Aller au contenu principal

Telegram (software)


Telegram (software)


Telegram Messenger, commonly known as Telegram, is a cloud-based, cross-platform, encrypted instant messaging (IM) service. It was originally launched for iOS on 14 August 2013 and Android in October 2013. It allows users to exchange messages, share media and files, and hold private and group voice or video calls as well as public livestreams. It is available for Android, iOS, Windows, macOS, Linux, and web browsers. Telegram also offers end-to-end encryption in voice and video calls, and in optional private chats, which Telegram calls Secret Chats.

Telegram also has social networking features, allowing users to post stories, create large public groups with up to 200,000 members, or share one-way updates to unlimited audiences in so-called channels. The service also provides an open API for the creation of custom bots which can perform various tasks, integrate other services into Telegram chats, or work as mini apps.

Telegram was founded in 2013 by Nikolai and Pavel Durov. Its servers are distributed worldwide, while the headquarters are in Dubai, United Arab Emirates. Telegram is the most popular instant messaging application in parts of Europe, Asia, and Africa.

As of March 2024, Telegram has more than 900 million monthly active users, with India leading in the number of users. It was the most downloaded app worldwide in January 2021 with 1 billion downloads globally as of late August 2021.

History

Development

Telegram was launched in 2013 by the brothers Nikolai and Pavel Durov. Previously, the pair founded the Russian social network VK, which they left in 2014, saying it had been taken over by the government. Pavel sold his remaining stake in VK and left Russia after resisting government pressure. Nikolai created the MTProto protocol that is the basis for the messenger, while Pavel provided financial support and infrastructure through his Digital Fortress fund. Telegram Messenger states that its end goal is not to bring profit, but it is not structured as a non-profit organization.

Telegram is registered as a company in the British Virgin Islands and as an LLC in Dubai. It does not disclose where it rents offices or which legal entities it uses to rent them, citing the need to "shelter the team from unnecessary influence" and protect users from governmental data requests. After Pavel left Russia in 2014, he was said to be moving from country to country with a small group of computer programmers consisting of 15 core members. While a former employee of VK claimed that Telegram had employees in Saint Petersburg, Pavel said the Telegram team made Berlin, Germany, its headquarters in 2014, but failed to obtain German residence permits for everyone on the team and moved to other jurisdictions in early 2015. Since 2017, the company has been based in Dubai. It has a complex corporate structure of shell companies to delay complying with government subpoenas.

Usage

In October 2013, Telegram announced that it had 100,000 daily active users.

On 24 March 2014, Telegram announced that it had reached 35 million monthly users and 15 million daily active users. In October 2014, South Korean government surveillance plans drove many of its citizens to switch to Telegram from the Korean app KakaoTalk. In December 2014, Telegram announced that it had 50 million active users, generating 1 billion daily messages, and that it had 1 million new users signing up on its service every week, traffic doubled in five months with 2 billion daily messages. In September 2015, Telegram announced that the app had 60 million active users and delivered 12 billion daily messages.

In February 2016, Telegram announced that it had 100 million monthly active users, with 350,000 new users signing up every day, delivering 15 billion messages daily. In December 2017, Telegram reached 180 million monthly active users. By March 2018, that number had doubled, with Telegram reaching 200 million monthly active users.

On 14 March 2019, Pavel claimed that "3 million new users signed up for Telegram within the last 24 hours." He did not specify what prompted this flood of new sign-ups, but the period matched a prolonged technical outage experienced by Facebook and its family of apps, including Instagram. According to the US Securities and Exchange Commission, as of October 2019, Telegram had 300 million monthly active users worldwide.

On 24 April 2020, Telegram announced that it had reached 400 million monthly active users.

On 8 January 2021, Pavel announced in a blog post that Telegram had reached "about 500 million" monthly active users. In August, TechCrunch reported that India was Telegram's largest market, with a 22% share of total installs coming from the region. Telegram then gained over 70 million new users as a result of an outage which affected Facebook and its affiliates on 5 October 2021.

In March 2022, Telegram's usage share in Russia had jumped to 63%, overtaking WhatsApp's usage share of 32% to become the most popular messaging app in the country. On 19 June 2022, Telegram announced that it had reached 700 million monthly active users.

In July 2023, Telegram has more than 800 million monthly active users.

Since July 2023, Telegram had been the most popular social media in Russia, with a market share of 46.8% as of December 2023.

As of March 2024, Telegram has more than 900 million monthly active users according to Pavel.

Features

Messaging

To start using Telegram, a user must sign-up with their phone number or an anonymous +888 number purchased from the Fragment blockchain platform. Changing the phone number in the app will automatically reassign the user's account to that number without the need to export data or notify their contacts. Phone numbers are hidden by default with only a user's contacts being able to see them. Sign-ups can only be done via an Android or iOS device. Upon signing up, messages sent and received by the user are tied to their number and a custom username, not the device. Any Telegram content is synced between the user's logged-in devices automatically through cloud storage, except for device-specific secret chats. By default, any account that is inactive for 6 months by default is automatically deleted, though the period can be shortened or extended up to 12 months through the Settings menu. Telegram allows groups, bots and channels with a verified social media or Wikipedia page to be verified, but not individual user accounts.

Messages can contain formatted text, media, files up to 2 GB (4 GB with Premium), locations and audio or video messages recorded in-app. Telegram messages in private chats can be edited up to 48 hours after they were sent with an “edited” icon appearing to reflect changes, as well as deleted for both sides without a trace. Users have the option to delete messages and whole chats for both themself and other participants. Chats can be exported to preserve them via Telegram's Desktop client, although the saved data cannot be imported back into the user's account.

Users can however import chat history, including both messages and media, from WhatsApp, Line and Kakaotalk due to data portability, either making a new chat to hold the messages or adding them to an existing one.

As users can be logged into many devices at once, starting to type a message on one of them will create a “cloud draft” that syncs with others, so typing can be started on a phone and finished on a laptop, for example.

Any message in any chat can be translated by opening the context menu. Premium users have the option to translate the whole chat with one click. Users can hide the translate button for messages written in specific languages.

