Telegram – “secret”? Yeah, right

A few words about why Telegram isn’t as secure as its developers boast.

Is Telegram a secure messenger?

Telegram’s developers position their product as safe and protected. But in practice that’s not entirely true: the reality is that Telegram has a number of quirks that make protecting your messages a little tricky, and it’s got nothing to do with the complexities of cryptography, but with much more prosaic stuff. Let’s take a look at some rather dubious features in both the messenger’s interface and general logic that make it less secure than is commonly believed.

Shades of secure messaging

To start with, let’s figure out how a secure messenger works. The first thing to realize is that almost all modern messengers long ago switched to encrypted data exchange between user devices and servers. That’s the absolute minimum that any messenger should provide. However, that’s not enough to consider a system secure, since it does not guarantee total message security.

Here’s why: if not only messaging participants but also the service has access to chats, then that creates additional risks. For example, the owners of the service themselves may turn out to be overly curious or greedy. Or, even if we assume they’re honest to the core and have no desire to stick their noses into users’ data, where’s the guarantee that, if the service is one day sold, the next owners would be as honest? And then of course the service could get hacked, in which case the hackers themselves would gain access to correspondence.

However, there’s a very effective way to avoid all these dangers and answer the question of whether the service can be trusted once and for all: end-to-end encryption. This ensures that information is encrypted on the sender’s device and decrypted only on the recipient’s device. As such, the service sends back and forth only encrypted messages and does not have access to the content. This automatically protects correspondence from nosy owners (current or future) and from the other troubles that might occur.

So, we arrive at a very simple formula: a secure messenger is one that uses end-to-end encryption. Now let’s see how Telegram handles all this.

1. Not all Telegram chats are equally secure

Let’s go straight to the root of the problem: Telegram is a unique messenger with two types of chats: regular and secret. Regular chats are not end-to-end encrypted. Only secret ones are.

No other messenger does this: even the notorious WhatsApp, part of Mark Zuckerberg’s data-hungry empire, uses end-to-end encryption by default. The user doesn’t need to do anything at all, there are no special checkboxes or anything: messages are protected from all outsiders (including the service owners) right out of the box.

As for messengers that explicitly position themselves as secure and protected, no one at Signal or Threema would ever think of having two types of correspondence: one end-to-end encrypted, one not. Why bother if you can make all chats equally safe without discombobulating the user? But Telegram is one of a kind.

2. About those defaults…

By default, Telegram chats do not use end-to-end encryption, and nor does the messenger inform users about the secure chat option. Who could have thought that a user who just installed a messenger precisely because it was advertised as secure wanted to keep correspondence private? Answers on a postcard, please. The upshot is that when a user creates a new chat, Telegram neither offers to secure it nor even hints at the existence of an option other than the default chat.

I’m willing to bet there are thousands, if not millions, of folks who entrust important secrets to Telegram chats in the full confidence that they’re securely protected by default, yet use regular chats with no end-to-end encryption.

What’s especially interesting is that the secret chat button is hidden as deep as possible. It’s not in the chat interface itself. It’s not available at the next level either: even if you tap the name of your chat partner and go to their profile, you won’t find the coveted button there. You need to dig a bit deeper: tap the three dots menu, rummage around in the secondary features, and there it is — the secret chat option with end-to-end encryption.

3. Why all the secrecy anyway?

Another complaint arises regarding the name Telegram has given to its end-to-end encrypted chats. The developers could have called them something neutral like “secure”, “protected”, or “private”. But no: they went for “secret” — and this word has a very interesting effect on people’s perception.

Many a time, after creating a secret chat in Telegram, I receive a sarcastic quip from the other end something like: “Wow James – For My Eyes Only, eh?!?” Others apprehensively enquire as to what could possibly be so important – or naughty or something else – for its needing to be secret.

Sure, it’s doesn’t happen every time: some people don’t make such comments – or stop making them after a few times. But the fact remains that when you switch to Secret Chat mode, it provokes a certain emotional reaction. You immediately feel like a spy, or a hardcore gossip-monger, or part of some other cloak-and-dagger operation. This simple and seemingly innocuous word triggers a very biased response in people’s mind.

And, I want to emphasize that it happens for no objective reason at all. When you start a chat on WhatsApp or Signal, no one ever asks or cares why you’re using end-to-end encryption. That’s because all WhatsApp and Signal chats use it without asking! In Telegram, however, the natural desire to protect a chat turns into a part of the chat itself, making participants feel at least uncomfortable, if not downright idiotic.

