Telegram – share messages and photos

Picture: Bloomberg

All of you must have heard rumors and stories that Telegram is insecure and does not provide any privacy to its users. And he also has the server part of the code closed. What a horror, you definitely cannot trust such a messenger. It is better to use Signal, which is now so relevant among the community.

All the arguments may sound really convincing, but the fact is that they are not true. Next, we will try to dispel one of the main myths about Telegram, and also explain why you can still use it. And the main myth has nothing to do with reality.

First, it is worth identifying. Telegram does not give the user anonymity and it is not an anonymous messenger at all. Anonymity and privacy are two different things. We generally called it a social network with a bunch of useful features and private secret chats, which we’ll talk about later.

End-to-End Encryption

By default, standard Telegram chats do not use end-to-end encryption. They are simply located on the Telegram servers in encrypted form. This allows them to be synchronized across devices. Thus, gaining access to the necessary files and correspondence. For now, let’s call these chats insecure and non-private, but then we’ll get back to them.

Note that encrypted chat in the cloud and Secret chat with end-to-end encryption are two different things.

As for Secret chats, these are chats that use end-to-end encryption. It is end-to-end encryption that ensures the secure transmission of information between two users. Secret chat in Telegram guarantees that no one can read the message except for the two participants in these chats. Even if the message is intercepted, no one will be able to access its contents.

Telegram – share messages and photos

Picture: GooglePlay

The End-to-End Encryption Scheme for Secret Chats is a highly secure encryption system. And most importantly, this scheme is available for viewing by anyone. Because the client part of the “Cart” is completely open.

Also, the Telegram application can be built through deterministic compilation. This allows you to make sure that the application completely matches the code that is available in the public domain to the nearest bit. It is very important!

And then a counterargument arrives from Petya, the factory worker. “But the backend of the Cart is not open source, and therefore Secret chats cannot be trusted.” So this is complete nonsense. We explain why.

Given that the keys for end-to-end encryption are created on the user’s device and are created using an absolutely transparent and secure algorithm, and then messages are encrypted with this key on this user’s device. It makes absolutely no difference what happens to these encrypted messages on the Telegram servers. Because these messages come to the server already in encrypted form. Telegram itself, and no one else except the recipient, can read this message. In this case, Telegram is just a bridge between the sender and the recipient. And the server part has nothing to do with the privacy and security of Secret chats in Telegram.

Server Source Code

Now about why opening the source code of the Telegram server side is absolutely pointless. Firstly, because this will not affect the ability to check Secret chats in any way, since this can be done exclusively on the client side. Secondly, even if the server-side source code is open, it is impossible to make sure that this particular code is actually executed there. But the client part, which is the key to checking the integrity of Secret chats, can be easily assembled and made sure that the code matches the final application.

Telegram – share messages and photos

Picture: GooglePlay

Now back to standard cloud chats. As already mentioned, they are encrypted in the Telegram cloud storage. Cloud chats are encrypted on Telegram servers. And in this case, it can no longer be verified. Even if the server side had open source, again, this does not guarantee that this particular code is executed there. Therefore, it is impossible to say that cloud chats are safe and private. Because there is no way to check it. However, it can be argued that Secret Chats are absolutely safe, private and reliable. Therefore, everyone who says that Secret chats are read by special services and are absolutely unsafe, they are either misled or deliberately advertise the messenger.

As for the Signal messenger. It’s just a messenger that uses end-to-end encryption by default in all chats. It is also open source and has the ability to build an application via deterministic compilation. The only question. Why download a separate app just for the feature that Telegram’s Secret Chats have?

Using a phone number

Now, regarding the use of a phone number to create an account. This does not affect the integrity and privacy of Secret Chats in any way. The only thing that comes to mind is the timing attack. Because the Telegram server transmits your messages and knows when they were sent. At these time intervals, you can try to compare certain events and already by your phone number to get to your personality. However, this is not a problem either. We think that it is not a secret for anyone that for three rubles you can receive an SMS to a one-time virtual number and create an account. Thus, increasing your privacy even more.

Telegram – share messages and photos

Picture: GooglePlay

However, all this secret chat story does not make Telegram an ideal option for secure correspondence. This only showed that Secret chats in Telegram are really private and safe. And using them, you can definitely be sure of the integrity. But, for example,

Jabber would be more preferable. Because there you can choose a server for sending messages, or you can start your own. And this already protects against potential timing attacks.

What conclusion can be drawn? Don’t trust everything they say on the internet. Don’t even take our word for it. Take it and check everything yourself.