Why Isn’t Telegram End-to-End Encrypted by Default?
Pavel DurovThis year I've been getting this question more often. It's based on the wrong assumption that some other popular messaging apps such as WhatsApp are end-to-end encrypted by default, while Telegram is not. Here I'll disprove this myth that has been so carefully crafted by Facebook/WhatsApp marketing efforts. Let’s start from the basics.
How Popular Messaging Apps Handle Backups
Every popular messaging app offers its users some way to back up their messages to prevent data loss. Messaging apps that ignore backups (such as Wickr/Signal/Confide) never reach 1M DAU and remain niche. I’ll describe their approach in detail later in this post.
As for popular apps such as WhatsApp, Viber and Line, they rely on Apple iCloud and Google Drive to store their users' message history and prevent data loss in case their users lose their smartphones. These backups are not e2e-encrypted and get decrypted whenever the user buys a new phone and restores their WhatsApp/Viber/Line message history. While it may seem that you, as a user, have a freedom to opt out of these backups, in reality there’s little room for choice: even if you opt out (which is unusual and sometimes tricky), people you chat with most likely won’t (this is particularly true for group chats).
This creates a situation when messages you send and receive end up not e2e-encrypted in the cloud without you even realizing it. You rely on e2e encryption and trust the “no third party can access my e2e-encypted messages” mantra, but your private data is in fact vulnerable to hackers and governments that can get access to it via the cloud storage. If you think this is a minor threat, think again: according to stats WhatsApp shared during Google IO last year, most of the “e2e-encrypted” chats on WhatsApp eventually get backed up and stored in the cloud, not e2e-encrypted.
WhatsApp's approach has other architectural drawbacks that invalidate end-to-end encryption for 99% of private conversations, but in this post I’ll focus mainly on backups for simplicity.
How Niche Messaging Apps Handle Backups
The Signal/Wickr/Confide approach is more secure as chats never get backed up. This looks neat, but two problems arise when you restrict your users this way:
1) Users don’t want to lose their entire message history when they lose/change their phones so apps of this kind never become massively popular. You might want to take a look at the AppStore rankings of Wickr/Signal/Confide and compare them with Telegram/Viber/WhatsApp. Obviously, there are also other reasons at play why niche apps remain niche, but an average user is unlikely to download a separate app if the same functionality already exists in a mainstream app she's using (such as Secret Chats in Telegram or their copycat versions in Viber or Facebook Messenger, which also don’t get backed up).
2) Consequence of (1) – people using these apps can be targeted by governments as those who have something to hide. Due to the limited distribution of such apps, the government can identify and track individuals whose phones connect to the corresponding IP addresses. This is something that is already happening in some countries in case of tools like Tor, and, to a lesser extent, of some messaging apps. Yasha Levine is publishing a brilliant investigation for those eager to learn more about it.
The Telegram Way
Back in 2013, when we were launching Telegram, we carefully considered both approaches. We knew we didn’t want to violate our users’ privacy by shifting the responsibility for their data to third-party backups like WhatsApp or Viber do. Neither did we want to deprive our users of functionality that they already enjoyed in other apps and doom Telegram to join the ranks of niche apps.
So after some research we decided to introduce 2 kind of chats – Secret chats and Cloud chats.
Secret chats are e2e encrypted chats that never under any circumstances get backed up, and cloud chats are the default option for the majority – the majority which in another app like WhatsApp would rely on less secure third-party backup storage. Unlike what you have in niche apps, the traffic between cloud chat users and secret chat users on Telegram is mixed (the encryption is the same in both cases, but in cloud chats our servers do have access to the encryption key), so individuals can not be singled out and targeted based on the fact that they use secret chats and thus have something to hide.
4 Reasons Why The Telegram Way Makes More Sense
There are four main reasons why we decided to use two types of chats as opposed to having one type of chats like older apps such as WhatsApp:
1) Unlike WhatsApp, we don’t give out our users’ data to third parties via backups. Instead, we rely on our own distributed cross-jurisdictional encrypted cloud storage which we believe is much more protected than what megacorporations like Google and Apple can offer. For example, while Telegram has disclosed no private data to third-parties from its cloud so far, this year alone Apple satisfied 80% of data requests from the Chinese (!) government (and is building a data-center for private iCloud data in China).
2) Unlike WhatsApp, we can allow our users to access Telegram from several devices at once thanks to our built-in instant cloud sync. Thus we can provide easy and consistent UX on macs, PCs, iPad and even linux servers.
3) Unlike on WhatsApp, on Telegram you don’t have to store your entire message history on your phone all the time – you can always download older messages and media on demand when you need them, but store only the recent chats you need. This saves a lot of disk space and memory, which is particularly important for our users in the developing markets. On Telegram, shortage of local storage never leads to data loss.
4) Unlike WhatsApp, Telegram can provide its users with advanced functionality, such as persistent group chats with up to 200,000 members or channels with no limit on max size. These technologies can not be implemented within the “e2ee+third-party backups” paradigm. Our roadmap is full of features that are impossible to build on a obsolete architecture like WhatsApp's that has to rely on third-party backups instead of relying on its own built-in cloud accessible in real-time.
These are the reasons why we, ultimately, decided to go with the “two kinds of chats” approach, which is more secure (Telegram cloud is better protected than Apple/Google storage), more transparent (you can actually see which of your messages go to the cloud and which don’t) and more feature-rich (you can implement features that I mentioned above and many more in the future). We believe our “two kinds of chats” approach makes more sense in the long run, which is why it has since been copied by Line (2015), Kakao (2014), and last year by Google Allo and Facebook Messenger. It is scalable, secure and transparent.
So Why Do People Ask This Question?
I think the myth about Telegram being less secure than WhatsApp originated in a misleading 2016 article by Gizmodo (“Why you should never use Telegram”) which claimed a lot of things that are not true. A member of our team wrote an extensive review of that article exposing some of the misconceptions that I’ve also described in this post.
Every year Facebook – the company that owns WhatsApp – spends millions of dollars on marketing, influencing journalists and bloggers. By contrast, Telegram has spent nothing on marketing since we started in 2013. Nevertheless, every day at least half a million new users sign up for Telegram, and Telegram's organic annual growth rate exceeds 50%. We owe this growth only to you – our users and the Telegram community.
Thanks for reading this, and please share a link to this post whenever someone asks why end-to-end encryption is used in Telegram the way it's used.