why “encryption” in the context of messaging means end-to-end encryption; this means that your messages are encrypted on your device and can only ever be decrypted and thus read by your intended recipient. Telegram does support this with “Secret Chats”, but these are not the default. Moreover, Telegram’s implementation has a lot of oddities, including some non-standard encryption techniques, the fact that secret chats can only be between two devices (not two accounts, so you can’t access a secret chat started on your phone from your computer), and that both users have to be online at the same time to initiate a secret chat (I’ll come back to these oddities in a moment).

★ Tuesday, 27 August 2024