4. Missing bells and whistles

The situation is further complicated by the fact that secret chats lack some features available in regular, unencrypted chats. And although the list isn’t long — no emoji reactions or pinned messages — their absence may well put some people off using secure chats. And that’s understandable: the lack of total privacy feels abstract, while the discomfort of not being able to give a thumbs-up is more concrete.

Again, there’s no objective reason for this. In WhatsApp, emoji reactions work perfectly — end-to-end encryption doesn’t interfere in the slightest. I can only surmise that secret chats have long become such a fringe concern for Telegram’s developers that the implementation of new features in them gets kicked not into the long grass but off the cliff.

5. Two’s company, three’s a crowd

Let’s say you manage to persuade your fellow chatters that there’s nothing strange about Secret Chat mode and it’s worth losing a couple of features for the sake of privacy. That in itself is no small achievement — and not everyone can pull it off. But don’t get too comfortable just yet: sooner or later there’ll come a moment when you need to discuss something as a group. And naturally you want to do it in a secure chat. Here Telegram has another surprise for you: it isn’t possible. Telegram group chats cannot be end-to-end encrypted. Period. There’s no such option.

To talk in a group of three or more, you have to either sacrifice security or drag everyone into a secure chat in another messenger. If your chat partners are used to Telegram, the first scenario is the most likely outcome since it takes only one stubborn person to ruin the effort.

Admittedly, from a technical point of view, implementing end-to-end encryption of group chats is no easy task. That said, the aforementioned WhatsApp, Signal, and Threema all provide end-to-end encryption of group chats by default the same way as for dialogs. The problem has even been solved for video conferencing.

6. More isn’t always better

There’s one other thing in Telegram that makes the lives of its users harder: the ability to create as many secret chats with the same person as you like. It’s clear why this is so: encrypted chats are tied to an encryption key that’s stored on the device and cannot be transmitted anywhere. Evidently, Telegram’s developers wanted to make it possible to use the messenger on several devices simultaneously. Hence the multiplicity of encrypted dialogs: for each new device you need to create a new secret chat (although WhatsApp somehow managed to solve this problem without multiplying chats). And since such an option exists anyway, why stop there? Let’s allow users to spawn as many secret chats as they wish (on top of regular ones).

I admit that in some exotic circumstances it may be useful to have several separate chats with the same person. But in most cases it’s highly inconvenient and adds unnecessary confusion. It’s especially challenging to try to recall on which device and in which chats someone sent you a phone number or other information (link, e-mail, account number, address) that’s needed right now. For some, this confusion is a convincing argument against the use of Secret Chat mode.

7. Another take please?

Regular, non-encrypted chats are stored on Telegram’s servers and automatically appear on all devices after you sign in to the messenger. As mentioned above, this is not the case with encrypted secret chats: these remain on the device.

What should you do if you bought a new phone and want to migrate all your data to it, including encrypted Telegram dialogs? There’s nothing to do: Telegram doesn’t let you transfer secret chats to a new device. There are “folk remedy” solutions for Android, but they’re neither simple nor safe to use. And for iPhone users such dubious methods don’t exist at all. So, if you do switch to a new phone, all Telegram messages in secret chats will be lost forever.

A couple more nuances: first, you’d have to set up all your secret chats again, remembering whom you chatted with on your old device. Second, you’d need to explain to all of your contacts that you have a new phone and that they need to write to a new chat because you no longer have access to the old chats. Don’t think that Telegram will do it for you. Your friends will still have the old chats on their devices. They’ll even be able to send something in them, but you won’t ever see it.

No secrets

To sum up, although in theory it’s possible to communicate securely in Telegram through secret chats, in practice things aren’t so straightforward. Since most folks always prefer the path of least resistance, they end up using regular chats without end-to-end encryption. Many probably don’t even realize they’re using an unprotected channel. But even if they do, they most likely don’t see the point of suffering for the sake of privacy, and treat attempts toward secure communication with skepticism.

One more time: protecting all your Telegram communication is no easy task. It requires plenty of effort on your part and with no guarantee of success. And even if, through blood, sweat, and tears, you do manage to make your dialogs secret, your group chats will remain unencrypted no matter what.

Tips

Cybersecure Christmas

Many hacks have started during Christmas holidays. A few simple tips will reduce the chances of your company becoming the next victim.