Russians have turned to the popular hybrid messaging-forum app Telegram for news and conversations about the war in Ukraine that’s not the officially state-sanctioned version of events. But some of these Telegram users might want to tread lightly.
Telegram has a reputation as a secure messaging app, but, contrary to that reputation, not all communications on the platform have the highest level of security. Unlike on Signal or WhatsApp, messages on Telegram are not end-to-end encrypted by default. End-to-end encryption prevents even the platform from knowing the content of users’ messages. Instead, Telegram uses a different type of encryption that does not protect the privacy of conversations from Telegram itself. Here’s Mashable’s detailed breakdown on Telegram’s privacy blindspot.
Telegram users can enable end-to-end encryption for some messages by making them “secret,” but that’s not the default, and it’s limited to one-on-one chats and not extended to private group messages. That’s particularly worrisome to privacy experts because group messages are where a lot of organizing against the war in Russia is taking place, according to Eva Galperin, the Electronic Frontier Foundation’s director of cybersecurity.
Ukrainians are also using Telegram, and the fully end-to-end encrypted messaging app Signal. But the matter of cybersecurity may be understandably less top of mind to people under threat of bombing than it is to people within Russia who may be organizing or speaking out against the government.
That makes Galperin concerned that some of these Russian Telegram users may be vulnerable to having their private information exposed, which could happen in a few ways. The first is that the Russian government might demand that Telegram hand over this user information. Telegram stood up to Russia in 2018 when Russia previously required this, and Russia took Telegram to court as a result. Russia dismissed the case in 2020. Still, using Telegram means users’ conversations and metadata are not protected from the platform itself.
“All of this data is available to Telegram as a company, and because of that, you’re essentially trusting Telegram not to hand it over,” Galperin said.
But Galperin believes the greater threat has to do not with Telegram’s trustworthiness, but with its security.
“What I would have much less confidence in is Telegram’s ability to protect that data from hacking or insider threat,” Galperin said.
In this scenario, a hacker might access Telegram’s records in order to hand over the data to outside parties. Even worse is what Galperin thinks is “the single most likely source of threat”: that someone within Telegram might compromise that security, accessing and transferring user data, with the company and the public none the wiser.
Still, Telegram has been a valuable source of counter-propaganda for Russians. Which makes another possible scenario: Russia cutting off access to Telegram entirely.
“I wonder if the government very soon will speed up its attempts to block Telegram,” Ian Garner, a Russian historian who has been documenting social media trends in the Ukraine war, said over email.
Galperin said that this would be technically possible. And not having an information pipeline — even a cryptographically flawed one — is concerning in and of itself.
“Fundamentally, yes, people should be concerned about using Telegram,” Galperin cautioned. “But realistically, people just need to be aware of what the risks are so that they can make an informed decision.”