Pavel Durov answered a number of questions in his chat
Pavel DurovDate: March 23, 2021
Edited by fpoi.org
Pavel Durov has been taking part in the discussion in the comments and answering questions. Here are some of the responses:
Making Telegram server-side code open
User: even if servers were open-source, how could you verify it? There’s no point in making servers open-source. The only thing Telegram can do, is to make itself unable to read users’ data, such as what Mega has done (your password is used as an encryption key, so only you can read your data). However, I think we would then lose the great user experience of the app, because it won’t be as fast.
Durov: exactly, I’m also puzzled by folks who even mention server-side code in this context. Publishing the server code doesn’t guarantee privacy, because - unlike with the client-side code - there’s no way to verify that the same code is run on the servers.
And you don’t even need the server-side code to check the integrity of Secret Chats - they are solid regardless of how the servers function (that’s the whole point). In other words, publishing server-side code won’t help verify Secret or Cloud Chats, and would constitute a marketing gimmick that has nothing to do with security.
Me: The code of Telegram apps is open. It is verifiable. No other app has verifiable builds on all mobile platforms. WhatsApp’s code is hidden and intentionally obfuscated.
Confused user: You are lying, your server code is not open! 🤬
Me:🤯
So why not publish the server code anyway, even if it is only a publicity stunt? 3 years ago I learnt that an authoritarian regime (you may guess which) was looking for a way to obtain Telegram’s server code. Their plan was to launch their own equally convenient local app and then to shut down all other social media in the country.
After having heard that I put our plans to publish the server code on hold. I didn’t want to provide dictators with tools to enslave their population - that shouldn’t be the legacy of Telegram. We are not ready to betray our values because a few confused users seem to think publishing server-side code will somehow improve verifiability.
Encryption vs usability when using Secret Chats vs Cloud
User: read what he said in myth 3, it seems to be uncertain. It says "Every chat on Telegram has been encrypted since launch." but then he says "We have Secret Chats that are end-to-end and Cloud Chats that also offer real-time secure and distributed cloud storage" implying that secret chats are end to end encrypted but all other chats are stored as a "secure" cloud service...signal on the other hand doesn't save your chat on cloud regardless of whether you chat via a "secret chat" or a normal chat.
Durov: that's the point. Telegram's real-time secure cloud is a feature the majority of our users want and is one of the competitive advantages of Telegram - it allows for seamless multi-device sync with access to past chat history, huge group chats and channels, persistent message history, sending large documents and videos, instant media forwarding without reupload, minimizing storage usage on your phone, never losing your messages even if you lose your phone - and many other great features which decrease bandwidth, battery and storage usage.
The minority which doesn't want any of that and wants to maximize security at the expense of usability is welcome to use Secret Chats on Telegram - or install any of the apps that only have Secret Chats and nothing on top. But we are not going to cripple Telegram by throwing away dozens of its great features because some folks are misled by marketing tricks from our competitors or are too lazy to start Secret Chats when they think they need them.
I covered this in detail in 2017.
User: that's exactly why cloud storage is so important, and their so called e2ee by default doesn't work always.
Durov: the inability to sync past history is just one of many reasons why e2e is not a solution to every single use case. I described some other features one has to give up under a total e2e paradigm here but really there are many more.
There is a reason billions of people are relying on cloud-based communication platforms like GMail, Discord, Slack, Telegram etc. Not everything has to be e2e at the expense of usability, features and speed. And for things that do, there are Secret Chats.
I find it quite funny when people try to educate us on the importance of e2e encryption. Telegram was the first messaging app to roll out e2e encryption for millions of users on all platforms in 2013. We've had time to carefully study both the advantages and the limitations of this technology and made some design choices that benefit most our users. And judging by the popularity and growth of Telegram, we've made some right choices.
Maximising security of communication: Secret Chats
User: does this mean that Secret Chats will be lost if a phone is lost? That is, they aren't backed up, won't have seamless multi-device sync, etc?
