Telegram (software)

Telegram

Screenshot Telegram on Android Lollipop
Developer(s)	Telegram Messenger LLP
Initial release	August 2013; 10 years ago (2013-08)
Stable release	Android 10.12.0[1]  / 25 April 2024; 29 days ago (25 April 2024) iOS, iPadOS 10.12[2]  / 25 April 2024; 29 days ago (25 April 2024) Windows, macOS, Linux (Telegram Desktop) 5.0.1[3]  / 4 May 2024; 20 days ago (4 May 2024) macOS 10.12.2[4]  / 28 April 2024; 26 days ago (28 April 2024)
Repository	github.com/telegramdesktop/tdesktop
Operating system	Android, iOS, Windows Phone, Ubuntu Touch, Firefox OS, MS Windows, Linux, OS X
Available in	English, Arabic, Spanish, German, Italian, Korean, Dutch, Portuguese
Type	Instant messaging
License	Clients: GPL[5] Server: proprietary
Website	telegram.org

Telegram is a cloud-based instant messaging service. Telegram clients exist for both mobile (Android, iOS, Windows Phone, Ubuntu Touch) and desktop systems (Windows, OS X, Linux).^[5][7] Users can send messages and exchange photos, videos, stickers and files of any type up to 1.5 GB in size. Telegram also provides optional end-to-end encrypted messaging with self-destruct timers.

Telegram is supported by the Russian-born entrepreneur Pavel Durov,^[8] who is now living in Saint Kitts and Nevis,^[9] in self-imposed exile.^[10] He founded the Russian social network VK and was its CEO until April 2014. Its client-side code is open-source software in parts, whereas its server-side code is closed-sourced and proprietary. The service also provides APIs to independent developers.

History

Development

Telegram was launched in 2013 by brothers Nikolai and Pavel Durov, who previously founded the Russian social network VK, but had to leave the company after it was taken over by the Russian Government.^[10][11] Nikolai Durov created the MTProto protocol that is the basis for the messenger, while Pavel provided financial support and infrastructure through his Digital Fortress fund.^[12]

Telegram is registered as both an English LLP^[13] and an American LLC.^[14] It does not disclose where it rents offices or which legal entities it uses to rent them, citing the need to "shelter the team from unnecessary influence" and protect users from governmental data requests.^[15] The service says that it is headquartered in Berlin, Germany.^[16] Durov left Russia and is said to be moving from country to country with a small group of computer programmers.^[10]

In September 2015, Samsung released a new messaging application based on Telegram Messenger.^[17]

Usage numbers

In October 2013, Telegram had 100,000 daily active users.^[11] On 24 March 2014, Telegram announced that it had reached 35 million monthly users and 15 million daily active users.^[18] In October 2014, South Korean governmental surveillance plans drove many of its citizens to switch to Telegram.^[16] In December 2014, Telegram announced they had 50 million active users, generating 1 billion daily messages and that they had 1 million new users signing up on their service every week;^[19] traffic doubled in five months with 2 billion daily messages.^[20] In September 2015, an announcement stated that the app had 60 million active users and delivered 12 billion daily messages.^[21] In February 2016, Telegram announced that they had 100 million monthly active users, with 350.000 new users signing up every day, delivering 15 billion messages daily.^[22]

Features

Account

Similar to services like WhatsApp, Telegram accounts are tied to telephone numbers and verified by SMS or phone call.^[23] Users can add multiple devices to their account and receive messages on each one. Connected devices can be removed individually or all at once. The associated number can be changed at any time and when doing so, the user's contacts will receive the new number automatically.^[23][24][25] In addition, a user can set up an alias that allows them to send and receive messages without exposing their phone number.^[26] These aliases or usernames are also linked with an official https://telegram.me/<alias> URL (where <alias> is the chosen username). Usernames can be changed at any time. Accounts can be deleted at any time and they are deleted automatically after six months of inactivity by default, which can optionally be changed to 1 to 12 months. Users can replace exact "last seen" timestamps with fudged messages such as "last seen within a week".^[27]

