Despite saying that he “respects” Telegram’s founder, Russian Pavel Durov, NSA whistleblower Edward Snowden said the messenger lacks security at its default settings.
“I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe,” former CIA employee tweeted on Saturday.
Snowden was referring to Thomas Ptacek, founder of Matasano Security and a specialist in cryptographic and embedded software security, who tweeted that Telegram’s plaintext is stored on the server. Pointing towards the vulnerability of such a setup, Snowden hinted that the plaintext of the messages should not be accessible to a service provider at all for a connection to be truly secure. Telegram has recently been branded the “favorite” messenger among international terrorists in the US media, after Islamic State (IS, formerly ISIS/ISIL) jihadists allegedly used it while claiming responsibility for attacks in Paris and on the Russian plane over Sinai.
Laith Alkhouri, director of Research at Flashpoint Global Partners, called Telegram “the new hot thing among jihadists” in a CNN Money report. The messenger’s encryption might have provided them with the opportunity to exchange secret messages, he alleged.
While Ptacek’s and Snowden’s conclusions appear to contradict the allegations of Telegram’s self-professed complete security, Durov apparently disagrees. The founder responded to Snowden’s tweet by saying: “Skipping the sarcastic part: users who don't need cloud sync or do not trust us, use secret chats – https://telegram.org/privacy.”
Headquartered in Berlin, Telegram was founded in 2013 and has gained millions of users ever since after claiming privacy and speed as its main priorities. Prior to heading up the network, Durov established the Russian alternative to Facebook “VKontakte” in 2006. He left the company and Russia in 2014 after claiming to have been subjected to Russian government interference in his business. VKontakte’s is now owned by Mail.Ru Group, which is in turn controlled by business magnate Alisher Usmanov, formerly known as Russia’s richest man.
In such public discussions (Telegram vs. Signal) there are a lot of thing to consider. Couple of thoughts:
1) access of third parties to servers doesn’t make sense when there’s end-to-end encryption (everything is in hashes, encrypted). It'll take so much time and resources to decrypt information that data will lose its relevance/value. In other words, combining two well-known phrases, “ had I known how to get source code from the hash, I would have lived in Rio de Janeiro.”
2) the claim that information isn’t stored on servers is very skeptical. The legislator demands to store logs for some time. But one can get anything from the logs only if the user is identified (apparently it is not so difficult with Telegram and Signal, as the registration is by phone number).
One question is still unanswered: “Who will benefit from it?” What is the motivation of free messengers’ developers? Why do they invest their (?) money in app development and support? Whereas SafeUM business model is clear: we get return of investments when people buy PREMIUM subscriptions where:
1) all the information of the encrypted chats passes through servers encrypted (end-to-end encryption);
2) digital signature and the ability to check the authenticity of the interlocutor by QR code protects you from MITM attacks (“man-in-the-middle” attacks);
3) all the phone and video calls between SafeUM subscribers are protected by P2P (peer-to-peer) technology. It means that the information will be sent directly to your interlocutor bypassing SafeUM servers;
4) if registering by login-password user doesn’t provide any personal data: neither phone number nor email;
5) SafeUM PREMIUM subscription users automatically get SafeNUM – the phone number that can be used for worldwide communication without any contracts. Full anonymity guaranteed. Download SafeUM secure messenger and check it out.
Axarhöfði 14,
110 Reykjavik, Iceland