On Rumors About Telegram Servers in Weird Places
Pavel DurovThere are some reports that the Iranian Minister of Communication Mahmoud Vaezi said that "Telegram moved some of its servers to Iran". Since there are no Telegram servers in Iran, this is probably another piece of fake news or incorrect translation. But if the Iranian Minister did say something like this, he probably referred to one of the CDN caching nodes that Telegram rents from a global CDN-provider to cache publicly available data locally in many places of the world where we don't wan't to install our own servers (e.g. Turkey, Iraq, Iran, India, Indonesia or Argentina).
As we pointed out when we started to support CDN caching, such local nodes don't include any Telegram servers and can't store any private data. These are pieces of rented infrastructure that we and other companies rely on to deliver data more efficiently to users all over the world. It is always misleading to refer to CDN nodes as Telegram servers, but as I noted in my recent Telegram post, politicians and journalists may try this when they want to score points or get page views.
Some politicians and journalists discussing “servers” of a company in a country are confused about the terms and what they actually mean by “servers”. Along with a company’s servers that store private data in safe places, there also are internet providers that deliver its encrypted traffic to users, and third party caching nodes (CDNs) that make sure popular public content doesn’t go twice around the globe every time to reach its users. If Telegram servers store data, these third parties merely provide connectivity between Telegram servers and its users.
It seems that politicians / journalists sometimes refer to an internet traffic provider or a CDN provider that delivers or caches encrypted data of Telegram as “Telegram” or “Telegram servers“, thus misleading the public. There’s a world of difference between them: Telegram servers store private data and will never “travel” to countries with internet censorship, while internet providers and CDNs operate all over the world and have no access to private data of Telegram (and other secure apps).
Since even a few rented caching servers in countries like Iran or Iraq can raise questions, some time ago we posted extensive technical details about how these caching nodes work to show that no private data can even in theory be compromised by this local caching.
Anybody with an engineering background can verify the security of these caching nodes by studying the source code of the Telegram apps, using traffic inspection tools or studying our docs that describe how encryption and integrity checks are guaranteed. Here are the links to the detailed info I provided in my channel:
Overview: https://telegram.org/blog/encrypted-cdns
Technical info for client devs: https://core.telegram.org/cdn
CDN FAQ: https://core.telegram.org/techfaq#encrypted-cdns
CDN FAQ in Persian: https://core.telegram.org/cdn/faq_ir
As you can see, CDN caching nodes have nothing to do with relocating Telegram servers or complying with unreasonable local laws. CDNs are merely tools to upgrade connectivity for millions of users in a secure way. We treat these CDN nodes just like we treat the nodes of your internet provider – they only ever get encrypted junk they can't decipher.
...
We rely on an international CDN provider which helps us with caching nodes all over the world. Telegram has nothing to lose if a local government decides to disrupt a caching node on their territory, since the CDN is not our property, and no private data can even in theory be affected. Thus we don’t get into dependance from local governments and laws, have no legal or financial risks, but significantly improve speed of downloads for public content.
To avoid confusion, here are some points from the summary we posted when we started to support CDN caching nodes globally:
- Download speed for popular public media is set to increase several times for millions of Telegram users.
- CDN caching nodes are not Telegram servers and not part of the Telegram cloud.
- CDNs are used only for caching popular public media from massive channels. Private data never goes there.
- CDNs only get encrypted data and they never have the keys: even if they are accessed by hackers or third parties, the attacker won’t be able to decipher the files.
- Data downloaded from CDN caching nodes is always verified by the receiving Telegram app by way of hash: attackers won’t be able to replace any files with their own versions.
- Detailed technical info about CDNs can be found here, the updated source code of Telegram apps ready for CDN support can be found here.
Those who read all my posts might already know all of the above, but I decided to summarize everything CDN-related here in a Telegraph post to avoid confusion as a result of incorrect translations or inaccurate claims. If you ever read a story/post/tweet that claims Telegram servers moved to some weird place, please help us by sharing this post and spreading the word.