Some tech media reported that the Telegram Desktop app wasn’t secure because it “leaked IP addresses” when used to accept a voice call.
The reality is much less sensational – Telegram Desktop was at least as secure as other encrypted VoIP apps even before we improved it by adding an option to disable peer-to-peer calls. As for Telegram calls on mobile, they were always more secure than the competition, because they had this setting since day one.
During a peer-to-peer (P2P) call, voice traffic flows directly from one participant of a call to the other without relying on an intermediary server. P2P routing allows to achieve higher quality calls with lower latency, so the current industry standard is to have P2P switched on by default.
However, there’s a catch: by definition, both devices participating in a P2P call have to know the IP addresses of each other. So if you make or accept a call, the person on the other side may in theory learn your IP address.
That’s why, unlike WhatsApp or Viber, Telegram always gave its users the ability to switch off P2P calls and relay them through a Telegram server. Moreover, in most countries we switched off P2P by default.
Telegram Desktop, which is used in less than 0.01% of Telegram calls, was the only platform where this setting was missing. Thanks to a researcher who pointed that out, we made the Telegram Desktop experience consistent with the rest of our apps.
However, it is important to put this into perspective and realize that this is about one Telegram app (Telegram Desktop) being somewhat less secure than other Telegram apps (e.g. Telegram for iOS or Android). If you compare Telegram with other popular messaging services out there, unfortunately, they are not even close to our standards.
Using the terminology from the flashy headlines, WhatsApp, Viber and the rest have been “leaking your IP address” in 100% of calls. They are still doing this, and you can't opt out. The only way to stop this is to have all your friends switch to Telegram.
The reality is much less sensational – Telegram Desktop was at least as secure as other encrypted VoIP apps even before we improved it by adding an option to disable peer-to-peer calls. As for Telegram calls on mobile, they were always more secure than the competition, because they had this setting since day one.
During a peer-to-peer (P2P) call, voice traffic flows directly from one participant of a call to the other without relying on an intermediary server. P2P routing allows to achieve higher quality calls with lower latency, so the current industry standard is to have P2P switched on by default.
However, there’s a catch: by definition, both devices participating in a P2P call have to know the IP addresses of each other. So if you make or accept a call, the person on the other side may in theory learn your IP address.
That’s why, unlike WhatsApp or Viber, Telegram always gave its users the ability to switch off P2P calls and relay them through a Telegram server. Moreover, in most countries we switched off P2P by default.
Telegram Desktop, which is used in less than 0.01% of Telegram calls, was the only platform where this setting was missing. Thanks to a researcher who pointed that out, we made the Telegram Desktop experience consistent with the rest of our apps.
However, it is important to put this into perspective and realize that this is about one Telegram app (Telegram Desktop) being somewhat less secure than other Telegram apps (e.g. Telegram for iOS or Android). If you compare Telegram with other popular messaging services out there, unfortunately, they are not even close to our standards.
Using the terminology from the flashy headlines, WhatsApp, Viber and the rest have been “leaking your IP address” in 100% of calls. They are still doing this, and you can't opt out. The only way to stop this is to have all your friends switch to Telegram.
Last week at Telegram was intense – we’ve been busy polishing the rough spots in our new iOS app and fighting connection issues with little time left for sleep. Yet, there’s no other company in the world I would rather work at. At Telegram, we have the rare freedom to do what our users expect us to do, standing up for their interests.
The recent exodus of WhatsApp founders is a good example of what you end up with if you sell your company. You can earn some money, but you lose something much more valuable – your integrity and the ability to continue improving the lives of hundreds of millions of people.
Last week, it became known that WhatsApp has had a backdoor for years – anybody you had a video call with could potentially read all your messages. Even if there are no more backdoors left (which seems unlikely), WhatsApp has other flaws which make most of the messages sent via the app accessible to third parties.
In the long run, promises given by corporations like Facebook just don't materialize, because these corporations prioritize maximizing profits over serving their users. And that’s what makes Telegram so different – the only thing that will ever matter to us is your interests.
The recent exodus of WhatsApp founders is a good example of what you end up with if you sell your company. You can earn some money, but you lose something much more valuable – your integrity and the ability to continue improving the lives of hundreds of millions of people.