Reactions can be used to respond to a message with emoji, with Premium users having access to more reaction choices and the ability to leave more reactions per message. Reactions are always on in private chats and can be enabled by admins in groups and channels with the ability to allow or exclude specific reactions. Reaction emoji play an animation with special effects when sent.

Users can also send stickers, which can be static, animated or video. Sticker packs are made by Telegram designers as well as regular users and can be shared via links. They use the WebP or WebM format and do not require special software to create or upload. Some stickers feature full-screen effects that play out when first sent or when tapped.

Users can schedule messages to send at a particular time or when their conversation partner comes online, as well as choose to send a message “without sound” without a notification. Messages from private chats can be forwarded, with an option to hide the original sender's identity or to hide captions from media messages. Forwarded messages also maintain reply formatting, able to show which messages in a thread are replying to others. Any user can also send a message to a special “Saved Messages” chat as a form of bookmarking them. The contents of the chat are only visible to the user.

Users can opt-in to People Nearby by turning on their phone's GPS location to see other users in the area who have opted into the feature.

Chats can be sorted into folders to organize them with preset options like “Unread” and “Muted” or custom separations such as “Work” and “Family”. Premium users have the ability to set any chat folder as the default screen in the app while regular users will always see the full chat list when first opening the app.

Users have the option to start a one-on-one, end-to-end-encrypted “Secret Chat”, which remains accessible only on the device where it was started and self-destructs upon logging out. Secret Chats restrict screenshotting from Android devices and warn when one is taken from an iOS device, while also hiding the chat contents from the final image. Secret Chats support perfect forward secrecy and switch encryption keys after a key has been used 100 times or a week has passed. Secret Chats are only available on Android, iOS and macOS clients.

Both in Secret and regular chats, messages can self-destruct after they are read, disappearing for all parties after a period set by the user, ranging from 1 day to 1 year.

Groups and channels

Telegram users can create and join groups and channels. Groups are large multi-user chats that support up to 200,000 members and can be public or private. Users can freely join public chats and find them using the in-app search function, while private chats require an invitation. They support flexible admin rights and can use bots for moderation to prevent spam and unwanted activity. Groups can be split into topics, effectively creating subgroups dedicated to various subjects with separate settings for each.

Admins can choose to hide the list of members in a group, as well as post anonymously themselves. Similarly, groups and channels can have content protection enabled, which prevents screenshots, forwarding and downloading of media. Ownership of channels and groups can be transferred to one of the admins if the owner wishes to give up their rights.

Groups support threaded replies, where bringing up the context menu on a message allows one to open a screen with a thread of replies made to that message and the subsequent ones in the thread. Specific users can be tagged in the group by adding @username to a message, where “username” is that particular user's username.

Groups and channels also support polls, which can be open or anonymous and can support multiple choices. When forwarded, polls retain the answer data and any votes cast in other chats will count toward the overall total.

Channels are one-way feeds where the channel owner or admins can post content while followers can only read, react and comment, if comments have been enabled. Channels can be created for broadcasting messages to an unlimited number of subscribers. The list of those who subscribe to a channel can only be seen by its admins. Posting in the channel is anonymous, though admins can choose to add signatures to their posts. Channels offer detailed statistics on view counts, user growth and interactions, also visible only to admins. Channel owners are able to use Telegram to create giveaways, randomly awarding channel members with prizes such as Telegram Premium subscriptions to their followers, based on certain criteria. Users with a Telegram Premium subscription have a number of "boosts" that they can give to channels, which allow the channel to "level up" and unlock features, such as the ability to customize messages or post stories as the channel.

In December 2019, Bloomberg News moved their messenger-based newsletter service from WhatsApp to Telegram after the former banned bulk and automated messaging. Other news services with official channels on the platform include the Financial Times, Business Insider and The New York Times.

Channels have also been used by governments and heads of state. Notable examples include Volodymyr Zelensky and Emmanuel Macron. Channels have been used by journalists in oppressive regimes to establish independent news networks.

Video and voice calls

Since 2017, Telegram users have been able to initiate one-on-one calls in private chats. Calls are end-to-end encrypted and prioritize peer-to-peer connections. Video calls were introduced in August 2020. According to Telegram, there is a neural network working to learn various technical parameters about a call to provide better quality of service for future uses.

Telegram added group voice chats in December 2020 and group video chats in June 2021. Group voice and video chats support picture-in-picture video, as well as sharing one's screen, creating a recording of the call, noise suppression and selective muting. In channels, users can start a livestream, able to integrate with third-party apps such as OBS Studio and XSplit.

Once launched, a group voice chat will remain active and open to all group members until an admin specifically closes it.

Privacy and security features

By default, logging into Telegram requires either an SMS message sent to the registered number or a code message sent to one of the active sessions on another device. Users have the option to set a two-step verification password and add a recovery email. In late 2022, options to Sign in with Apple and Sign In with Google or with an email address were added. Whenever a new device successfully logs in to a user's account, a special service notification is sent and a login alert is displayed in the chat list of their other devices.

In the Privacy and Security submenu of Settings, users have the option to hide their “Last Seen” status, which reflects the last time the user opened a Telegram app. Hiding the status obfuscates the exact time of the user being online and hides the statuses of other people respectively. Similarly, users can hide their phone number and profile photo from people based on categories such as Non-Contacts or by adding exceptions. When a user chooses to hide their profile photo, they have an option of setting an alternative "Public Profile Picture" that will be shown instead.

In the same menu, users can restrict the circle of people who can call them or invite them to groups and channels, while Premium users also have the option to restrict who can send them voice messages.

The Devices submenu shows all of the active devices on a user's account and allows them to remotely log out from those devices.

Data and storage settings

Telegram clients have the ability to turn off media autoplay and automatic downloads for both WiFi and mobile data, adjusting them for media type and size. Auto download settings can also be applied based on chat type such as group, channel or private.

Cache settings can be changed to automatically clear the cache once it reaches a certain size or a certain time passes. The interface shows users a visual representation of their storage usage and also lets them sort their cached media by size to clear specific items.