Durov: exactly, Secret Chats are stored only on one device. Backups and sync of any kind decrease security, because any of the end-points can be compromised. Supersecure communication should always be device-specific - ideally you should have a burner phone with a SIM card registered to a random person and use it only from locations you rarely go with your normal phone, and - of course - without logging into your real Google/Apple account.
Everything else is an illusion of security, because both iOS and Android have plenty of backdoors that can be used by some three letter agencies to hack into your phone and access your private data. This is the world we are living in, unfortunately.
Backdoors in Android and iOS
User: I'm confused, if iPhone already has backdoors, why police has spent 10 million dollar for a lab which extracts data by brute force? Why FBI always asks to Apple to develop a backdoor? It’s just all a lie? Thanks for your work
Durov: a backdoor won't necessarily allow you to get into a phone which is locked and not being used.
But one can't completely exclude that this Apple-FBI fight was for show.
Group Secret chats
User: are you planning to somehow change the current encryption of Telegram like introducing e2ee group chats + a way to use e2ee on Telegram Desktop. Thanks in advance.
Durov: yes, self-destructing group secret chats is something we've been working on. Support for Windows/Linux as well.
User: Pavel, what about 0 knowledge encryption for cloud chats, based on 2 step verification. Telegram Passport is an end to end encrypted cloud storage feature built into Telegram, why not extend this into cloud chats.
Durov: that's something we've been exploring, and it seems some features (like instant full-text search in large inboxes) are likely to go away in this approach.
How Telegram stores data
User: Amazon could ban cloud service, may be, Pavel, there is no freedom, just somebodies world and their rules.
Durov: Telegram doesn't rely on Amazon or any other third-party cloud service. We have built our own secure cloud infrastructure, distributed across the globe. It took us a few years to create the technology to instantly sync encrypted data between our datacenters and to encrypt local storage in each of them in a way that would make breaking into any data-center and seizing servers useless. The encryption keys used to secure the Telegram Cloud are split in pieces and never stored in the same place as the information they protect.
As a result, our approach is more advanced and secure than what Amazon or any of these general purpose cloud services can offer. And since we run our own infrastructure, providers like Amazon can't block us.
Besides, we have no illusions about Amazon in particular. When Russia banned Telegram in 2018 (more about it here) we set up independent proxy-servers on Amazon's AWS to allow our Russian users to freely communicate on Telegram. Amazon was pretty quick to deny us access to their services. Back then Amazon managers told us they had to do it to defend their business, but as a result they also defended censorship. Other providers such as Digital Ocean were much more helpful when it came to setting up proxy servers to defend freedoms in Russia and other places.
User: could you explain more or maybe send a link to read an article on it — how did you make your own cloud infrastructure, how it works, what is it built on etc. My question being — do you rely on multiple Cloud Service providers (Google Cloud, AWS, Digital Ocean) and that’s why you’re not over-reliant on AWS, or have you actually built your Cloud Service (physically)? PS I love your work!
Durov: I'll have a look if we have any of that documented. No, we don't use third-party cloud services like Google Cloud etc. It would be bad both for privacy and efficiency to rely on third parties to store data. We own all our servers and routers and have built the entire infrastructure ourselves. This is one of the reasons why Telegram is able to provide many great features.
US-based encrypted apps: Signal
User: how do you counter the growing no. of articles in various publications incl. tech. ones that Signal scores higher in privacy & security compared to Telegram? Here's one of the many articles. Also how do you counter the fact that Elon Musk & Jack Dorsey recently mentioned Signal as an alternate to WhatsApp users but never mentioned Telegram.
Durov: I don't see how these two apps can be compared. Telegram is a feature-rich social media platform that you can use to stay free from the Facebook-WhatsApp monopoly.
Signal represents one feature of Telegram, which is Secret Chats. If you think you need a separate app for that feature only, installing it might make sense for you.
Personally though, I find Secret Chats much more usable - and secure. After PRISM I have trouble trusting anything US-based, let alone cryptographers funded by the US government. I explained my reasoning back in 2017.