Cloud-based messages

Telegram's default messages are cloud-based and can be accessed on any of the user's connected devices.^[28] Users can share photos, videos, audio messages and other files (up to 1.5 gigabyte in size).^[5][29] Users can send messages to other users individually or to groups of up to 1000 members.^[30] The transmission of messages to Telegram Messenger LLP's servers is encrypted with the service's MTProto protocol.^[28] According to Telegram's privacy policy, "all data is stored heavily encrypted and the encryption keys in each case are stored in several other DCs in different jurisdictions. This way local engineers or physical intruders cannot get access to user data".^[31]

Bots

In June 2015, Telegram launched a platform for third-party developers to create bots.^[32] Bots are Telegram accounts operated by programs. They can respond to messages or mentions, can be invited into groups and can be integrated into other programs. Dutch website Tweakers reported that an invited bot can potentially read all group messages when the bot controller changes the access settings silently at a later point in time. Telegram pointed out that it considered implementing a feature that would announce such a status change within the relevant group.^[33]

Channels

Channels can be created for broadcasting messages to an unlimited number of subscribers.^[34][35] Channels can be publicly available with an alias and a permanent URL so anyone can join. Users who join a channel can see the entire message history. Each message has its own view counter, showing how many users have seen this message. Users can join and leave channels at any time. Furthermore users can mute a channel, meaning that the user will still receive messages, but won't be notified.

Stickers

Stickers are cloud-based, high-definition images intended to provide more expressive emoji. When typing in an emoji, the user is offered to send the respective sticker instead. Stickers come in collections called "sets", and multiple stickers can be offered for one emoji. Telegram comes with one default sticker set,^[36] but users can install additional sticker sets provided by third-party contributors. Sticker sets installed from one client become automatically available to all other clients.

Secret chats

A "secret chat" confirmation notice - screenshot from Android Marshmallow.

Messages can also be sent with client-to-client encryption in so-called secret chats that are not cloud-based. Secret chat messages are encrypted with the service's MTProto protocol.^[37] Contrary to Telegram's cloud-based messages, messages sent within a secret chat can only be accessed on the device upon which the secret chat was initiated or accepted; they can't be accessed on other devices.^[11][28][38] Secret chats have to be initiated and accepted by an invite, upon which the encryption keys for the session are exchanged. Messages sent within secret chats can, in principle, be deleted at any time and can optionally self-destruct.^[39] Some Telegram clients also allow users to encrypt the local message database using a passphrase.^[40]

According to Telegram, secret chats support perfect forward secrecy since December 2014. Encryption keys are periodically changed after a key has been used more than 100 times or has been in use for more than a week. Old encryption keys are destroyed.^[24][25][41]

Architecture

Encryption scheme

A simplified illustration of the MTProto encryption scheme.

Telegram uses a symmetric encryption scheme called MTProto. The protocol was developed by Nikolai Durov and other developers at Telegram and is based on 256-bit symmetric AES encryption, RSA 2048 encryption and Diffie–Hellman key exchange.^[37]

Since 2013,^[42] cryptography experts have expressed both doubts and criticisms on the MTProto encryption scheme, saying that deploying home-brewed and unproven cryptography may render the encryption vulnerable to bugs that potentially undermine its security, due to a lack of scrutiny.^[43][44] It has also been suggested that Telegram did not employ developers with sufficient expertise or credibility in this field.^[45]

In December 2015, two researchers from Aarhus University published a report in which they demonstrated that MTProto does not achieve indistinguishability under chosen-ciphertext attack (IND-CCA) or authenticated encryption.^[43] The former means that it is possible to turn any ciphertext into a different ciphertext that decrypts to the same message. The researchers stressed that the attack was of a theoretical nature and they "did not see any way of turning the attack into a full plaintext-recovery attack".^[43]

Servers

Telegram Messenger LLP has servers in a number of countries throughout the world to improve the response time of their service.^[46] Telegram's server-side software is closed-source and proprietary. Pavel Durov has said that it would require a major architectural redesign of the server-side software to connect independent servers to the Telegram cloud.^[47]

List of client applications

Telegram has various clients. This list includes versions developed on official platforms backed by Telegram Messenger LLP and unofficial clients that are developed by the community. The source code of all official Telegram clients (and some of the unofficial clients) is open source and released under the GNU General Public Licence version 2 or 3.