Bots

In June 2015, Telegram launched a platform for third-party developers to create bots. Bots are Telegram accounts operated by programs. They can respond to messages or mentions directly or can be invited into groups, and are able to perform tasks, integrate with other programs and host mini apps. Bots can also accept online payments made with credit cards or Apple Pay. The Dutch website Tweakers reported that an invited bot can potentially read all group messages when the bot controller changes the access settings silently at a later point in time. Telegram pointed out that it considered implementing a feature that would announce such a status change within the relevant group. There are also inline bots, which can be used from any chat screen. To activate an inline bot, a user must type the bot's username and a query in the message field. The bot then will offer its content. The user can choose from that content and send it within a chat. Certain approved bots are also able to integrate into the attachment menu, making them accessible in any chat.

Bots can also handle transactions provided by Paymentwall, Yandex.Money, Stripe, Ravepay, Razorpay, QiWi and Google Pay for different countries. Bots also power Telegram's gaming platform, which utilizes HTML5, so games are loaded on-demand as needed, like ordinary webpages. Games work on iPhones 4 and newer and on Android 4.4 devices and newer.

People can use Internet Of Things (IoT) services with two-ways interaction for IFTTT implemented within Telegram.

In April 2021, the Payments 2.0 upgrade enabled bot payments within any chat, using third-party services such as Sberbank, Tranzoo, Payme, CLICK, LiqPay and ECOMMPAY to process the credit card information.

In February 2018, Telegram launched their social login feature to its users, named Telegram Login. It features a website widget that could be embedded into websites, allowing users to sign into a third party website with their Telegram account. The gateway sends users' Telegram name, username, and profile picture to the website owner, while users' phone number remains hidden. The gateway is integrated with a bot, which is linked with the developer's specific website domain.

In June 2021, an update introduced a new bot menu where users can browse and send commands while in a chat with a bot.

In April 2022, bots gained support for customized interfaces and inline page loading. Interfaces can be adjusted to match the app's theme even if it changes while interacting with the bot.

Stickers and animated emoji

Telegram has more than 20,000 stickers. Stickers are cloud-based, high-resolution images intended to provide more expressive emoji. When typing in an emoji, the user is offered to send the respective sticker instead. Stickers come in collections called "packs", and multiple stickers can be offered for one emoji. Telegram comes with one default sticker pack, but users can install additional sticker packs provided by third-party contributors. Sticker sets installed from one client become automatically available to all other clients. Sticker images use WebP file format, which is better optimized to be transmitted over the internet. The Telegram clients also support animated emoji. In January 2022, video stickers were added, which use the WebM file format and do not feature any software requirements to create. In September 2022, Telegram has given free users access to dozens of reactions, even some that were only previously available to Premium subscribers. In order to accommodate the new reactions, the reaction panel has been expanded and redesigned.

People Nearby and Groups Nearby

People Nearby can help users meet new friends by turning on phone GPS location and opting-in contacts and through Groups Nearby people can create a local group by adding location data to groups.

Stories

Similar to other social platforms, Telegram users can post stories, a type of short-form content. Telegram stories have several distinctive features, like a dual-camera mode, extra privacy settings, the ability to edit stories after posting them, as well as to rewind and fast-forward them while watching.

Premium features

Telegram Premium was launched on 19 June 2022 with regional pricing. The optional paid subscription gives users increased limits in the app, such as larger file uploads, faster download speeds, unlimited voice message transcription, as well as numerous other increases such as the number of pinned chats and folders. Premium users also have access to extra stickers, emoji, reactions, and customization features like a special badge and the ability to change the look of their messages in chats. Premium users also get access to additional settings, like instant chat translation, and the ability to restrict who can send them voice messages.

As of 2023, Telegram Premium can be acquired via in-app purchases facilitated by Apple and Google, directly via Telegram's @PremiumBot, or with cryptocurrency on the Fragment platform. Users are able to purchase a subscription for themselves, or purchase a subscription for someone else to send as a gift. Premium subscriptions can also be won through official Channel Giveaways, in which Telegram channels pre-purchase a specific number of Premium subscriptions that are randomly given away to their subscribers.

Related platforms

People can use their Telegram accounts to author articles on Telegraph – a minimalistic text editor and publisher. While articles on Telegraph can be published anonymously, tying them to one's account allows one to check their view count and edit them later. Telegraph natively supports Instant View, a feature which lets users read full articles in the chat with no load time and without opening an external browser.

When an article is first published, the URL is generated automatically from its title. Non-Latin characters are transliterated, spaces are replaced with hyphens, and the date of publication is added to the address. For example, an article titled "Telegraph (blog platform)" published on 17 November would receive the URL /Telegraph-blog-platform-11-17.

Text formatting options are also minimal: two levels of headings, single-level lists, bold, italics, quotes, and hyperlinks are supported. Authors can upload images and videos to the page, with a limit of 5 MB. When an author adds links to YouTube, Vimeo, or Twitter, the service allows you to embed their content directly in the article.

In February 2018, Telegram launched their social login feature to its users, named Telegram Login. It features a website widget that could be embedded into websites, allowing users to sign into a third party website with their Telegram account. The gateway sends users' Telegram name, username, and profile picture to the website owner, while users' phone number remains hidden. The gateway is integrated with a bot, which is linked with the developer's specific website domain.

In July 2018, Telegram introduced their online authorization and identity-management system, Telegram Passport, for platforms that require real-life identification. It asks users to upload their own official documents such as passport, identity card, driver license, etc. When an online service requires such identification documents and verification, it forwards the information to the platform with the user's permission. Telegram stated that it does not have access to the data, while the platform will share the information only with the authorized recipient. However, the service was criticised for being vulnerable to online brute-force attacks.

In December 2020, Telegram launched a Bugs and Suggestions platform, where users can submit bug reports and suggestion cards for new features. Others can then vote and comment on the cards.

Architecture

Privacy

For encrypted chats (branded as Secret Chats), Telegram uses a custom-built symmetric encryption scheme called MTProto. The protocol was developed by Nikolai Durov and other developers at Telegram and, as of version 2.0, is based on 256-bit symmetric AES encryption, 2048-bit RSA encryption and Diffie–Hellman key exchange.

