k_Street Consulting, LLC Blog
What’s Going on With Telegram and the State of Encrypted Communication?
Sorry for the loaded title. There’s a lot to talk about, even for those of you who don’t use or even know what Telegram is.
We’ll try to sum this up, because we think there is a lot to say about security and the nature of technology in this, and like all things these days, there’s some odd rabble-rousing about this whole series of events. Who’s up for a wild ride?
Maybe you’ve seen the headlines:
Telegram Founder, Pavel Durov, Arrested in France
The entrepreneur is facing a pretty broad range of crimes. Let’s take a step back and explain who he is, and what Telegram is.
What is Telegram?
Telegram is a communications app. It’s an instant messenger, similar to WhatsApp (which is owned by Meta), Google Hangouts (which is owned by the owner of Google, Alphabet), and Signal (which is owned by the non-profit Signal Foundation).
Telegram is sort of unique, because it checks a few boxes that some users can’t get from other alternative apps, such as:
- Telegram offers end-to-end-encryption (E2EE). We’ll explain what that is momentarily, but it’s a big one.
- You don’t need a phone number to use it, so it feels less invasive and more private (and it’s also easier to make an account).
- Telegram isn’t owned by some major social media conglomerate like Google or Meta.
So this supposedly super secure, super private messaging app isn’t beholden to the two biggest giants in the tech industry, and that is pretty enticing to many people.
In fact, Telegram has an active user base of about 900 million users. Facebook Messenger has around a billion active users, and WhatsApp sits at 2 billion. This clearly makes Telegram a popular service.
End-to-End-What-Now?
End-to-End-Encryption is a really important feature of modern-day messaging apps. Most anything on the web can encrypt your communication. Technically, when you post something publicly on Facebook, there is a level of encryption that keeps your activity secure.
E2EE is where your information is encrypted, and it isn’t unencrypted until it gets to the intended recipient. That means, theoretically, that not even the app provider, the Internet Service Provider, or anyone in between can intercept and view your content.
When communication is E2EE’d, and you send me a message on Telegram, it means Telegram the company doesn’t know what you sent to me.
You can see why folks would like this, right?
In a world where it feels like you can mention something in passing, and have social media sites deliver ads to you about it within minutes, it sure can feel refreshing to have a communication app that promises to keep its nose out of your business.
Seriously—just a quick tangent. I was talking with my partner about a chain restaurant we went to on a recent trip. This chain restaurant doesn’t have locations anywhere near us. The closest one is a six-hour drive away. I mentioned it to them in the car. Obviously our phones were with us at the time. I’m now getting Facebook and Twitter ads about this chain. This happens a lot, and it’s a topic for a whole other blog. Stay tuned.
So Telegram is popular, and promises security. Sounds good, right?
Oh, one more thing about the whole privacy and security thing—Telegram only uses E2EE in calls and what it calls “secret chats.” Not all communication is encrypted end-to-end on Telegram. It’s worth mentioning that because users often claim that WhatsApp is less secure, but WhatsApp does encrypt all messages, calls, and video calls.
Overall, at least on the surface, there’s a lot to like about Telegram. It’s safer and more secure than most chat apps, and if you don’t like being married to Facebook or Google, it will likely check most of your boxes.
The Telegram Controversy
Everything sounds good, right? So why is the founder and owner of Telegram, Pavel Durov, being held in France?
This doesn’t happen very often in the tech industry, but Mr. Durov, 39, is being charged as being personally liable for the behavior of users on his app. The list of crimes he’s being charged for is pretty wide, but the short of it is that Telegram is being used for a lot of illicit activity.
Pavel Durov was detained by French authorities and is being charged with complicity in managing an online platform to enable illegal transactions by an organized group. This could lead to a sentence of up to 10 years in prison.
Some of the other charges included complicity in crimes such as drug trafficking and fraud, enabling the distribution of child sexual abuse material, and refusing to cooperate with law enforcement.
This is an extremely unique case because we rarely see big tech entrepreneurs held accountable for something that their products and services enable others to do. Telegram probably wasn’t inherently designed to do evil, but due to its privacy and security, it is a safe haven for criminals to commit crimes.
Modern Technology: Privacy Versus Moderation
How long have we (collectively, not just those of us at k_Street Consulting, LLC) been talking about the importance of security and privacy? How long has the world been talking about the level of moderation these massive communication platforms have (or don’t have)? It feels like it’s been a long time.
For almost a decade now, Facebook/Meta has been playing tug of war with itself when it comes to moderating and controlling what sort of content spreads easily and what doesn’t. We’ve seen a major social media platform all but die the goofiest death imaginable with Twitter (or X the Everything App if any of you happen to use its newly adopted name), all in the name of moderation.
Nobody likes to be moderated. Nobody likes their chats and conversations recorded and read for the sake of advertising or analytics. However, a complete lack of moderation seems to turn a platform into a Mad-Max-style playground for bots, scammers, and cybercriminals.
Maybe AI is the answer (but someone needs to moderate the AI, and AI is extremely easy for the savvy user to deceive). Maybe we need to rely on users to be better at reporting problems.
There really isn’t a simple answer to any of this. We are all living in a world full of misinformation and opaqueness, and it’s very easy to become absolutely exhausted by it all. Of course, content moderation can quickly go too far, and nobody wants that either.
The Cybersecurity Take on All of This
First and foremost, Telegram, Signal, Google, Facebook—all of the platforms we mentioned today are all fine to use. No matter what technology you use, there are going to be people thinking about ways to take advantage of it.
Heck, my son can’t play Minecraft without someone coming in and cheating and sneaking away with all of his coveted diamonds.
If a technology interfaces with people, some people might try to spoil the experience.
That’s why it’s important that you make yourself aware of scams and exploits. All of those platforms mentioned above aren’t designed to share malware, but a person can figure out a way to trick you into clicking a link that infects your device. None of the platforms are designed for perpetuating abuse or selling illegal substances either, but people will find a way. No technology is perfect, and even if it were, when millions of people use it, some of those folks are going to be bad eggs.
This is an important lesson for cybersecurity. You aren’t in a constant uphill battle with Microsoft, or with the concept of malware. You are in a battle against people who want to upset your business and take your money.
I’d love to hear your thoughts. If you are a business owner who is stressed out about dealing with the complexities of technology, give us a call at (202) 640-2737, and we’ll do our best to simplify and optimize it for you!
Comments