Last week, it became known that WhatsApp has had a backdoor for years – anybody you had a video call with could potentially read all your messages. Even if there are no more backdoors left (which seems unlikely), WhatsApp has other flaws which make most of the messages sent via the app accessible to third parties.
In the long run, promises given by corporations like Facebook just don't materialize, because these corporations prioritize maximizing profits over serving their users. And that’s what makes Telegram so different – the only thing that will ever matter to us is your interests.
2018 was a great year for Telegram, but 2019 is going to be by far the most important one in our company's history.
In 2018, more and more people discovered Telegram and switched to it from services run by ad-selling IT monopolies.
As a result, Telegram became one of the few messaging apps that are enjoying significant growth globally.
Building on the success of the last year, this year we are going to implement many long-awaited product changes you have been asking for.
2019 will be the time when feature-related wishes of our users come true.
In 2018, more and more people discovered Telegram and switched to it from services run by ad-selling IT monopolies.
As a result, Telegram became one of the few messaging apps that are enjoying significant growth globally.
Building on the success of the last year, this year we are going to implement many long-awaited product changes you have been asking for.
2019 will be the time when feature-related wishes of our users come true.
Yesterday we shipped the fourth major update of Telegram in the last 2 months. This time we radically improved chat backgrounds.
It seems iOS users have to wait a while to get the update, because the App Store has been experiencing issues since yesterday. I expect that Apple is going to get their issues sorted out in the next few hours as Cupertino is waking up.
Fortunately, Google doesn’t have such outages, so Android users can enjoy Telegram v5.3 right away. As for their less fortunate iOS counterparts, they are welcome to have a look at the sneak peak below to get a taste of what’s coming.
It seems iOS users have to wait a while to get the update, because the App Store has been experiencing issues since yesterday. I expect that Apple is going to get their issues sorted out in the next few hours as Cupertino is waking up.
Fortunately, Google doesn’t have such outages, so Android users can enjoy Telegram v5.3 right away. As for their less fortunate iOS counterparts, they are welcome to have a look at the sneak peak below to get a taste of what’s coming.
We’ve just started Instant View 2.0 Competition – our crowdsourcing contest with a prize fund of $300,000, ending on the 4th of April.
The goal is to create sets of rules (“templates”) that are used to generate beautiful “Instant View” previews for links shared on Telegram. Anyone with an understanding of HTML/CSS can participate. Participants get $100 for each correct template + $10,000 and $5,000 to top 2 contributors.
Check out the rules here – https://instantview.telegram.org/contest
We’ll launch more similar competitions for developers soon. Eventually there’ll be a competition for everything we do (Android, C++, voice calls etc). Winners get mighty prizes and a chance to join our dev team.
Stay tuned – we’ll announce the next competition within 10 days.
The goal is to create sets of rules (“templates”) that are used to generate beautiful “Instant View” previews for links shared on Telegram. Anyone with an understanding of HTML/CSS can participate. Participants get $100 for each correct template + $10,000 and $5,000 to top 2 contributors.
Check out the rules here – https://instantview.telegram.org/contest
We’ll launch more similar competitions for developers soon. Eventually there’ll be a competition for everything we do (Android, C++, voice calls etc). Winners get mighty prizes and a chance to join our dev team.
Stay tuned – we’ll announce the next competition within 10 days.
Instant View Platform
Template Competition 2.0
We are holding a new $300,000+ 2-month competition (4 Feb 2019 - 4 April 2019) to create Instant View Templates for news websites and blogs, $100 per template. Everyone is welcome to participate!
Happy to announce the arrival of auto-playing videos on Telegram for iOS and Android. It's flavored with improved auto-download settings and multiple account support on all mobile platforms. Enjoy Telegram 5.4!
I see 3 million new users signed up for Telegram within the last 24 hours.
Good. We have true privacy and unlimited space for everyone.
Good. We have true privacy and unlimited space for everyone.
It’s been 23 years since I first used a private messaging service, and 16 years since I first built my own. The number of electronic private conversations I’ve had over those years is enormous. I am certain this is also the case for you.
Over the last 10-20 years, each of us exchanged millions of messages with thousands of people. Most of those communication logs are stored somewhere in other people’s inboxes, outside of our reach. Relationships start and end, but messaging histories with ex-friends and ex-colleagues remain available forever.