Name	Platform(s)	Official	Source code license	Support for secret chats	Notes
Telegram	OS X	Yes	GPLv2[48]	Yes
Telegram Desktop	Microsoft Windows (portable application), OS X, and GNU/Linux	Yes	GPLv3 with OpenSSL exception[49]	No
Cutegram	Windows, OS X, and Linux	No	GPLv3[50]	Yes	Based on Qt.[51]
Telegram CLI	Linux	No[52]	GPLv2[53]	Yes	Command-line interface for Telegram.
Telegram Messenger	iOS 6 or later	Yes	GPLv2 or later[52][54]	Yes	Launched in August 2013 for iPhone and iPod Touch and relaunched in July 2014 with support for iPad.[55]
Telegram	Android 2.3 or later	Yes	GPLv2 or later[52][56]	Yes	Supports tablets[57] and Android Wear smart watches.[58]
Telegram Messenger	Windows Phone	Yes	GPLv2 or later[52]	Yes
Telegram	Firefox OS	Yes	GPLv3[59]	No	Based on Webogram.
Telegram	Google Chrome and Chrome OS	Yes	GPLv3[59]	No
Telegram	Ubuntu Touch	No	GPLv2[60]	Yes
Sailorgram	Sailfish OS	No	GPLv3[61]	Yes	Based on Cutegram.

Users can also access Telegram's cloud-based messages via an official web browser interface called Telegram Web (aka Webogram). Users can share images, files and emoticons with previously-added contacts; this works in most modern browsers, such as Firefox, Safari, and Google Chrome.^[52][59]

Reception

Security

On 26 February 2014, the German consumer organisation Stiftung Warentest had evaluated several data-protection aspects of Telegram, along with other popular instant-messaging clients. Among the aspects considered were: the security of the data transmission, the service's terms of use, the accessibility of the source code and the distribution of the app. Telegram was rated 'critical' (kritisch) overall. The organisation was favourable to Telegram's secure chats and partially open source code, but criticised the mandatory transfer of contact data to Telegram's server and the lack of an imprint or address on the service's website. It noted that while the message data is encrypted on the device, it could not analyse the transmission due to a lack of source code.^[62]

The Electronic Frontier Foundation (EFF) has listed Telegram on its "Secure Messaging Scorecard". As of 7 December 2015^[update], Telegram's default chat function has a score of 4 out of 7 points on the scorecard. It has received points for having communications encrypted in transit, having its code open to independent review, having the security design properly documented, and having completed an independent security audit. Telegram's default chat function is missing points because the communications are not encrypted with keys the provider doesn't have access to, users can't verify contacts' identities, and past messages are not secure if the encryption keys are stolen. Telegram's optional secret chat function, which provides end-to-end encryption, has a score of 7 out of 7 points on the scorecard.^[63] An earlier version of the EFF's scorecard was criticized for being inaccurate, misleading and vague, but not specifically with regard to its evaluation of Telegram.^[64]

Cryptography contests

Telegram has organised two cryptography contests to challenge third parties to break the service's cryptography and disclose the information contained within a secret chat between two fake users. A reward of respectively US$200,000 and US$300,000 was offered. Both of these contests expired with no winners.^[65][66] Security researcher Moxie Marlinspike and commenters on Hacker News criticised the first contest for being rigged or framed in Telegram's favour and said that Telegram's statements on the value of these contests as proof of the cryptography's quality are misleading.^[67][68][69]

Censorship

Telegram was open and working in Iran without any VPN or other circumvention methods in May 2015.^[70] In August 2015, the Iranian Ministry of ICT asserted that Telegram had agreed to restrict some of its bots and sticker packs in Iran at the request of the Iranian government.^[71] According to an article published on Global Voices, these features were being used by Iranians to "share porn and satirical comments about the Iranian government". The article also noted that "some users are concerned that Telegram's willingness to comply with Iranian government requests might mean future complicity with other Iranian government censorship, or even allow government access to Telegram's data on Iranian users".^[71] However Telegram stated that all Telegram chats are private territory and that they do not process any requests related to them. Only requests regarding public content (bots and sticker packs) will be processed.^[72]

