French police arrested Pavel Durov, the outspoken and sperm-obsessed co-founder of Telegram, over the weekend on charges related to the spread of illicit material on the platform. As news spread of Durov’s arrest, outlets and pundits repeated a description of Telegram that isn’t true: they called it an encrypted messaging app.
Reuters called Telegram an “encrypted application.” In Axios, Telegram is an “encrypted messaging app.” CNN quoted failed presidential candidate Robert F. Kennedy JR’s description of Durov as the CEO of the “encrypted, uncensored Telegram platform.”
Telegram is a lot of things—a great place for open-source intelligence about war, a possible vector for child sex abuse material, and a hub for various scams and crimes—but it is absolutely not an encrypted chat app. Does Telegram provide an encrypted chat option? Yes, but it’s not on by default and turning it on isn’t easy.
The distinction between encrypted and unencrypted apps is important. WhatsApp and Signal, for example, are end-to-end encrypted out of the box. They’re not completely secure but they do a pretty good job of keeping your information safe provided someone doesn’t get hold of your devices.
With Telegram, all bets are off. Telegram is mostly about big group chats and channels where people share information with their fans. DMs are not, by default, end-to-end encrypted. Users can enable what Telegram calls “secret chats” but must do so for every single conversation they want encrypted. This is never on by default and can’t be activated for group DMs or channels.
As John Hopkins security researcher Matthew Green pointed out in his blog on the subject, it’s also a pain in the ass to activate. “The button that activates Telegram’s encryption feature is not visible from the main conversation pane, or from the home screen. To find it in the iOS app, I had to click at least four times—once to access the user’s profile, once to make a hidden menu pop up showing me the options, and a final time to ‘confirm’ that I wanted to use encryption. And even after this, I was not able to actually have an encrypted conversation, since Secret Chats only works if your conversation partner happens to be online when you do this,” Green said.
Again, you have to do this for every single chat you want kept hidden. With Signal and WhatsApp, it’s on by default for every conversation.
So why does the world seem to think of Telegram as an encrypted app? Durov constantly says that it is and attacks the encryption of other platforms. In a long post on his Telegram channel (which isn’t encrypted) in May, Durov accused the U.S. government of having a hand in the creation of Signals’ encryption systems.
“It looks almost as if big tech in the U.S. is not allowed to build its own encryption protocols that would be independent of government interference,” he said. “Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private.”
Durov has been bashing Signal and WhatsApp for years. He pursued a similar line of attack in 2017. “The encryption of Signal (=WhatsApp, FB) was funded by the U.S. Government,” he said in a tweet back then. “I predict a backdoor will be found there within 5 years from now.”
Durov is right that Signal did get government grants early in development. It also got them from a lot of other places, including the Knight Foundation and the Freedom of Press Foundation. It’s ludicrous to claim, without proof, that a $3 million grant early in development equates to any kind of control or backdoor. It barely makes a dent in the $50 million it costs to run Signal annually now. Signal’s encryption algorithms are also open source and numerous cybersecurity experts have vouched for their authenticity.
More than five years later Telegram still doesn’t have end-to-end encryption on by default, Signal is fixing its known security issues, and the French have arrested Durov on a host of charges related to the spread of illicit material on the platform.