MTProto 1.0 was deprecated in favor of MTProto 2.0 in December 2017, which was deployed in Telegram clients as of v4.6.

Version 2.0 was proven formally correct in December 2020 by a team from the University of Udine, Italy. The team reviewed the protocol after realizing that they could only find in-depth verifications done of version 1.0, where most criticisms were levied. They used ProVerif, a verifier based on the symbolic Dolev-Yao model. In the published paper, they "provide a fully automated proof of the soundness of MTProto 2.0’s protocols for authentication, normal chat, end-to-end encrypted chat, and re-keying mechanisms with respect to several security properties, including authentication, integrity, confidentiality and perfect forward secrecy...MTProto 2.0 is assumed to be a perfect authenticated encryption scheme (IND-CCA and INT-CTXT)." However, the team also stated that because all communication, including plaintext and ciphertext, passes through Telegram servers, and because the server is responsible for choosing Diffie–Hellman parameters, the "server should not be considered as trusted." They also concluded that a man-in-the-middle attack is possible if users fail to check the fingerprints of their shared keys. Finally, they qualified their conclusion with the caveat that "properties need to be formally proved in order to deem MTProto 2.0 definitely secure. This proof cannot be done in a symbolic model like ProVerif’s, but it can be achieved in a computational model, using tools like CryptoVerif or EasyCrypt."

Servers

As with most instant messaging protocols, Telegram uses centralized servers. Telegram Messenger LLP has servers in a number of countries throughout the world to improve the response time of their service. Telegram's server-side software is closed-source and proprietary. Pavel Durov said that it would require a major architectural redesign of the server-side software to connect independent servers to the Telegram cloud.

For users who signed in from the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulations (GDPR) are supported by storing data only on servers in the Netherlands, and designating a London-based company as their responsible data controller.

Clients

Telegram has various client apps, some developed by Telegram Messenger LLP and some by the community. Most of them are free and open-source and released under the GNU General Public Licence version 2 or 3. The official clients support sending any file format extensions. The built-in media viewer supports common media formats – JPEG, PNG, WebP for images and H.264 and HEVC in videos in MP4 container and MP3, FLAC, Vorbis, Opus and AAC for audio.

In 2021, the Telegram team announced a direct build of its Android app. Telegram for Android is available directly from the Telegram website. It is automatically updated and will most likely get new versions faster than the apps in the Play Store and App Store. A distinctive feature of this version is the ability to view channels/groups on a specific topic without censorship, which cannot be viewed from an app distributed from Google Play or the Apple Store due to their policies.

Common specifications:

  • No cloud backup option for secret chat

APIs

Telegram has public APIs with which developers can access the same functionality as Telegram's official apps to build their own messaging applications. In February 2015, creators of the unofficial WhatsApp+ client released the Telegram Plus app, later renamed to Plus Messenger, after their original project got a cease-and-desist order from WhatsApp. In September 2015, Samsung released a messaging application based on these APIs.

Telegram also offers an API that allows developers to create bots, which are accounts controlled by programs. Such bots are used, among other things, to emulate and play old games in the app and inform users about vaccine availability for COVID-19.

In addition, Telegram offers functions for making payments directly within the platform, alongside an external service such as Stripe.

Business

The company was initially supported by founding CEO Pavel Durov's personal funds after the sale of his stake in VK. In January 2018, it launched a private placement and collected $1.7 billion from investors such as Kleiner Perkins, Sequoia Capital, and Benchmark. After the shutdown of the TON project, the company needed to repay the investors the money that was not spent on its development during 2018 and the beginning of 2019, while the project was active.

On 15 March 2021, Telegram conducted a five-year public bonds placement worth $1 billion. The funding was required to cover the debts amounting to $625.7 million, including $433 million to investors who bought futures for Gram tokens in 2018 and included purchasers such as David Yakobashvili. On 23 March, Telegram also sold additional bonds worth $150 million to the Abu Dhabi Mubadala Investment Company and Abu Dhabi Catalyst Partners. A day later, the Mubadala Investment Company stated that Russia's sovereign wealth fund participated in its deal undisclosed through the Russia-UAE joint investment platform to buy convertible bonds. A Telegram spokesperson stated: "RDIF is not in the list of investors we sold bonds to. We wouldn't be open to any transaction with this fund" and "[t]he funds that did invest, including Mubadala, confirmed to us that RDIF was not among their LPs [limited partners]." According to the contract, the holders of the bonds will be provided with an option to convert them to shares at a 10% discount if the company conducts an open IPO. Durov stated that the move aimed to "enable Telegram to continue growing globally while sticking to its values and remaining independent". According to press reports, prior to the bonds placement, Durov had rejected an investment offer for a 5–10% stake in the company as well as several undisclosed ones, valuing the company in a $30–40 billion range. In March 2024, Telegram sold an additional $330 million in bonds. Durov said the bond sale "will further solidify our position as an independent platform that is able to challenge the 'Goliaths' of our industry".

Advertising and monetization

Telegram has stated that the company will never serve advertisements in private chats. In late 2020, Durov announced that the company was working on its own ad platform, and would integrate non-targeted ads in public one-to-many channels, that already were selling and displaying ads in the form of regular messages. Ads from Telegram's "Sponsored Messages" platform began to appear in channels with more than 1000 followers in October 2021.

In late 2020, Durov announced that Telegram will consider adding paid features aimed at enterprise clients. According to him, these features will require more bandwidth and the added cost will be covered by the feature prices, in addition to covering some of the costs incurred by regular users.

Pay per view bots

In 2022, Telegram canceled a bot monetization upgrade program, because Apple demanded a cut.

Telegram Open Network

In 2017, in an attempt to monetize Telegram without advertising, the company began the development of a blockchain platform dubbed either "The Open Network" or "Telegram Open Network" (TON) and its native cryptocurrency "Gram". The project was announced in mid-December 2017 and its 132-page technical paper became available in January 2018. The codebase behind TON was developed by Pavel Durov's brother Nikolai Durov, the core developer of Telegram's MTProto protocol. In January 2018 a 23-page white paper and a detailed 132-page technical paper for TON blockchain became available.