Use by terrorists

In September 2015, in response to a question about the use of Telegram by extremists like ISIL, Pavel Durov stated: "I think that privacy, ultimately, and our right for privacy is more important than our fear of bad things happening, like terrorism."^[73] ISIL has recommended Telegram to its supporters and members^[74][75] and in October 2015 they were able to double the number of followers of their official channel to 9,000.^[76] In November 2015, Telegram announced that it had blocked 78 public channels operated by ISIL, which were used for spreading propaganda and mass communication.^[77][78] Telegram stated that it would block public channels and bots that are related to terrorism, but it would not honour "politically-motivated censorship" based on "local restrictions on freedom of speech" and that it allowed "[peaceful expression of] alternative opinions".^[79] Telegram's usage for ISIL's propaganda has reignited the encryption debate and encrypted messaging applications have faced new scrutiny.^[80][81]

See also

• Comparison of instant messaging clients
• Internet privacy
• Secure instant messaging

References

1. "Telegram". Google Play. Retrieved 26 April 2024.
2. "Telegram Messenger". App Store. Retrieved 26 April 2024.
3. "Releases v5.0.1". Retrieved 5 April 2024.
4. "Telegram for macOS". Retrieved 5 May 2024.
5. "List of Telegram applications". 6 February 2014.
6. "Telegram.org Site Info". Alexa, Inc. Retrieved 8 July 2015.
7. "Che cosa è Telegram, Squer.it" (in Italian).
8. "Telegram FAQ". 9 August 2015.
9. "Vkontakte Founder Pavel Durov Becomes Citizen of St. Kitts and Nevis". The Moscow Times. 28 April 2014. Retrieved 1 March 2016.
10. Hakim, Danny (2 December 2014). "Once Celebrated in Russia, the Programmer Pavel Durov Chooses Exile". The New York Times. Retrieved 19 November 2015.
11. "Meet Telegram, A Secure Messaging App From The Founders Of VK, Russia's Largest Social Network". TechCrunch. 27 October 2013.
12. "Russia's Zuckerberg launches Telegram, a new instant messenger service". Reuters. 30 August 2013.
13. "Telegram - Android Apps on Google Play". play.google.com. Retrieved 19 November 2015.
14. "Telegram Messenger on the App Store". App Store. Retrieved 19 November 2015.
15. Thornhill, John (3 July 2015). "Lunch with the FT: Pavel Durov". Financial Times. Retrieved 19 November 2015.
16. Brandom, Russell (6 October 2014). "Surveillance drives South Koreans to encrypted messaging apps". The Verge. Retrieved 19 November 2015.
17. "Socializer Messenger App Offers a New Approach to Messaging". 14 September 2015.
18. Telegram Hits 35M Monthly Users, 15M Daily With 8B Messages Received Over 30 Days, TechCrunch, 24 March 2014
19. Telegram Reaches 1 Billion Daily Messages, Telegram, 8 December 2014
20. Telegram Hits 2 Billion Messages Sent Daily, Telegram, 13 May 2015
21. Lomas, Natasha (21 September 2015). "Telegram Now Seeing 12BN Daily Messages, up From 1BN in February". Techcrunch. Retrieved 19 November 2015.
22. Burns, Matt (23 February 2016). "Encrypted Messaging App Telegram Hits 100M Monthly Active Users, 350k New Users Each Day". TechCrunch. Retrieved 23 February 2016.
23. Lopez, Miguel, Configurando Telegram en el iPhone, en la web y en el Mac (in Spanish), Applesfera, retrieved 4 December 2014 {{citation}}: Unknown parameter |trans_title= ignored (|trans-title= suggested) (help)
