Put under pressure by the Russian authorities to put an end to the “total anonymity” of user exchanges, Telegram intends to keep its users’ personal data and communication fully confidential. The international instant messenger will not allow security agencies to access such content, stated Telegram’s founder Pavel Durov on his Vkontakte account.
“We have not issued and will not issue personal data and encryption keys to third parties,” he wrote.
“The threat of blocking [Telegram] in just one or two markets will not affect our privacy policy,” he added in a reference to earlier statements from German Klimenko, the newly appointed Internet advisor of Russian president Vladimir Putin.
In an interview with Rain TV (Dozhd’ TV) on December 23, Klimenko assumed that “criminals use the same [communication means] as us, including Telegram, Skype, and emails.”
Since they do not share data with security agencies, these services “de facto help criminals,” Klimenko believes. In such circumstances, Telegram should “either cooperate with the authorities or be [blocked in Russia],” the presidential advisor threatened.
National security vs. user privacy
Klimenko referred to the experience of the USA, France and Germany, which “will also act in the interests of their national security.”
Denying such a comparison, Durov underlined that it is “technically impossible to deprive only terrorists from secure communication means without affecting all law-abiding citizens as well.”
“In Russia’s specific conditions, allowing the police to access private correspondence will lead to the emergence of a black market of personal data, where anyone will be able to ‘listen’ to anyone for money,” Durov warned. According to him, such is already the case with mobile phone conversations via “any Russian operator.”
Since its launch in 2013, Telegram has been presenting user privacy protection as one of its key features. The messenger uses the MTProto, a data transfer protocol developed by Durov’s brother Nikolai. According to Durov, the developers had built the system on the assumption that all communication channels are tapped, and therefore added enough intricacy to its original code to safeguard users against any breach of privacy. Neither security agencies nor even Telegram’s own systems administrators can get access to user chats, Durov claimed in 2013.
From cyber jihad to expert controversy
These assertions seemed sadly confirmed last month when, following the terrorist attacks in Paris, Telegram was pointed out as being a privileged means of communication for jihadists.
However, not all encryption experts agree with Telegram’s claim of full confidentiality. According to Thomas Ptacek, a US specialist in cryptographic and embedded software security, “by default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever sent or received on THEIR SERVER,” thus creating significant vulnerability.
“This is false: Telegram never stores plaintext of messages, and deleted messages are erased forever,” Durov tweeted in his answer to Ptacek. “Do you get paid for posting BS?,” he asked sarcastically.
NSA whistleblower Edward Snowden came in support of Ptacek. “Without a major update, [Telegram] is unsafe,” he tweeted. “To be clear, what matters is that the plaintext of messages is *accessible* to the server (or service provider), not whether it’s stored.”