Durov planned to power TON with the existing Telegram user base, and turn it into the largest blockchain and a platform for apps and services akin to a decentralized WeChat, Google Play, and App Store. Besides, the TON had the potential to become a decentralized alternative to Visa and MasterCard due to its ability to scale and support millions of transactions per second. In January and February 2018 the company ran a private sale of futures contracts for Grams, raising around $1.7 billion. No public offering took place.

The development of TON took place in a completely isolated manner, and the release was postponed several times. The test network was launched in January 2019. The launch of the TON main network was scheduled for 31 October. On October 30, the U.S. Securities and Exchange Commission obtained a temporary restrictive order to prevent the distribution of Grams to initial purchasers; the regulator considered the legal scheme employed by Telegram as an unregistered securities offering with initial buyers acting as underwriters.

The judge hearing the Telegram v. SEC case, P. Kevin Castel, ultimately agreed with the SEC's argument and kept the restrictions on Gram distribution in force. The ban applied to non-U.S.-based purchasers as well, because Telegram could not prevent the re-sale of Grams to U.S. citizens on a secondary market, as the anonymity of users was one of the key features of TON. Following that, Durov announced the end of Telegram's active involvement with TON. On 26 June, the judge approved the settlement between Telegram and SEC. The company agreed to pay an $18.5 million penalty and return $1.22 billion to Gram purchasers. In March 2021, Telegram launched a bonds offering to cover the debt and fund further growth of the app.

Collection James Bond 007

Criticism

Telegram has been used for spreading hate messages and illegal activities such as illegal pornography, contact between criminals and trading of illegal goods and services such as drugs and stolen personal data. According to Wired, Telegram "exercises virtually no content moderation, except to take down illegal pornography and calls for violence".

IRGC

In Iraq and Iran, the Islamic Revolutionary Guard Corps has used groups and channels for doxing citizens and warmongering propaganda.

ISIS

In September 2015, in response to a question about the use of Telegram by Islamic State of Iraq and the Levant (ISIS), Pavel Durov stated: "I think that privacy, ultimately, and our right for privacy is more important than our fear of bad things happening, like terrorism." Durov sarcastically suggested to ban words because terrorists use them for communication. ISIS recommended Telegram to its supporters and members and in October 2015 they were able to double the number of followers of their official channel to 9,000. In November 2015, Telegram announced that it had blocked 78 public channels operated by ISIS for spreading its propaganda and mass communication. Telegram stated that it would block public channels and bots that are related to terrorism, but it would not honor "politically-motivated censorship" based on "local restrictions on freedom of speech" and that it allowed "peaceful expression of alternative opinions." ISIS's usage of Telegram reignited the encryption debate and encrypted messaging applications faced new scrutiny.

In August 2016, French anti-terrorism investigators asserted that the two ISIS-directed terrorists who murdered a priest in Saint-Étienne-du-Rouvray in Normandy, France, and videoed the murder, had communicated via Telegram and "used the app to coordinate their plans for the attack". ISIS's media wing subsequently posted a video on Telegram, showing the pair pledging allegiance. A CNN news report stated that Telegram had "become known as a preferred means of communication for the terror group ISIS and was used by the ISIS cell that plotted the Paris terror attacks in November" after the attacks. Daily Mirror called Telegram a "jihadi messaging app".

In June 2017, the Russian communications regulator Roskomnadzor hinted at the possibility of a blocking of Telegram in Russia due to its usage by terrorists.

In July 2017, Director General of Application and Informatics of the Indonesian Ministry of Communication and Informatics, Semuel Abrijani Pangerapan, said eleven Telegram DNS servers were blocked because many channels in the service "promoted radicalism, terrorism, hatred, bomb assembly, civil attack, disturbing images, and other propaganda contrary to Indonesian laws and regulations." In August 2017, Indonesia lifted the block after countermeasures against negative content were deployed in association with Telegram LLP.

In November 2019, Telegram participated in Europol's Internet Referral Action Day. As a result, Telegram expanded and strengthened its terrorist content detection and removal efforts. Over 43,000 terrorist-related bots and channels were removed from Telegram. According to U.S. officials, the crackdown on Telegram was especially effective and seemed to be having lasting impact. According to Europol, Telegram put considerable effort into removing abusers of its platform.

Far-right groups

The Anti-Defamation League has called Telegram a white supremacist "safe haven" and a valuable tool for right-wing extremists. Miro Dittrich, a senior researcher for the Center for Monitoring, Analysis and Strategy (CeMAS), a German extremism monitoring agency, said: "Telegram has been critical for the far-right scene in Germany ever since the Identitarian movement migrated there in 2018, having been censored on Facebook and Instagram."

The neo-Nazi white separatist paramilitary hate group The Base switched to Telegram after being blocked on most social media platforms, including Twitter, YouTube and Gab. After a number of arrests of The Base members in January 2020, a note appeared on its official Telegram account warning people to stop posting. In August 2019, white supremacist Christopher Cantwell posted anti-Semitic comments on Telegram.

The Anti-Defamation League notes that Telegram was founded by the same two Russian brothers who founded VKontakte (VK), which is known for its lack of moderation when it comes to white supremacy. While Telegram's terms of service prohibit the promotion of violence, they have allowed livestreams of the Christchurch mosque shootings, 2022 Buffalo shooting and the Halle synagogue shooting, all of which were livestreamed by their perpetrators, although other social media platforms had removed them. The League also points to the RapeWaffen Division channel, which openly advocates rape and murder as part of a race war.

Telegram has also been used by the alt-right organization Proud Boys to coordinate throughout the United States. In the United Kingdom, Telegram is one of the main platforms for far-right publication TR.news, maintained by Tommy Robinson, and Britain First, whose pages were blocked by major social media platforms. Weblinks related to these channels received more views on Telegram in 2018 and 2019 than some well-known mainstream news outlets, including The Guardian or the Daily Mail. However, with a relatively small user base and no algorithmic timeline, such groups struggle to build a larger audience on Telegram.