Storing hashed phone numbers
User: hi Durov, first of all thanks! I reached out a few times to telegram request form. Are there any plans for making contact discovery more private linked to an ID for example. Based on this information. For Telegram, the researchers found that its contact discovery service exposes sensitive information even about owners of phone numbers who are not registered with the service. More privacy-concerned messengers like Signal transfer only short cryptographic hash values of phone numbers or rely on trusted hardware. Of course there are ways to obtain the information but still as a privacy concerned messaging app it should have been made a bit harder!! Hope to hear back from you guys!
Durov: hashed phone numbers are unfortunately not a panacea, because they are easily reversible. You won't even have to go through every possible phone number and hash it, because you can first get the numbers of all the people who signed up for the service in a particular country. The study you are referring to claims the researchers identified the phone number of every Signal user in the US last September. So all you need to do is just hash the results and you have a pretty good database to look up every hashed phone number you intercept to "unhash" it.
The Signal team tried to fix the above by using a proprietary feature of Intel chips called SGX, but it turned out that these chips have been backdoored and hacked several times, last time in June. Since then, people have been pointing out that hashing contact numbers with SGX the Signal way is far from bullet-proof and creates an illusion of safety without actually delivering it.
Since Signal hosts the user private data at Amazon, which is known to cooperate with goverments, the contact lists of Signal users are far from invulnerable.
On our part, we maximized security of your data by building our own distributed encrypted cloud infrastructure that I described here.
We are constantly exploring ways to make data even better protected, but in our view SGX-hashed phone numbers look more like a publicity stunt than something one can actually rely on.
A privacy-conscious ad platform
User: I'm willing to watch 30 second ads twice a day if that helps.
Durov: thanks, but we will never force you to view 30-second ads on Telegram. If we ever introduce ads, the ads will be shown only in large one-to-many channels which are expensive to run due to server and traffic costs (like my channel @durov) and not targeted based on any private data (unlike Facebook). So, no collecting private data, no user profiling etc. And if you don't use our one-to-many channels (which are non-existent in all other messaging apps), you won't see a single ad.
I recently described our thoughts on monetization here and here.
Apple-Google censorship
Durov: yes, the Apple-Google duopoly poses a much bigger problem for freedoms than Twitter (I covered that in detail last summer). Apple is the more dangerous of the two because it can completely restrict which apps you use, while on Android you can install self-hosted apps as APKs. That's why I've been urging users to switch from iOS to Android - that's the least they can do to retain access to a free flow of information.
As for iOS, we are working on a feature-rich web app which will run in Safari almost as smoothly as the native app. Still not the same thing, but would work in extreme cases if for any reasons.
Having said that, we don't see why Apple or Google can be unhappy with Telegram, so this discussion is purely hypothetical.
Donations
User: is it true what they wrote in The information about one billion dollar investments that Durov is looking for? Here
Durov: it's not true that I met with any "banks and investors" to discuss investment or financing. Our team did receive offers from financial institutions to provide a loan to Telegram.
Taking a loan is one of the possible ways for Telegram to remain fully independent and true to its values while executing the monetization strategy I outlined in December here. Further information here.
User: is there a possibility to support Telegram via donations? I would really like to support the platform. How can I do it?
Durov: we will make it possible to donate not only to Telegram, but also to channel owners. Working on it.
User: Telegram is first App/service which fulfils dreams of "communist": Free use and pay nothing, even not enduring capitalistic ads, but Telegram has costs, I think we should prepare to support Telegram one day somehow, I thought with a Telecrypto Money, but that project was halted. One day telegram may need our support, if not, then its more suspect then without our financial support. It should be established some crowd-financing, like bees who bring in honey, and each bee brings what it finds, some more, some less, some even are themself food for others and never return, thats the circle of life.
Durov: Telegram in past had donation system, but I, personally, don't think that donations are sustainable in the long run.
Did you know that most apps that have free and paid versions, only 2% of people are actually paying for them? With donation systems number is even lower and Telegram is too big for it in my opinion anyway.
But if you want to help Telegram grow, you can join support, google Telegram Support Force as other person already mentioned ;)