#e2e #encryption #messenger #telegram

Facebook lately announced that they will share more data between WhatsApp and Facebook. While this is not new and since WhatsApp belongs to Facebook, everyone should assume that the data from WhatsApp is shared within the Facebook company. Most people now are aware about the problem with giving your private data to Facebook but some (many?) still didn’t know that WhatsApp belongs to Facebook or just never thought about the possibility of sharing data within the Facebook companies. Because of the latest announcement from WhatsApp, many alternative messaging services experiencing a flood of new users. Telegram is trying to benefit from the current media attention focusing on the privacy/security issue and that’s fine. The Problem is that they use misleading information about their own privacy/security. A friend send me a post from the founder of Telegram, Pawel Durow in which he explains why WhatsApp is bad/unsecure and Telegram is safe. Well, that’s not true. Let’s look at some of the arguments from the post on Telegram:

 

[1] – WhatsApp Gives Users Ultimatum – Share Data with Facebook or Lose Access
[2] – In December 2020, the Wikipedia article about WhatsApp had the label “This article may have been created or edited in return for undisclosed payments, a violation of Wikipedia’s terms of use”. Related investigation is discussed here.
[3] – Telegram Source Code
[4] – Reproducible Builds for Telegram Apps
[5] – On Digital Resistance in Russia

 

This is all true (I don’t know about [5] though so i can’t say anything about that). But it gets tricky from there:

 

[6] – On Telegram Encryption

 

In the original post his link refers to another post of him in Telegram which then refers to the Telegram FAQ (which i linked here directly) which talks about the Telegram encryption. First they talk about the encryption of WhatsApp and why it’s (in their view) bad and why messaging apps which are known for the gold standard of security/encryption are also not as good as Telegram. Let’s put that aside for a minute and start with Telegram. They write in their FAQ:

 

Q: So how do you encrypt data?

We support two layers of secure encryption. Server-client encryption is used in Cloud Chats (private and group chats), Secret Chats use an additional layer of client-client encryption. All data, regardless of type, is encrypted in the same way — be it text, media or files.

Our encryption is based on 256-bit symmetric AES encryption, 2048-bit RSA encryption, and Diffie–Hellman secure key exchange. You can find more info in the Advanced FAQ.

 

There are 2 options for encryption: “Cloud Chats” (default) and “Secret Chats” which you have to start manually. Cloud Chats are server-side encrypted chats which are only encrypted between the client and the server, so no e2e-encryption. That means, that everyone who controls the Telegram infrastructure (=Telegram staff or an attacker) can access all messages, files and so on. Secret chats are e2e encrypted, but you don’t have all the features from the Cloud Chats because the Server can’t read/sync all the stuff automatically (for example, you can’t continue a Secret Chat in Telegram Web which you started on your phone).

This is all quit normal and most messaging systems have a server-side encryption. That Telegram also has an option for e2e-encryption is good. State-of-the-art-security in messaging is e2e-encryption, period. That this is not default in Telegram makes it less secure for the content of your messages (meta data like: who is connecting with who and how often and so on is not secure in WhatsApp and the main problem besides being closed source software). What they say about the security of Telegram and how it is compared to other messaging systems is misleading at best when they ask:

 

Why Isn’t Telegram End-to-End Encrypted by Default? 

They try to make the argument that default e2e encryption is not that secure and so server-side encryption is fine. That’s nonsense and doesn’t make Telegram more trustworthy. Server-side encryption is better than nothing, it prevents attackers from eavesdropping on your chat when you are on an unsecured network like open WIFI and so on. But its not secure, not at all. The only thing that would make it secure is the fact that you can trust Telegram. Which you might or might not, but that’s not even the point. If you only can trust a system if the servers of that system never gets successfully attacked or you rely on the good faith of the maker of that system, its not secure. But this is what Telegram is try to make you believe. If Telegram gets hacked or they change their mind and share your content with others or an admin/staff member of Telegram is doing something bad: Your messages, documents and everything you send via Telegram would not be secured against any of that. So then you have to ask yourself: Why should i trust Telegram? I don’t, i don’t have a reason to trust them. Managing this kind of infrastructure is expensive, where is the money come from? Since its start, Telegram is financed by one guy. Does that makes you trust this Telegram more than a company which sells ads? Maybe yes, maybe no, you can judge for yourself, but at least its not as easy as “well, they are selling ads so we are more trustworthy”.