In January 2021, Telegram said that it blocked "hundreds" of neo-Nazi and white supremacist channels with tens of thousands of followers for inciting violence. A 2021 Institute for Strategic Dialogue report on the far-right in Ireland found that messages from Irish far-right groups on the app increased from a total of 801 in 2019 to over 60,000 in 2020.

On 27 August 2021, the U.S. House of Representatives select committee investigating the 2021 United States Capitol attack demanded records from Telegram (alongside 14 other social media companies) going back to the spring of 2020.

In January 2022, the British anti-disinformation organization Logically reported that Holocaust denial, neo-Nazism and other forms of hate speech were flourishing on the Discord and Telegram groups of the German website Disclose.tv.

On 26 April 2023, Telegram was temporarily suspended throughout Brazil, and the company was fined R$1 million (2023) (US$185,528.76) daily for not complying with a Federal Police investigation into neo-Nazi activities on the platform. The company only partially fulfilled a court request for personal data on two anti-Semitic Telegram groups, which authorities considered an intentional lack of cooperation. The decision was made after a series of violent school attacks, with at least one incident being linked to exchanges on an anti-Semitic group. The Telegram CEO then said that the requested data was technologically impossible to obtain. A federal court lifted the suspension three days later, but upheld the daily fine. Twelve days later, Telegram told its users that the Brazilian Congressional Bill No. 2630 against online disinformation, which was about to be approved, would end freedom of speech in the country.

Illegal pornography

Telegram has been used to distribute illegal pornography, including child pornography. Telegram's internal reporting system has an option to report content that contains child abuse, including specific messages in groups and channels. The company has a verified channel called "Stop Child Abuse", where daily statistics on the number of groups and channels banned for sharing illegal materials are posted. It also provides an email address dedicated to reports of content related to child abuse.

In January 2021, North Macedonian media outlets reported that a now-banned Telegram group, with more than 7,000 members, titled "Public Room" ("Јавна соба") was used to share nude photos of women, often young teenage girls. Along with the shared photographs, anonymous accounts shared private information of the women, including phone numbers and social media profiles, encouraging members of the group to contact the women and ask for sexual favours. This was done without prior agreement or knowledge of the women, causing intense public backlash and demand for the group to be shut down. The President of North Macedonia Stevo Pendarovski, along with the Prime Minister of North Macedonia Zoran Zaev, demanded an immediate reaction from Telegram and threatened to completely restrict access to the app in the country if no actions were taken. The group was banned after reports from users and media, although no public statement was made.

Bot abuse

In 2021, a bot was found selling leaked phone numbers from Facebook.

The chairman of the public organization "Electronic Democracy" Volodymyr Flents on 11 May 2020 announced that a Telegram bot appeared on the Web, which sold the personal data of Ukrainian citizens. It is estimated that the bot contains data from 26 million Ukrainians registered in the Diia application. However, subsequently, deputy prime minister and minister of digital transformation Mykhailo Fedorov denied any data from the app being leaked. The criminal activity of 25 people has already been confirmed and copies of 30 databases were seized.

A Telegram bot was blocked by Apple in 2020 after posting deepfake pornography.

Telegram reportedly banned more than 350,000 bots and channels in 2020, including those that contained child abuse and terrorism-related content.

Myanmar military

Since the 2021 Myanmar coup d'état, pro-junta and pro-military actors, including nationalists and military lobbyists, have exploited Telegram's lax content moderation approach to post violent and misogynistic content against resistance groups, including the National Unity Government, People's Defence Forces, and individuals supporting a return to democracy. The move to Telegram was accelerated by Facebook and Instagram's ban of Myanmar military-linked accounts and ads following the coup. These actors use Telegram to dox women, political and human rights activists, and journalists. The targeted individuals then become a target for physical, sexual, and online harassment. These accounts are used as intelligence sources by the Burmese military to track down and detain such individuals. These pro-military accounts have also attacked independent media, disseminated military propaganda, and incited violence in the country. In addition, Telegram is also pointed out to be used by fraud gangs in northern Myanmar assisted by the Myanmar military; they use Telegram to communicate and carry out telecommunications fraud for Mandarin speakers and human trafficking for mainland Chinese.

In March 2023, the Office of the United Nations High Commissioner for Human Rights called on Telegram to allocate resources "to identify, prevent, and mitigate human rights abuses on its platform." As of March 2023, Telegram had blocked at least 13 pro-military accounts.

Fraudulent jobs

Telegram has received criticism for its failure to curb fraud on the platform. The most common mode of fraud involves scammers sending messages to unsuspecting users, offering part-time online jobs which comprise a series of tasks. Scammers employ a variety of confidence tricks to entice users into completing "prepaid tasks" in which users deposit money into scammers' accounts with the expectation of receiving high returns.

In July 2023, Hyderabad Police uncovered a fraud wherein 15,000 Indian citizens were duped out of 712 crore (US$89 million) in less than a year, all related to "prepaid tasks" on Telegram; a cybercrime police investigation of the money trail revealed that the fraud originated from China and the money was laundered by mules through cryptocurrency wallets.

In September 2023, the Singapore Police stated that more than 6,600 Singaporeans had lost over S$96.8 million (US$72.24 million) to prepaid job scams on Telegram and WhatsApp since the start of the year.

Copyright infringement

In March 2024, a judge of Spain's Audiencia Nacional ordered the temporary blocking of Telegram in the country. The order came following a complaint from media organizations —Mediaset, Atresmedia y Movistar Plus+— saying that the app allowed users to share copyrighted content without their consent. A few days later and, after several criticism, the same judge suspended his order until the police issue a report on the consequences that this measure would have for users. Finally, the judge annulled the order, considering it "disproportionate."

