Telegram, the ‘Encrypted Messaging App’ ⇥ blog.cryptographyengineering.com
An un-bylined report in Le Monde:
French judicial authorities on Sunday extended the detention of the Russian-born founder and chief of Telegram Pavel Durov after his arrest at a Paris airport over alleged offenses related to the popular but controversial messaging app.
I believe it is best to wait until there is a full description of the crimes French authorities are accusing Durov of committing before making judgements about the validity of this arrest. Regardless of what is revealed, I strongly suspect a lot of the more loudmouthed knee-jerk reactionary crowd will look pretty stupid and will, in all likelihood, dig in their heels looking even stupider in the process. Best to wait until we know more.
This Le Monde article goes on to describe Telegram as an “encrypted messaging app”.
But this arrest is not what I want to talk about today.
What I do want to talk about is one specific detail of the reporting. Specifically: the fact that nearly every news report about the arrest refers to Telegram as an “encrypted messaging app.” […]
This phrasing drives me nuts because in a very limited technical sense it’s not wrong. Yet in every sense that matters, it fundamentally misrepresents what Telegram is and how it works in practice. And this misrepresentation is bad for both journalists and particularly for Telegram’s users, many of whom could be badly hurt as a result.
Despite the company’s press page saying “[e]verything sent on Telegram is securely encrypted” and building much of its marketing around how “safe” and “secure” it is, there is a big difference between what Telegram does and the end-to-end encryption used by services like Signal and WhatsApp. There is, in fact, no way to enable what Telegram calls “secret chats” by default.
One can quibble with Telegram’s choices. How appealing it is to be using an app which does not support end-to-end encryption by default is very much a user’s choice. But one can only make that choice if Telegram provides accurate and clear information. I have long found Apple’s marketing of iMessage deceptive. Telegram’s explanation of its own privacy and security is far more exploitative of users’ trust.