[ad_1]
Last weekend Raphael Mimoun led a digital security training workshop by videoconference with around ten activists. They belonged to a pro-democracy coalition in a Southeast Asian country, a group at direct risk of being watched and suppressed by its government. Mimoun, the founder of digital security nonprofit Horizontal, asked attendees to list the messaging platforms they had heard of or used, and they quickly evacuated Facebook Messenger, WhatsApp, Signal and Telegram. . When Mimoun then asked them to name the security benefits of each of these options, several pointed to Telegram’s encryption as a plus. It has been used by Islamic extremists, one noted, so it needs to be secure.
Mimoun explained that yes, Telegram encrypts messages. But by default, it encrypts data only between your device and Telegram’s server; you must enable end-to-end encryption to prevent the server itself from seeing the messages. In fact, the group messaging feature that activists in Southeast Asia most often used does not offer end-to-end encryption. They should trust Telegram not to cooperate with any government that tries to coerce it into cooperating to monitor users. One of them asked where Telegram is. The company, Mimoun explained, is based in the United Arab Emirates.
First laughs, then a more serious sense of “awkward realization” spread through the call, Mimoun says. After a pause, one of the participants spoke: “We’re going to have to regroup and think about what we want to do about this.” In a follow-up session, another member of the group told Mimoun that the moment was a “rude awakening”.
Earlier this month, Telegram announced it had passed the 500 million monthly active user milestone and cited a single 72-hour period in which 25 million people had joined the service. This wave of adoption appears to have had two simultaneous sources: First, right-wing Americans sought less moderate communication platforms after many were banned from Twitter or Facebook for hate speech and disinformation, and after Amazon ditched hosting their favorite social media service. Talking, taking it offline.
However, Telegram founder Pavel Durov further attributed the boost to WhatsApp’s clarification of a privacy policy that includes the sharing of certain data – but not the content of messages – with its parent company, Facebook. Tens of millions of WhatsApp users have responded to this reaffirmation of its (multi-year-old) information-sharing practices by fleeing the service, and many have taken to Telegram, arguably drawn in in part to its messaging claims. “strongly encrypted”. “We’ve had download spurts before, throughout our 7-year history of protecting user privacy,” Durov wrote from his Telegram account. “But this time it’s different. People don’t want to trade their privacy for free services anymore.”
But ask Raphael Mimoun – or other security professionals who have analyzed Telegram and spoken to WIRED about its security and privacy gaps – and it’s clear that Telegram is far from the best haven. privacy described by Durov and that many are at risk users believe. “People are turning to Telegram because they think it will keep them safe,” says Mimoun, who last week posted a blog post about Telegram’s flaws which he said was based on “five years of bottleneck frustration ”over misperceptions of his safety. “There is just a very big gap between how people feel and believe and the reality of app privacy and security.”
Telegram’s privacy protections aren’t necessarily flawed or broken on a fundamental level, says Nadim Kobeissi, cryptographer and founder of Paris-based crypto consultancy Symbolic Software. But when it comes to encrypting users’ communications so that they can’t be monitored, that just doesn’t match WhatsApp – let alone the nonprofit secure messaging app Signal, which Kobeissi and most other security professionals recommend. This is because end-to-end WhatsApp and Signal encrypt every message and call by default, so their own servers never access the content of the conversations. Telegram defaults to only “transport layer” encryption which protects the user’s connection to the server rather than from one user to another. “In terms of encryption, Telegram is just not as good as WhatsApp,” Kobeissi says. “The fact that encryption is not enabled by default already puts it far behind WhatsApp.”
[ad_2]
Source link