24. Munizaga, Jonathan (1 December 2014). "Telegram ya permite migrar conversaciones y contactos a una línea nueva" (in Spanish). Wayerless. Retrieved 2 December 2014. {{cite web}}: Unknown parameter |trans_title= ignored (|trans-title= suggested) (help)
25. Mateo, David G (1 December 2014). "Telegram ahora permite traspasar mensajes al cambiar de número" (in Spanish). TuExperto. Retrieved 2 December 2014.
26. "Secure Messaging App Telegram Adds Usernames And Snapchat-Like Hold-To-View For Media". Techcrunch. 23 October 2014. Retrieved 23 October 2014.
27. Riggall, Jon (19 November 2014). "Telegram for iOS and Android gets new privacy features". Softonic.
28. "How secure is Telegram?", FAQ, Telegram
29. "Telegram: una alternativa gratuita a WhatsApp con ventajas y algún punto oscuro" (in Spanish). 1 March 2014. Retrieved 4 December 2014. {{cite web}}: Unknown parameter |trans_title= ignored (|trans-title= suggested) (help)
30. Novet, Jordan (25 November 2015). "Following ISIS crackdown, Telegram adds group admins, supergroups for up to 1K users". VentureBeat.
31. "Telegram Privacy Policy". Telegram. Retrieved 17 January 2016.
32. Telegram Bot Platform, Telegram, 24 June 2015, retrieved 1 September 2015
33. Schellevis, Joost (23 July 2015). "Telegram-bots kunnen relatief ongemerkt meelezen in groepsgesprekken". Tweakers (in Dutch). Retrieved 25 October 2015.
34. Channels, Telegram, 21 September 2015, retrieved 25 September 2015
35. Lobao, Martim (22 September 2015). "Telegram v3.2 Brings Channels For Broadcasting Your Messages To The World". Android Police.
36. Telegram Stickers, Telegram, 2 January 2015, retrieved 5 January 2016
37. "FAQ for the Technically Inclined". Telegram. Retrieved 9 January 2016.
38. Description of MTProto Mobile Protocol, Telegram
39. "Telegram FAQ". n.d. Retrieved 10 February 2014.
40. Franceschi-Bicchierai, Lorenzo (24 February 2015). "Encryption Fails: When to Freak Out and When to Chill". VICE Motherboard. Retrieved 9 January 2016.
41. Perfect Forward Secrecy, Telegram, 14 December 2014
42. "Hacker News: Telegram – secure, free messaging". Retrieved 11 December 2015.
43. Jakobsen, Jakob; Orlandi, Claudio (8 December 2015). "On the CCA (in)security of MTProto" (PDF). Cryptology ePrint Archive. International Association for Cryptologic Research. Retrieved 11 December 2015.
44. Cox, Joseph (10 December 2015). "Why You Don't Roll Your Own Crypto". Motherboard. Vice Media LLC. Retrieved 11 December 2015.
45. Turton, William (19 November 2015). "Cryptography expert casts doubt on encryption in ISIS' favorite messaging app". The Daily Dot. Retrieved 11 December 2015.
46. "Telegram, el chat que compite con Whatsapp". El País (in Spanish). UY. Retrieved 8 January 2016. {{cite web}}: Unknown parameter |trans_title= ignored (|trans-title= suggested) (help)
47. Rull, Antonio (2 February 2014). "Pavel Durov, creador de Telegram: "Ninguna aplicación es 100% segura"" [Pavel Durov, creator of Telegram: "No application is 100% safe"]. eldiario.es (in Spanish). Retrieved 12 February 2014.
48. overtake (1 December 2015). "overtake/telegram". GitHub. Retrieved 8 January 2016.
49. telegramdesktop. "telegramdesktop/tdesktop". GitHub. Retrieved 8 January 2016.
50. Aseman Land. "Aseman-Land/Cutegram". GitHub. Retrieved 8 January 2016.
51. Aseman Land. "Cutegram". Aseman. Retrieved 8 January 2016.
52. "Telegram Apps". Telegram.org. Retrieved 9 January 2016.
53. vysheng. "vysheng/tg". GitHub. Retrieved 9 January 2016.