Reception

Channels have been used by celebrities such as Arnold Schwarzenegger and politicians: President of France Emmanuel Macron, former Brazilian President Jair Bolsonaro, Turkish President Recep Tayyip Erdoğan, President of Moldova Maia Sandu, President of Ukraine Volodymyr Zelenskyy, Mexican President Andrés Manuel López Obrador, Singaporean Prime Minister Lee Hsien Loong, President of Uzbekistan Shavkat Mirziyoyev, Taiwan President Tsai Ing-wen, Ethiopian Prime Minister Abiy Ahmed, Israeli Prime Minister Benjamin Netanyahu and others.

Security

Telegram's security model has received notable criticism by cryptography experts. They criticized how, unless modified first, the default general security model stores all contacts, messages and media together with their decryption keys on its servers continuously; and that it does not enable end-to-end encryption for messages by default. Pavel Durov has argued that this is because it helps to avoid third-party unsecured backups, and to allow users to access messages and files from any device. Criticisms were also aimed at Telegram's use of a custom-designed encryption protocol. However, in December 2020, a study titled "Automated Symbolic Verification of Telegram's MTProto 2.0" was published, confirming the security of the updated MTProto 2.0 and reviewing it while pointing out several theoretical vulnerabilities. The paper provides "fully automated proof of the soundness of MTProto 2.0's authentication, normal chat, end-to-end encrypted chat, and re-keying mechanisms with respect to several security properties, including authentication, integrity, confidentiality and perfect forward secrecy" and "proves the formal correctness of MTProto 2.0". This partially addresses the concern about the lack of scrutiny while confirming the formal security of the protocol's latest version.

The desktop clients (excluding the macOS client) do not feature options for end-to-end encrypted messages. When the user assigns a local password in the desktop application, data is locally encrypted also. Telegram has defended the lack of ubiquitous end-to-end encryption by claiming the online-backups that do not use client-side encryption are "the most secure solution currently possible".

In May 2016, critics disputed claims by Telegram that it is "more secure than mass market messengers like WhatsApp and Line", as WhatsApp claims to apply end-to-end encryption to all of its traffic by default and uses the Signal Protocol, which has been "reviewed and endorsed by leading security experts", while Telegram does neither and stores all messages, media and contacts in their cloud. Since July 2016, Line has also applied end-to-end encryption to all of its messages by default, though it has also been criticized for being susceptible to replay attacks and the lack of forward secrecy between clients.

In 2013, an author on the Russian programming website Habr discovered a weakness in the first version of MTProto that would allow an attacker to mount a man-in-the-middle attack and prevent the victim from being alerted by a changed key fingerprint. The bug was fixed on the day of the publication with a $100,000 payout to the author and a statement on Telegram's official blog.

On 26 February 2014, the German consumer organization Stiftung Warentest evaluated several data-protection aspects of Telegram, along with other popular instant-messaging clients. Among the aspects considered were: the security of the data transmission, the service's terms of use, the accessibility of the source code, and the distribution of the app. Telegram was rated 'problematic' (kritisch) overall. The organization was favorable to Telegram's secure chats and partially free code but criticized the mandatory transfer of contact data to Telegram's servers and the lack of an imprint or address on the service's website. It noted that while the message data is encrypted on the device, it could not analyse the transmission due to a lack of source code.

The Electronic Frontier Foundation (EFF) listed Telegram on its "Secure Messaging Scorecard" in February 2015. Telegram's default chat function received a score of 4 out of 7 points on the scorecard. It received points for having communications encrypted in transit, having its code open to independent review, having the security design properly documented, and having completed a recent independent security audit. Telegram's default chat function missed points because the communications were not encrypted with keys the provider did not have access to, users could not verify contacts' identities, and past messages were not secure if the encryption keys were stolen. Telegram's optional secret chat function, which provides end-to-end encryption, received a score of 7 out of 7 points on the scorecard. The EFF said that the results "should not be read as endorsements of individual tools or guarantees of their security", and that they were merely indications that the projects were "on the right track".

In December 2015, two researchers from Aarhus University published a report in which they demonstrated that MTProto 1.0 did not achieve indistinguishability under chosen-ciphertext attack (IND-CCA) or authenticated encryption. The researchers stressed that the attack was of a theoretical nature and they "did not see any way of turning the attack into a full plaintext-recovery attack". Nevertheless, they said they saw "no reason why [Telegram] should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist". The Telegram team responded that the flaw does not affect message security and that "a future patch would address the concern". Telegram 4.6, released in December 2017, supports MTProto 2.0, which now satisfied the conditions for IND-CCA. MTProto 2.0 is seen by qualified cryptographers as a vast improvement to Telegram's security.

In April 2016, the accounts of several Russian opposition members were hijacked by intercepting the SMS messages used for login authorization. In response, Telegram recommended using the optional two-factor authentication feature. In May 2016, the Committee to Protect Journalists and Nate Cardozo, senior staff attorney at Electronic Frontier Foundation, recommended against using Telegram because of "its lack of end-to-end encryption [by default] and its use of non-standard MTProto encryption protocol, which has been publicly criticized by cryptography researchers, including Matthew Green".

On 2 August 2016, Reuters reported that Iranian hackers compromised more than a dozen Telegram accounts and identified the phone numbers of 15 million Iranian users, as well as the associated user IDs. Researchers said the hackers belonged to a group known as Rocket Kitten. Rocket Kitten's attacks were similar to ones attributed to Iran's Islamic Revolutionary Guards Corps. The attackers took advantage of a programming interface built into Telegram. According to Telegram, these mass checks are no longer possible because of limitations introduced into its API earlier in 2016.

Login SMS messages are known to have been intercepted in Iran, Russia and Germany, possibly in coordination with phone or telecom companies. Pavel Durov has said that Telegram users in "troubled countries" should enable two-factor authentication by creating passwords in order to prevent this.

In June 2017, Pavel Durov in an interview claimed that U.S. intelligence agencies tried to bribe the company's developers to weaken Telegram's encryption or install a backdoor during their visit to the U.S. in 2016.

In 2018, Telegram sent a message to all Iranian users stating that the Telegram Talai and Hotgram unofficial clients are not secure.