It’s getting worse. Within the next few decades, the volume of our private data stored by our chat partners will easily quadruple.
An old message you already forgot about can be taken out of context and used against you decades later. A hasty text you sent to a girlfriend in school can come haunt you in 2030 when you decide to run for mayor. We have to admit: Despite all of our progress in encryption and privacy, we have very little actual control of our data. We can’t go back in time and erase things for other people.
Well, we couldn’t. Until today. Starting today, we are allowing every Telegram user to delete any message in a private conversation from both sides. It doesn’t matter who sent the message and when – you have complete control over it. You can even wipe out the whole conversation from both sides if you want to. No trace will be left on either side.
We know some people may get concerned about the potential misuse of this feature or about the permanence of their chat histories. We thought carefully through those issues, but we think having control over your own digital footprint should be paramount.
Looking through my Telegram inbox now, there’s not much I would want to delete for both sides. And yet, for the first time in 23 years of private messaging, I feel truly free and in control.
Over the last 10-20 years, each of us exchanged millions of messages with thousands of people. Most of those communication logs are stored somewhere in other people’s inboxes, outside of our reach. Relationships start and end, but messaging histories with ex-friends and ex-colleagues remain available forever.
It’s getting worse. Within the next few decades, the volume of our private data stored by our chat partners will easily quadruple.
An old message you already forgot about can be taken out of context and used against you decades later. A hasty text you sent to a girlfriend in school can come haunt you in 2030 when you decide to run for mayor. We have to admit: Despite all of our progress in encryption and privacy, we have very little actual control of our data. We can’t go back in time and erase things for other people.
Well, we couldn’t. Until today. Starting today, we are allowing every Telegram user to delete any message in a private conversation from both sides. It doesn’t matter who sent the message and when – you have complete control over it. You can even wipe out the whole conversation from both sides if you want to. No trace will be left on either side.
We know some people may get concerned about the potential misuse of this feature or about the permanence of their chat histories. We thought carefully through those issues, but we think having control over your own digital footprint should be paramount.
Looking through my Telegram inbox now, there’s not much I would want to delete for both sides. And yet, for the first time in 23 years of private messaging, I feel truly free and in control.
Du Rove's Channel
It’s been 23 years since I first used a private messaging service, and 16 years since I first built my own. The number of electronic private conversations I’ve had over those years is enormous. I am certain this is also the case for you. Over the last 10…
How did you like the privacy-focused update of Telegram?
Anonymous Poll
56%
Awesome, keep it up! 👍
44%
Awful, take it back 👎
I don’t like to focus on competitors. But since people keep asking me about WhatsApp, I have just written this post. It includes my thoughts on them. It also includes my thoughts on us. Enjoy.
https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15
https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15
Telegraph – Pavel Durov
Why WhatsApp Will Never Be Secure
The world seems to be shocked by the news that WhatsApp turned any phone into spyware. Everything on your phone – including photos, emails and texts – could be accessed by attackers just because you had WhatsApp installed [1]. This news didn’t surprise…
Today the Russian authorities tried to hack 4 journalists covering the Ekaterinburg protests. Fortunately, all those attempts have failed due to the 2-step verification check.
This serves as a reminder that authoritarian governments will stop at nothing to violate their citizens' privacy. We urge users in such countries to double check that they have 2-step verification set up.
Stay safe and stay strong 💪🏾
This serves as a reminder that authoritarian governments will stop at nothing to violate their citizens' privacy. We urge users in such countries to double check that they have 2-step verification set up.
Stay safe and stay strong 💪🏾
Those of you who follow my posts know that I’m a big believer in self-restraint. In the last 15 years, I’ve had no alcohol, no caffeine, no meat, no pills, and no fast food. Health-wise it brought good results: I only had a fever once in the last 15 years. Typically, I just don’t get ill.
A year ago I added more restrictions to my diet: no gluten, no dairy, no eggs, no fructose. I did it to achieve higher productivity and clarity of thought, as well as to train will power and self-discipline.
Another technique I employ to improve will power is swimming in ice-cold water every winter in Finland or Switzerland. If you ever faced the necessity to stay in a lake with a thin layer of ice on top for a few minutes, you are less likely to procrastinate when it comes to starting on a boring but necessary project.