So why isn’t e2e-encryption as good as basically every security expert in the world says? Telegram says, because of backups:

 

As for popular apps such as WhatsApp, Viber and Line, they rely on Apple iCloud and Google Drive to store their users’ message history and prevent data loss in case their users lose their smartphones. These backups are not e2e-encrypted and get decrypted whenever the user buys a new phone and restores their WhatsApp/Viber/Line message history. While it may seem that you, as a user, have the freedom to opt out of these backups, in reality there’s little room for choice: even if you opt out (which is unusual and sometimes tricky), people you chat with most likely won’t.

 

This is a fair point but again misleading. It is true that if you activate the backup function in WhatsApp or other Apps, these usually get saved in clear text. Which is not good, no question about that. But i can still choose not to do it. And i can decide to keep the Backups on my phone. This is much more secure than unencrypted messages on Telegram servers. If you activate the Google Drive sync option in WhatsApp, you always have a backup in case your phone blows up, but then you have to trust google (which you again might or might not do, depending on your thread model). Why it should be “unusual and sometimes tricky” to disable backups or backup sync is at least in the case of WhatsApp unclear to me.

So backups don’t make the e2e encryption of WhatsApp in any way less useful or less secure. If you don’t wanna trust companies with your messages, disable the automatic sync and backup your local backup yourself. e2e-encryption is of course much more secure than server-side encrypted “Cloud Chats” of Telegram and they should admit that.

But Telegram has e2e-encryption as well: “Secure Chats”. In this case, Telegram has no access to your messages and that’s why some functions like the sync don’t work (by design). The problem here: The cryptographic model is suspect and Telegram implemented the underlying cryptography in its own way which is not a good practice in information security. That doesn’t mean its not safe, but it means that the way the cryptography is implemented is not as good as it is in WhatsApp and Signal.

Another big problem: Group chats are always server-side encrypted, which is a big problem. I know from experience that many expect that they are e2e-encrypted, so even if you always use Secret Chats, your group chats are always unencrypted. The group chats in WhatsApp are also e2e encrypted.

My Problem with Telegram is not so much that they use server-side encryption by default. Telegram has many cool features which might not be possible with e2e-encryption but there is no excuse for Telegram to say nonsense like “our server-side encryption is effectively as secure as e2e encryption”. It’s not, not at all. Many especially non-technical people use it because of these statements and their believe that Telegram is a secure app. There are many good reasons to use Telegram. Its not owned by a big company, it has many cool features like Bots, its easy to use. But its super-secure model and trusted background are not necessarily two of them.

The irony is that Telegram on their website says that many think WhatsApp is secure only because of “so carefully crafted marketing efforts” by Facebook. Telegrams marketing isn’t that bad as well. Let me be clear: I don’t like WhatsApp, i don’t like Facebook. Its really bad for your privacy (metadata like ip’s, contacts, …). And the fact that it is closed-source is problematic from a security point of view. But it has a much better cryptography implemented, so the content of your messages are more secure in my opinion.

Another one from the original post:

 

[7] – U.S. Government Funded The WhatsApp Encryption

 

Ok, this one is ridiculous. WhatsApp is using the Signal encryption, which is the current gold standard of messaging encryption and is developed and run by a nonprofit organization. This makes it sound like the encryption is somehow less trusted because the developers got funds from the US Government. The US Government also pays for the TOR-Network. With which intentions does that one guy is paying all the bills for Telegram again?

 

[8] – Why WhatsApp Will Never Be Secure

 

Here they make the point that WhatsApp will never be a secure app because its closed source and US based. Again, this is a fair point and WhatsApp can’t really be trusted. But as long as Telegram is not using solid encryption by default, Telegram can’t be trusted either.

So what are the alternatives?

As mentioned before, the gold standard at the moment for secure messaging is the app Signal. Its open source, the cryptographic model is seen as the best for messaging by most crypto experts and its free. Its funded by a non-profit and has many features. And most importantly: e2e encryption is default in both private and group chats.

The app Threema from Switzerland is also known to be good for security and privacy. Lately it became also open source and solved the last problem i had with that app.

Telegram has more features than Signal and Threema. Some might just be because of the good work in that field by the developers of Telegram, but some are just not possible with a strong cryptography. In the end its a trade-off, less security and more features in Telegram or solid encryption with less functions in Signal and Threema. Everyone can choose based on their needs whats best but in the end you have to use what most of your contacts have anyway. Your super secure Signal app doesn’t do much if you are the only one who uses it. But don’t move from WhatsApp to Telegram because its more secure, its not. If you are more comfortable with your data on Telegram servers instead of Facebook servers, this is fine as well.