In March 2014, Telegram promised that "all code will be released eventually", including all the various client applications (Android, iOS, desktop, etc.) and the server-side code. As of May 2021, Telegram had not published their server-side source code. In January 2021, Durov explained his rationale for not releasing server-side code, citing reasons such as inability for end-users to verify that the released code is the same code run on servers, and a government that wanted to acquire the server code and make a messaging app that would end competitors.

On 9 June 2019, The Intercept released leaked Telegram messages exchanged between current Brazilian Minister of Justice and former judge Sérgio Moro and federal prosecutors. The hypothesis is that either mobile devices were hacked by SIM swap or the targets' computers were compromised. The Telegram team tweeted that it was either because the user had malware or they were not using two-step verification.

On 12 June 2019, Telegram confirmed that it suffered a denial-of-service attack which disrupted normal app functionality for approximately one hour. Pavel Durov tweeted that the IP addresses used in the attack mostly came from China.

In December 2019, multiple Russian businessmen suffered account takeovers that involved bypassing SMS single-factor authentication. Security company Group-IB suggested SS7 mobile signalling protocol weaknesses, illegal usage of surveillance equipment, or telecom insider attacks.

On 30 March 2020, an Elasticsearch database holding 42 million records containing user IDs and phone numbers of Iranian users was exposed online without a password. The accounts were extracted from not Telegram but an unofficial version of Telegram, in what appears to be a possibly government-sanctioned fork. It took 11 days for the database to be taken down, but the researchers say the data was accessed by other parties, including a hacker who reported the information to a specialized forum.

In September 2020, it was reported that Iran's RampantKitten ran a phishing and surveillance campaign against dissidents on Telegram. The attack relied on people downloading a malware-infected file from any source, at which point it would replace Telegram files on the device and 'clone' session data. David Wolpoff, a former Department of Defense contractor, has stated that the weak link in the attack was the device itself and not any of the affected apps: "There's no way for a secure communication app to keep a user safe when the end devices are compromised."

In July 2021, researchers from Royal Holloway, University of London and ETH Zurich published an analysis of the MTProto protocol, concluding that the protocol could provide a "confidential and integrity-protected channel" for communication. They also found that attackers had the theoretical ability to reorder messages coming from the client to the server though the attacker would not be able to see the content of the messages. Several other theoretical vulnerabilities were reported as well, in response to which Telegram released a document stating that the MITM attack on the key exchange was impossible as well as detailing the changes made to the protocol to protect from it in the future. All issues were patched before the paper's publication with a security bounty paid out to the researchers.

In September 2021, a Russian researcher published details about a bug with the self-destruct feature that allowed the user to recover deleted photos from their own device. The bug was patched prior to publication and Telegram representatives offered a €1,000 bug bounty. The researcher did not sign the NDA that came with the offer and did not receive the award, opting to disclose the bug.

In March 2023, the Norwegian National Security Authority (NSM) advised against the use of Telegram and TikTok on business devices (especially the ones used for government related activities), the assessment has been commissioned and supported by the Ministry of Justice and Public Security, Emilie Enger Mehl. Regarding Telegram, the report cites its lack of end-to-end encryption by default, its Russian origins and third-party open source intelligence as major critical points.

Cryptography contests

Telegram has organized two cryptography contests to challenge its own security. Third parties were asked to break the service's cryptography and disclose the information contained within a secret chat between two computer-controlled users. A reward of respectively US$200,000 and US$300,000 was offered. Both of these contests expired with no winners. Security researcher Moxie Marlinspike, founder of the competing Signal messenger, and commenters on Hacker News criticized the first contest for being rigged or framed in Telegram's favor and said that Telegram's statements on the value of these contests as proof of the cryptography's quality are misleading. This was because the cryptography contest could not be won even with completely broken algorithms such as MD2 (hash function) used as key stream extractor, and primitives such as the Dual EC DRBG that is known to be backdoored.

Censorship

Telegram has been blocked temporarily or permanently by some governments including Iran, China, Brazil, and Pakistan. The Russian government blocked Telegram for several years before lifting the ban in 2020. The company's founder has said he wants the app to have an anti-censorship tool for Iran and China similar to the app's role in fighting censorship in Russia.

2019 Puerto Rico "Telegramgate"

Telegram was the main subject surrounding the 2019 Puerto Rico riots that ended up in the resignation of then-Governor Ricardo Rosselló. Hundreds of pages of a group chat between Rosselló and members of his staff were leaked. The messages were considered vulgar, racist, and homophobic, with members of the chat discussing how they would use the media to target potential political opponents.

2021 shutdown of Russian political bots

In September 2021, prior to the regional elections in Russia, Telegram suspended several bots spreading information about the election, including a bot run by the opposition party and critics of incumbent president Vladimir Putin's government, citing election silence as the reason, though a blog post by the company's CEO implied the company was following Apple and Google, which "dictate the rules of the game to developers". The blocking of the main Smart Voting bot was criticized by allies of Alexei Navalny, a Kremlin critic and former opposition leader. Navalny's spokeswoman Kira Yarmysh called the block and the deletion of the tactical voting app from app stores "censorship [...] imposed by private companies". In a later blog post, Durov directly stated that the block was a result of pressure from Google and Apple as refusal to comply with their policies would result "in an immediate shutdown of Telegram for millions of users". The post included a screenshot showing an internal email sent by the App Store to developers, demanding the takedown of content related to Navalny.

2022 Delhi High Court ruling

On November 24, following an order by the Delhi High Court, Telegram was ordered to disclose the admin names, phone numbers and IP addresses of channels accused of unauthorised sharing of national exam study materials. Telegram originally argued that its regional servers were located in Singapore and thus no data could be disclosed as the local laws prohibit it.

See also

  • Alt-tech
  • Comparison of cross-platform instant messaging clients
  • Internet privacy
  • Secure instant messaging

References

Further reading

External links

  • Official website (in English, German, Brazilian Portuguese, Spanish, Russian, French, Dutch, Polish, Belarusian, Ukrainian, Korean, Persian, Arabic, Turkish, Uzbek, Italian, Indonesian, and Malay)

Text submitted to CC-BY-SA license. Source: Telegram (software) by Wikipedia (Historical)



ghbass