In May I limited the foods I eat to fish and seafood only. In case you have daily access to fresh wild-caught fish, I can definitely recommend this diet for boosting productivity. Unlike farmed meat or the products of agriculture, which were introduced to our diet fairly recently (like 15,000 years ago), wild fish cooked on fire is something our ancestors evolved to consume throughout the last million of years. As humans required a daily source of water, they had to live near rivers and lakes, so a seagan diet makes much more sense to me than veganism or rawism from an evolutionary perspective.
This month I’m trying something more radical, with consuming no food at all. I’ve been on a water fast for the last 6 days and am feeling great so far. Since zero food consumption improves clarity of thought, I also got many things done on the product-management side.
Fasting is a great way to allow your digestive system to clean and reboot, and also to allow your immune system to work on other things than clearing the constantly incoming food. Our hunter-gatherer ancestors had to do with no food for prolonged periods of time, so our body is not only evolved for that, but is actually expecting us to give it a break in consumption at least once a year. That’s why most religions have a tradition of fasting – it’s healthy and necessary both for the body and the mind.
Obviously, I might lose some muscle mass as a result, but I believe that if I manage to come up with new great ideas for Telegram during the fast, it will be beneficial for all of the millions of Telegram users. And making the lives of our users more enjoyable has been and will be my number one priority.
A year ago I added more restrictions to my diet: no gluten, no dairy, no eggs, no fructose. I did it to achieve higher productivity and clarity of thought, as well as to train will power and self-discipline.
Another technique I employ to improve will power is swimming in ice-cold water every winter in Finland or Switzerland. If you ever faced the necessity to stay in a lake with a thin layer of ice on top for a few minutes, you are less likely to procrastinate when it comes to starting on a boring but necessary project.
In May I limited the foods I eat to fish and seafood only. In case you have daily access to fresh wild-caught fish, I can definitely recommend this diet for boosting productivity. Unlike farmed meat or the products of agriculture, which were introduced to our diet fairly recently (like 15,000 years ago), wild fish cooked on fire is something our ancestors evolved to consume throughout the last million of years. As humans required a daily source of water, they had to live near rivers and lakes, so a seagan diet makes much more sense to me than veganism or rawism from an evolutionary perspective.
This month I’m trying something more radical, with consuming no food at all. I’ve been on a water fast for the last 6 days and am feeling great so far. Since zero food consumption improves clarity of thought, I also got many things done on the product-management side.
Fasting is a great way to allow your digestive system to clean and reboot, and also to allow your immune system to work on other things than clearing the constantly incoming food. Our hunter-gatherer ancestors had to do with no food for prolonged periods of time, so our body is not only evolved for that, but is actually expecting us to give it a break in consumption at least once a year. That’s why most religions have a tradition of fasting – it’s healthy and necessary both for the body and the mind.
Obviously, I might lose some muscle mass as a result, but I believe that if I manage to come up with new great ideas for Telegram during the fast, it will be beneficial for all of the millions of Telegram users. And making the lives of our users more enjoyable has been and will be my number one priority.
Telegram turns 6 years today. Throughout these years, Telegram stood up for freedom and privacy. We defended what we believe in against tyrannies, kleptocracies and corporations.
Today, 6 years after launch, Telegram is the third largest global messaging app in terms of the number of countries where Telegram is in top 10 Social Networking apps.
Let us celebrate today. Tomorrow we’ll get back to building new features. There’s a lot of exciting work left to do.
Today, 6 years after launch, Telegram is the third largest global messaging app in terms of the number of countries where Telegram is in top 10 Social Networking apps.
Let us celebrate today. Tomorrow we’ll get back to building new features. There’s a lot of exciting work left to do.
In May, I predicted that backdoors in WhatsApp would keep getting discovered, and one serious security issue would follow another, as it did in the past [1]. This week a new backdoor was quietly found in WhatsApp [2]. Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and all your data was at the attacker’s mercy [3].
WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6].
Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8]). So – nothing to analyze – “no evidence”. Convenient.
But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].
Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.
Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.