54. peter-iakovlev (18 November 2015). "peter-iakovlev/Telegram". GitHub. Retrieved 8 January 2016.
55. "Telegram se actualiza para la pantalla del iPad" (in Spanish). Cnet. {{cite web}}: Unknown parameter |trans_title= ignored (|trans-title= suggested) (help)
56. DrKLO. "DrKLO/Telegram". GitHub. Retrieved 8 January 2016.
57. "Telegram-Anleitung: So benutzt man den Messenger" (in German). Newsslash.
58. "Telegram se actualiza con compatibilidad para Android Wear" (in Spanish). Sevilla: ABC. Retrieved 7 December 2014. {{cite web}}: Unknown parameter |trans_title= ignored (|trans-title= suggested) (help)
59. Igor Zhukov. "zhukov/webogram". GitHub. Retrieved 8 January 2016.
60. "Telegram app". Launchpad.
61. "Telegram app". OpenRepos.
62. "WhatsApp und Alternativen: Datenschutz im Test" [WhatsApp and alternatives: data protection tested]. Stiftung Warentest (in German). 26 February 2014. Retrieved 2 March 2016.
63. "Secure Messaging Scorecard". Electronic Frontier Foundation. 27 February 2015. Retrieved 7 December 2015.
64. Howell O'Neill, Patrick (5 November 2014). "The fight over EFF's Secure Messaging Scorecard". The Daily Dot. Retrieved 7 December 2015.
65. "Winter Contest Ends". Telegram. 2 March 2014. Retrieved 24 October 2015.
66. "Crypto Contest Ends". Telegram. 11 February 2015. Retrieved 24 October 2015.
67. Marlinspike, Moxie (19 December 2013). "A Crypto Challenge for the Telegram Developers". Thought Crime. Retrieved 2 March 2014.
68. Wauters, Robin (19 December 2013). "Cracking contest: first one who breaks Telegram gets $200,000 in bitcoins (but really, nobody wins)". Tech.eu. Retrieved 2 March 2014.
69. Hornby, Taylor (19 December 2013). "Telegram's Cryptanalysis Contest". Crypto Fails. Retrieved 24 October 2015.
70. "تلگرام فیلتر نشده است" (in Persian). Tehran: Tasnim News Agency. 11 May 2015. Retrieved 29 October 2015. Though it is claimed by many that the Telegram is banned, but it is operating normally in Iran.
71. Alimardani, Mahsa (28 August 2015). "Is Telegram's Compliance with Iran Compromising the Digital Security of Its Users?". Global Voices Online. Retrieved 30 August 2015.
72. "Telegram FAQ". Telegram. Retrieved 14 September 2015.
73. Lomas, Natasha. "Telegram Now Seeing 12BN Daily Messages, Up From 1BN In February". TechCrunch. Retrieved 19 November 2015.
74. Zavolokyn, Gennady. "Павел Дуров прокомментировал для CNN историю с подготовкой теракта через Telegram". TJournal.ru (in Russian). Retrieved 20 October 2015.
75. Steve Ragan (16 November 2015). "After Paris, ISIS moves propaganda machine to Darknet". CSO Online.
76. "Isis Telegram channel doubles followers to 9,000 in less than 1 week". Yahoo News. 12 October 2015.
77. "Encrypted messaging app Telegram shuts down Islamic State propaganda channels". Telegraph.co.uk. Retrieved 19 November 2015.
78. "One app maker has shut down almost 80 secret channels used by ISIS to communicate". Business Insider. Retrieved 19 November 2015.
79. "Secretive messaging app used by IS takes down posts". CNBC. Retrieved 19 November 2015.
80. Sanger, David; Perlroth, Nicole (16 November 2015). "Encrypted Messaging Apps Face New Scrutiny Over Possible Role in Paris Attacks". The New York Times. Retrieved 19 November 2015.
81. Foges, Clare. "Why is Silicon Valley helping the tech-savvy jihadists?". The Telegraph. Retrieved 9 December 2015.

External links

• Official website
• Telegram on Twitter