[1] – Why WhatsApp will never be secure
[2] – WhatsApp users urged to update app immediately over spying fears
[3] – WhatsApp Android and iOS users are now at risk from malicious video files
[4] – Everything you need to know about PRISM
[5] – NSA taps data from 9 major Net firms
[6] – WhatsApp co-founder Brian Acton: 'I sold my users' privacy'
[7] – Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone
[8] – WhatsApp is storing unencrypted backup data on Google Drive
[9] – WhatsApp hack led to targeting of 100 journalists and dissidents
[10] – Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources
[11] – Police can access suspects’ Facebook and WhatsApp messages in deal with US
[12] – Facebook, WhatsApp Will Have to Share Messages With U.K.
WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6].
Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8]). So – nothing to analyze – “no evidence”. Convenient.
But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].
Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.
Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.
[1] – Why WhatsApp will never be secure
[2] – WhatsApp users urged to update app immediately over spying fears
[3] – WhatsApp Android and iOS users are now at risk from malicious video files
[4] – Everything you need to know about PRISM
[5] – NSA taps data from 9 major Net firms
[6] – WhatsApp co-founder Brian Acton: 'I sold my users' privacy'
[7] – Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone
[8] – WhatsApp is storing unencrypted backup data on Google Drive
[9] – WhatsApp hack led to targeting of 100 journalists and dissidents
[10] – Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources
[11] – Police can access suspects’ Facebook and WhatsApp messages in deal with US
[12] – Facebook, WhatsApp Will Have to Share Messages With U.K.
Telegram keeps growing at a rate of ~50% annually in DAU. This extraordinary growth, unfortunately, still comes with certain growing pains.
Yesterday from 1PM to 2PM GMT about 15% of users who were online at that time experienced connection issues on Telegram. This disruption mainly affected users from Germany, Iraq, Uzbekistan, Russia, Ukraine, Kazakhstan and Belarus.
We apologize for each of the messages we failed to deliver during that hour. We are striving to make our platform as reliable as possible. We are proud that, even despite some attempts to disrupt its availability (like the DDoS from China in June), every year Telegram becomes less prone to such issues.
Yesterday from 1PM to 2PM GMT about 15% of users who were online at that time experienced connection issues on Telegram. This disruption mainly affected users from Germany, Iraq, Uzbekistan, Russia, Ukraine, Kazakhstan and Belarus.
We apologize for each of the messages we failed to deliver during that hour. We are striving to make our platform as reliable as possible. We are proud that, even despite some attempts to disrupt its availability (like the DDoS from China in June), every year Telegram becomes less prone to such issues.
For the past several years, we’ve been fighting the spread of terrorist content on Telegram. We’ve been doing it in a way that is consistent with our values and Privacy Policy. While some pundits quite irresponsibly suggested that absolute privacy and counter-terrorism efforts are mutually exclusive, the success of our regular anti-terror actions prove that this is not the case.
Yesterday Europol recognized our continuous efforts in their statement:
Yesterday Europol recognized our continuous efforts in their statement:
“Telegram is no place for violence, criminal activity and abusers. The company has put forth considerable effort to root out the abusers of the platform by both bolstering its technical capacity in countering malicious content and establishing close partnerships with international organisations such as Europol.This follows another Europol report dedicated to the Referral Action Day, in which several tech companies including Telegram took part:
Thanks to this collaboration, the already-existing content referral tools available to Telegram’s users have been strengthened and expanded. Now, any user is able to refer and classify the content they find inappropriate and violent via the referral feature in public groups and channels. In addition, new technical developments, such as the advanced automated content detection system, continue to strengthen Telegram’s effort in obliterating extremism on the platform even further.”
“Whilst Google and Instagram deployed resilience mechanisms across their services, Telegram was the online service provider receiving most of the referral requests during this Action Day. As a result, a significant portion of key actors within the IS network on Telegram was pushed away from the platform.As I have made clear before, ISIS and their likes will have a hard time on Telegram if they continue to spread their message of violence and hatred. After the ISIS attacks in Europe we have zero tolerance for their propaganda on our platform. At the same time, we’ll continue to defend our users' absolute right to privacy like no other service, proving that you don’t have to sacrifice privacy for security. You can – and should – enjoy both.
In the past year and a half, Telegram has also put forth considerable effort to root out the abusers of the platform by both bolstering its technical capacity in countering malicious content and by establishing a close partnership with Europol.”
Telegram
ISIS Watch
This channel publishes daily updates on banned terrorist content. Report content via the in-app button or by emailing abuse@telegram.org